Risk Management in AI

Question 1

what are the forms of AI classified by capability?

Answer 1

• narrow or weak AI
• general or strong AI
• superintelligent AI

Question 2

narrow/weak AI?

Answer 2

• most common form of AI
• designed/trained for a particular task
• operate under a predefined set/sequence, cannot perform tasks beyond their programming

Question 3

general/strong AI?

Answer 3

form of AI that possesses ability to find solutions of unfamiliar tasks without human intervention

Question 4

superintelligent AI?

Answer 4

surpasses human capabilities in every field

presents ethical and safety concerns

Question 5

forms of AI based on functionality?

Answer 5

• reactive machines
• limited memory
• theory of mind
• self-aware AI

Question 6

reactive machines?
limited memory?
theory of mind?
self-aware AI?

Answer 6

reactive machines = most basic types of AI systems with no memory, cant use past experiences to inform decisions

limited memory = can use past experiences

theory of mind = machines have the ability to understand emotions, beliefs & intentions

self-aware AI = advanced system which has a conscience

Question 7

forms of AI based on mode of learning?

Answer 7

supervised learning = trained on a labelled dataset

unsupervised learning = model without explicitly instructed data

semi-supervised/reinforcement learning = in between supervised & unsupervised

Question 8

risk management = ?

Answer 8

the process of determining the acceptable level of risk and ensuring risk exposure remains below the threshold

Question 9

according to COSO, risk management encompasses…?

Answer 9

• aligning risk appetite & strategy
• enhancing risk-response decisions
• reducing operational surprises and losses
• identifying and managing multiple and cross-enterprise risks
• improving deployment of capital

Question 10

risk management consists of what components?

Answer 10

• risk identification
• risk assessment
• risk mitigation
• risk monitoring and reporting

Question 11

risk management frameworks?

Answer 11

COSO integrated framework
ISO risk management
BCBS

Question 12

which areas need to be managed from an ethical perspective?

Answer 12

• bias & fairness
• autonomous decision making and accountability
• privacy and data security
• job loss and economic impact
• human dignity and agency

Question 13

principles of ISO/IEC TR address…?

Answer 13

misuse (over-reliance), disuse (under-reliance), abuse (negative outcomes resulting)

Question 14

ISO/TEC principles must include…?

Answer 14

• accountability
• fairness/non-discrimination
• transparency & explainability
• professional responsibility
• promotion of human values
• privacy
• human control of technology
• community involvement & development
• human-centred design
• respect for the rule of law
• respect of international norms of behaviour
• safety & security
• environmental sustainability
• labour practices

Question 15

risk management principles from ISO on risk management that requires AI related supplements

Answer 15

inclusive, dynamic, best available info, human & cultural factors, continual improvement

Question 16

additional AI related considerations?

Answer 16

guidelines on ethical use & design of AI

technology trends & advancements in various areas of AI

stakeholder expectations on availability of AI-Based solutions

how the use of AI can affect organisations’ ability to meet contractual obligations

Question 17

risk identification?

Answer 17

fundamental step in the broader process of risk management

to identify risks, document in risk register and give a risk rating

Question 18

risk register?

Answer 18

AKA a risk universe

specific set of risks related to development & deployment of AI

Question 19

NIST AI Risk management framework examples of potential harms caused by AI?

Answer 19

harm to people
harm to ecosystems
harm to organisations

Question 20

machine learning risks

Answer 20

risks related to deployment
risk related to production

Question 21

risk related to deployment

Answer 21

data privacy
information security
bias

Question 22

risk related to production

Answer 22

cyber security
business resilience

Question 23

risk assessment

Answer 23

evaluates 2 dimensions, impact & likelihood

Question 24

4 common strategies for risk mitigation

Answer 24

avoidance
reduction
transfer
acceptance

Question 25

which is the only feasible risk mitigation strategy?

Answer 25

risk reduction

Question 26

risk monitoring?

Answer 26

ongoing process of tracking & reviewing identified risks and effectiveness of the mitigation strategies

Question 27

risk reporting?

Answer 27

involves communicating current risk status, changes, breaches and trends

Question 28

trustworthy AI systems must have which characteristics?

Answer 28

validity & reliability
safe
secure & resilient
accountable & transparent
explainability & interpretability
privacy enhanced
fair w/ harmful bias managed

Question 29

four functions composing a core risk management process for AI?

Answer 29

govern
map
measure
manage