Module 5

Question 1

What should stakeholders do early in the AI system development process?

Answer 1

• Define and agree on the goal for using AI
• Assess whether AI is suitable for the mission and purpose
• Set parameters defining what is important to success
• Determine at what frequency does the stakeholder group need to meet to evaluate success and mitigate issues during the development lifecycle
• Establish who is ultimately responsible for any risks and mitigations, and of any failures of the system once it is implemented
• Follow the organization’s guide (or create one!)

Question 2

What questions can the stakeholder group answer to define the business case?

Answer 2

• What is the cost/benefit analysis?
• What are the trade-offs in using AI/ML vs. other solutions?
• What will the organization’s declared position on AI use be, both externally and internally?

Question 3

Who should be the stakeholders?

Answer 3

• AI governance officers
• Privacy experts
• Security experts
• Procurement experts (sometimes)
• Subject matter experts
• Legal team

Question 4

What steps must stakeholders take to evaluate whether the AI system is meeting its goals appropriately?

Answer 4

Know:
- The data needed for the training algorithm
- What policies are applicable
- What happens if the AI performs poorly – what impacts could this have on individuals and the organization
- What is the organization’s risk tolerance (ensure the stakeholder group agrees on it and document any decisions)
- Have different methodologies to evaluate risk that you can use routinely

Question 5

List 4 risk evaluation methodologies

Answer 5

• Probability and severity harms matrix
• HUDERIA risk index number
• Risk mitigation hierarchy
• Confusion matrix

Question 6

Who should be included in your communication plan?

Answer 6

• Regulators
• Consumers

Question 7

What should you communicate to regulators?

Answer 7

• Compliance and disclosure obligations
• Explainability
• Risks and mitigation processes
• Data and risk classifications

Question 8

What should you communicate to consumers?

Answer 8

• Transparency as to the functionality of AI
• What data will be used and how

Question 9

What should be included in an AI algorithmic assessment?

Answer 9

• Data issues
• Decisions the stakeholder group has made (risks and mitigations, individual responsible, etc.)
• Document appropriate uses of the AI system

Question 10

How do stakeholders identify risks?

Answer 10

• Conduct a risk analysis and determine the contributing factors
• Classify risks appropriately
• Determine what risks can be mitigated

Question 11

How should you determine what tests to run on your AI system?

Answer 11

The risks you have should inform testing and should consider:
- Purpose
- Algorithm type
- Whether you are integrating with third party tools
- The regulations applicable to your sector

Question 12

List 7 types of testing

Answer 12

• Accuracy
• Robustness
• Reliability
• Privacy
• Interpretability
• Safety
• Bias

Question 13

List 3 types of bias

Answer 13

• Computational bias
• Cognitive bias
• Societal bias

Question 14

What can you do to ensure your testing is comprehensive?

Answer 14

• Include cases the AI has not previously seen (“edge” cases) and “unseen” data (data not part of the training data set)
• Include potentially malicious data in the test
• Conduct repeatability assessments to determine if the AI produces the same (or a similar) outcome consistently

Question 15

What are counterfactual explanations?

Answer 15

A counterfactual is essentially a statement of how the world would have to change in order to achieve a different outcome

Question 16

List 4 AI specific risks that you should consider

Answer 16

• Inversion
• Extraction
• Poisoning
• Invasion

Question 17

How can you mitigate the risk of new data in the algorithm?

Answer 17

• Keep snapshots of an algorithm as well as its outputs, so if there is an issue you can go back to a previous iteration
• Use documentation to know what changed between iterations

Question 18

What is your best mitigation for AI not performing as it should?

Answer 18

Consider it an incident and have an incident response plan

Question 19

What should you include in your incident response plan?

Answer 19

• Description of the issue
• Model version and data set used
• Who it should be reported to (internal/external)
• Mitigations
• Communications

Question 20

Why should you document the model version and data set related to an incident?

Answer 20

• Allows for challenger models to be accurately created
• Allows for transparency with regulatory agencies and consumers

Question 21

What should you put in place to monitor systems?

Answer 21

• Continuously improve the system
• Have a procedure in place to deactivate a system or localize it as needed
• Create a “challenger model”