Journal of Research and Development
Open Access

Understanding the Distinction Between Technical and Governance Audits for AI: A Critical Analysis

Jeffrey Kluge^{* *}Correspondence: Jeffrey Kluge, Department of Ethics, The University of Utah, Utah, United States, Email:

Author info »

Introduction

Navigating the complex terrain of AI audit governance

The evolving landscape of AI audits, the need for comprehensive AI audit governance: In the public eye, some CEOs proclaim their systems' potential to benefit humanity while simultaneously calling for government regulation. However, they also assert the ability to self-regulate the development of these systems, creating a paradox that lacks credibility. It's imperative that we acknowledge the need for robust governance and ethical compliance in our pursuit of responsible technology development [1].

In an era marked by rapid advancements in Artificial Intelligence (AI), global governance frameworks, incidents, information access, technological disruption and changing sentiment are converging, ushering in a new post-information era of accountability and oversight for top management and boards of directors. In the United States, this oversight has become synonymous with the C-Suite, a collective term that signifies the roles of chief officers, spanning the domains of executive leadership, risk management, information security, financial stewardship, and beyond. general counsel, alongside in-house and outside counsel, plays a pivotal role in navigating the legal intricacies that accompany these regulations [2].

However, amid this evolving landscape, a significant challenge looms large-a challenge rooted in the nuanced interpretation of newfound responsibilities. Many in top management find themselves wrestling with a fundamental question: Where do these responsibilities originate, and how should they be embraced? Is it an expectation that their teams will provide the necessary guidance, or do legal counsel and internal structures assure them that these matters are being adequately addressed downstream?

Alternatively, could it be attributed to a lack of awareness, and, at times, even an element of arrogance, leading some to believe that these roles should be beneath their purview?

Irrespective of the origins of this challenge, this paper embarks on a journey to unravel the complexities surrounding AI audit governance. It delves into the very heart of these evolving responsibilities, seeking clarity in a landscape where uncertainty prevails [3].

The behavior of executives in the BigTech arena further amplifies the urgency of this discussion. It is a behavior marked by a common misperception-the belief that a technical audit is synonymous with a governance audit. As we shall soon discover, this assumption is far from accurate, and the consequences of stopping at a technical audit can be profound, potentially subjecting an organization to legal scrutiny and risking a failing grade in the critical legal review.

Most importantly, within this evolving landscape, lies a profound truth: Without proper governance and a shared moral framework from which the public can understand how a system is operating, humans will be hurt; physically, emotionally, financially, and with certain biases. It is this fundamental ethical imperative that underscores the importance of our exploration into AI audit governance [4].

It is important to acknowledge the audacious nature of this assertion, especially considering that the voice behind it is not that of a legal expert. Instead, the authority emanates from an intricate understanding of the AI sector, rooted in the meticulous crafting of AI audit criteria designed to align with the very regulations that top management is now held accountable for. For the last several years, the team of which I am a part of, translated the legal principles of various global data protection and privacy regulations through a lens of an engineering-oriented approach.

In our quest for clarity, we have undertaken the monumental task of translating these legal principles into a language that resonates with every facet of an organization, from engineers to finance professionals, from advertising specialists to designers, and from data scientists to countless others. The overarching goal is to empower these diverse teams with the knowledge of what is expected of them to demonstrate compliance. Gone are the days when compliance was a mere checkbox exercise, focused on hurriedly marking tasks as "completed."

As a point of clarity, the use of the term artificially intelligent systems are oversimplified and in actuality represent Artificially Intelligent, Algorithmic, and Autonomous Systems. When you see AAA Systems, or AI Audit, they both aim to represent the mathematical equations embedded into machines that are making rapid and pre-programmed conclusions on the behalf of humans [5].

Building trust by design: Transparency, accountability, and ethics

Transparency in AI systems, accountability in AI governance, ethical considerations in AI audits: In the ever-evolving landscape of artificial intelligence, algorithmic, and autonomous systems, often shortened to (AI systems), verifying performance to set standards, ethical compliance, and oversight is paramount. To establish this trust, we delve into two essential components of AI audit governance: The technical AI audit and the AI governance audit. These audits serve as the bedrock upon which transparency, accountability, and ethical behavior in AAA systems are founded [6].

