Risk Mitigation in AI Procurement
Throughout the AI procurement lifecycle, procurement professionals are presented with many opportunities to mitigate AI risks.
AI Procurement
Risk Management Framework
How to manage AI risks using the Procurement Lifecycle as a Governance Control Mechanism
STEP 1 - Establish a risk appetite for EACH procurementā
ā
STEP 2 - Create risk-aware solicitation requirements
āā
STEP 3 - Assess the risks presented by each vendor / solutionā
ā
STEP 4 - Establish risk controls to satisfy the risk appetiteā
ā
STEP 5 - Monitor and manage the risk controls and conditions ā
Access the full research report.
AI Governance through Procurement
Throughout the procurement lifecycle, there are many opportunities to govern, map, measure, and manage an AI solution. Here are a few key opportunities that matter.
Defining the Problem
Excellent AI governance begins with excellent attention to defining the problem to be solved (BEFORE finding a solution). Focusing on the root cause of the issue will shape the solution in profound ways. Don't skip this part!!!
Stakeholder Voice
Involving diverse stakeholders in the design, development, and deployment process of high-risk systems can yield safer, more responsible, and robust solutions.
Impact Assessments
According to the Bipartisan Policy Center, "An impact assessment is a risk assessment tool that seeks to ensure an organization has sufficiently considered a system’s relative benefits and costs before implementation."
Assessing Vendors
Assessing vendors, solutions, and offers will enable a deeper understanding of the benefits and risks that may reside in a potential system.
Explainability, et. al.
All high-risk AI systems should be explainable. The trick is that they need to be explainable to different stakeholders (e.g., end users, installers, program managers, procurement/buyers, etc.,) - each of whom need different levels of information about how the system works.
Contract Clauses
Once risks have been identified, they can best be mitigated by establishing specific mitigation tactics agreed to within the contract terms and conditions. Many AI systems present common risks as noted in the following resources:
Contract Monitoring
High-risk AI is like taking care of a toddler. You have to know what it is doing at all times. Monitoring AI is a necessary element of every AI depoloyment.
Need Help?
We're here to help in all sorts of ways - lectures, coaching, training, internal policy development, contract reviews, etc. Just reach out and give us shout.