{"id":980,"date":"2021-02-01T08:27:04","date_gmt":"2021-02-01T07:27:04","guid":{"rendered":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/"},"modified":"2021-02-01T08:27:04","modified_gmt":"2021-02-01T07:27:04","slug":"auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust","status":"publish","type":"post","link":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/","title":{"rendered":"Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust"},"content":{"rendered":"<h4><strong><em>How do we build trust? How can we systematically assure trust in our systems? How would auditing AI and autonomous systems contribute to this goal?<\/em><\/strong><\/h4>\n<h4><strong><em>Explaining how the world\u2019s most famous accounting\/audit disaster &#8211; Enron &#8211; exemplifies the merits of Independent Audit, helps illustrate how a robust system of oversight is essential to building trust.<\/em><\/strong><\/h4>\n<p>Few would disagree with the statement \u201cWe need to be able to trust our artificial intelligence and autonomous systems\u201d. But achieving that trust \u2014 rather than merely desiring it \u2014 commands an understanding of what trust is: how is it achieved, what factors need to be in place in order for it to be assured? What processes, standards, behaviours \u2014 and accountability \u2014 needs to be guaranteed in order to confidently say: \u201cI trust this\u201d?<\/p>\n<p>This paper explores those questions by outlining key elements to building and preserving trust and exploring how these elements have and do apply to a range of industries and historic events.&nbsp; It also suggests some solutions for building trust in AI and autonomous systems.&nbsp; Solutions we have enough confidence in that we are beginning to operationalise them now.<\/p>\n<p>On its face, Enron, the world\u2019s most famous audit\/accounting disaster, might highlight the failure of auditing, and point to the struggles facing any attempt to audit AI and autonomous systems.&nbsp; But that would be to look and not really see&#8230;&nbsp;<\/p>\n<p>The vast majority of audits do not uncover disasters, large scale frauds or malfeasance.&nbsp; &nbsp; Indeed, thousands of public entities are audited without fanfare every year.&nbsp; The Enron case&nbsp; is an outlier of the most extreme kind, which, if studied correctly and reconciled with the 99.99% of regular audits, can inform what correct and robust structures are needed for an #infrastructureoftrust.<\/p>\n<p>By designing and creating Independent Audit of AI Systems (IAAIS), ForHumanity will help build a system of trust in our AIs and autonomous systems.&nbsp; Trust has been studied by many for centuries, and there is no universal and perfect process that guarantees it. So, instead, we look for instances of trust and see which elements they have in common.&nbsp; Here we submit some of the elements that consciously and subconsciously combine to allow us to trust:<\/p>\n<p data-rte-preserve-empty=\"true\">\n<ol data-rte-list=\"default\">\n<li><strong>Predictability<\/strong> (a belief or perception about the likelihood of future outcomes from an interaction)<\/li>\n<li><strong>Transparency<\/strong> (access to information allowing for decision-making, especially changes from current trajectories)<\/li>\n<li><strong>Understanding <\/strong>(awareness of a sufficient level of information and knowledge to feel comfortable with a decision or choice)<\/li>\n<li><strong>Control<\/strong> (power equating to a sense of being in-charge and the belief that a decision has multiple viable and beneficial choices)<\/li>\n<li><strong>Security<\/strong> (protection from harm: physical, mental, spiritual, financial or emotional)<\/li>\n<li><strong>Fairness<\/strong> (the belief that the interaction has a balanced set of pros and cons for both\/all parties)<\/li>\n<li><strong>Equity<\/strong> (the belief that an individual\u2019s interaction is comparable to others with similar circumstances)&nbsp;<\/li>\n<li><strong>Morality<\/strong> (belief that the trusted party\/entity cares about their impact on us or at least they are not intending to harm people)<\/li>\n<\/ol>\n<p>Each of us \u2018trusts\u2019 in different ways. Depending on the interaction in question, we ascribe more or less value to these listed attributes.&nbsp; Monetary interactions might score lower on the Moral variable and higher on Fairness while trust in manual driving scores high on Predictability (if not, it would be nearly impossible to share a road).&nbsp; If we are to build trust an #infrastructureoftrust that serves all people, then all of these elements must be accounted for in a robust way.&nbsp;<\/p>\n<p>From this foundation, we tackled AIs and Autonomous Systems. We didn\u2019t have to start from scratch: in our purview was an existing #infrastructureoftrust with a nearly 50 year track record \u2014 the system of Independent Audit already well established in the world of Financial Reporting and Financial Accounting.&nbsp;&nbsp;<\/p>\n<p>We took the \u2018Trust Variables&#8217; above and considered them in relation to the key three parties (auditor, compliant entity, society) engaged in an existing financial audit.<\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Predictability<\/strong>&nbsp;\n<ul data-rte-list=\"default\">\n<li>&nbsp;A 3rd party auditor will examine numbers and financial accounts, each year, in a nearly identical manner. Notwithstanding changes to the rules necessary to properly maintain the system.<\/li>\n<li>The compliant entity can plan on compliance and even build compliance-by-design. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) system of Internal Risk and Controls was built on this very premise.