Frontier AI developers need an internal audit function.

IF 3 3区 医学 Q1 MATHEMATICS, INTERDISCIPLINARY APPLICATIONS
Risk Analysis Pub Date : 2024-10-21 DOI:10.1111/risa.17665
Jonas Schuett
{"title":"Frontier AI developers need an internal audit function.","authors":"Jonas Schuett","doi":"10.1111/risa.17665","DOIUrl":null,"url":null,"abstract":"<p><p>This article argues that frontier artificial intelligence (AI) developers need an internal audit function. First, it describes the role of internal audit in corporate governance: internal audit evaluates the adequacy and effectiveness of a company's risk management, control, and governance processes. It is organizationally independent from senior management and reports directly to the board of directors, typically its audit committee. In the Institute of Internal Auditors' Three Lines Model, internal audit serves as the third line and is responsible for providing assurance to the board, whereas the combined assurance framework highlights the need to coordinate the activities of internal and external assurance providers. Next, the article provides an overview of key governance challenges in frontier AI development: Dangerous capabilities can arise unpredictably and undetected; it is difficult to prevent a deployed model from causing harm; frontier models can proliferate rapidly; it is inherently difficult to assess frontier AI risks; and frontier AI developers do not seem to follow best practices in risk governance. Finally, the article discusses how an internal audit function could address some of these challenges: Internal audit could identify ineffective risk management practices; it could ensure that the board of directors has a more accurate understanding of the current level of risk and the adequacy of the developer's risk management practices; and it could serve as a contact point for whistleblowers. But frontier AI developers should also be aware of key limitations: Internal audit adds friction; it can be captured by senior management; and the benefits depend on the ability of individuals to identify ineffective practices. In light of rapid progress in AI research and development, frontier AI developers need to strengthen their risk governance. Instead of reinventing the wheel, they should follow existing best practices. Although this might not be sufficient, they should not skip this obvious first step.</p>","PeriodicalId":21472,"journal":{"name":"Risk Analysis","volume":" ","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2024-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Risk Analysis","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1111/risa.17665","RegionNum":3,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

This article argues that frontier artificial intelligence (AI) developers need an internal audit function. First, it describes the role of internal audit in corporate governance: internal audit evaluates the adequacy and effectiveness of a company's risk management, control, and governance processes. It is organizationally independent from senior management and reports directly to the board of directors, typically its audit committee. In the Institute of Internal Auditors' Three Lines Model, internal audit serves as the third line and is responsible for providing assurance to the board, whereas the combined assurance framework highlights the need to coordinate the activities of internal and external assurance providers. Next, the article provides an overview of key governance challenges in frontier AI development: Dangerous capabilities can arise unpredictably and undetected; it is difficult to prevent a deployed model from causing harm; frontier models can proliferate rapidly; it is inherently difficult to assess frontier AI risks; and frontier AI developers do not seem to follow best practices in risk governance. Finally, the article discusses how an internal audit function could address some of these challenges: Internal audit could identify ineffective risk management practices; it could ensure that the board of directors has a more accurate understanding of the current level of risk and the adequacy of the developer's risk management practices; and it could serve as a contact point for whistleblowers. But frontier AI developers should also be aware of key limitations: Internal audit adds friction; it can be captured by senior management; and the benefits depend on the ability of individuals to identify ineffective practices. In light of rapid progress in AI research and development, frontier AI developers need to strengthen their risk governance. Instead of reinventing the wheel, they should follow existing best practices. Although this might not be sufficient, they should not skip this obvious first step.

前沿人工智能开发者需要内部审计职能。
本文认为,前沿人工智能(AI)开发商需要内部审计职能。首先,文章介绍了内部审计在公司治理中的作用:内部审计评估公司风险管理、控制和治理流程的充分性和有效性。内部审计在组织上独立于高级管理层,直接向董事会(通常是审计委员会)报告。在内部审计师协会的三条线模型中,内部审计是第三条线,负责向董事会提供保证,而综合保证框架则强调需要协调内部和外部保证提供者的活动。接下来,文章概述了前沿人工智能发展中的主要治理挑战:危险的能力可能在无法预测和未被发现的情况下出现;很难防止已部署的模型造成危害;前沿模型可能迅速扩散;评估前沿人工智能风险本身就很困难;前沿人工智能开发人员似乎没有遵循风险治理方面的最佳实践。最后,文章讨论了内部审计职能如何应对其中一些挑战:内部审计可以识别无效的风险管理实践;可以确保董事会更准确地了解当前的风险水平和开发商风险管理实践的充分性;还可以充当举报人的联络点。但是,前沿人工智能开发者也应该意识到关键的局限性:内部审计会增加摩擦;它可能会被高级管理层掌握;而且其好处取决于个人识别无效做法的能力。鉴于人工智能研发的快速发展,前沿人工智能开发者需要加强风险治理。他们应该遵循现有的最佳实践,而不是重新发明轮子。尽管这可能还不够,但他们不应跳过这显而易见的第一步。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Risk Analysis
Risk Analysis 数学-数学跨学科应用
CiteScore
7.50
自引率
10.50%
发文量
183
审稿时长
4.2 months
期刊介绍: Published on behalf of the Society for Risk Analysis, Risk Analysis is ranked among the top 10 journals in the ISI Journal Citation Reports under the social sciences, mathematical methods category, and provides a focal point for new developments in the field of risk analysis. This international peer-reviewed journal is committed to publishing critical empirical research and commentaries dealing with risk issues. The topics covered include: • Human health and safety risks • Microbial risks • Engineering • Mathematical modeling • Risk characterization • Risk communication • Risk management and decision-making • Risk perception, acceptability, and ethics • Laws and regulatory policy • Ecological risks.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信