AI Governance Use Case Design

The AI Use Case Requests application provides a way for companies to collect information about the AI use case that the business wants to implement.

1. Capture the use case details.

2. Perform an initial screening questionnaire.

3. Pass through a review workflow

4. Determine the status.

5. If approved, create an AI Inventory record.

6. If an AI Inventory record exists, associate it to the request.

The AI Use Case Inventory application is where all of the business AI use cases and functions are stored. An AI inventory differs from other inventories because it centers around an AI use case and not a tool. Each use case and tool combination must be a different inventory record.

For example, if you want to use OpenAI for translation, name the use case and inventory "Using OpenAI for Translations," and associate the application to OpenAI. If you want another business use case to use CoPilot, create an inventory record named "Using CoPilot for Translations" and associate the application to CoPilot.

The AI Use Case Inventory application handles the following:

• Gathering use case details

• Associating the Enterprise Catalog

• Workflow for review

• Business focused risk assessment

• Umbrella for all associated AI models

The AI Project application helps your company organize its AI initiatives, features, and projects in one area, as well as organize the workflow and data around a specific project.

• Define the project goals and intentions

• Monitor or create AI Requests

• Monitor AI Inventory statuses

• Track the project through a workflow

• Organize a business project or larger initiative

• Organize a group of requests or inventory records that are part of a project.

The Model Inventory application helps AI Governance teams perform multiple assessments for their initiatives, features, and projects. With the Model Inventory application, users can do the following:

• Document key information such as approach, regulation, risk level, and related stakeholders, along with model name, description and type.

• Generate AI Risk Assessments with data feeds.

• Create and perform AI Privacy Impact Assessments.

• Link AI Allocated Obligations and AI Allocated Controls to Model Inventory records using data feeds.

• Generate and perform Conformity Assessments.

• Verify approved Change Requests records from the Model Change Requests field.

• Complete model usage and related models details.

• Perform model validation.

• Monitor performance using metrics.

The model is validated by the Model Validation. Higher risk models and ones used more frequently must be tested more often. Completed validation is required with a Pass/Fail status, following the steps below:

1. Fill in the Model Validation Planning section and Impact Analysis tab.

2. Complete the Questions in Evaluation of conceptual soundness and Ongoing monitoring sections.

3. Complete the Outcomes Analysis sub-form.

4. If the Validation is Failed, create a Findings record in the Findings section.

5. To change the Validation Results, select Pass/Fail in the Override Validation Results field and enter a reason in Override Comments field.

6. Once the record is complete, set the Validation Status field value to Completed in the General Information section.

The Model Certification application certifies Model Inventories based on the model validation results. This activity can be performed whenever validation completes or a model needs further certification activity.

The Model Change Requests application is used to raise a change request for the respective Model Inventory record. This is a copy of the Model Risk Management App Pack. As part of the change request, once it’s approved, the necessary changes can be implemented on the Model Inventory record.

The EU AI Act introduces new obligations to entities located within the EU or doing business in the EU. The EU AI Act Compliance Checker application is an interactive application that determines whether your AI system is subject to these regulations or not. Based on the answers provided, the system determines the risk level for the model.

The AI Obligation Catalog application acts as a repository for regulatory requirements. The obligation catalog provides controls library details for each requirement along with defined Risk-level details. The AI Obligation Catalog is used when creating the Allocated Requirements for an AI Model Inventory.

The AI Controls Library application acts as a repository for AI regulatory requirements. Every AI Controls Library record associates with the respective AI Obligation Catalog. The AI Controls Library is used when creating the Allocated Requirements for an AI Model Inventory.

AI Allocated Obligations are generated based on the AI obligation catalog that has been selected and provide the details for allocated controls.

AI Allocated Controls are generated based on the AI obligation catalog library that has been selected and provide the details for associated Allocated Obligations selected on the Model Inventory. Users can link the Control Procedures and Evidence Repositories while performing assessments based on Allocated Obligations and Allocated Controls.

The AI Conformity Assessment Catalog acts as a repository for conformity assessments based on regulations. It serves as an umbrella for all of the assessment questions and obtains a calculated summary from the responses to questions.

The AI Conformity Assessment Question Library acts as a repository for questions to be used in a Conformity Assessment. This is used when creating Allocated Conformity Assessment Questions.

Based on the Model Inventory application, AI Governance teams can perform conformity assessments using the following:

• Questions that must be addressed to ensure conformity.

• Connections to Allocated Controls, Risk Assessments, and evidence repositories for answering questions or showing proof.

• Assignments to specific people to answer.

The AI Privacy & Ethical Impact assessment is used to assess privacy and ethical impacts based on answer provided to the following subjects:

• Governance

• Regulatory Scrutiny

• Data Types

• Data Accuracy

• Purpose and Use

• Bias

• Data Subject Rights

• Collection and Consent

• Transparency and Explainability

• Security

Serves as the administrator for the AI Governance use case, providing create, read, update and delete access rights.

Provides read and update access for the AI Governance use case.

Provides read and update access for the AI Governance use case.

This dashboard provides complete details for AI Inventory, AI Request, High Risk Assessment, and allocated controls statuses.

This data feed creates AI Inventory records once the AI Use Case Request is approved by a reviewer.

This data feed creates AI Inventory records once the AI Use Case Request is approved by a reviewer.

This data feed creates Allocated Obligations and Allocated Controls records on the Model Inventory.