Technical AI audit: Unveiling the inner machinery

A technical AI audit resembles a meticulous dissection of the inner workings and mechanisms of an AI system. Its primary aim is to address the fundamental question: Does this AI system function correctly? Think of it as disassembling a complex machine to comprehend its construction and operation. In this case, the "machine" is the AI system itself. This audit seeks to ascertain whether the AI system performs its designated tasks accurately and effectively.

Consider the example of a robot designed to sort various types of fruits. In a technical AI audit, we would scrutinize the robot's sensors, delve into its programming code, and assess how it makes good choices as intended. The objective? Ensuring that the robot is adept at identifying and sorting fruits (and nonfruits) correctly. It's akin to verifying that all the gears and wires within the robot operate smoothly, without any hiccups or errors stemming from programming flaws.

AI governance audit: Enforcing ethical behavior

Conversely, the AI governance audit revolves around assessing the rules and guidelines governing AI systems' behavior. This audit focuses on ensuring that there exist clear, equitable instructions that dictate how the AI should act and make choices across a range of circumstances. Think of it as a comprehensive examination to determine whether the "rules" guiding the AI align with ethical standards and the intended purpose of the system.

To continue our robot example, an AI governance audit would scrutinize the instructions provided to the robot. Are these instructions lucid and devoid of ambiguity? Do they instruct the robot to sort fruits fairly and impartially, without biases? Importantly, are there established rules in place to prevent the robot from inadvertently causing harm while sorting the fruits? In essence, the AI governance audit is a litmus test for the ethical integrity of the AI's behavior.

To delve further into ethical considerations, it is imperative to ask how those designing, developing, deploying, and monitoring the system and accounting for its performance, conformance and impact to responsible officers and regulators, are following the rules set forth in their Code of Ethics. In the realm of AI governance, where ethical considerations hold immense significance, it's vital that open-source initiatives establish and maintain a clear ethical foundation, including who does what and when in response to particular conditions being met and thresholds being exceeded. This ensures that contributors understand the ethical principles guiding the project, act on, understand and adhere to them. Without a shared moral framework, even the most transparent and technically sound AI systems can inadvertently perpetuate bad and harmful practice, biases, privacy infringements, or other ethical lapses.

In addition to these ethical concerns, another critical facet of AI governance is the Code of Data Ethics, which plays a pivotal role in the process and systems surrounding the collection of one’s personal information. This is particularly crucial when considering the data of children and vulnerable people, where privacy and ethical considerations take center stage. We shall explore the Code of Data Ethics and its significance in protecting personal information, especially that of children, as an integral part of AI governance in the subsequent sections.

Technical AI audit: This audit centers on delving deep into the technical intricacies of the AI system, scrutinizing its inner workings.

AI governance audit: Contrarily, the AI governance audit concentrates on the ethical and societal aspects, ensuring that the AI system aligns with shared moral framework predefined rules and values.

Purpose: Navigating the intent

Technical AI audit: The Technical AI Audit's primary objective is to validate accuracy, performance, and the technical correctness of the AI system.

AI governance audit: Conversely, the AI Governance Audit strives to ensure ethical behavior, fairness, and alignment with societal values.

Examples: Bringing it to life

Technical AI audit: This audit examines the algorithms, code, data processing, and the decision-making processes within the AI system.

AI governance audit: On the other hand, the AI governance audit reviews policies, data handling practices, and mechanisms in place to prevent biases or discrimination.

Outcome: Improving trustworthiness

Technical AI audit: The technical AI audit aims to enhance the technical performance and reliability of the AI system.

AI governance audit: In contrast, the AI governance audit seeks to elevate the ethical and societal impact of the AI system.

Contrast: Unveiling the nuances

Technical AI audits focus on the technical facets of how an AI system functions, while AI governance audits encompass broader ethical, social, and policy considerations.

Technical AI audits prioritize correctness and efficiency of algorithms and code, while AI governance audits emphasize alignment with human values and societal norms.