<\/li>\n<li>Society knows what compliance means. It can anticipate how usual and unusual events will be treated, which makes the results relatable over extended time periods for valuable evaluations<\/li>\n<\/ul>\n<\/li>\n<li><strong>Transparency<\/strong>&nbsp;\n<ul data-rte-list=\"default\">\n<li>These rules are publicly available to the auditor, and the auditor\u2019s work is also reviewed. The auditor can participate in but not control changes to those rules which may facilitate their ability to assure compliance.<\/li>\n<li>The compliant entity knows the rules and has the ability to participate in but not control changes to those rules which may facilitate their ability to comply and accurately represent their work<\/li>\n<li>Society knows the rules (even if a specialised profession largely deploys the results on their behalf) and has the ability to review the result.&nbsp; Society has an ability to participate in but not control changes to those rules which may facilitate their ability to understand the entity and the outputs<\/li>\n<\/ul>\n<\/li>\n<li><strong>Understanding<\/strong>&nbsp;\n<ul data-rte-list=\"default\">\n<li>Understanding different professions requires expertise about these numbers and what they mean.&nbsp; Those explanations are widely available and consistently delivered to all who seek knowledge about how to audit.<\/li>\n<li>The compliant entity has equal knowledge on how to comply with the audit<\/li>\n<li>Society understands how financial audits are conducted, what compliance means, and understands the output&nbsp;<\/li>\n<\/ul>\n<\/li>\n<li><strong>Control<\/strong>&nbsp;&nbsp;\n<ul data-rte-list=\"default\">\n<li>A 3rd party auditor has complete and unconflicted responsibility for assuring compliance with the rules and standards; assuring compliance is in their sole discretion based on pre-defined and well-understood proofs supplied by the compliant entity<\/li>\n<li>The compliant entity reduces its own risk and dictates the manner in which it&nbsp; provides compliance satisfaction.&nbsp; Compliance satisfaction is well known and understood to avoid failed compliance. Satisfactory compliance will equate to assurance by the auditor.<\/li>\n<li>Society has more limited control here, except that a vital feedback loop is created as the rules are established by trusted industry specialists.&nbsp; If society does not use these outputs (ultimate choice) then the whole system fails and folds back upon itself.&nbsp; As long as the system functions positively, then society continues to use the outputs, and the system repeats<\/li>\n<\/ul>\n<\/li>\n<li><strong>Security<\/strong>\n<ul data-rte-list=\"default\">\n<li>The Auditor has the contractual structure and \u2018power\u2019 to demand the information required to assure compliance. They have the imprimatur to do so because they are not authors of the rules.&nbsp; They have full transparency through their contract with the compliant entity.<\/li>\n<li>The compliant entity protects its intellectual property from the whole world, including its competitors.&nbsp; It is responsible for all aspects of compliance and all information, except disclosures, maximizing the protection of that information vis a vis omnibus transparency.&nbsp; The compliant entity maximizes security by being compliant.<\/li>\n<li>Society protects itself by establishing the rules which raise transparency, increase governance, oversight, and protection\/safety mechanisms for humans.&nbsp; When laws are codified into audit rules we achieve proactive compliance rather than the traditional reactive compliance courtesy of laws and punishment ***<\/li>\n<\/ul>\n<\/li>\n<li><strong>Fairness<\/strong>&nbsp;\n<ul data-rte-list=\"default\">\n<li>Auditors are independent (legal term) and only receive commensurate compensation for conducting audits.&nbsp; The Auditor has liability for certifying compliance where it is not earned and proved by the compliant entity. This creates a natural \u201ctension\u201d between auditor and compliant entity where the auditor can effectively imply \u201cprove it\u201d in regards to the audit criteria.<\/li>\n<li>The compliant entity knows that if it is compliant and can reasonably prove compliance then assurance will occur.&nbsp; The fees associated with the audit do not outweigh the economic benefit of compliance<\/li>\n<li>Society benefits from an unconflicted process and the leverage provided by an audit firm acting as an unbiased proxy for verification and assurance of an entity\u2019s financial reports. It acts as \u2018shorthand\u2019 for all members of society doing their own work.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Equity<\/strong>\n<ul data-rte-list=\"default\">\n<li>Auditors provide the same assurance for the same compliance based upon a set of accepted third-party rules (avoiding the inherent conflict of interest of auditing your own rules) and are simply applying them in return for a fair wage.<\/li>\n<li>All compliant entities receive the same assurance for the same compliance based upon a set of rules they did not create and receive public notoriety for complying with the rules demanded by society on a level playing field.<\/li>\n<li>Society establishes a set of rules for all.&nbsp; A level playing field of compliance and assurance on a set of rules that treat the individual in a fair way vis a vis the compliant entity during the exchange of goods and services.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Morality<\/strong>\n<ul data-rte-list=\"default\">\n<li>The Auditor understands they act as a proxy for society and have a duty of care to assure compliance where it exists and withhold assurance when compliance is not achieved.<\/li>\n<li>The compliant entity willfully complies with societal rules in exchange for the right to earn a profit or the right to continue to deliver its&nbsp; goods and services.