Part II – Technology Fundamentals – Skills Assignment
Fact Pattern
In your Part I Assignment, you prepared a presentation to the Board of Directors of Cars, Inc. or Healthcare, Inc. Your presentation addressed benefits and costs and benefits associated with adopting AI in the organization’s operations.
As detailed below, the Part II Assignment is a risk analysis of the ongoing risks and issues of adopting AI.
Assignment
- The CEO has asked you to recommend to the Board how your organization can help ensure responsible and safe use of artificial intelligence (AI), specifically addressing the following six topics:
- Definition – What is the nature of the risk: regulatory, brand, continuity, project, revenue, other risk?
- Probability – What is the likelihood of the negative event occurring?
- Timing – When would the negative event occur, and how quickly could we detect and rectify it?
- Impacts – Should the event occur, what is the potential damage, either fiscal or reputational?
- Estimates – How much would it cost to mitigate the risk? How does the cost compare to the impact?
- Options – What is the range of options for mitigating the risk?
- In preparation for the Board meeting you have been asked to draft:
- A PowerPoint presentation – between 8 to a maximum of 12 slides (not including the cover slide), comprised of:
- A minimum of one slide for an introduction or agenda for your presentation
- A minimum of one slide for each of the six topics noted above
- A conclusion
- Each PowerPoint slide should have notes added at the bottom. The notes will provide additional information that you would mention in the actual meeting, as well as any clarifications or explanations to help a reader of the slides (who was not at the meeting) make better sense of them.
- A PowerPoint presentation – between 8 to a maximum of 12 slides (not including the cover slide), comprised of:
- In completing the assignment, you should keep in mind that security and AI risk often fail due to the following reasons (although not exclusively):
- Invisible, systemic risk
- Risk occurs as part of the natural fabric of daily business decisions.
- Many of these decisions are made for legitimate business reasons, for example, keeping old hardware and software to save money.
- These are not reported as security concerns, so issues pile up without being addressed.
- Cultural disconnect
- Executive leaders tend to write off security as a technical problem.
- Security readiness should be addressed by the business owners in their request for a new application and CIOs must assist them by putting technology risk and cybersecurity into the business context.
- This will help other executive leaders understand how their decisions affect business outcomes.
- Broken accountability:
- Accountability should mean that a decision to accept risk is defensible to key stakeholders.
- It should support a risk-aware culture that rewards those who make the decisions that balance the need to protect with the need to run the business.
- Society
- When a headline-grabbing security incident happens, society wants heads to roll.
- Few understand how security really works, so when an incident occurs, people assume someone must have made a mistake.
- Enterprises must accept risk to conduct business, but they need to demand appropriate levels of security and accountability for poor decision making.
- Invisible, systemic risk
- Lack of transparency
- Many enterprises have boards and executive leaders who do not want to acknowledge that security is not perfect.
- For example, they decide to move security under legal counsel so that every discussion is privileged and does not have to be disclosed.
- Executive leaders must be willing to talk about the realities and limitations of security to tackle its challenges.
- Many enterprises have boards and executive leaders who do not want to acknowledge that security is not perfect.
Please also refer to the Background Readings and the Manufacturing Company and Healthcare Organization readings below. These are the same readings provided for the Part I Assignment.