AI Risk: What Every Board Member Needs to Know

Artificial Intelligence (AI) is a double-edged sword, offering both unprecedented opportunities and complex challenges. As boards and executives grapple with the rapid advancements in AI, they must navigate a landscape fraught with both promise and peril. This article aims to equip board members with key AI insights from a recent report by the National Association of Corporate Directors (NACD) and the Data & Trust Alliance, as well as a keynote address by John A. Wheeler at AuditBoard's Audit+Beyond event.

The NACD Report: A Primer for Boards

The NACD report, "AI and Board Governance," underscores the urgency for boards to engage in AI risk oversight. It outlines several key areas:

1. AI Governance: Traditional governance practices may not suffice for AI due to its unique capabilities and lack of a consistent regulatory framework.

2. Board Preparedness: While 95% of directors believe AI will impact their business in the next year, only 28% indicate that AI is a regular feature in board conversations.

3. AI Opportunity and Risk: AI should be approached as an organization-wide strategic imperative, with applications in process automation, R&D, and human-AI pairing for task augmentation.

4. Strategic Benefits: Boards should focus on how AI can generate value for the business and the customer.

The Digital Risk Cycle: A Framework for Managing AI Risks

In his keynote address, John A. Wheeler introduced the concept of the Digital Risk Cycle, a practical roadmap inspired by Gartner’s Hype Cycle but with a focus on risk. The cycle consists of five stages:

1. Risk Catalyst: The initial phase where organizations start to realize the digital risks that might impact them.

2. Pinnacle of Peril: The stage where the hype is at its peak, but understanding of a technology’s impact is most obscure.

3. Pit of Empty Promises: Reality sets in, and the risks that were ignored or not foreseen start to materialize.

4. Incline of Integration: Organizations have a good handle on the risks and start to align their risk management strategies with broader business goals.

5. Mesa of Mitigation: The risks are managed, and strategies are part of the operational DNA.

Connecting the Dots: The Role of Integrated Risk Management (IRM)

Both the NACD report and Wheeler's keynote emphasize the importance of a comprehensive approach to risk management. Wheeler shared the concept of Integrated Risk Management (IRM), which brings together Operational Risk Management (ORM), IT Risk Management (ITRM), Enterprise Risk Management (ERM), and Governance, Risk, and Compliance (GRC). This unified approach enabled by IRM technology is essential for navigating the multifaceted world of risks, including those introduced by AI.

Conclusion

As organizations continue to explore the intricacies of AI, boards and executives must adopt a balanced understanding of its promise and peril. The NACD report provides a foundational guide for boards, while the Digital Risk Cycle offers a practical framework for overseeing and managing AI risks. By adopting an Integrated Risk Management approach and technology, organizations can navigate this complex risk landscape effectively, ensuring that they capitalize on AI's benefits while mitigating its risks.

Sources:

• NACD and Data & Trust Alliance Report: AI and Board Governance

• Keynote Address by John A. Wheeler at AuditBoard's Audit and Beyond Event