<\/li>\n<li>Society makes rules and processes that satisfy their needs for trust, balanced against the economic needs of the compliant entity\u2019s ability to profitably or successfully deliver their goods and services<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>Using the trust framework derived from financial accounting, it is instructive to examine a monstrous failure of the system to understand the ways in which it was manipulated. This gigantic fraud was facilitated by fundamental failures of the infrastructure (now rectified).&nbsp;<\/p>\n<p><strong>The Enron Story<\/strong><\/p>\n<p>Before 2001, Enron employed approximately 29,000 staff and was a major <a href=\"https:\/\/en.wikipedia.org\/wiki\/Electricity\">electricity<\/a>, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Natural_gas\">natural gas<\/a>, communications, and pulp and paper company, with claimed revenues of nearly $101 billion during 2000.<a href=\"https:\/\/en.wikipedia.org\/wiki\/Enron#cite_note-1\">[1]<\/a> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Fortune_(magazine)\"><em>Fortune<\/em><\/a> named Enron &#8220;America&#8217;s Most Innovative Company&#8221; for six consecutive years.&nbsp; Its stock market capitalization peaked at or around $11 billion. Enron\u2019s auditor was Arthur Anderson.&nbsp; After the scandal was uncovered, all of that equity was destroyed.&nbsp;&nbsp;<\/p>\n<p>In the next section&nbsp; we return to elements of the framework of trust and map the Enron scandal against each. We will skip the role of one of the three key parties &#8211;&nbsp; society here because it is not unreasonable to conclude that society was universally and completely neglected and subsequently harmed by this fraud and malfeasance.&nbsp; Later, we address the role of fraud and malfeasance in this system.<\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Predictability<\/strong> &#8211;&nbsp;\n<ul data-rte-list=\"default\">\n<li>&nbsp;A 3rd party auditor will examine numbers and financial accounts, each year, in a nearly identical manner. Notwithstanding changes to the rules necessary to properly maintain the system.<\/li>\n<li>The compliant entity can plan on compliance and even build compliance-by-design. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) system of Internal Risk and Controls was built on this very premise.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>Enron and Arthur Anderson conspired to use this predictability against society. They manipulated the rules, maximised loopholes and tailored contracts and business functions to fit into those loopholes. Collusion and communication were required to maximize these manipulations of Predictability.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Transparenc<\/strong>y &#8211;&nbsp;\n<ul data-rte-list=\"default\">\n<li>The rules are publicly available to the auditor, and the auditor\u2019s work is also reviewed. The auditor can participate in but not control changes to those rules which may facilitate their ability to assure compliance.<\/li>\n<li>The compliant entity knows the rules and has the ability to participate in but not control changes to those rules which may facilitate their ability to comply and accurately represent their work<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>As a result of the collusion between the two entities, application of the rules was manipulated.&nbsp; The&nbsp; clarity of the rules was used against the system to exploit the loopholes. This was only possible because auditor independence was compromised.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Understanding <\/strong>&#8211;&nbsp;\n<ul data-rte-list=\"default\">\n<li>Understanding different professions requires expertise about these numbers and what they mean.&nbsp; Those explanations are widely available and consistently delivered to all who seek knowledge about how to audit.<\/li>\n<li>The compliant entity has equal knowledge on how to comply with the audit<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>In the Enron story \u201cspecialised\u201d and industry expertise was used against society.&nbsp; Insufficient scrutiny led to these manipulations.&nbsp; However, it is also how the fraud was eventually uncovered.&nbsp; Because there were still reporting requirements, disclosure and transparency requirements, sophisticated investors and analysts eventually called out the fraud and investigations were launched.&nbsp; Understanding remains key and the more general the understanding is made, the greater defence against fraud and malfeasance.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Control<\/strong> &#8211;&nbsp;\n<ul data-rte-list=\"default\">\n<li>A 3rd party auditor has complete and unconflicted responsibility for assuring compliance with the rules and standards; assuring compliance is in their sole discretion based on pre-defined and well-understood proofs supplied by the compliant entity<\/li>\n<li>The compliant entity reduces its own risk and dictates the manner in which it&nbsp; provides compliance satisfaction.&nbsp; Compliance satisfaction is well known and understood to avoid failed compliance. Satisfactory compliance will equate to assurance by the auditor.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>Arthur Anderson was utterly compromised in its role: paid as a consultant, advisor, and auditor meant its independence to act in the best interests of the audit process was impossible.&nbsp; This failure was rectified by the Sarbanes Oxley Act (2001), passed in direct response to this incident.&nbsp; Later, we highlight how this law remedied key shortcomings in the infrastructure resulting in this fraud. Enron exerted control by manipulating its accounting to magnify earnings and other related assets,making the company appear more valuable than it would have appeared under standard accounting practices.