AIGP Study Guide
Module 3: Governance & Risk Management · BoK I.B

Stakeholders: who sits at the table

Cross-functional collaboration is a tested performance indicator. Privacy, security, accessibility and digital safety personnel are crucial first recruits; an AI inventory gives visibility; and a smaller committee differs from the broad stakeholder group.

Personnel in privacy, security, accessibility and digital safety are crucial first recruits → they bring existing structures to leverage and lessons to build on. Roles include chief privacy officer, chief ethics officer and ethics board, Office for Responsible AI, AI governance committee, legal, architecture steering groups, AI project managers, risk management officer, procurement, HR, marketing and sales, security/IT, engineering and data management. Some may be the same people in smaller organisations.

  • Researchers → identify key risks and core principles to uphold
  • Data scientists & AI/ML engineers → practical considerations → how to measure AI systems, capabilities and limits
  • Non-AI engineers → ask the general questions and bring a strong DevOps perspective for driving AI into implementation and release processes

The inventory → decide who maintains a central inventory of AI applications plus a repository of algorithms → better visibility and transparency of AI projects and products.

Group vs committee

Some activities run through a smaller internal committee (AI review committee, ethics committee) rather than the larger stakeholder group, which has broader membership and can include external members.

  • Determine stakeholders → ask leadership and existing governance teams, include users, aim for diversity by age, gender, race, region, culture
  • Involve early → leverage existing structures and prior lessons
  • Define the business case → goal, cost/benefit, tradeoffs vs other solutions → must align with the business unit mission and vision or it won't be prioritised and funded
  • Assess if AI is the right solution → suitable for the mission and purpose?
  • Continuously evaluate → progress toward the goal, mitigate issues during development
  • Identify risks → internal and external, before they identify you
Practitioner voice

"Work with internal stakeholders to establish organizational risk strategy and tolerance. Determine the level of risk your organization is willing to accept and develop mitigation strategies accordingly." - Tahir Latif

Key terms - quick answers

What is “Office for Responsible AI”?
A dedicated AI governance body/function within an organisation's stakeholder structure.
What is “AI inventory”?
A central inventory of AI applications plus a repository of algorithms for visibility and transparency.