Skip to main content

Auditing AI, a Lehman Brothers in the making?

 


Can auditing AI products work? 'AI audit refers to evaluating AI systems to ensure they work as expected without bias or discrimination and are aligned with ethical and legal standards.' states Javid in the 'How to perform an AI Audit in 2023' article.  It's a fine article, listing many of the existing frameworks that are currently in existence, principally COBIT Framework (Control Objectives for Information and related Technology) and IIA's (Institute of Internal Auditors) AI Auditing Framework: This AI framework aims to assess the design, development, and working of AI systems and their alignment with the organisation’s objectives. Three main components of IIA’s AI Auditing Framework are Strategy, Governance, and Human Factor. 

This all seems fine, on the surface. Internal auditing has had a variety of issues though. The same can be said for External Auditing. There are five large firms that conduct external AI auditing: Deloitte, PwC, EY, KPMG and Grant Thronton. Those of you familiar with recent history may be aware of say the contractors Carrilion, who collapsed in 2018 with debts of £7bn came after annual accounts were approved by KPMG. Carillion may not be the same industry, but there have been many other auditor failures, Lehman Brothers employed Ernst & Young (EY) as their firm's independent auditors. Lehman Brothers and MF Global had very comprehensive Enterprise Risk Management programs and very knowledgeable CROs, and they still failed.

So what lessons can be learned from both internal and external audit failures? Thankfully there is a lot of literature on the subject. Most, but not all of the literature emanated from the Great Financial Crash of 2018 but are still of value: 

Risk managers face several challenges that make it difficult to demonstrate the total cost of risk and the Return On Investment of enterprise risk management. 

They often struggle to uncover and deliver risk-related information from across the entire organisation due to a lack of convincing and actionable data. Relevant data is often tied up in multiple, manually-based systems that are a challenge to pull together, making it exceedingly difficult to demonstrate the value of preventing risks that never came to fruition or the value of taking risks that resulted in revenue generation. 

A lack of sound and timely data often translates into a lack of organisational support for enterprise risk management. The E suite often won’t buy in because they can’t comprehend why ERM matters any more than all the other initiatives on its plate, and those employees on the lower rungs of the organisational ladder often won’t buy in because they presume the data intake and input associated with ERM is going to impede them from doing their actual jobs. 

When inadequate data is married to inadequate organisational support, risk management won’t be a strategic endeavour. This makes it extremely difficult for a risk manager to earn a seat at the decision-making table, and organisations often struggle to fulfil the many risk management tasks spread across a multitude of departments and countless employees.


In Deep Minds paper, 'Model evaluation for extreme risks' they state:

'Model evaluations for extreme risks will play a critical role in governance regimes. A central goal of AI governance should be to limit the creation, deployment, and proliferation of systems that pose extreme risks. To do this, we need tools for looking at a particular system and assessing whether it poses extreme risks. We can then craft company policies or regulations that ensure:

1. Responsible training: Responsible decisions are made about whether and how to train a new model that shows early signs of risk.
2. Responsible deployment: Responsible decisions are made about whether, when, and how to deploy potentially risky models.
3. Transparency: Useful and actionable information is reported to stakeholders, to help them mitigate potential risks.
4. Appropriate security: Strong information security controls and systems are applied to models that might pose extreme risks.'

This is for Extreme Risk Models. It seems totally inadequate, to me. We also know that a large proportion of staff dealing with risk have been cut recently from most of the big tech firms. So who will be left, internally, to train their programmers, their LLM trainers, their C Suite staff on AI Ethics? 

No wonder there are so many signatories to the 'risks in the far future papers' which can serve to distract from the risks that are currently occurring in the Tech corporate sector. 

Such an approach, if adopted by legislators, is likely though to stymie the deployment of models through the Open Source communities.


AI is not new. Far from it. The risks and concerns have long been debated. Their are frameworks in place in the sector to mitigate against risk (few seem to want to prevent risk). The biggest problems occur still, from the facts that legislators will find it difficult to adapt sufficiently to the scale of change that is occurring in the industry, and the risks posed by this all taking place in the context of: economy's prioritising individual choice and viewing social outcomes as a byproduct of individual maximising behaviour, in a rapidly decaying biosphere.

Comments

Popular posts from this blog

The AI Dilemma and "Gollem-Class" AIs

From the Center for Humane Technology Tristan Harris and Aza Raskin discuss how existing A.I. capabilities already pose catastrophic risks to a functional society, how A.I. companies are caught in a race to deploy as quickly as possible without adequate safety measures, and what it would mean to upgrade our institutions to a post-A.I. world. This presentation is from a private gathering in San Francisco on March 9th with leading technologists and decision-makers with the ability to influence the future of large-language model A.I.s. This presentation was given before the launch of GPT-4. One of the more astute critics of the tech industry, Tristan Harris, who has recently given stark evidence to Congress. It is worth watching both of these videos, as the Congress address gives a context of PR industry and it's regular abuses. "If we understand the mechanisms and motives of the group mind, it is now possible to control and regiment the masses according to our will without their...

CRM and AI?

Artificial intelligence (AI) can be used in a CRM system to enhance customer service, sales performance, and marketing strategies. Here are some examples of how AI can be applied in a CRM: - AI can enable natural language processing and voice input, such as Siri or Alexa, to allow a CRM system to answer customer queries, solve their problems, and even identify new opportunities for the sales team. Some AI-driven CRM systems can even multitask to handle all these functions and more. - AI can help with sales forecasting by analysing historical data, customer behaviour, and market trends. This can help the sales team make more accurate predictions for future sales figures and determine a success metric. - AI can assist with lead management by automating the process of qualifying and nurturing prospects. It can use chatbots and email bots to understand leads' needs and inform the sales team to improve their performance. With insights gained from these bots, companies can optimise their...

A Network Analysis Tool to help identify structural gaps

  InfraNodus is a web-based open source tool and method for generating insight from any text or discourse using text network analysis. The byline on the website states, 'Get an overview of any discourse, reveal the blind spots, enhance your perspective.' which, whilst accurate does little to summarise the potential of such a tool. Watching the introduction helps. Its capabilities include representing any text as a network and identifying the most influential words in a discourse based on the terms' co-occurrence, providing text network visualization and analysis live as new data is added, offering discourse structure analysis to measure the level of bias in discourse and identify structural gaps in discourse, and being available via an API to be used in conjunction with other text mining and analysis software. The white paper, ' Generating Insight Using Text Network Analysis ' concludes:  'The tool is currently used by researchers, marketing professionals, stude...