Risk management is a discipline and when done well is a process and approach that requires ongoing monitoring, oversight and iteration. Although AI can already complete certain aspects of traditional risk management, specifically in the areas of risk identification, quantifications, and analysis, it is less useful in tackling, mitigating or preventing risks (though this may change in an agentic AI future when AI will not just analyze data and provide outcomes, but will also take actions).

AI can be useful at various intervention points across the AI risk management lifecycle. AI is often used in anomaly and fraud detection where it can analyse and identify patterns and trends against increasingly complex, large-scale threats. AI is less suitable for identifying and tackling emerging and new risks and emerging threats

There is not a single risk framework for AI. The AI risk frameworks most often referenced are:

• The US NIST AI Risk Management Framework (AI RMF)
• ISO 42001: Artificial Intelligence Management Systems
• the EU AI Act, and
• the OECD’s report on Advancing accountability in AI: “Governing and managing risks throughout the lifecycle for trustworthy AI” (which is an aggregation of various OECD frameworks, including the OECD AI Principles, the AI system lifecycle, the OECD framework for classifying AI systems, the OECD Due Diligence Guidance for Responsible Business Conduct as well as the ISO 31000 risk-management framework and NIST’s AI RMF).
• -The NIST AI RMF  is one of the most respected and often cited ones as it can be customized and made applicable to a broad ranges of industries and use cases, even if not based in the US (disclosure: the author of these FAQs, Jen Gennai, was a contributor to a number of internationally recognized AI risk management frameworks, including the NIST AI RMF). It has 4 main sections: Map, Measure, Manage, and Govern, which can map easily to existing risk management processes and systems.

Depending on the Cloud or IT third-party you use, some AI systems come with associated AI risk frameworks which are relevant to specific systems, domains and use cases. It’s important to ensure that any risk management framework aligns and integrates well with any existing risk management procedures and systems you already follow to reduce resources, costs and time overhead.

Responsible AI is about developing, deploying, and using AI in a way that has positive impacts on individuals and society, and prevents or minimizes potential harm. Responsible AI (also interchangeably referred to as Ethical AI or Trustworthy AI) aims to ensure AI is fair, inclusive, explainable, accessible, safe, secure, privacy-protecting, accurate, robust, and fit-for-purpose.

Responsible AI is an ongoing, iterative process to ensure that AI is developed, deployed and used responsibly, and that AI can be controlled, explained, and trusted. There is not a single way or best practice to achieve responsible AI, but some common steps include:

• Defining Responsible AI principles and policies
• Adopting robust AI governance and AI risk management practices and procedures across the AI lifecycle
• Ensuring responsible AI is a shared responsibility across an organization, with relevant and expert-informed training and change management
• Assigning appropriate roles, responsibilities and accountability to relevant stakeholders
• Take a humble, proactive, risk-based and context-dependent, ongoing approach to responsible AI which reduces costs in the long-run and helps you get ahead of issues.

The key pillars of responsible AI are: fairness, reliability and accuracy, safety, privacy and security, transparency and explainability, sustainability, and governance and accountability.

Expanding on each of these:

• Fairness : ensuring that AI is fair and does not disproportionately cause negative outcomes and harms to certain subgroups, just because of their identity or other demographic factors
• reliability and accuracy: ensuring that AI provides outcomes that are reliable, robust, accurate, appropriate and useful
• Safety: ensuring that AI does not cause physical, emotional, mental, economic, financial, educational or other harm.
• privacy and security : ensuring that the data of, from, and about people, organizations, nations etc. are private, safe, and secure from nefarious, illegitimate or excessive access or use.
• transparency and explainability : ensuring AI systems can be understood, debugged, contested, controlled and accountable to human oversight
• Sustainability: ensuring AI contributes to a greener, more sustainable planet and does not cause harm to individuals’, societies, ecosystem or the world’s health and flourishing.
• governance and accountability : ensuring AI is appropriately governed, with appropriate human oversight and accountability, all across the AI lifecycle.

Some of the most often-discussed ethical concerns related to AI are:

• Discrimination and exclusion of certain people
• Job disruption and displacement
• The “loss of truth” due to misinformation, disinformation, hallucinations etc
• Loss of human control and autonomy
• Privacy and security issues
• Non-consensual sexual imagery of both adults and children
• Anthropomorphization and loss of human connection
• Unjustified and unexplainable outcomes, decisions or actions
• Environmental impacts (specifically the over-consumption of water, energy, and rare minerals)

AI bias refers to when outcomes, decisions, or impacts disproportionately affect some groups or beliefs more than others.  Although bias can be both positive (e.g. personalization of online content towards your preferences could be defined as a positive bias towards your own needs and wants) and negative, the focus of AI bias is generally on unfair bias due to inadequacies in the data and model which lead to discriminatory and negative outcomes on certain subgroups of people.

AI governance encompasses the policies, processes, practices, and procedures that guide the development, deployment, and operation of AI to minimize potential harms and mitigate risks while maximizing its benefits. Some AI governance best practices include defining Responsible AI principles and policies, establishing or integrating robust risk management processes across the AI lifecycle, creating and scaling organizational governance structures with clear roles, responsibilities, and accountability mechanisms, designing and adopting training and culture change programs, and implementing monitoring and evaluation procedures.

• Policies & Principles
  • Set, communicate and enforce clear acceptable use policies
  • Include language in partner or vendor contracts that establishes responsible AI expectations.
• UX & User Controls
  • Develop user-controls (e.g. engagement settings)
  • Inform users when they are engaging with GenAI (eg as chatbots or AI generated content which could be confused for being created by humans)
  • Offer alternative, nonalgorithmic options
• Human Oversight
  • Conduct regular impact assessments
  • Establish expert oversight mechanisms (eg external advisory boards, user feedback mechanisms, bug bounties)
  • Establish appeal and/or contestability processes
  • Implement a rapid-response escalation management process
• Explainability/ Transparency
  • Implement clear risk disclaimers
  • Offer educational resources on digital literacy
  • Provide transparency artifacts (eg datasheets, model cards, transparency reports, system card)
• Fairness
  • Develop diverse representation in AI models
  • Develop diverse and inclusive training datasets
  • Conduct regular fairness audits
  • Test to ensure outcomes are fair or within acceptable ranges across sub-groups
• Safety
  • Implement ongoing safety evaluations and content filtering
  • Implement strict age verification processes
  • Develop age-appropriate content filters
  • Implement transparent evaluation criteria