Ever since artificial intelligence burst onto the scene and particularly over the past several months, just about every organization has been grappling with complex questions about how to safely harness the power of AI, while avoiding or mitigating the risks and dangers that come with this massively powerful technology.
Internal audit departments are particularly concerned with these risks and dangers. While internal audit is itself working to adopt AI strategies to increase efficiency and leverage the positive aspects of the technology, it is also working to assess the risks throughout the organization and ensure that processes and safeguards are in place to limit them.
The reality is that every organization or group already has some form of artificial intelligence defense program in place whether this is by chance (organic) or by design (predetermined). The AI defense spectrum can vary widely in maturity, capability, and competency. For example, they can range from implicit informal undocumented unstructured programs on the one hand, to explicit formal documented structured programs on the other, and everything else in between.
Note: This is the second in a three-part series on managing the risks and dangers of artificial intelligence (AI). For the first part, see “Anticipating a Scandal: Is AI a Ticking Time Bomb for Companies?“
Immature programs often operate in a rather chaotic or disorganized manner as they often lack a sense of a unifying structure and a systematic approach. The degree to which the program is explicit formal documented and structured represents a clear indication of the organization or group’s focus on its AI defense obligation to minimize AI value destruction.
A robust AI defense program needs to be proactive, comprehensive, and systematic in nature and requires a holistic and multi-disciplinary approach. This involves the alignment, integration, and unification of the eight critical AI defense components so that they are all strategically aligned, tactically integrated, and operating in unison towards the achievement of common objectives. It not only requires diligence and vigilance but also the cooperation, collaboration, and coordination of multiple stakeholder groups representing stakeholder interests at organizational, national, international, or global levels.
Stakeholder Interests and Stakeholder Groups
Stakeholders refer to all those with a vested interest in the activities of a particular organization or group. In business, stakeholders can include shareholders, board members, management, employees, customers, clients, business partners, regulators, and the general public. AI stakeholder groups can include governments, civil society, private sector, scientific community, and others. All stakeholder groups have a duty of care to ensure that the best interests of their own stakeholders are being taken into consideration.
Given the potential positive and negative impact of AI it is important that stakeholders proactively engage with their various stakeholder groups on this topic. Stakeholders need to consider their group’s current approach to AI value preservation and AI defense. Such consideration will help stakeholders to determine the possible implications of their group’s current focus on AI value destruction, its attitude to AI value preservation due diligence, and its prioritization of AI defense in general. The following issues should therefore be considered by engaged stakeholders (both individually and collectively) in relation to their own spheres of interest:
Maturity and Formality: The extent to which there is in fact an AI defense program (or similar initiative) currently in place, either by chance or by design. This includes the extent to which the current A.I. program reflects an implicit informal undocumented unstructured program or an explicit formal documented structured program.
- Does the organization have a formally documented and approved AI Defense Program in place?
- Does the organization have a formally documented and approved AI Defense Charter (including vision, mission statement, strategy, framework, plan, policies. and procedures etc) in place?
- Is there a formal AI Defense Committee (or sub-committee) in place?
Capability and Responsibility: The extent to which individuals or groups are delegated the responsibility for AI defense, the level of seniority of the AI defense champion (the individual with overall responsibility for AI defense), and the nature of their reporting line to the top of the organization.
- Has a specialist Chief AI Defense Officer been appointed and where or to whom does this officer directly report?
- Is there a specialist AI Defense Function (or competence center) in place?
- What is the AI Defense Program’s budget as a percent of the organization’s overall budget?
Competency and Comprehensiveness:The extent to which the scope of the AI defense program is viewed in holistic terms or in more narrow selective terms. This includes the extent to which there is inter-disciplinary alignment, integration, and unification of critical defense components at strategic, tactical, and operational levels.
- Does the AI Defense Program explicitly and formally include initiatives to address each of the following: AI Governance, AI Risk, AI Compliance, AI Intelligence, AI Security, AI Resilience, AI Controls, AI Assurance?
- Is the AI Defense Program in alignment with the organization’s wider AI strategy and with the organization’s overall strategy?
- Does the scope of the extend to a focus on AI issues at organizational, national, international, and global levels?
AI Value Preservation Diagnosis and Remedy
Similar to water, value destruction tends to follow the path of least resistance, wherever vulnerabilities (weaknesses and deficiencies) exist, and the previous article has already highlighted that these are currently far too numerous. Given the pervasive nature of AI technology, humanity needs to consider and address these vulnerabilities at organizational, national, international, and global levels. Therefore the above questions should be asked of all groups or organizations, not just the major AI players such as Google, Meta , Apple , Microsoft , Tesla and others. This also includes those with responsibility for setting standards and issuing guidance in this space (such as United Nations, OECD – OCDE , European Commission , and World Economic Forum) who need to answer these questions in relation to their own organizations.
Reflection on the answers and feedback received on the above issues will help various stakeholder groups determine our current maturity, capability, and competency levels in relation to AI value preservation due diligence and AI defense in general. Proactive stakeholder engagement is essential if human kind are to successfully manage, address, and remedy this existential challenge.
An Alternative Option
Alternatively stakeholders may prefer to sit back and just hope that the following quote (often attributed to Joseph Addison) will be sufficient to provide them with the necessary level of protection required.
“Artificial intelligence will never be a match for natural stupidity.”
I personally would strongly recommend the former approach. 
Sean Lyons is a value preservation & corporate defense author, pioneer, and thought leader. He is the author of “Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program.”