Technical AI audits are akin to inspecting the gears and machinery of a car engine, whereas AI governance audits resemble assessing the traffic rules and safety regulations governing how cars should be driven.

Literature Review

Comparing strategies for ensuring trustworthy AI: crowdsourcing, red teams, open source, and independent audits

As the role of AI continues to expand, ensuring its reliability and trustworthiness becomes increasingly vital. To achieve this, organizations employ a variety of strategies, including crowdsourcing, red teams, embracing open-source principles, and that of independent audits. Each approach offers distinct advantages and challenges in the context of AI-based systems.

Crowdsourcing: Harnessing collective wisdom

Reasons for use: Crowdsourcing involves tapping into the collective knowledge and skills of a diverse group of individuals. In the realm of AI, crowdsourcing can play a pivotal role in tasks like data labeling, bias detection, and algorithm enhancement. Numerous AI projects require substantial labeled data for training, and crowdsourcing aids in distributing this workload among a large community of contributors.

Effectiveness: Crowdsourcing proves highly effective for managing large-scale tasks demanding human judgment, such as image annotation or sentiment analysis. The diverse perspectives it brings help uncover biases and elevate the overall quality of AI systems. Nonetheless, maintaining consistent quality and managing contributor motivations can pose challenges.

Red teams: Rigorous testing and challenge

Reasons for use: Red teams are composed of independent experts who simulate potential adversaries to test and challenge systems. Within the AI context, red teams evaluate vulnerabilities, biases, and unintended consequences that AI systems may exhibit. This approach is instrumental in identifying weaknesses and bolstering system resilience.

Effectiveness: Red teams provide a stringent assessment of AI systems by mimicking real-world attacks or challenges. They uncover vulnerabilities that might evade normal testing procedures. While red teaming is highly effective in pinpointing security and ethical issues, it may not encompass all conceivable scenarios and demands considerable expertise.

Open source: Fostering collaboration and transparency

Reasons for use: Embracing open-source principles involves making the source code and design of AI systems publicly accessible. This approach encourages collaboration, knowledge sharing, and community-driven scrutiny. Open source enables experts and enthusiasts to contribute, assess, and enhance the system's functionality and security.

Effectiveness: Open source promotes transparency, enabling experts to assess the system's inner workings. It harnesses the power of collective intelligence to identify vulnerabilities and improve system robustness. However, open-source projects may face challenges in coordinating contributions, ensuring code quality, and managing potential security risks.

Another pitfall rarely spoken of is the shared moral framework from which contributors are expected to operate. In the realm of AI governance, where ethical considerations hold immense significance, it's vital that open-source initiatives establish and maintain a clear ethical foundation. This ensures that contributors understand the ethical principles guiding the project and adhere to them. Without a shared moral framework, even the most transparent and technically sound AI systems can inadvertently perpetuate biases, privacy infringements, or other ethical lapses. In essence, open source's effectiveness in bolstering transparency must be complemented by a robust, agreed, documented and embedded ethical compass to navigate the complex ethical terrain of AI development and deployment. It is this very concept of a shared ethical framework that underscores the reason and significance of proper AI audit governance. Specifically, how are those involved in designing, developing, deploying, and monitoring AAA systems adhering to the code of Ethics and Codes of Conduct? Equally important is examining the code of data ethics and its role in the processes and systems surrounding the collection of personal information, especially for vulnerable groups like children. Proper governance provides the structure to ensure alignment with core ethical principles across the entire AI development and deployment lifecycle.

Independent audits: External evaluation

Reasons for use: Independent audits involve enlisting external experts or organizations to scrutinize AI systems' design, operation, and compliance with regulations and ethical standards. These audits offer an impartial evaluation of system performance and alignment with intended outcomes.

Effectiveness: Independent audits deliver a comprehensive appraisal of AI systems by unbiased professionals. They contribute an external perspective and aid in fostering public trust. However, their efficacy hinges on the proficiency and thoroughness of the auditing entity. While audits may not uncover every potential issue, they enhance transparency and accountability.

