In an exclusive interview with Asia Business Outlook, Bilal Ahmed Javeri, CIO, Lucky Motor Corporation Ltd, shares his views on how the organization's AI governance framework aligns with existing regulatory requirements, strategic integration of AI technologies, measures to assess and mitigate risks and more. He has 14 years of diverse experience in IT Business Solutions Design, Implementation, and Consulting, covering all aspects such as Training, Documentation, Support, Project Management and GRC.
How can organizations ensure that their AI governance framework aligns with existing regulatory requirements and industry standards?
Nowadays, the AI governance framework has become the main concern for organizations, and the organization must ensure that AI governance aligns with existing regulatory requirements and industry standards by thoroughly understanding the relevant questions and standards that apply to the industry in the jurisdiction. Several regulatory assessments are needed to accomplish this, and organizations should regularly review and assess the landscape to stay updated with the changes. For instance, there is GDPR in Europe; similarly, in the USA, there is a CCPA regarding data privacy and protection.
The organization should implement a compliance program, which is necessary to develop a robust compliance program that includes audits and monitoring and reporting mechanisms regularly. Moreover, engaging with stakeholders, collaborating with legal experts, industry bodies, and regulatory authorities, or getting their insights and guidance is crucial. At the same time, the whole workforce needs to have training and awareness on AI; for example, conducting training programs for data scientists on ethical AI users, as ethics and morality are the main concerns with AI these days, and data privacy laws can help maintain compliance.
How can an organization approach the strategic integration of AI technologies into its existing frameworks? What considerations are prioritized when planning for AI governance to ensure alignment with business goals?
Successful strategic integration of AI technologies requires a comprehensive approach. Organizations must assess their business needs, as AI and other applications should only be added with a clear need, and identify areas where AI can add value and solve specific business problems. Moreover, firms should develop a clear roadmap for their AI implementation. For instance, a manufacturing company might create a roadmap to integrate predictive maintenance AI systems over several years, which they might do manually. In addition to developing a clear roadmap and vision, it is essential to ensure data quality and availability.
Organizations should invest in data management systems to ensure data is clean, labeled, and securely stored. For instance, a bank might implement an Advanced Data Lake to determine AI model training, so it's good to first organize and present data. Also, after having a strong governance framework and policy structure in place, it's very easy to integrate AI into the existing system and infrastructure. Hence, the policies should align with business goals, enhancing customer experience and improving operational efficiency.
How does AI governance contribute to the organization’s overall risk management strategy? What steps can be taken to assess and mitigate risks associated with AI technologies?
AI governance is an integral part of an organization's Risk Management course, as AI technologies are used responsibly and ethically, which should be the primary concern. So, as with any new technology that an organization dates, initially, they should identify potential risks related to biases, privacy issues, security threats, and regulatory noncompliance. For instance, a financial institution might evaluate the risk of bias in algorithm loan approval of algorithms.
Nowadays, it is crucial to deal with biases, as many of the AI technologies running in the industry are trained based on data from different countries, mainly Western countries. Hence, that sort of data and learning might not apply to companies in the Southeast or the Oriental East, and it is essential to eliminate that bias with a neutral set of data.
Moreover, organizations need to devise risk mitigation strategies once the risks are identified. Healthcare providers might use different privacy methods to protect patient data. If there is an inherent risk, the patient data might be at risk, so policies should be taken to protect it.
Another essential way to do this is by establishing a continuous monitoring system. For instance, e-commerce firms might have to monitor their recommendation engines to ensure they provide fair and unbiased suggestions. Ideally, once users get into a commerce website, they start using the application that works on suggestions and predictions. So, if the AI engine is working correctly, that might result in a directly proportional increase in sales and customer engagement, and any failure with it leads to false recommendations of products and services, which leads to losing customers.
How does the AI governance framework address data privacy concerns, especially in sensitive areas like healthcare or finance?
Several measures can be taken to address data privacy concerns. With Data minimization, the data are collected, which is necessary for specific applications. For instance, a healthcare provider should avoid letting unnecessary patient information irrelevant to diagnosis or treatment to restrict the amount of data fed into the AI to have a wrong analysis. Another popular method is anonymization and encryption, which are techniques used to prevent sensitive information. To illustrate, financial institutions might use encryption to protect data transactions and identify customer information in AI models. The primary measure access controls, for example, role-based access controls, can limit who can view and modify data within an organization. The other important aspect is compliance with regulations; conducting regular GDPR compliance audits helps identify and rectify potential privacy issues within an organization using AI.
It is also significant to have full transparency in two areas: financial and healthcare, and the consent of the customer or patient. In the case of healthcare, informing patients about how their data will be used in AI-driven diagnostic tools and obtaining their consent should be crucial.
How can enterprises ensure that AI governance is integrated into the overall enterprise technology strategy?
The organization's IT strategy drives the technology function within an organization. It is crucial as the strategy aligns with the business goals and business strategy, and this is the only sustainable IT strategy within an organization. In case of any disconnect between the organizational strategy, then that sort of initiative has a limited duration. AI technology is a significant investment for the company. There needs to be a leadership commitment to integrate AI initiatives with the organizational strategy. For instance, having the CIO or the CTO advocate for AI governance initiatives can drive company-wide adoption, and it relies on the technology leadership within the company to acquire that from the senior leadership so that AI can add value to business processes and customer services.
Besides, aligning goals is very important. For instance, if the business goal is to enhance customer experience, AI governance policy should ensure that AI applications in customer service are fair and transparent. In this modern era, AI initiatives can add a lot of value, both basic and physical. For instance, closed circuit TV cameras are being monitored in high customer footfall areas, where they analyze where the customers are going more, where they are attracted, where they are spending less time and getting customer feedback, reading facial expressions, and determining what part of service is contributing to customer satisfaction.
Also, cross-functional teams are vital. In the case of an AI steering committee, having representatives from various departments can ensure comprehensive governance. If the focus is on merely one area, there might be aspects shadowed by other areas; there might be opportunities in manufacturing, but the organization will be focusing on marketing and sales. Hence, representation from each department and function within the AI community within the organization is essential. Furthermore, integrated policies and procedures include updating data management and security policies to reflect specific requirements, which is important in integrating AI into the existing framework.
We use cookies to ensure you get the best experience on our website. Read more...