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Security &#8211;<\/strong>\n<ul data-rte-list=\"default\">\n<li>The Auditor has all of the information they require to assure compliance and need to assure compliance until they are satisfied.&nbsp; They have the authority to request all relevant information and the imprimatur to do so because they are not the authors of the rules.&nbsp; They are availed of full transparency through their contract with the compliant entity<\/li>\n<li>The compliant entity protects its intellectual property from complete transparency to the whole world, including its competitors.&nbsp; It is responsible for all aspects of compliance and all information, except disclosures, maximizing the protection of that information vis a vis omnibus transparency.&nbsp; The compliant entity maximizes security by being compliant.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>By violating the principle of Independence, the colluding auditor and compliant entity conspired to manipulate the accounting practices.&nbsp; They actively worked together to manufacture numbers and accounts into beneficial expressions in public reports.&nbsp; Security was never at risk for either firm because they worked together to manage the risk.&nbsp; However, the harm to Society was monumental as many employees and investors lost their entire investments.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Fairness<\/strong> &#8211;\n<ul data-rte-list=\"default\">\n<li>Auditors are independent (legal term) and only receive commensurate compensation for conducting audits.&nbsp; The Auditor has liability for certifying compliance where it is not earned and proved by the compliant entity.This creates a natural \u201ctension\u201d between auditor and compliant entity where the auditor can effectively imply \u201cprove it\u201d in regards to the audit criteria.<\/li>\n<li>The compliant entity knows that if it is compliant and can reasonably prove compliance then assurance will occur.&nbsp; The fees associated with the audit do not outweigh the economic benefit of compliance<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>During 2000, Andersen earned $25 million in audit fees and $27 million in consulting fees from Enron alone.&nbsp; Under such an arrangement it is difficult to see how an auditor could be expected to deny compliance.&nbsp; Further, that compliance is dictated by itself and its own actions. Matching its audit to the advice given for audit compliance.&nbsp; For Enron, there was no natural tension between itself and its auditor &#8211; there was nothing to \u201cprove\u201d &#8211; the proof was often constructed by the auditor.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Equity &#8211;<\/strong>\n<ul data-rte-list=\"default\">\n<li>Auditors provide the same assurance for the same compliance based upon a set of accepted third-party rules (avoiding the inherent conflict of interest of auditing your own rules) and are simply applying them in return for a fair wage.<\/li>\n<li>All compliant entities receive the same assurance for the same compliance based upon a set of rules they did not create and receive public notoriety for complying with the rules demanded by society on a level playing field.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>Arthur Anderson conspired with senior executives at Enron, providing Special Purpose Vehicles (SPV\u2019s) and unusual accounting treatments compared with the rest of the marketplace.&nbsp; Special treatment was provided by the auditor. Non-standard and inherently conflicted solutions were developed by Enron (such as creating SPVs) and executing hedges with itself.&nbsp; The opposite of Equity.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Morality &#8211;<\/strong>\n<ul data-rte-list=\"default\">\n<li>The Auditor understands they act as a proxy for society and have a duty of care to assure compliance where it exists and withhold assurance when compliance is not achieved.<\/li>\n<li>The compliant entity willfully complies with societal rules in exchange for the right to earn a profit or the right to continue to deliver its&nbsp; goods and services.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>Arthur Anderson did not behave as a proxy for society. It failed to consider the consequences and risk to people, notably the employees &#8211; many of whom lost everything from pensions, to 401k\u2019s and jobs.&nbsp; Enron intentionally subverted rules, regulations, and transparency in order to increase profits. The opposite of Moral behavior.<\/em><\/p>\n<p>It is important to state here that fraud and malfeasance&nbsp; &#8211; perpetrated by bad actors &#8211; will ALWAYS defeat a transparent system.&nbsp; It is impossible to build a transparent set of rules without &#8211; inadvertently &#8211; explaining to bad actors how to beat them.&nbsp; Rather, build the system for willful compliance, for entities that want to perpetuate compliance.&nbsp; Bad actors will eventually be caught and terminated, when the law, punishment, and markets finish with them.&nbsp; Disclosure, transparency, checks-and-balances, the prohibition of conflicts-of-interest and robust incentive schemes will dissuade most bad actors, but no system is foolproof and this one is not either.<\/p>\n<p>To paraphrase Sarbanes-Oxley&nbsp; &#8211; passed to legally define \u201cindependence\u201d:&nbsp;<\/p>\n<p><strong>&nbsp;<em>If you audit, then you cannot receive any other upside benefits from a relationship with the auditee.&nbsp; If you provide service, consult or otherwise help a client prepare or comply with an audit, then you cannot be the auditor.