Comparing and contrasting:

Focus and scope

• Crowdsourcing: Utilizes collective intelligence for data-related tasks.
• Red teams: Simulates real-world challenges to identify vulnerabilities.
• Open source: Encourages collaborative scrutiny and code transparency.
• Independent audits: Provides external evaluation for compliance and ethics.

Diverse insights

• Crowdsourcing: Offers varied perspectives and aids bias detection.
• Red teams: Provides adversarial insights for security assessment.
• Open source: Enables community-driven assessment and enhancement.
• Independent audits: Offers unbiased external evaluation for compliance.

Challenges

• Crowdsourcing: Ensuring consistent quality and contributor motivation.
• Red teams: Resource-intensive, potential scenario limitations.
• Open source: Coordinating contributions, code quality, security concerns.
• Independent audits: Dependence on audit quality and potential gaps.

Discussion

In the pursuit of trustworthy AI, organizations often employ a combination of these strategies. Crowdsourcing bolsters data quality, red teams rigorously test assumptions, independent audits ensure accountability, and open-source principles promote transparency and collaboration. This multi-faceted approach aims to address various dimensions of AI system trustworthiness and reliability.

The role of independence in AI audits

In the world of auditing, independence is a cornerstone principle that enhances the credibility and integrity of the audit process. This principle holds true for AI audits as well, where independence from internally driven audits can bring significant benefits. In this section, we explore why independence is crucial in AI audits and how it can contribute to more effective governance.

Objective assessment: In a perfect world, independence in AI audits ensures that auditors approach their tasks with an unbiased and impartial perspective. When internal teams conduct audits, there may be inherent biases, influences, incentives or conflicts of interest that can compromise the objectivity or quality of the assessment as the basis for strategic decision making. Independent auditors, on the other hand, can provide a fresh, even and unbiased evaluation of the AI system's performance, compliance, and ethical/unethical behavior.

Enhanced credibility: When performed correctly, independence adds a layer of credibility to the audit process. Stakeholders, including investors, regulatory bodies, and the public, are more likely to trust the findings and recommendations of auditors who are not directly tied to the organization being audited. This trust is vital for maintaining transparency and accountability in AI governance.

Identifying blind spots: External auditors often bring a broader perspective and diverse expertise to the table. They are more likely to identify blind spots, or potential risks, that internal teams may overlook due to their close involvement with the AI system's development and operation. Independence can lead to a more comprehensive and thorough audit, addressing not only technical aspects, but also ethical and societal considerations.

Avoiding conflicts of interest: Internal audit teams may face conflicting priorities, such as the desire to maintain the status quo, or protect the organization's reputation. Independent auditors are incentivised not to entertain conflicts, or to respond to pressure from the auditee, as a condition of their license and legal obligations. They are there to focus solely on evaluating the AI system's performance, compliance, and ethical adherence without any vested interests and attest to their findings.

Consultants tasked with auditing the very same AI systems they helped build face an undeniable conflict of interest. Much like a child grading their own final exam, consultants hold a vested interest in highlighting the strengths and downplaying the weaknesses of systems they designed. Their incentives are misaligned providing truly objective audits may reveal flaws that hurt their bottom line, reputation or jeopardize repeat business with the client. However, glossing over issues threatens the validity of the audit. This tension between accountability and self-interest places consultants in an ethically precarious position when auditing their own work. Just as skilled professionals grade exams to avoid student’s lack of objectivity and self-serving biases, consultants building AI systems should not be entrusted with auditing them. Safeguards like third party audits are helpful to upholding credibility.

Pre-audit services deliver immense value by gauging readiness, uncovering gaps, and preparing organizations for successful audits. Activities like preliminary assessments, mock audits, and training help identify areas needing improvement. These preaudit consultants can spot insufficiencies to be rectified and addressed before an official “pass/fail” grade is delivered. However, the very nature of these pre-audit services poses an inherent conflict of interest if the same provider also conducts the actual audit. Just as students receive an unfair advantage when teachers give "sneak peeks" at exam content, pre-audit insights compromise the objectivity of the ensuing audit. Even with the best intentions, pre-audit providers are incentivized to have organizations "pass" the later audit. Separating pre-audit advisory services from audit delivery is crucial for maintaining credibility. While pre-audits are invaluable for readiness, the formal audit itself should be delivered by an entirely independent entity without prior.

