• <acronym id="jatpo"></acronym>
    <p id="jatpo"></p>

    1. <table id="jatpo"><option id="jatpo"></option></table>
      <acronym id="jatpo"><meter id="jatpo"></meter></acronym><track id="jatpo"><strike id="jatpo"><tt id="jatpo"></tt></strike></track>
    2. 29 October 2021 Open with your browser  

      Applying the COSO ERM framework and principles to help implement and scale artificial intelligence

      Written by: Ms. Wendy Yu – Risk Consultant

      Artificial intelligence (“AI”) has become a required business capacity for most organizations. From managing customer relationships to protecting customer data from cyber threats to assisting management in decision makings, AI can be used to address a wide range of business issues. Organizations should not overlook the danger and risks that accompany AI adoption.

      As AI becomes more important in overall business and our everyday lives, organizations will have no option of ignoring or avoiding the unique risks of the adoption of AI. In fact, they have to study how to identify and manage these risks effectively. Compounding the problem is the fact that AI is often not isolated to a specific function such as IT, but rather affects multiple functions in an organization. Organizations need to design and implement governance, risk management, and control strategies and structures to realize the potential of humans collaborating with AI. Fortunately, AI is like other technological components of an organization and thus can be successfully governed by an effective ERM.

      Framework to be adopted for addressing AI risks
      The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control – Integrated Framework (2013) and Enterprise Risk Management – Integrating with Strategy and Performance framework (2017) provide a comprehensive foundation for governance and control of cloud computing and cloud security. The COSO Enterprise Risk Management (ERM) framework provides a construct for organizations to establish governance, identify and respond to risks, monitor performance, maintain communications, and adjust as there are changes to the organization or its business objectives, or to the industry or its environment. The COSO Internal Control framework also provides a tool to use, typically in the performance component of the ERM framework, to assess risks and address risks. As AI risks will affect multiple functions in an organization, an effective ERM Framework can help organizations by its five critical components, including governance and culture, strategy and objective-setting, performance, review and revision, and information, communication and reporting.

      Integrating critical components of the ERM Framework to manage AI risks
      1. Governance and Culture
      The governance and culture of an organization set the cornerstone for all risk management components, leading the organization to build its vision, mission, and core values. Core values provide an important foundation for appropriate oversight of AI initiatives and AI models to help achieve the organization’s strategy and business objectives.

      2. Strategy and Objective-Setting
      A strategy and business objectives should be established in relation to AI, such as defining the risk appetite and risk tolerance of the organization. The ERM Framework can help establish key performance and risk indicators around AI to monitor the performance of algorithms over time. Setting up key performance and risk indicators and tolerance levels while an algorithm is being developed helps create a performance baseline by which to articulate trust.

      3. Performance
      The trustworthiness and reliability of the AI should be addressed by the organization before implementation. As AI programs can be breached just like other data sources or companies, internal control should be designed and implemented to management to minimize the risk. Organizations should define deficiencies, performance measures, and thresholds that require further investigation or escalated review. Rules about when a further review is necessary should also be established. Organizations should utilize process automation which can facilitate the process of monitoring and escalating reviews to the designated person in real-time.

      4. Review and Revision
      Organizations need to ongoing test and monitor the performance and risks of their AI activities. Key performance and risk indicators can be established to assess whether these activities are meeting their intended objectives. Organizations can also take advantage of the ERM Framework to help identify, assess, prioritize and monitor these AI-related risks.

      5. Information, Communication, and Reporting
      With the increasing concerns over privacy and security of data, it is important for organizations to provide the right information, in the right form, through the right medium, to the right people in a timely manner. Organizations should prepare for the worst-case scenario and any issues that may arise from AI activities, of which the ERM Framework can be used to act as a guide. Effective crisis communication with stakeholders is an important element in enhancing AI strategy and assisting organizations in meeting expectations for transparency.

      To utilize the values of AI and its potential, organizations should ensure a sound risk management mechanism is established to align with their strategy and execution of their AI initiatives and AI model. The ERM Framework can help organizations develop integrated governance over AI, manage risks, and drive performance to achieve strategic goals. By implementing integrated governance over AI, organizations can have better information about relevant risks. Besides, organizations can reduce performance variability and improve the likelihood of success for their AI initiatives. To conclude, organizations can refine and adapt their innovation initiatives to support their strategies in a rapidly changing business environment.

      Keri Calagna, Brian Cassidy & Amy Park (September 2021). Realize the Full Potential of Artificial Intelligence. Committee of Sponsoring Organizations of the Treadway Commission (COSO).

      If there are any aspects which we may assist, please do not hesitate to contact:

      Partner - Ms. Gloria So
      gloria.so@shinewing.hk (Tel. 3583 8517)


      Contact Us

      ShineWing Hong Kong
      43/F, Lee Garden One,
      33 Hysan Avenue
      Causeway Bay,
      Hong Kong

      T. (852) 3583 8000
      F. (852) 3583 8001
      W. www.iplusc.net
      E. info@shinewing.hk


      About ShineWing

      ShineWing is a premier provider of professional services, specialising in audit, tax and advisory services. Present in China, ShineWing has domestic offices which are spread across the major cities, including Beijing, Shenzhen, Chengdu, Shanghai, Xi’an, Tianjin, Qingdao, Changsha, Changchun, Yinchuan, Jinan, Dalian, Kunming, Guangzhou, Fuzhou, Nanjing, Urumqi, Wuhan, Hangzhou, Taiyuan, Chongqing, Nanning, Hefei, Zhengzhou, Suzhou and Xiamen. Other member firms include Hong Kong, Singapore, Australia, Japan, Pakistan, Egypt, Malaysia, United Kingdom, Indonesia, India, Thailand, Taiwan, Germany, Turkey and Macau. Today, ShineWing employs over 10,000 staff. With our extensive network, we are able to leverage fellow members’ expertise and geographical presence and enhance our ability to serve the dynamic needs of transnational clients.


      ? 2021 ShineWing Hong Kong. All rights reserved.

      The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.


      Home | Open in browser | Unsubscribe