&nbsp; Finally, if you audit or serve a client, you must use third-party to establish audit rules<\/em><\/strong><\/p>\n<p>This law, combined with the system we propose has a good chance of establishing an #infrastructureoftrust for our AIs and autonomous systems.&nbsp;&nbsp;<\/p>\n<p>To end, we take one last walk through our trust device, this time mapping Independent Audit of AI Systems against it &#8211; with summary paragraph after each section and strikethroughs indicating a change from financial auditing:<\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Predictability<\/strong> &#8211;\n<ul data-rte-list=\"default\">\n<li>&nbsp;&nbsp;A 3rd party auditor will examine numbers and financial accounts AI audit criteria, each year, in a nearly identical manner. Notwithstanding changes to the rules necessary to properly maintain the system.<\/li>\n<li>The compliant entity can plan on compliance and even build compliance-by-design. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) system of Internal Risk and Controls&nbsp; was built on this very premise will need to be adapted to these audits.<\/li>\n<li>Society knows what compliance means. It can anticipate how usual and unusual events will be treated, which makes the results relatable over extended time periods for valuable evaluations<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>ForHumanity has developed a process and is expanding audit criteria for all AIs and Autonomous systems that impact humans (over 3400 lines of audit already).&nbsp; These rules will be publicly available as they are approved by regulators around the world.&nbsp; Companies and auditors will know exactly what the compliance criteria are and they are&nbsp; encouraged to participate in the development process.&nbsp; This marketplace is more dynamic than tax law and financial accounting, so we will iterate the process regularly and allow a reasonable time period for compliance to be achieved by compliant entities against newly adopted rules.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Transparency<\/strong> &#8211;&nbsp;\n<ul data-rte-list=\"default\">\n<li>These rules are publicly available to the auditor, and the auditor\u2019s work is also reviewed. The auditor can participate in but not control changes to those rules which may facilitate their ability to assure compliance.<\/li>\n<li>The compliant entity knows the rules and has the ability to participate in but not control changes to those rules which may facilitate their ability to comply and accurately represent their work<\/li>\n<li>Society knows the rules (even if a specialised profession largely deploys the results on their behalf) and has the ability to review the result.&nbsp; Society has an ability to participate in but not control changes to those rules which may facilitate their ability to understand the entity and the outputs<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>ForHumanity operates a fully-inclusive process for developing the rules.&nbsp; It is crowd-sourced, iterated, and transparent.&nbsp; All may participate in drafting audit criteria in the areas of Ethics, Bias, Privacy, Trust, and Cybersecurity.&nbsp; All qualified firms will be licensed to audit or provide compliance services.&nbsp; The only requirements for participation in the ForHumanity audit drafting process are a contact mechanism (such as&nbsp; email) and a willingness to sign our code of conduct asking humans to act respectfully to other humans during the process.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Understanding<\/strong> &#8211;&nbsp;\n<ul data-rte-list=\"default\">\n<li>Understanding different professions requires expertise about these numbers criteria and what they mean.&nbsp; Those explanations are widely available and consistently delivered to all who seek knowledge about how to audit.<\/li>\n<li>The compliant entity has equal knowledge on how to comply with the audit<\/li>\n<li>Society understands how Financial AI audits are conducted, what compliance means, and understands the output&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>While auditing AIs and Autonomous systems remains in its infancy, ForHumanity has launched training&nbsp; and learning objectives &#8211; available for all who want to learn how to audit using our approved certification schemes.&nbsp; People can learn how to execute these audits and pass an examination to audit or build systems designed to facilitate audit compliance.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Control<\/strong> &#8211;&nbsp;\n<ul data-rte-list=\"default\">\n<li>A 3rd party auditor has complete and unconflicted responsibility for assuring compliance with the rules and standards; assuring compliance is in their sole discretion based on pre-defined and well-understood proofs supplied by the compliant entity<\/li>\n<li>The compliant entity reduces its own risk and dictates the manner in which it&nbsp; provides compliance satisfaction.&nbsp; Compliance satisfaction is well known and understood to avoid failed compliance. Satisfactory compliance will equate to assurance by the auditor.<\/li>\n<li>Society has more limited control here, except that a vital feedback loop is created as the rules are established by trusted industry specialists&nbsp; unaffiliated individuals, whose mission is dedicated solely towards mitigating risk to Society, are drafting the rules. If society does not use these outputs (ultimate choice) then the whole system fails and folds back upon itself.&nbsp; As long as the system functions positively, then society continues to use the outputs, and the system repeats<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>Compliance assurance remains solely in the domain of the auditor &#8211;&nbsp; identical to financial audit. Courtesy of our crowdsourced expertise, people can&nbsp; be involved in the drafting process as much or as little as they choose.