Regulatory compliance: Independent audits can aid in compliance with regulatory requirements, reducing risks of penalties for non-compliance. Many international AI regulations, such as the Digital Services Act, (DSA) mandates comprehensive audits by qualified third parties. The Online Safety Bill and EU AI Act mention audits, while CA AADC refers to having a DPIA available for review. However, presently the regulatory bodies responsible for enforcement have yet to officially "approve" any certification schemes specifically for AI governance audits evaluating ethics and societal impact. While some audit firms are establishing reputations for technical audits assessing system functionality, these still fall short of the impartial ethical assessments desired by regulators. Until official certification frameworks are established, organizations relying solely on internal or technical audits face heightened scrutiny and greater risk. Proactive investment in third-party AI governance audits demonstrates commitment to holistic governance, oversight, and accountability in delivering ethical AI.

Accountability and transparency: Independence in AI audits reinforces accountability and transparency within organizations. When external auditors provide an independent assessment, it encourages organizations to consider previously unidentified opportunities, problems and options, take corrective actions and improve their AI systems to meet higher standards of performance and ethics.

Public perception and reputation: Organizations that embrace independent AI audits demonstrate a commitment to responsible AI governance. This commitment can positively impact their reputation, attracting customers, partners, and investors who value ethical and accountable AI practices. Conversely, a lack of independence in audits can lead to skepticism and potential reputational damage.

From an investment and advisory perspective, organizations embracing independent governance audits, public disclosures, and age-appropriate design can gain immense brand value and loyalty and attract and retain both their market share and shareholders. By proactively following certification frameworks to design ethical, responsible AI systems, companies show customers their commitment to transparency and accountability.

Age-appropriate design, as enshrined in the UK Children’s Code, re-aligns business incentives away from shareholder benefit replacing the focus with one on user protection, especially for vulnerable groups like children. When companies follow these criteria, and communicate to users how they safeguard their digital experience, it powerfully reinforces trust, safety and ethical standards and responds to the call for “AI guard rails”. While certifications are still evolving, companies investing early in robust governance audits and age-appropriate design will reap reputational benefits for their forward-thinking leadership in the form of products that scale to deliver content to users based on their attributes. In an increasingly skeptical environment, actions taken today to exceed minimum compliance requirements, meet user needs flexibly, instead of ‘one size fits all’ and protect users, will become a tremendous asset. Leading on ethics, safety by design and accountability creates immense goodwill with consumers.

The role of an independent third-party: Independence is a critical factor in ensuring the effectiveness and credibility of AI audits. It offers an objective assessment, enhances the audit's credibility, identifies blind spots, avoids conflicts of interest, aids in regulatory compliance, reinforces accountability and transparency, and positively influences public perception and reputation. Organizations should consider the benefits of independence when designing their AI audit processes, recognizing that it contributes to the responsible and ethical governance of AI systems. In doing so, they can build trust among stakeholders and promote responsible AI adoption.

Navigating conflicts of interest: Implications for AI audits and oversight

As the development and integration of AI systems become increasingly prevalent, the need for robust audits and oversight mechanisms is undeniable. These mechanisms, such as technical AI audits and AI governance audits, play a pivotal role in ensuring the reliability, fairness, and ethical conduct of AI technologies. However, a significant challenge arises when those responsible for building, writing, or establishing the rules governing AI systems also hold a vested interest in their success and are motivated by profit and willing to be unethical. This inherent conflict of interest can cast a shadow over the validity and impartiality of AI audits, both on the technical and governance fronts.

Consultants and conflict of interest: A complex dilemma: Consultants, developers, and individuals directly involved in constructing AI systems often possess an intimate understanding of the technology's intricacies. While this expertise is essential for meaningful audits, it introduces a potential conflict of interest. When the same parties who design and implement AI solutions are tasked with evaluating their performance, an inherent bias can emerge. Their attachment to the success and reputation of the technology may inadvertently influence their assessment, potentially leading to overlooking shortcomings or downplaying ethical concerns. Ironic as it seems that those concerned with understanding and reducing bias in their system, may be doing just that, without the guidance, fresh perspective or input from a third-party.

