Slack Channel(s)
Applicable Certification Schemes
Data not available
Applicable Region(s)
Global
FH Risk Management Framework
ForHumanity’s purpose is to mitigate downside risks posed by AI, algorithmic and autonomous systems to humans. Organizations will find themselves minimizing risk exposure (of socio-technical systems), when they maximize risk mitigation for humans, society and environment. One of the clear ways to mitigate risks is to implement and operationalize a robust & agile Risk Management framework. Our risk management framework is foundational to Independent Audit of AI Systems.
In FH context, Risk management will enable compliance with audit criteria and provide a sustainable method to prevent, detect and respond to emergent risks. FH Audit criteria, respecting requirements in the new EU AI Regulation, cover all key risk and control domains either with specific criteria or in supporting guidance for auditors, and can be supplemented, as appropriate, to account for local context and an organization’s location in the AI supply chain. Recognising that an increasingly large proportion of AI implementation will involve incorporating one or more trained models into pre-existing or newly developed products and processes.
ISO 31000 provides a great foundation for the corporate risk management process. Risk management in FH context includes identification, evaluation and prioritization of risks followed by a coordinated approach to minimize the adverse impacts contributed by such risks to individuals, society and environment. Using that lens, we build upon ISO 31000 framework comprehensively for AI Risk Management with 3 key focus approaches namely risks from human impact perspective, gathering risk inputs through Diverse Inputs and Multistakeholder Feedback and risks compiled from adverse incidents or post market monitoring.
The following are the key take aways you will have from the risk
management framework:
- Guidance on risk assessment and templates to compile risks,
associated controls and treatment plans across the lifecycle ofAI, algorithmic and autonomous systems (hereafter AAA Systems).
Guidance associated with Diverse Inputs & MultiStakeholder Feedback (DI&MSF) including approach to consider in gathering such inputs.
Guidance on the process to establish the Risk Tolerance and Risk Appetite for each AAA system.Â
Guidance regarding the responsibilities of the specific committees (eg. Algorithmic Risk Committee) and their interrelationships across the lifecycle in the context of Risk management for AAA systems.
Concept note that explains how (in the context of AAA systems), maximizing risk mitigation will reduce the risk impact to humans, thereby limiting the risk exposure of the organization.
- Guidance on managing the residual risks and associated disclosure to the users/ stakeholders.
1. FH foundational reading on risk management (Principles)
ForHumanity’s mission is to mitigate downside risks posed by AI, algorithmic and autonomous systems. One of the clear ways to mitigate risk is to implement and operationalize a robust & agile Risk Management framework.Â
ForHumanity’s approach to risk management is centered on Ethics, Bias Privacy, Trust and Cybersecurity. Considered from a 360 degree multi stakeholder perspective, these pillars encapsulate the range of negative impacts and risk from socio-technical systems. ForHumanity wraps those pillars with a risk management framework that ensures compliance, mitigation and operability including characteristics such as: ethical, human-centric, accountable, governable, overseeable, transparent, documentable, proveable, evidence-based, and independently auditable.
In FH context, Risk management will be an essential component to not just enable compliance with the criteria but also be a sustainable method to prevent, detect and respond to emergent risks. ForHumanity advocates for a risk management framework that is omni-directional and multivariate. Multivariate in that the risk framework considers corporate risk (which damages employees and shareholders), risk to humans (which damages users/clients/prospects and unwitting participants), societal risk (which damages our systems, groups, communities, markets and collectives) and environmental risks (which damages nature and sustainability considerations). All of these vectors result in a residual risk after optimizing risk mitigations. These residual risks, well disclosed and considered, will empower an increased ability to deal with emerging risks, support concentrated research on novel mitigations and encourage informed acceptance of consequences when residual risk manifests itself.
Read the complete brief here: FH foundational reading on Risk Management. Also read about Low risk AAA system identification process here Identifying Low Risk AI, Algorithmic and Autonomous Systems
2. FH Risk Guiding Documents
Risk Taxonomy
Risk Management Policy
Maximizing Risk Mitigation for Humans
Diverse Inputs & Multi-stakeholder feedback
Need for committees
FH Risk Management Process
Guidance on operationalizing risk categories from human impact perspective
Guidance on determining Risk Tolerance and Risk Appetite
(i) Responsibilities of Committees
Explaining the role of committees across the lifecycle of the AAA systems
(ii) Role of product, business and other stakeholders in risk management in AI lifecycle
(iii) Functional Risk Management reports
Committee | Subject | Guidance & Templates |
---|---|---|
Algorithmic Risk Committee | ARC Structure and Governance | BoK on ARC and ARA |
Algorithmic Risk Assessment Components | ARA Components and Guidance | |
Algorithmic Risk Assessment Template | ARA-Risk template | |
Ethics Committee | EC Structure and Governance | BoK on EC Structure and Responsibilities |
Ethical Risk Assessment Components | ERA Component and guidance | |
Ethical Risk Assessment Template | ERA-Risk templates | |
Testing & Evaluation Committee | TEC Structure and Governance | |
TEC Components | ||
TEC At-Risk Report Template | ||
Children's Data Oversight Committee | CDOC Structure and Governance | BoK on CDOC Structure and Responsibilities |
Data Management Committee | DMC Structure and Governance | |
DMR Components | ||
DMR Template | ||
AI Governance | AI Governance Structure and Governance | |
AI Governance Components | ||
AI Governance Assessment Template |
(iv) Residual Risk Management
(i) Understanding cAIRE report
(ii) Risk and Control Scope template
(iii) cAIRE residual risk log
(iv) Threat and Risk (Emergent & Horizon scanning) & Systemic Societal
- Threat and Risk Template – to be created
- Systemic Societal Risks – an Introduction: Systemic Societal Impact Analysis
- Systemic Societal Risk template – to be created