&nbsp; All are welcome inside ForHumanity; we welcome your perspective, wisdom, culture and your passion for building trustworthy AIs and autonomous systems. You will make a difference.&nbsp; One word, one definition, one improved audit line will make a difference. The ubiquity of AI systems requires all perspectives to make it work for everyone, everywhere.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Security<\/strong>\n<ul data-rte-list=\"default\">\n<li>The Auditor has the contractual structure and \u2018power\u2019 to demand the information required to assure compliance. They have the imprimatur to do so because they are not authors of the rules.&nbsp; They have full transparency through their contract with the compliant entity.<\/li>\n<li>The compliant entity protects its intellectual property from the whole world, including its competitors.&nbsp; It is responsible for all aspects of compliance and all information, except disclosures, maximizing the protection of that information vis a vis omnibus transparency.&nbsp; The compliant entity maximizes security by being compliant.<\/li>\n<li>Society protects itself by establishing the rules which raise transparency, increase governance, oversight, and protection\/safety mechanisms for humans.&nbsp; When laws are codified into audit rules we achieve proactive compliance rather than the traditional reactive compliance courtesy of laws and punishment ***<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><em>Independent Audit of AI Systems will not provide ultimate security: all transparent systems are at the mercy of bad actors.&nbsp; However, combined with the laws of independence, the checks and balances, oversight, governance, disclosures, transparency, and robust audit process &nbsp; &#8211; it introduces a substantially heightened level of security for our AIs and Autonomous systems, certainly above our current, unregulated free-for-all.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Fairness<\/strong> &#8211;\n<ul data-rte-list=\"default\">\n<li>&nbsp;Auditors are independent (legal term) and only receive commensurate compensation for conducting audits.&nbsp; The Auditor has liability for certifying compliance where it is not earned and proved by the compliant entity.<\/li>\n<li>The compliant entity knows that if it is compliant and can reasonably prove compliance then assurance will occur.&nbsp; The fees associated with the audit do not outweigh the economic benefit of compliance<\/li>\n<li>Society benefits from an unconflicted process and the leverage provided by an audit firm acting as an unbiased proxy for verification and assurance of an entity\u2019s financial reports. It acts as \u2018shorthand\u2019 for all members of society doing their own work.<\/li>\n<\/ul>\n<p data-rte-preserve-empty=\"true\">\n<\/li>\n<\/ol>\n<p><em>This section is unchanged and expresses exactly how Independent Audit of AI Systems maintains fairness.&nbsp; ForHumanity has one advantage over financial accounting: we have included the Sarbanes Oxley legal structure of independence into our licence agreement to ensure fairness and independence in the audit system.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Equity<\/strong>\n<ul data-rte-list=\"default\">\n<li>Auditors provide the same assurance for the same compliance based upon a set of accepted third-party rules (avoiding the inherent conflict of interest of auditing your own rules) and are simply applying them in return for a fair wage.<\/li>\n<li>All compliant entities receive the same assurance for the same compliance based upon a set of rules they did not create and receive public notoriety for complying with the rules demanded by society on a level playing field.<\/li>\n<li>Society establishes a set of rules for all.&nbsp; A level playing field of compliance and assurance on a set of rules that treat the individual in a fair way vis a vis the compliant entity during the exchange of goods and services.<\/li>\n<\/ul>\n<p data-rte-preserve-empty=\"true\">\n<\/li>\n<\/ol>\n<p><em>ForHumanity is a non-profit organization whose mission is dedicated to mitigating risk to humans from AIs and autonomous systems. So equity for people and not auditors and compliant entities is our focus.&nbsp; However, a system that does not consider the economic impact of audit compliance to compliant entities and their ability to deliver goods and services or the practical impact on auditors and their ability to achieve satisfactory assurance that an entity is compliant would render the system useless.&nbsp; Equity exists in that balance, but in this balance and this structure a system exist to bring an #infrastructureoftrust to people.<\/em><\/p>\n<ol data-rte-list=\"default\">\n<li><strong>Morality<\/strong>\n<ul data-rte-list=\"default\">\n<li>The Auditor understands they act as a proxy for society and have a duty of care to assure compliance where it exists and withhold assurance when compliance is not achieved.<\/li>\n<li>The compliant entity willfully complies with societal rules in exchange for the right to earn a profit or the right to continue to deliver its&nbsp; goods and services.<\/li>\n<li>Society makes rules and processes that satisfy their needs for trust, balanced against the economic needs of the compliant entity\u2019s ability to profitably or successfully deliver their goods and services<\/li>\n<\/ul>\n<p data-rte-preserve-empty=\"true\">\n<\/li>\n<\/ol>\n<p><em>AIs and Autonomous systems facilitate a heightened level of human and personal inclusion in the actual processing.&nbsp; In financial transactions only numbers flow through. Here, data, which is often representative of <\/em><strong><em>who<\/em><\/strong><em> we are, flows through the process.