Impact on technical AI audits: Technical AI audits delve into the inner workings of algorithms, code, and decision-making/ conclusion reaching processes. When those who have a vested interest in the AI's success conduct these audits, their assessments might lean toward emphasizing positive aspects while glossing over deficiencies. This can compromise the thoroughness and objectivity of the audit, as crucial issues that might tarnish the AI system's reputation could be underrepresented.

Impact on AI governance audits: AI governance audits focus on the policies, rules, and ethical guidelines guiding AI behavior. If the architects of these policies are the same individuals who stand to benefit from the AI's success, there is a risk of overlooking potential biases, lack of transparency, or inadequate safeguards. Such conflicts can undermine the effectiveness of AI governance audits by allowing potentially problematic practices to persist unchecked.

Preserving validity and integrity: Mitigating conflicts of interest: To ensure the validity and integrity of AI audits, steps must be taken to address conflicts of interest. This involves establishing clear guidelines that separate the roles of those building and evaluating AI systems. Independent third-party auditors, separate from the development team, can provide an impartial assessment of technical performance and ethical adherence. Similarly, governance audits benefit from external experts who bring a fresh perspective and are not influenced by the AI's profitability and commercial success.

Transparency is another crucial element: Fully disclosing any potential conflicts of interest and detailing the steps taken to mitigate them, enhances the credibility of audits and promotes a culture of accountability and honesty. Openness allows stakeholders, regulators, and the public to understand the context in which audits are conducted and interpret the findings appropriately.

Balancing innovation and accountability: The intersection of innovation and accountability in the realm of AI audits is a delicate balancing act. While the expertise of those involved in building and designing AI systems is invaluable, mechanisms must be in place to prevent conflicts of interest from compromising the validity of audits. By fostering a culture of transparency, independence, and external oversight, we can establish a more robust framework for evaluating AI systems, ensuring their responsible and trustworthy integration into our lives.

Top management and oversight boards: Navigating global AI audit regulations

In the context of evolving global AI audit regulations like the Digital Services Act, EU AI Act, GDPR, and California Age- Appropriate Design Codes, the role of top management and oversight boards in organizations becomes crucial. These regulations aim to establish clear rules and safeguards for AI systems. Here's how top leadership can ensure compliance:

Understanding regulatory landscape: Top management should ensure they have a comprehensive understanding of the specific AI regulations applicable to their organization, including the Online Safety Bill, Digital Services Act, EU AI Act, GDPR, and California Age-Appropriate Design Codes. This involves staying up to date with evolving compliance requirements.

Risk assessment and mitigation: Collaborate with experts to conduct a thorough risk assessment, evaluating how AI systems are used within the organization. Identify potential areas of noncompliance or risks related to data privacy, fairness, transparency, and accountability.

Governance frameworks: Develop and implement governance frameworks that align with regulatory requirements. These frameworks should establish clear roles and responsibilities for compliance, including the oversight of AI systems' development, deployment, and audits.

Data handling and privacy: Ensure that data handling practices within the organization are in line with GDPR and other relevant data protection regulations. This includes obtaining proper consent for data usage, implementing robust data security measures, and respecting individuals' privacy rights.

Transparency and accountability: Encourage transparency in AI system operations, especially when decisions significantly impact individuals. Implement mechanisms for explaining AIdriven decisions, particularly those related to automated content moderation, recommendation systems, and profiling.

Age-appropriate design: Comply with the California Age- Appropriate Design Codes by creating age-appropriate settings and content controls within digital services. Ensure that AI systems used in services targeting children or teenagers prioritize their safety and privacy.

Documentation and reporting: Establish clear processes for documenting AI development and operation, including data usage and decision-making algorithms. Be prepared to provide reports and documentation upon regulatory request.

Third-party audits: Engage third-party independent auditors to conduct both technical AI audits and governance audits. These audits should evaluate compliance with regulatory requirements and assess the fairness, transparency, and accountability of AI systems.

Training and awareness: Invest in training programs to raise awareness among employees about AI compliance. Ensure that staff, especially those involved in AI development and data handling, understand the implications of these regulations.

