top of page

Risk Mitigation in AI Procurement

Throughout the AI procurement lifecycle, procurement professionals are presented with many opportunities to mitigate AI risks.

AI Procurement
Risk Management Framework

AI Procurement RMF - AIPL.png

How to manage AI risks using the Procurement Lifecycle as a Governance Control Mechanism

STEP 1 - Establish a risk appetite for EACH procurementā€‹

ā€‹

STEP 2 - Create risk-aware solicitation requirements

ā€‹ā€‹

STEP 3 - Assess the risks presented by each vendor / solutionā€‹

ā€‹

STEP 4 - Establish risk controls to satisfy the risk appetiteā€‹

ā€‹

STEP 5 - Monitor and manage the risk controls and conditions ā€‹

Access the full research report.

AI Governance through Procurement

Throughout the procurement lifecycle, there are many opportunities to govern, map, measure, and manage an AI solution. Here are a few key opportunities that matter.

Defining the Problem

Excellent AI governance begins with excellent attention to defining the problem to be solved (BEFORE finding a solution). Focusing on the root cause of the issue will shape the solution in profound ways. Don't skip this part!!!

abstract - shutterstock_1335323081.jpg
abstract - shutterstock_1335323081.jpg

Stakeholder Voice

Involving diverse stakeholders in the design, development, and deployment process of high-risk systems can yield safer, more responsible, and robust solutions.

Impact Assessments

According to the Bipartisan Policy Center, "An impact assessment is a risk assessment tool that seeks to ensure an organization has sufficiently considered a system’s relative benefits and costs before implementation."

abstract - shutterstock_1335323081.jpg
abstract - shutterstock_1335323081.jpg

Assessing Vendors

Assessing vendors, solutions, and offers will enable a deeper understanding of the benefits and risks that may reside in a potential system.

Explainability, et. al.

All high-risk AI systems should be explainable. The trick is that they need to be explainable to different stakeholders (e.g., end users, installers, program managers, procurement/buyers, etc.,) - each of whom need different levels of information about how the system works.

abstract - shutterstock_1335323081.jpg
abstract - shutterstock_1335323081.jpg

Contract Clauses

Once risks have been identified, they can best be mitigated by establishing specific mitigation tactics agreed to within the contract terms and conditions. Many AI systems present common risks as noted in the following resources:

Contract Monitoring

High-risk AI is like taking care of a toddler. You have to know what it is doing at all times. Monitoring AI is a necessary element of every AI depoloyment.

abstract - shutterstock_1335323081.jpg

Need Help?

We're here to help in all sorts of ways - lectures, coaching, training, internal policy development, contract reviews, etc. Just reach out and give us shout.

bottom of page