SCENARIO IV - Domain VI, Competency D Flashcards
NMATO, a multinational health care company with a presence in the U.S., India and Nigeria, has a strong track
record of adhering to regulatory requirements and ensuring patient safety. With the increasing integration of AI
in health care for diagnostics, personalized treatment and operational efficiency, the organization recognizes
the need to enhance its governance processes.
NMATO has an enterprise risk management function overseeing privacy and security risk management locally
for in-house and third-party applications across its markets. High-risk scenarios are escalated to headquarters
for centralized risk analysis.
Despite robust processes, the increasing adoption of AI poses challenges in taking stock of AI and managing AI
risks effectively. Senior management is concerned with the potential AI risk but is keenly aware of the benefits
of leveraging AI and is under pressure to keep pace with competitors. In response, they appoint Tochi, who has
worked for the company for five years in privacy risk management and has a keen interest in AI governance, to
lead the AI governance office. Tochi’s task is to propose a governance strategy aligning with industry best
practices while reflecting NMATO’s commitment to transparency, accountability and patient safety. Tochi’s proposal should also address the difficulties in tracking all AI applications within the organization,
ensuring that the governance strategy provides a framework for identifying, assessing and managing AI risks
across NMATO’s operations in the U.S., India and Nigeria. Additionally, the strategy should outline clear
guidelines for integrating AI capabilities into existing applications, emphasizing the importance of ethical
considerations, patient privacy and regulatory compliance.
q
- What is a primary consideration for Tochi when tailoring AI governance to the organization?
A. The availability and expertise of the organization’s IT team.
B. The organization’s budget constraints and financial resources.
C. The unique context, culture and objectives of the organization.
D. Emerging trends and innovations in the broader industry landscape.
- The correct answer is C. While Tochi has worked for five years at NMATO, his focus was on privacy risk
management. At this time, his focus needs to be on how AI will be used by examining the context, culture
and objectives of the organization. He must evaluate the context and how best practices for AI use will fit
within the organization.
Body of Knowledge Domain VI, Competency D
- To strengthen the AI governance program early in its build-out, Tochi must do which of the following?
A. Block third-party AI solutions from being deployed in the organization.
B. Evaluate technology solutions different stakeholders can leverage in assessing AI solutions.
C. Create a new organization charter and hire AI experts to build new AI governance processes.
D. Understand the stakeholders involved and engage them early to identify areas of partnership.
- The correct answer is D. AI governance requires a diverse set of stakeholders due to the multifaceted nature
of AI harms and diverse perspectives that can be leveraged to enrich the program. Tochi must demonstrate
inclusiveness internally and potentially do an assessment to identify if there are gaps that may be fulfilled by
an additional hire.
Body of Knowledge Domain VI, Competency D
- Which of the following describes NMATO’s governance model?
A. Hybrid.
B. Centralized.
C. Cooperative.
D. Decentralized.
- The correct answer is A. Best practice is to leverage existing governance models. NMATO currently has a
hybrid model, given that risk evaluations happen locally with a coordination mechanism at the head office.
Operating a hybrid model also allows for the combination of centralized and local governance. This is
typically seen when a large organization assigns a main individual responsibility for AI-related affairs, and
the local entities then fulfill and support the policies and directives from the central governing body.
Body of Knowledge Domain VI, Competency D