Continuous monitoring: Implement continuous monitoring systems to track compliance with AI regulations. This involves regular audits, reviews, and updates to policies and practices to adapt to evolving regulatory requirements.

Public communication: Be prepared to communicate your organization's commitment to compliance with AI regulations to the public, customers, and stakeholders. Transparency and open communication can build trust.

Legal counsel: Seek legal advice from experts well-versed in AI regulations. Legal counsel can help interpret the nuances of these regulations and ensure that the organization remains compliant.

In summary, top management and oversight boards play a pivotal role in guiding organizations to comply with global AI audit regulations. By fostering a culture of compliance, transparency, and accountability, organizations can responsibly navigate regulatory landscapes while benefiting from AI.

However, ethical behavior and ethical organizations are led from the top down. While employees may take public stands for ethics, meaningful change is unlikely until top management embraces and empowers ethical governance. Presently, in the absence of such top-down leadership, the public is left to force change through regulation. Top managers must recognize their unique ability to lead ethically and avoid reactive regulatory measures. With proactive governance audits and oversight powered from the executive level, organizations can demonstrate commitment to transparency, ethics and accountability.

The role of non-profits in promoting AI accountability

Alongside government and business efforts, non-profit organizations have an opportunity to make significant contributions to ethical AI governance in the following ways:

Independent auditing and certification: Non-profits focused on ethics, accountability and transparency could conduct independent third-party audits of AI systems. Their noncommercial status lends credibility to governance certifications.

Watchdog groups: Activist non-profits can serve as watchdog groups that monitor for harms caused by AI systems and hold companies and governments accountable through reporting and advocacy.

Standards development: Non-profits bringing together experts from academia, industry, and society could facilitate the development of voluntary standards and best practices for ethical AI governance.

Policy guidance: Policy-focused non-profits can provide valuable guidance and recommendations to lawmakers on AI governance regulations and frameworks.

Public education: Educational non-profits can build public understanding and communicate the importance of governance in ensuring AI accountability, fairness and transparency.

Multi-stakeholder initiatives: Non-profits could coordinate and lead collaborations that convene diverse groups to address complex AI governance challenges. By leveraging their independence and public interest mission, non-profits can raise concerns, share knowledge, and promote responsible AI governance. Developing robust non-profit capacity will contribute meaningfully to establishing trustworthy and ethical AI systems.

At the same time, non-profits must thoughtfully navigate potential conflicts of interest, especially if receiving funding from industry. Whether funding comes from technology or consulting maintaining independence and public trust requires transparency and ethical practices. Non-profits focused on AI accountability should publicly disclose funding sources and have established policies to prevent undue donor influence. They can reference their commitment to ethical practices and independence in organizational codes of ethics. By working with both industry and civil society stakeholders in balanced ways, non-profits can maintain their ability to be voices for public accountability even with private sector funding. Proactive communication about independence and ethical practices will be key to managing perceptions.

The role of the Financial Accounting Standards Board (FASB) in shaping AI audit governance

• Learning from FASB's successes
• Lessons from FASB's challenges
• A model for AI audit governance

The Financial Accounting Standards Board (FASB) has long been recognized as a pivotal institution in establishing robust governance and standards within the realm of financial accounting. It sets forth principles that ensure financial reporting is both transparent and consistent, guiding organizations on how to present their financial information accurately and fairly. Drawing parallels between FASB's practices and the emerging need for AI audit governance can offer valuable insights into what works effectively and what pitfalls to avoid.

The good: Learning from FASB's successes

Standardization and clarity: FASB's success largely stems from its commitment to developing and enforcing clear, standardized accounting principles. In the AI audit governance context, this highlights the importance of establishing standardized guidelines and regulations that clearly define the expectations and responsibilities of organizations utilizing AI systems.

Transparency and disclosure: FASB mandates transparent financial reporting. Applying this principle to AI governance, it becomes evident that organizations should be equally transparent about the implementation, functioning, and impact of AI systems. Stakeholders should have access to comprehensive information about AI use, its algorithms, data sources, and potential biases.

