What are the governance considerations? has been saved
Article
What are the governance considerations?
The CLO’s guide to Generative AI risks and opportunities
Despite only 17% of organizations having communicated clear AI policies to their employees, a recent survey of 2,000 American workers revealed that 16% of its respondents regularly use ChatGPT at work.1 However, banning the use of Generative AI (GenAI) is also problematic. Not only could organizations that avoid using GenAI fail to capture its potential benefits, but complete bans on GenAI may result in employees hiding their use (called shadow IT),2 which can also expose an organization to risk.3
Instead, organizations should consider the following:
Does my organization have a centralized AI governance function, task force, or center of excellence (COE) composed of a cross-functional team of experts to evaluate acceptable and unacceptable uses of Generative AI?
${column1-large-text}
If yes:
Who are the members of the governance function that determine acceptable uses of GenAI?
AND
Does the governance function or COE outline:
- Low-risk uses versus high-risk uses?Low risk = Generally acceptable uses requiring little/no oversightHigh risk = Needs a higher, more intensive level of reviewOR
- That every decision is required to be evaluated by an AI task force/center of excellence/governing board?
${column2-large-text}
If no:
What mechanism will be used to determine acceptable uses of GenAI?
${column3-large-text}
${column3-title}
${column4-large-text}
${column4-title}
Does my organization have a formal Generative AI policy?
${column1-large-text}
If yes:
- Is there a compliance framework in place to manage and provide guidance for acceptable uses?
- Has the policy been communicated to business leaders?
- Are the policy and compliance frameworks written in easy-to-understand terms?
- Has the legal department or COE engaged in comprehensive training efforts to inform the enterprise how GenAI can and cannot be used?
- Does the policy and/or compliance framework include consequences for violating the policy?
${column2-large-text}
If no:
And no policy planned:
- How can my organization mitigate risks for employees who are using GenAI?
And policy is planned:
- Who should help develop the organization’s GenAI policy?
- Should policies apply to the entire business or just key areas most likely to use GenAI?
- How will the policy be communicated to the business?
- Will the policy include consequences for violating the policy?
${column3-large-text}
${column3-title}
${column4-large-text}
${column4-title}
Other Generative AI topics to explore
Learn about other areas of GenAI and how it impacts CLOs and their teams. From the basics to the more complex challenges, these resources are designed to help you navigate GenAI’s legal implications and risks with ease.
1 Chad Brooks, “With Little Employer Oversight, ChatGPT Usage Rates Rise Among American Workers,“ Business.com, September 6, 2023.
2 Shadow IT refers to hardware, software, and services utilized outside an organization’s centralized IT department sometimes without the knowledge or approval of the organization.
3 Steve Mollman, “Wharton professor says employees are hiding A.I. use – and potentially transformative productivity gains – from employers.“ Fortune, June 18, 2023.
Get in touch
Lori Lorenzo
Chief Legal Officer Program
Research and Insights Director
Managing Director | Deloitte Risk &
Financial Advisory
Deloitte Transactions and
Business Analytics LLP
Erin Hess
Chief Legal Officer Program
Research and Insights Manager
Manager | Deloitte Risk &
Financial Advisory
Deloitte Transactions and
Business Analytics LLP
Jon Foster
Managing Director | Deloitte Risk &
Financial Advisory
Deloitte Transactions and
Business Analytics LLP
This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this document.
As used in this document, “Deloitte” means Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services, and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting. Deloitte does not provide legal services and will not provide any legal advice or address any questions of law.
Copyright © 2023 Deloitte Development LLC. All rights reserved.
Recommendations
Building resilience to work through adversity
How CLOs can adapt to unpredictability and disruption
Take Note
Insights for legal professionals