Cyber & IT Supervisory Forum - Additional Resources

GOVERN 1.4 The risk management process and its outcomes are established through transparent policies, procedures, and other controls based on organizational risk priorities. About Clear policies and procedures relating to documentation and transparency facilitate and enhance efforts to communicate roles and responsibilities for the Map, Measure and Manage functions across the AI lifecycle. Standardized documentation can help organizations systematically integrate AI risk management processes and enhance accountability efforts. For example, by adding their contact information to a work product document, AI actors can improve communication, increase ownership of work products, and potentially enhance consideration of product quality. Documentation may generate downstream benefits related to improved system replicability and robustness. Proper documentation storage and access procedures allow for quick retrieval of critical information during a negative incident. Explainable machine learning efforts (models and explanatory methods) may bolster technical documentation practices by introducing additional information for review and interpretation by AI Actors. Suggested Actions Establish and regularly review documentation policies that, among others, address information related to: AI actors contact information Business justification Scope and usages Expected and potential risks and impacts Assumptions and limitations Description and characterization of training data Algorithmic methodology Evaluated alternative approaches Description of output data Testing and validation results (including explanatory visualizations and information) Down- and up-stream dependencies Plans for deployment, monitoring, and change management Stakeholder engagement plans 9