MANAGE-2.1—Resources required to manage AI risks are taken into account, along with viable non-AI alternative systems, approaches, or methods – to reduce the magnitude or likelihood of potential impacts.

>Control Description

Resources required to manage AI risks are taken into account, along with viable non-AI alternative systems, approaches, or methods – to reduce the magnitude or likelihood of potential impacts.

>About

Organizational risk response may entail identifying and analyzing alternative approaches, methods, processes or systems, and balancing tradeoffs between trustworthiness characteristics and how they relate to organizational principles and societal values. Analysis of these tradeoffs is informed by consulting with interdisciplinary organizational teams, independent domain experts, and engaging with individuals or community groups. These processes require sufficient resource allocation.

>Suggested Actions

Plan and implement risk management practices in accordance with established organizational risk tolerances.
Verify risk management teams are resourced to carry out functions, including
Establishing processes for considering methods that are not automated; semi-automated; or other procedural alternatives for AI functions.
Enhance AI system transparency mechanisms for AI teams.
Enable exploration of AI system limitations by AI teams.
Identify, assess, and catalog past failed designs and negative impacts or outcomes to avoid known failure modes.
Identify resource allocation approaches for managing risks in systems:
deemed high-risk,
that self-update (adaptive, online, reinforcement self-supervised learning or similar),
trained without access to ground truth (unsupervised, semi-supervised, learning or similar),
with high uncertainty or where risk management is insufficient.
Regularly seek and integrate external expertise and perspectives to supplement organizational diversity (e.g. demographic, disciplinary), equity, inclusion, and accessibility where internal capacity is lacking.
Enable and encourage regular, open communication and feedback among AI actors and internal or external stakeholders related to system design or deployment decisions.
Prepare and document plans for continuous monitoring and feedback mechanisms.

>Documentation Guidance

Organizations can document the following

Are mechanisms in place to evaluate whether internal teams are empowered and resourced to effectively carry out risk management functions?
How will user and other forms of stakeholder engagement be integrated into risk management processes?

AI Transparency Resources

Artificial Intelligence Ethics Framework For The Intelligence Community.
Datasheets for Datasets.
GAO-21-519SP - Artificial Intelligence: An Accountability Framework for Federal Agencies & Other Entities.

>References

Board of Governors of the Federal Reserve System. SR 11-7: Guidance on Model Risk Management. (April 4, 2011).

David Wright. 2013. Making Privacy Impact Assessments More Effective. The Information Society, 29 (Oct 2013), 307-315.

Margaret Mitchell, Simone Wu, Andrew Zaldivar, et al. 2019. Model Cards for Model Reporting. In Proceedings of the Conference on Fairness, Accountability, and Transparency (FAT* '19). Association for Computing Machinery, New York, NY, USA, 220–229.

Office of the Comptroller of the Currency. 2021. Comptroller's Handbook: Model Risk Management, Version 1.0, August 2021.

Timnit Gebru, Jamie Morgenstern, Briana Vecchione, et al. 2021. Datasheets for Datasets. arXiv:1803.09010.

>AI Actors

AI Deployment

Operation and Monitoring

AI Impact Assessment

Governance and Oversight

>Topics

Risk Tolerance

Trade-offs

>Cross-Framework Mappings

Ask AI

Configure your API key to use AI features.