&nbsp; Our privacy is at stake, many of our biases are encoded into the systems &#8211; some of our ethical decisions are abdicated to these systems. The work of Independent Audit of AI Systems endeavors to mitigate bias risk and uncover the embedded ethics in the systems. These mitigations are accomplished via the certification criteria. The criteria requires disclosure, transparency, and explainability so that we may continue to increase our awareness of embedded bias, embedded ethical decisions, risks to privacy, potential trust issues and areas of insufficient security for these systems. This way&nbsp; we increase our ability to rectify these shortcomings and continue to mitigate risk to humans.<\/em><\/p>\n<p>No system is perfect, there are no illusions here amongst ForHumanity\u2019s Contributors and Fellows.&nbsp; We, collectively, believe that Independent Audit of AI Systems provides our best opportunity to build a dynamic process, with robust guardrails, transparent, human-centric rules designed to grow, change and adapt to an extremely dynamic marketplace.&nbsp; We feel that this is the best plan to establish an #infrastructureoftrust for all of our AIs and autonomous systems. If you agree come join us and help.&nbsp; If you disagree, come join us and make us better because in the end, we are ForHumanity and we are sure you are too.<\/p>\n<h2>About ForHumanity<\/h2>\n<p><em>ForHumanity<\/em> is a 501(c)(3) tax-exempt public charity formed to examine and analyze the downside risks associated with the ubiquitous advance of AI and automation. To this end, we engage in risk control and mitigation and deploy the lens and filter of Ethics, Bias, Privacy, Trust, and Cybersecurity to ensure the optimal outcome\u2026ForHumanity.<\/p>\n<p>ForHumanity is an interdisciplinary group of dedicated expert volunteers, with over 200 contributors and 30 Fellows, Its collective expertise spans the AI field, ranging from ethics to algorithmic risk and to security. Our team is drawn from the academic, legal, policy, corporate, and public sectors of over 35 countries around the world.&nbsp; Our mission is to help create an \u2018infrastructure of trust\u2019 for all autonomous systems that directly impact humans.&nbsp;<\/p>\n<p>ForHumanity drafts comprehensive, pragmatic and implementable audit rules and standards for autonomous systems in every corner of the economy. Our experts collaborate with industry practitioners to ensure these audits achieve our mission of mitigating AI risk to humans. This system of audit rules and standards&nbsp; &#8211; adapted to local jurisdictional laws and regulations&nbsp; &#8211; is called Independent Audit of AI Systems<em> (IAAIS). <\/em>&nbsp;&nbsp;<\/p>\n<p><strong>***<\/strong> Laws are reactive.&nbsp; They are designed to deter would-be wrongdoers and punish criminals, however, they do not prevent people from being hurt.&nbsp; When ForHumanity talks about the word \u201caudit\u201d, we do not think of simply a detailed\/deep examination of financial records, accounts, or mechanisms. While this form of the word is the common understanding of audit, there is a bigger \u201caudit\u201d and that is the one we refer to here.&nbsp; Audit, when it codifies the law (such as GAAP and IFRS codifying tax law or ForHumanity codifying GDPR on behalf of the Internet Commissioner\u2019s Office (ICO) audit becomes a proactive application of the law.&nbsp; When audits are mandated by law (such is the case for most publicly traded companies), then compliance with the law happens before people are hurt, before laws are broken.&nbsp; Knowing an independent third-party will be examining your compliance has a way of increasing adherence to the law.&nbsp; When audit rules are drafted to codify existing law it is a more proactive application of the law and more protective of people.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How do we build trust? How can we systematically assure trust in our systems? How would auditing AI and autonomous systems contribute to this goal? Explaining how the world\u2019s most famous accounting\/audit disaster &#8211; Enron &#8211; exemplifies the merits of Independent Audit, helps illustrate how a robust system of oversight is essential to building trust. &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/\"> <span class=\"screen-reader-text\">Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":1645,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-980","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Auditing AI and Autonomous systems - building an #infrastructureoftrust - Body of Knowledge<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Auditing AI and Autonomous systems - building an #infrastructureoftrust\" \/>\n<meta property=\"og:description\" content=\"How do we build trust? How can we systematically assure trust in our systems? How would auditing AI and autonomous systems contribute to this goal? Explaining how the world\u2019s most famous accounting\/audit disaster &#8211; Enron &#8211; exemplifies the merits of Independent Audit, helps illustrate how a robust system of oversight is essential to building trust. &hellip; Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/\" \/>\n<meta property=\"og:site_name\" content=\"Body of Knowledge\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-01T07:27:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/forhumanity.center\/bok\/wp-content\/uploads\/sites\/5\/2021\/08\/network-3524352_1920.