To keep up with the speed of business, organizations need to move fast to stay competitive and improve their market share. This often includes adopting emerging technologies, such as artificial intelligence (AI). The potential benefits of AI are vast – AI promises to reduce operational costs, streamline workflows, enhance customer satisfaction, and so much more. Yet in their rush to integrate these technologies, businesses often overlook one very important element: Governance.
Less flashy than risk and less visible than compliance, governance serves as the foundation for an organization’s goals and objectives. Before jumping to implement the latest technology, businesses need to pause and ask crucial questions such as:
- Why are we integrating this technology?
- What problem(s) is this technology solving?
- How will we govern its implementation?
- How are we ensuring that our data is protected?
- What problems or vulnerabilities might it introduce?
Too often, companies implement a technology without understanding what strategy or goal it’s supporting, how it will be governed, or what the plan is for implementing and integrating it responsibly and effectively.
Case in point: In 2024, Air Canada lost a lawsuit in which its AI chatbot provided incorrect information to a customer regarding bereavement fare. When the customer followed the chatbot’s advice, Air Canada initially refused to honor the erroneous information provided by the chatbot, saying that the customer should have verified the information with the provided link. Air Canada later tried to argue that the chatbot was a separate legal entity, but a Canadian tribunal ruled against Air Canada, forcing them to compensate the customer. This case highlighted critical gaps in Air Canada’s AI governance, particularly:
- Accuracy of AI-generated information
- Accountability for the output of AI systems
- Appropriate oversight and verification processes
Whether you’re building an AI system in-house or incorporating an externally developed AI system, you can often find appropriate guidance in existing frameworks like COBIT, which serves as a practical, comprehensive guide to build an effective governance system over AI.
ISACA’s Leveraging COBIT for Effective AI System Governance white paper dives into how the COBIT framework can help an enterprise implement a governance system over the responsible and effective creation, implementation and maintenance of AI systems. Here are my top five takeaways:
- Start with Strategic Alignment: When implementing an AI system, you need to make sure that it aligns with your organization’s strategic objectives. This ensures that the goals of the business are driving your technology implementations, and not the other way around.
- Manage Your Risk: It’s critical to understand the risks associated with your AI systems. This starts by understanding the elements of trustworthy AI, as well as assessing and mitigating AI risks to ensure alignment with your organization’s risk appetite and tolerance levels.
- Measure Performance: How do you know if your AI implementation was successful? By measuring it! Establish targets for AI performance and develop clear metrics to evaluate your AI implementation’s success.
- Implement Security Protocols: Ensure your AI systems are secure by implementing robust security safeguards to protect sensitive information and intellectual property. Proactively implementing effective controls will help prevent data breaches and maintain the confidentiality, integrity and availability of your AI systems and its associated data.
- Ensure Accountability: Clearly define roles and responsibilities for your AI systems. By defining accountability and responsibility early on, you can quickly address issues that arise during the development or usage of your AI systems, ensuring increased operational performance, swift issue remediation, and compliance with applicable regulations and standards.
AI has the potential to transform how businesses operate, but its effectiveness largely depends on responsible implementation. In the eagerness to deploy the latest AI technology, some organizations bypass establishing governance to achieve the quick win. This leaves them on unstable foundations, vulnerable to potential risk or security issues, and prevents them from fully benefiting from the potential value of AI.
Take the time to develop a comprehensive governance strategy to create a sustainable framework that will fuel your organization’s long-term growth and business success.
