GRN 2.3 - Executive Responsibility
NIST AI RMF (in the playbook companion) states:
GOVERN 2.3Executive leadership of the organization considers decisions about risks associated with AI system development and deployment to be their responsibility.
About
Senior leadership in organizations that maintain an AI portfolio should be aware of AI risks and affirm the organizational appetite for such risks.
Accountability ensures that a specific team and individual is responsible for AI risk management efforts. Some organizations grant authority and resources (human and budgetary) to a designated officer who ensures adequate performance of the institution’s AI portfolio (e.g. predictive modeling, machine learning).
Actions
Organizational management can:
Declare risk tolerances for developing or using AI systems.
Support AI risk management efforts, and play an active role in such efforts.
Support competent risk management executives.
Delegate the power, resources, and authorization to perform risk management to each appropriate level throughout the management chain.
Organizations can establish board committees for AI risk management and oversight functions and integrate those functions within the organization’s broader enterprise risk management approaches.
Transparency and Documentation
Organizations can document the following:
Did your organization’s board and/or senior management sponsor, support and participate in your organization’s AI governance?
What are the roles, responsibilities, and delegation of authorities of personnel involved in the design, development, deployment, assessment and monitoring of the AI system?
Do AI solutions provide sufficient information to assist the personnel to make an informed decision and take actions accordingly?
To what extent has the entity clarified the roles, responsibilities, and delegated authorities to relevant stakeholders?
Last updated