Standards for AI governance help facilitate client trust in organizations

Innovative technologies are increasingly being used to improve systems and services. Robots and people work together in factories and offices, while automated systems are used in cars and planes to ensure safe, efficient journeys

As more businesses incorporate AI technologies to improve their services and products, more questions are being raised. For example, do clients trust and understand how these technologies are being used? What is the role of humans in the organization and can they control the AI technologies deployed? What about societal concerns around big data analysis which could be used in other unfair ways? Should there be an ethical framework for AI?

International standards can help facilitate client trust in organizations

Top technology and transformation trends

These were some of the important issues raised during an event entitled Top technology and transformation trends, co-organized by CPA Australia – one of the world’s largest accounting bodies – and Australia New Zealand and India Business Association (ANZIBA), held in New Delhi, India last November. Around 60 people attended, including business and financial analysts, financial controllers and accountants.

Jan Begg is Technology and Transformation Lead, Policy and Advocacy, CPA Australia, and Chair of ISO/IEC JTC 1/SC 40: IT Service Management and IT Governance, which develops international standards for the governance, service management and business process of outsourcing activities. In her keynote speech, she highlighted concerns around AI technologies already being deployed in business. For example, there is a growing need to ensure the privacy and security of data gathered and analyzed by AI technologies, as well as how it will be used.

“The Australian government is under pressure to release data it collects in an aggregated, deidentified way, for businesses to use, but how do you do this safely? Under the European General Data Protection Regulation (GDPR) data obligations, there is a right for people to say that they want their data to be forgotten. But what if it has already been used in machine learning? How do you undo that and comply with GDPR? There are big questions such as having privacy by design from the outset”, said Begg.

Why standards?

It can be a challenge for the leadership and management of public, private and not-for-profit organizations to keep up-to-date with new technologies, which may have different terminology, definitions, ways of doing things, opportunities for innovation or new threats to business viability.

Begg leads IEC and ISO standardization activities which look at how technology areas or opportunities are managed within an organization, and at governance level – board or executive managers – how they think about their governance responsibilities when it comes to technology.

Among some of the key standards already published are ISO/IEC 38500, Governance of IT for the organization, is a principle-based guidance document comprising six principles which can be applied to any technology or service enabled by technology, and the ISO/IEC 30105 series of standards relating to IT- enabled business process outsourcing (BPO).

The impact of AI on business

Connectivity and smartphones have changed how we live, work and play. There have been numerous examples, such as the move from physical paper to e-tickets for transport, or services which disrupt across industries.

The event’s panel session covered a number of questions including why CPA members should be interested in technology standards and technology trends, evolving government policy in AI and ethics, the changing BPO landscape, the need for new ethical principles for AI and the impact of AI and data analytics on the accounting profession.

Sundeep Oberoi, Global Head, Cybersecurity Delivery Tata consultancy services and Chair of ISO/IEC JTC 1/SC 7: Software and systems engineering, gave his thoughts on technology and transformation trends.

“There is on the one hand a clear trend in every field that involves replacing custom built hardware with commodity hardware where functionality is implemented in software. On the other hand, business processes are being digitized and implemented as software-based processes. This “softwareization of everything” is resulting in software development on a much larger scale, by a much broader set of entities and individuals and with much shorter development times than ever before. This produces several challenges for developers, consumers of software and software development services. There is demand for “agility” and the SC7 community is revising its standards for software development as well as introducing new ones to deal with this need. In a world where requirements change, how is contracting to be done? Traditional software contracts required an up-front definition of requirements in order to have fixed price agreement. We will need newer ways to do contracting and that is an active area of study for us. The other important question for a consumer of software services is how could the maturity of an organization, which delivers development services, in an “agile” manner be assessed? One way to do this is to use ISO/IEC 30105 five-part standard”, said Oberoi.

Find out more about IEC and ISO standards for IT service management and IT governance.