It’s no secret that to use AI responsibly, organizations have to balance risk and reward, and tailor their response according to the risk level associated with each project.
But how can you be sure where AI is even being used in your organization? Or what risk level is associated with each of those projects? Creating an inventory of all AI projects is one of the first — and most critical — steps of establishing an AI governance program.
As the name suggests, an AI inventory is a centralized location that allows you to understand everywhere AI technology is being used across your business. It gives you an up-to-date look at what projects, models, and databases are associated with AI and machine learning (ML) technology.
At the most basic level, creating your AI model inventory gives you greater visibility – not only into where AI is being used, but also what risk level is associated with each project. At a glance, you’ll be able to tell if you have too many high or unacceptable risk projects, or if the bulk of your work is in the low risk range.
Though visibility into your AI is a huge benefit of an AI inventory for your business, it’s not the only one. Here are 4 more ways an AI inventory can impact your organization:
Increase the maturity of your AI governance program
Most companies are just getting started with their AI governance programs, and getting started can be really overwhelming — especially if you know AI is being widely used across your organization. But this early stage is actually the perfect time for creating an AI inventory; you’ll set a strong foundation for your governance program, and will be able to move forward knowing that you have solid roots.
Navigate risk variety
Different laws, like the draft EU AI Act, all put forward different levels of risk. These levels are still being defined and put into context, but the fact remains that each level has an associated obligation that has to be carried out. Understanding what these levels are and where they exist in your organization will help ensure you meet those obligations and protect against high and unacceptable risk.
In a similar vein, creating your AI inventory early on in your governance program is actually a cost management tool. By evaluating risk levels early, you’ll avoid spending resources on projects that end up being deemed high or unacceptable risk, like facial recognition software.
If, for instance, a company is considering using facial recognition software to verify when their employees are working in the office, they’d spend considerable time and money developing and implementing that program. But since facial recognition technology is deemed an unacceptable risk under the EU AI Act, this company would have spent company resources on a program that can’t actually be used.
In many organizations, team members and stakeholders are excited about the potential of AI and are bringing new potential use cases to the table for evaluation and approval. Though not every use case will be approved, many of them can be. Having a streamlined evaluation process will allow your team to advance development or experimentation for AI use without inundating your compliance team or waiting on the response.
Creating an inventory — and a streamlined process for approval in the future — is a critical first step for your AI governance program. But for most teams, manually reviewing and approving each proposed use case for AI just isn’t realistic.
Rather than manually collecting all the projects where AI is being used, evaluating risk for each project, and approving or rejecting its use, your risk scoring can be done automatically. OneTrust’s new AI Intake Assessment template helps streamline and automate this process. The template can be deployed within a self-service portal or embedded within existing project management tools, like Jira.
After the use case is defined, OneTrust assigns each project a risk score and carries out automatic workflows — like automatically approving low risk projects and rejecting unacceptable risk ones. Organizations with established risk programs can customize risk scoring, thresholds, and levels to align with their existing frameworks. This saves your compliance team’s bandwidth for reviewing cases and enables the rest of your organization to continue using AI in their workflows.
To see this template in action and learn more about how OneTrust can help you develop your AI governance program, schedule a demo today.