Risk Management in AI Flashcards
what are the forms of AI classified by capability?
- narrow or weak AI
- general or strong AI
- superintelligent AI
narrow/weak AI?
- most common form of AI
- designed/trained for a particular task
- operate under a predefined set/sequence, cannot perform tasks beyond their programming
general/strong AI?
form of AI that possesses ability to find solutions of unfamiliar tasks without human intervention
superintelligent AI?
surpasses human capabilities in every field
presents ethical and safety concerns
forms of AI based on functionality?
- reactive machines
- limited memory
- theory of mind
- self-aware AI
reactive machines?
limited memory?
theory of mind?
self-aware AI?
reactive machines = most basic types of AI systems with no memory, cant use past experiences to inform decisions
limited memory = can use past experiences
theory of mind = machines have the ability to understand emotions, beliefs & intentions
self-aware AI = advanced system which has a conscience
forms of AI based on mode of learning?
supervised learning = trained on a labelled dataset
unsupervised learning = model without explicitly instructed data
semi-supervised/reinforcement learning = in between supervised & unsupervised
risk management = ?
the process of determining the acceptable level of risk and ensuring risk exposure remains below the threshold
according to COSO, risk management encompasses…?
- aligning risk appetite & strategy
- enhancing risk-response decisions
- reducing operational surprises and losses
- identifying and managing multiple and cross-enterprise risks
- improving deployment of capital
risk management consists of what components?
- risk identification
- risk assessment
- risk mitigation
- risk monitoring and reporting
risk management frameworks?
COSO integrated framework
ISO risk management
BCBS
which areas need to be managed from an ethical perspective?
- bias & fairness
- autonomous decision making and accountability
- privacy and data security
- job loss and economic impact
- human dignity and agency
principles of ISO/IEC TR address…?
misuse (over-reliance), disuse (under-reliance), abuse (negative outcomes resulting)
ISO/TEC principles must include…?
- accountability
- fairness/non-discrimination
- transparency & explainability
- professional responsibility
- promotion of human values
- privacy
- human control of technology
- community involvement & development
- human-centred design
- respect for the rule of law
- respect of international norms of behaviour
- safety & security
- environmental sustainability
- labour practices
risk management principles from ISO on risk management that requires AI related supplements
inclusive, dynamic, best available info, human & cultural factors, continual improvement
additional AI related considerations?
guidelines on ethical use & design of AI
technology trends & advancements in various areas of AI
stakeholder expectations on availability of AI-Based solutions
how the use of AI can affect organisations’ ability to meet contractual obligations
risk identification?
fundamental step in the broader process of risk management
to identify risks, document in risk register and give a risk rating
risk register?
AKA a risk universe
specific set of risks related to development & deployment of AI
NIST AI Risk management framework examples of potential harms caused by AI?
harm to people
harm to ecosystems
harm to organisations
machine learning risks
risks related to deployment
risk related to production
risk related to deployment
data privacy
information security
bias
risk related to production
cyber security
business resilience
risk assessment
evaluates 2 dimensions, impact & likelihood
4 common strategies for risk mitigation
avoidance
reduction
transfer
acceptance