SCENARIO VI - Domain VI, Competency D Flashcards

1
Q

Sam Simon is charged with implementing an AI governance program at his company, Spenger Incorporated,
operating solely in the U.S. Spenger Inc. has implemented some AI systems already but has not considered the
risks involved and wants to ensure it has solid procedures and policies in place. Sam researches how to build
an AI governance program, including by talking with some of the company’s other risk management
professionals and legal department to determine the best way to begin.

A

Please use the following scenario to answer the next THREE questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Of the below organizational stakeholders, with whom should Sam prioritize meeting to determine the best
    way to approach risk management and build the AI governance program?
    A. Privacy and security experts.
    B. Audit and assurance experts.
    C. The head of market research.
    D. His human resources business partner.
A
  1. The correct answer is A. Privacy and security experts are core stakeholders in building an AI governance
    program and will be key to identifying and mitigating AI-related risks specific to Spenger Inc. The
    stakeholder list may need to be fluid as Sam scopes out AI dependencies across Spencer Inc. and discovers
    additional uses and interactions with AI systems across teams. Other stakeholders may be consulted during
    the process; however, privacy and security experts will always need to be involved.
    Body of Knowledge Domain VI, Competency D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Sam knows an algorithmic impact assessment is necessary to manage AI risks and adopt responsible,
    ethical AI practices, but he is not sure where to begin. Which of the following options is the best starting
    point for an algorithmic impact assessment?
    A. Confirming whether the AI system is approved by applicable regulators.
    B. Leveraging an applicable PIA or DPIA and tailoring it to cover any gaps for AI.
    C. Making sure the organization has secured the proper funding for the AI system.
    D. Notifying employees who will use the system about any necessary risk mitigation.
A
  1. The correct answer is B. An AI governance professional should begin an algorithmic impact assessment by
    leveraging PIAs as a starting point and tailoring them to the AI process. Treating an algorithmic impact
    assessment as an extension of a privacy impact assessment will help to ensure the assessment ties back to
    the company’s vision, mission and core values, and accounts for organizational context.
    Body of Knowledge Domain VI, Competency D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following is a key risk to Spenger Inc. if Sam does not properly document the decisions made
    regarding an AI system’s appropriate uses?
    A. The organization may not see the return on investment expected.
    B. The system is used for something not considered and approved.
    C. Another department in the organization implements a similar system.
    D. The organization will not be able to respond to auditors appropriately.
A
  1. The correct answer is B. To limit potential misuse and liability of an AI system, an organization must properly
    document the decisions made regarding an AI system. Otherwise, it is easy for the system to be used for a
    purpose not considered and approved.
    Body of Knowledge Domain VI, Competency D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly