Deloitte AI Institute
Five Actions for Boards to Consider in the Era of Generative AI
AI Governance and Risk Management
View the reportThis Fragment is the AI Institute Sidebar
This text and the space it occupies will not be visible in the following environments: "View as published", "Preview", "Live"
There is a new kind of AI in the marketplace, and when it comes to risk mitigation and oversight, boards should take notice.
Over the last decade, the use cases for machine learning and other types of AI have multiplied, as have the risks AI creates. For boards, the AI era has exposed new challenges in governance and risk management. Most boards (72%) report having one or more committees responsible for risk oversight, and more than 80% have one or more risk management experts, according to a Deloitte survey. For all the attention and investment in managing other kinds of business risk, AI demands the same treatment.
AI security risks can compromise sensitive data, biased outputs can raise compliance problems, and irresponsible deployment of AI systems can have cross cutting ramifications for the enterprise, consumers, and society at large. Given the impact, boards can serve a vital role in helping the organization address AI risks.
This was already a tall order for boards. Then along came Generative AI.
This new type of AI is powerful in ways that have stunned users and opened the door to transformative use cases. Generative AI including large language models (LLMs), image and audio generators, and code writing assistants are giving more users the tools to amplify productivity, extract insights, and generate opportunities for efficiency and revenue growth. What is more, a line of business user does not need a PhD in data science to use an LLM-powered chatbot trained on enterprise data. The barriers to direct AI usage are falling fast while the capabilities are only growing. What does this mean for enterprise risk management?
Generative AI amplifies the risks associated with AI, and it shortens the timeline for enacting essential steps and strategies that can enable AI risk mitigation. These risks exist today, and they will proliferate alongside Generative AI as it matures. For boards, there is no time to waste in getting up to speed on Generative AI and what it means for their risk management responsibilities. Here are five things board members can do to prepare themselves for a future with Generative AI.
1. Build the board’s AI literacy
Being an advocate and guide for AI risk management means, in part, asking the right questions. This necessitates a level of AI literacy, which was already important. With Generative AI, the need for literacy is even more paramount, as the technology presents new types of risk (e.g., “hallucinated” outputs that are factually false), as well as magnifies existing risks due to scale (e.g., a Generative AI-enabled call center could give biased outputs to a greater number of people).
To take part in Generative AI risk management, board members can build AI literacy through traditional methods, such as bringing in speakers and subject matter experts and pursuing independent learning through classes, lectures, and reading. A Generative AI model like an LLM could also help in this regard, as simple prompts can summarize and help explain, in natural language, the complexities of how Generative AI works, its limits, and its capabilities.
2. Promote AI fluency in the C-suite
If Generative AI literacy in the boardroom is important, fluency in the C-suite is even more so. Board members are in a position to urge executives to build Generative AI fluency around not only the value and opportunities, but the risks as well. As the power and allure of Generative AI grows and use cases multiply, business leaders need knowledge and familiarity with the technology to responsibly shape AI programs. Decisions around AI ethics, safety and security, accountability, and all the factors that impact trust in AI flow out of a baseline understanding of what Generative AI is and what it can do. As stewards of the enterprise, board members can encourage the AI fluency that is more important than it has ever been.
3. Consider recruiting board members with AI experience
Board members often hail from fields steeped in finance and business management. This background allows them to be informed leaders on fiscal and competitiveness issues. Given that AI is a technical and complex field raising its own collection of hurdles and risks, boards may look to expand their in-house subject matter expertise by recruiting an AI professional to the board. Such a person should bring experience as an operational AI leader with a track record of implementing successful AI projects in similar organizations.
While Generative AI is relatively new and some of the earliest use cases are only now being deployed, a professional with operational AI experience can provide the insight boards need for oversight and governance.
4. Orienting the board for the future
Governance is not an ad hoc exercise, and boards face the need to implement controls to guide the ethical and trustworthy use of Generative AI. Boards may stand up subcommittees to oversee vital enterprise activities, such as for audits, succession planning, and risk management related to finance and operations. Generative AI governance can be supported with a similar tactic.
The lexicon, capabilities, risks, and trajectory of Generative AI are all in flux as the technology matures. A subcommittee or dedicated group is positioned to remain focused and informed on this complex, fast-changing technology. Boards could also extend existing subcommittees mandate to include Generative AI components, for example the Audit committee can include planning for algorithmic auditing.
5. Guide the organization as Generative AI matures
Given their role, board members are not directly working with Generative AI, but they are important stakeholders with essential responsibilities. As enterprise leadership and lines of business explore how Generative AI can be a productivity enhancer and innovation driver, the board can take a higher level, big picture view of AI programs and focus on guiding the enterprise in the ethical and trustworthy deployment of Generative AI. In this, it is helpful to leverage a framework for assessing risk and trust and how those impact compliance and governance. Deloitte’s Trustworthy AITM framework is suited to assessing risk and trust in any AI deployment, and it can help board members make clear-eyed evaluations and usher the organization toward the most valuable use of Generative AI.
The Generative AI landscape is still nascent. These are the early days of a new technology that will have profound impacts on business and society. As well as taking these five important steps, board members can turn to advisors who are already developing the tactics and standards for Generative AI governance and oversight.
While risk management is always a moving target, with literacy, professional experience, dedicated attention, and a vision for the future, boards are positioned to guide their organizations into this new era of AI.