Adaptability and evolution: FASB regularly updates its standards to reflect evolving financial practices and technologies. This adaptability is instructive for AI governance. Regulations and guidelines must remain agile and responsive to the rapid advancements in AI technology, ensuring they remain relevant and effective.

Stakeholder engagement: FASB engages with various stakeholders, including businesses, auditors, and investors, to gather input and perspectives on its standards. A similar approach in AI governance can foster collaboration and garner insights from diverse stakeholders, enhancing the quality of AI audit practices.

The bad: Lessons from FASB's challenges

Complexity and ambiguity: Over time, FASB standards have grown increasingly complex, leading to challenges in interpretation and compliance. In the context of AI audit governance, this warns against overly convoluted regulations that may hinder effective implementation and understanding.

Enforcement and compliance: FASB's effectiveness relies on the commitment of organizations to adhere to its standards. However, enforcement and compliance issues have arisen, highlighting the need for robust oversight and consequences for non-compliance in AI audit governance.

Economic and industry-specific factors: FASB's standards are sometimes criticized for not fully considering the economic and industry-specific nuances that different businesses face. AI audit governance should take into account the diverse applications of AI across industries and tailor regulations accordingly.

Retroactive adjustments: FASB has faced criticism for introducing retroactive adjustments, causing disruptions to financial reporting. In the AI context, it underscores the importance of avoiding abrupt changes in audit requirements that could disrupt AI operations already in place.

A model for AI audit governance: The Financial Accounting Standards Board (FASB) offers a compelling model for AI audit governance, characterized by its commitment to standardization, transparency, adaptability, and stakeholder engagement. By drawing lessons from FASB's successes and challenges, we can establish a strong foundation for effective AI audit governance that fosters trust, accountability, and responsible AI practices. The key lies in finding the right balance between comprehensive guidelines and practical implementation, with an eye on the evolving landscape of artificial intelligence.

Navigating the ethical technology landscape: Your 'LEGAL DIVE' compass

It is crucial to recognize the agency within your organization when addressing the pressing issues, we've discussed. Achieving AAA development ethically, especially for children and vulnerable groups, demands proactive measures. While resistance to change persists, it's our daily actions that define our contribution to creating something worthwhile and beneficial for humanity.

While technical audits are essential steps in developing sociotechnical systems, governance audits provide the vital framework necessary to fulfill your organization's ambitious missions and purpose-driven work. It's worth noting that merely claiming the power to help humans flourish, without a clear map for governing generative AI, is akin to a child's dream.

Conclusion

As we wrap up our discussion, remember that every action you take within your organization contributes to the journey of ethical technology development. It's these daily choices that determine our collective impact on the world.

In this endeavor, we offer you a 'memory stick'—our 'LEGAL DIVE' framework—a compass to navigate the complex seas of technology governance and ethics. Let it serve as your guide, empowering you to leverage tools, engage in dialogue, conduct governance audits, allocate resources, uphold your legal responsibility, document your moral framework, and implement independent AI audits. Stay vigilant, view regulations, and above all, embrace compliance.

References

1. Farley E. AI Auditing: First Steps Towards the Effective Regulation of Artificial Intelligence Systems. 2023.
2. Ashir F, Mekonen K. The Impact of Artificial Intelligence on Auditing: Navigating Ethical challenges. Master theses, Gothenburg University, 2024.
3. Ema A, Sato R, Hase T, Nakano M, Kamimura S, Kitamura H. Advancing AI Audits for Enhanced AI Governance. arXiv preprint arXiv. 2023.

   [Crossref]

4. Munoko I, Brown-Liburd HL, Vasarhelyi M. The ethical implications of using artificial intelligence in auditing. J Business Ethics. 2020;167(2):209-234.

   [Crossref]

5. Manheim D, Martin S, Bailey M, Samin M, Greutzmacher R. The Necessity of AI Audit Standards Boards. arXiv preprint arXiv. 2024.

   [Crossref]

6. Ariga T, Ayers J, Gillich T, Weeks N, Hiromoto S, Skorczynski M. Artificial intelligence creates new opportunities to combat fraud. Int J Govt Aud. 2020;47(3):42-44.