MAP 5.3 - Benefits vs Impacts

NIST AI RMF (in the playbook companion) states:

MAP 5.3

Assessments of benefits vs impacts are based on analyses of impact, magnitude, and likelihood of risk.

About

The final output of the Map function is the go/no-go decision for deploying the AI system. This decision should take into account the risks mapped from previous steps and the organizational capacity for their management.

Risk mapping should also list system benefits beyond the status quo. Go/no-go decisions to deploy may be made by an independent third-party or organizational management. For higher risk systems, it is often appropriate – and may well be critical – for technical or risk executives to be involved in the approval of go/no-go decisions to deploy.

The decision to deploy should not be made by AI actors carrying out design and development functions, whose objective judgment may be hindered by the incentive to deploy systems in which they were closely involved.

Actions

• Review and examine documentation, including system purpose and benefits, and mapped potential impacts with associated likelihoods.

• Document the system’s estimated risk.

• Make a go/no-go determination based on magnitude, and likelihood of impact. Do not deploy (no-go) or decommission the system if estimated risk surpasses organizational tolerances or thresholds. If a decision is made to proceed with deployment, assign the system to an appropriate risk tolerance and align oversight resources with the assessed risk.

Transparency and Documentation

Organizations can document the following:

• To what extent do these policies foster public trust and confidence in the use of the AI system?

• What type of information is accessible on the design, operations, and limitations of the AI system to external stakeholders, including end users, consumers, regulators, and individuals impacted by use of the AI system?

• How has the entity identified and mitigated potential impacts of bias in the data, including inequitable or discriminatory outcomes?