AI - Has the governance system been built for the world we are now operating in?

13 May

APRA published a letter to industry on artificial intelligence.

Some of the call outs include:
⚡Boards are engaged with AI's potential but governance has not kept pace.
⚡Accountability is unclear.
⚡Risk appetite exists on paper but not in practice.
⚡Data and control environments carry systemic weaknesses.
⚡Assurance is lagging.
⚡There is a tendency to treat AI as just another technology, missing what makes it different.

I have been asking across a series of posts: what is the board not seeing, and when is the board seeing it? The APRA letter surfaces a third question,
❓ Has the governance system been built for the world we are now operating in?

For many organisations, AI has not created new risk and governance weaknesses. It has illuminated ones that were already there.

The nature of AI risk demands more than an AI strategy, framework and policy. Organisations that overlay the new over legacy weaknesses may satisfy the short-term requirement, but the underlying conditions remain.

🏃‍♀️ The natural instinct right now is to run.
⏳ The wiser move is to slow down, go deep, and build the conditions that make speed possible.

Building the conditions means looking at the whole. The organisations risk maturity, risk culture, capability, operating model and structure, three lines of defence, accountability and the information flows and governance rhythms that actually reflect the nature of the risk.

AI governance boardAPRA artificial intelligence governanceboard AI risk oversightAI risk accountabilitygovernance readiness AIrisk culture Australia

Donna Worthington https://www.elevareadvisory.com

AI - Has the governance system been built for the world we are now operating in?

AI - If the governance system needs to change, what does it need to change into?

The Ground Has Shifted | A Governance Series | Post 6 of 6

elevare advisory