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1279\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Admin4Human\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"22 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/forhumanity.center\/bok\/#website\",\"url\":\"https:\/\/forhumanity.center\/bok\/\",\"name\":\"Body of Knowledge\",\"description\":\"ForHumanity - Independent Audit of AI Systems\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/forhumanity.center\/bok\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#primaryimage\",\"inLanguage\":\"en-GB\",\"url\":\"https:\/\/forhumanity.center\/bok\/wp-content\/uploads\/sites\/5\/2021\/08\/network-3524352_1920.jpeg\",\"contentUrl\":\"https:\/\/forhumanity.center\/bok\/wp-content\/uploads\/sites\/5\/2021\/08\/network-3524352_1920.jpeg\",\"width\":1920,\"height\":1279},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#webpage\",\"url\":\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/\",\"name\":\"Auditing AI and Autonomous systems - building an #infrastructureoftrust - Body of Knowledge\",\"isPartOf\":{\"@id\":\"https:\/\/forhumanity.center\/bok\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#primaryimage\"},\"datePublished\":\"2021-02-01T07:27:04+00:00\",\"dateModified\":\"2021-02-01T07:27:04+00:00\",\"author\":{\"@id\":\"https:\/\/forhumanity.center\/bok\/#\/schema\/person\/9fe92282828f1bcb1c7428e918e2da10\"},\"breadcrumb\":{\"@id\":\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/forhumanity.center\/bok\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/forhumanity.center\/bok\/#\/schema\/person\/9fe92282828f1bcb1c7428e918e2da10\",\"name\":\"Admin4Human\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/forhumanity.center\/bok\/#personlogo\",\"inLanguage\":\"en-GB\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/45764ad1c4858ce9ebfc83b3d26f2f053be31f0e608c4caced31fe7cb92b63de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/45764ad1c4858ce9ebfc83b3d26f2f053be31f0e608c4caced31fe7cb92b63de?s=96&d=mm&r=g\",\"caption\":\"Admin4Human\"},\"sameAs\":[\"http:\/\/forhumanity.dev\/web\"],\"url\":\"https:\/\/forhumanity.center\/bok\/author\/admin4human\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Auditing AI and Autonomous systems - building an #infrastructureoftrust - Body of Knowledge","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/","og_locale":"en_GB","og_type":"article","og_title":"Auditing AI and Autonomous systems - building an #infrastructureoftrust","og_description":"How do we build trust? How can we systematically assure trust in our systems? How would auditing AI and autonomous systems contribute to this goal? Explaining how the world\u2019s most famous accounting\/audit disaster &#8211; Enron &#8211; exemplifies the merits of Independent Audit, helps illustrate how a robust system of oversight is essential to building trust. &hellip; Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust Read More &raquo;","og_url":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/","og_site_name":"Body of Knowledge","article_published_time":"2021-02-01T07:27:04+00:00","og_image":[{"width":1920,"height":1279,"url":"https:\/\/forhumanity.center\/bok\/wp-content\/uploads\/sites\/5\/2021\/08\/network-3524352_1920.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Admin4Human","Estimated reading time":"22 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/forhumanity.center\/bok\/#website","url":"https:\/\/forhumanity.center\/bok\/","name":"Body of Knowledge","description":"ForHumanity - Independent Audit of AI Systems","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/forhumanity.center\/bok\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"ImageObject","@id":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#primaryimage","inLanguage":"en-GB","url":"https:\/\/forhumanity.center\/bok\/wp-content\/uploads\/sites\/5\/2021\/08\/network-3524352_1920.jpeg","contentUrl":"https:\/\/forhumanity.center\/bok\/wp-content\/uploads\/sites\/5\/2021\/08\/network-3524352_1920.jpeg","width":1920,"height":1279},{"@type":"WebPage","@id":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#webpage","url":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/","name":"Auditing AI and Autonomous systems - building an #infrastructureoftrust - Body of Knowledge","isPartOf":{"@id":"https:\/\/forhumanity.center\/bok\/#website"},"primaryImageOfPage":{"@id":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#primaryimage"},"datePublished":"2021-02-01T07:27:04+00:00","dateModified":"2021-02-01T07:27:04+00:00","author":{"@id":"https:\/\/forhumanity.center\/bok\/#\/schema\/person\/9fe92282828f1bcb1c7428e918e2da10"},"breadcrumb":{"@id":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/forhumanity.center\/bok\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/forhumanity.center\/bok\/"},{"@type":"ListItem","position":2,"name":"Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust"}]},{"@type":"Person","@id":"https:\/\/forhumanity.center\/bok\/#\/schema\/person\/9fe92282828f1bcb1c7428e918e2da10","name":"Admin4Human","image":{"@type":"ImageObject","@id":"https:\/\/forhumanity.center\/bok\/#personlogo","inLanguage":"en-GB","url":"https:\/\/secure.gravatar.com\/avatar\/45764ad1c4858ce9ebfc83b3d26f2f053be31f0e608c4caced31fe7cb92b63de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/45764ad1c4858ce9ebfc83b3d26f2f053be31f0e608c4caced31fe7cb92b63de?s=96&d=mm&r=g","caption":"Admin4Human"},"sameAs":["http:\/\/forhumanity.dev\/web"],"url":"https:\/\/forhumanity.center\/bok\/author\/admin4human\/"}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/posts\/980","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/comments?post=980"}],"version-history":[{"count":0,"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/posts\/980\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/media\/1645"}],"wp:attachment":[{"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/media?parent=980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/categories?post=980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forhumanity.center\/bok\/wp-json\/wp\/v2\/tags?post=980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}