Understanding the NIST Artificial Intelligence Risk Management Framework: The Audience. Part 2 of 6

In the rapidly evolving landscape of Artificial Intelligence (AI), risk management is a critical aspect that demands attention. The National Institute of Standards and Technology (NIST) has developed a comprehensive guide, the Artificial Intelligence Risk Management Framework (AI RMF 1.0), to help navigate this complex landscape. Today, we’ll focus on the audience for this framework and provide actionable recommendations for businesses deploying or using AI.

The AI RMF is designed to be used by a wide range of AI actors across the AI lifecycle and dimensions. These actors represent a diversity of experience, expertise, and backgrounds, forming demographically and disciplinarily diverse teams.  Key AI actors and their roles include:

• Organizational Management, Senior Leadership, and the Board of Directors. These key AI actors are responsible for AI governance. They should set the tone and direction for AI risk management within the organization, ensuring that it aligns with the organization’s overall risk management strategy.
• Third-Party Entities. These include providers, developers, vendors, and evaluators of data, algorithms, models, and/or systems and related services for another organization or the organization’s customers or clients. Businesses should carefully vet these entities to ensure they adhere to the same standards of AI risk management.
• End Users. These are the individuals or groups that use the system for specific purposes. Businesses should actively seek their feedback and experiences to gain valuable insights into the system’s performance and potential risks.
• Affected Individuals/Communities. These encompass all individuals, groups, communities, or organizations directly or indirectly affected by AI systems or decisions based on the output of AI systems. Businesses should consider their perspectives when assessing the potential impact and risks of AI systems.
• Other AI Actors. These may provide formal or quasi-formal norms or guidance for specifying and managing AI risks. They can include trade associations, standards developing organizations, advocacy groups, researchers, environmental groups, and civil society organizations. Businesses should stay informed about their recommendations and guidelines.

As we delve deeper into the AI RMF, it becomes clear that understanding the framework is just the starting point. Here are some areas to concentrate:

• People & Planet Dimension. This dimension at the center of the AI lifecycle represents human rights and the broader well-being of society and the planet. Businesses should ensure their AI systems respect these principles.
• AI Design, Development, Deployment, Operation, and Monitoring Tasks. These tasks are performed during various phases of the AI lifecycle. Businesses should establish clear processes and responsibilities for these tasks, ensuring they align with the AI RMF.
• Test, Evaluation, Verification, and Validation (TEVV) Tasks. These tasks are performed throughout the AI lifecycle. Businesses should incorporate TEVV tasks into their AI lifecycle to ensure the system’s performance and manage potential risks.

The AI RMF provides a comprehensive guide for managing AI risks. It’s a tool that can help businesses navigate the complexities of AI risk management. But understanding the framework is just the first step. To truly benefit from it, businesses need to take action, such as:

1. Understanding the AI RMF. The first step is to thoroughly understand the AI RMF and its implications for your business. This involves understanding the roles of different AI actors and the tasks performed at various stages of the AI lifecycle.
2. Integrating the AI RMF into Your Business Strategy. The AI RMF should not be viewed in isolation. It should be integrated into your broader business strategy. This means aligning your AI risk management efforts with your overall risk management strategy.
3. Engaging All Relevant Stakeholders. AI risk management is not just the responsibility of the tech team. It involves all stakeholders, including organizational management, senior leadership, the Board of Directors, end users, and even the general public. Make sure to engage all these stakeholders in your AI risk management efforts.
4. Implementing TEVV Tasks. Test, Evaluation, Verification, and Validation (TEVV) tasks are crucial for managing AI risks. These tasks should be incorporated into your AI lifecycle to ensure the system’s performance and manage potential risks.
5. Monitoring and Adjust Your Strategy. AI risk management is not a one-time effort. It’s an ongoing process that requires continuous monitoring and adjustment. Keep track of the latest developments in AI risk management and adjust your strategy as needed.
6. Seeking Expert Advice.  If you’re unsure about how to implement the AI RMF in your business, don’t hesitate to seek expert advice. There are many professionals and organizations that specialize in AI risk management who can provide valuable guidance.

Businesses can take steps for effectively manage AI risks and harness the full potential of AI technologies. Remember, the goal is not just to mitigate risks, but also to maximize the positive impacts of AI. With the right approach, businesses can achieve both these objectives and pave the way for a future where AI technologies are used responsibly and ethically.