Module 3: Governance & Risk Management · BoK III.A

Aligning risk strategies

New AI risk processes must slot into existing risk machinery. Determine whether AI increases existing risks or introduces new ones, decide who is ultimately responsible, and capture it all in a preliminary analysis report → if strategies don't intersect, gaps get exploited.

New AI risk processes must slot into the risk machinery the organisation already runs. Misaligned strategies leave exploitable gaps.

Understand the existing risk programmes and what they mitigate
Determine whether planned AI use increases existing risks or introduces new ones, and whether programmes need adjusting
An organisation may run operational, security, privacy and business risk strategies each with an AI component, or one separate, holistic AI risk management strategy
If strategies do not intersect, gaps may be exploited

Conduct a risk analysis and determine contributing factors
Determine which risks can be mitigated
Establish who is ultimately responsible for risks, mitigation and any system failures after implementation
Capture it all in a preliminary analysis report → fold into the data management plan, privacy impact assessments or authority-to-operate process

← Culture and operationalising responsible AI Business, regulatory and legal risks →