AI Risk Management

December 2020
Risk management throughout the Artifical Intelligence (AI)
lifecycle

What is AI and what can it do for your organisation?

Types of AI Advantages of AI

Speech recognition

What is AI? Competitive advantage

Natural language
Artificial processing (NLP)
intelligence is
the development
Affective Automation of insights
of machines
computing
capable of
performing tasks
Natural language Accurate and fast decision
which typically
generation (NLG) making
require human
intelligence
Computer vision
Efficiency and quality
increase
Machine learning

Deloitte can help you manage the AI related risks

The implementation and use of AI brings along some important risks to consider. These risks contain both risks inherent to AI,
as well as risks related to the business processes it automates. Deloitte can help you manage these risks.

Example AI specific Risks

Algorithmic bias Algorithmic inaccuracy

Dependence on a continuously evolving dataset that Incorrect type of algorithm applied to a problem, poor
drives AI decisions make it harder to identify inherent data quality or suboptimal choice of algorithm
bias in the model parameters

Algorithmic misuse Algorithmic feedback

Increased probability that business users may lack Increased risk of inappropriate feedback going
adequate understanding of complex AI model undetected may compromise the solution’s ability to
limitations and incorrectly interpret the output produce accurate results

Business risk

Technology People Operational Continuity

Strategic Cyber Regulatory Financial

© 2020 Deloitte BE. All rights reserved. 22

 Risk and control framework

The Deloitte Risk and Control framework can help your organization with the implementation of artificial intelligence
solutions in a secure, compliant and manageable way by making your company’s IT Governance and Risk framework AI ready.

Frameworks & Regulations Controls & Procedures

Align the internal automation control Processes to manage 1st (“operations and
framework with internal policies and external risk management”) and 2nd (“risk oversight”)
regulations Lines of Defence

Change Management & Culture Organisational Engagement

Strategy, communication, The programs and methods for
engagement and training to promote engaging the workforce in
an automation augmented automation opportunity
workforce identification and collaboration

Governance & Oversight Planning & Alignment

The organisational structure, committees, and The methodologies and processes to effectively
roles & responsibilities for managing identify, value, prioritise, and align on
automation environments automation opportunities

Getting started with A.I.

Just getting started with AI? We can provide information on the risks an organization needs to address to
be AI ready. We do this by assessing the current and desired levels of AI maturity. We then perform a risk
Readiness and gap assessment to establish the as-is AI maturity level.
assessment Based on the as-is maturity level we provide a high level report of the artificial intelligence readiness of
your organization categorized into three main domains: people, processes and technology. The readiness
assessment will be the input to establish an AI strategy.

Readiness assessed

To determine the AI strategy, it is crucial to have an objective source of information comparing the
current maturity level to similar organizations in the market. Using comparative AI Risk studies in Quick Scans
combination with the risks and opportunities identified during the readiness assessment, we help the Benchmarks
organization in the development of the automation strategy.

Strategy defined

Find out how your organization can leverage the power of AI. The Technology and digital risk team offers
the opportunity to brainstorm about the roles and risks of AI within your organization together with our
AI Risk
experts in the field. We will discuss your business and processes and identify potential AI related risks.
Workshops
We will then help you develop a risk control framework and look for program and project investments
which can create value within your organization by using this framework.

Processes developed

When the AI strategy has been defined and/or the AI processes and risk control frameworks have been
designed and/or implemented, Deloitte can help in both the risk evaluation of the existing AI systems and
processes as well as develop new AI solutions to support the strategy. A couple of example domains where
Deloitte has built expertise over the years are the following: Deloitte
aiStudio
Prototyping – Explainable AI – Bias and Ethics risk assessments – Data anomaly and risk detection – Table extraction
All of these solutions are designed to help you discover new ways of leveraging AI in your organization or
improve the maturity of already existing processes.

Maturity increased
When your AI processes have been implemented, there are still a great deal of risks to overcome. These
can range from IT and cyber security as well as compliance and ethics. We can help you gain assurance
over the implemented IT and business cycle controls with relation to AI. We assess controls related to
AI Audit identity and access management, change management, data integrity, IT operations & processes and
business continuity. Based on this assessment we provide recommendations to improve your AI control
framework to increase the level of artificial intelligence maturity within your organization.

High A.I. maturity

© 2020 Deloitte BE. All rights reserved. 33

 Contact

Johan Van Grieken Jelle Welvaarts

Partner | Technology & Digital Risk Director | Technology & Digital Risk
Gateway Building Gateway Building
Luchthaven Brussel Nationaal 1J Luchthaven Brussel Nationaal 1J
B-1930 Zaventem B-1930 Zaventem
Tel: +32 496 57 49 40 Tel: +32 479 91 38 98
[email protected] [email protected]

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by
guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member
firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not
provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL
and its member firms.
Deloitte provides audit, tax and legal, consulting, and financial advisory services to public and private
clients spanning multiple industries. With a globally connected network of member firms in more than 150
countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights
they need to address their most complex business challenges. Deloitte has in the region of 312,000
professionals, all committed to becoming the standard of excellence.
This publication contains general information only, and none of Deloitte Touche Tohmatsu
Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of
this publication, rendering professional advice or services. Before making any decision or taking any action
that may affect your finances or your business, you should consult a qualified professional adviser. No
entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who
relies on this publication.
© 2020 Deloitte BE. All rights reserved.