Automated AI Risk Assessment & Mitigation

1
Automated AI Risk Assessment Mitigation
Financial institutions are increasingly adopting
AI within their complex model inventory, creating
new business and regulatory challenges that must
be identified and managed. At its core, AI models
function as another form of End User Computing
(EUC) applications. For over 25 years, CIMCON
Software has helped financial institutions
mitigate risks associated with models and EUCs.
Leveraging this expertise, CIMCON now offers
tools that automatically detect and assess AI
models, enabling organizations to maintain an
inventory, monitor changes, and manage associated
risks effectively.
2
AIs rapid adoption introduces unprecedented
complexity, impacting data lineage, governance,
and risk management. A 2020 survey by The
Economist highlighted that 77 of global bankers
believe AI will define winners and losers, while
Gartner predicts 85 of AI projects will yield
erroneous results. Historical examples, like
Knight Capitals 440 million loss due to a
trading algorithm error and the recent collapse
of Silicon Valley Bank from unidentified risk
model errors, underscore the critical need for
robust controls and automated oversight in
AI-driven operations.
3
What can firms do to mitigate AI risk?
Firms are moving into unchartered territory and
without the appropriate updates to their
policies, procedures, and controls, they will
fail when deploying AI models within their
organization. Moreover, any audit failures that
result from flawed implementations will be
significant and costly.
Based on our experience with 500 clients over
the last 30 years in Model/EUC Risk Management,
CIMCON has developed a holistic approach to
identify, assess and reduce AI Model risk. This
approach is built to optimize the end user
experience, accelerate business processes, and
empower its users through actionable insight,
intelligent automation, and powerful
purpose-built workflows.
4
A Complete AI Model Risk Management Solution
CIMCONs EUC Insight software delivers a
holistic, end-to-end approach to managing and
evidencing AI model risk management and
regulatory compliance, by providing the following
features and benefits in a single integrated
platform
1. Identification of AI Models Identify the
prevalence of AI models in the organization,
including where they are being used, type of
model being used, associated activity and
frequency of use.
5
2. Automated AI Risk Assessment Perform an
automated risk assessment of the AI model using
our proprietary algorithm based on a models
complexity, code quality, dependencies, and other
factors.
3. Model Inter-dependency Explicitly called out
in regulatory frameworks such as SS 1/23, a
company must know how many models depend on the
outputs of one or more other models. In this
respect, input / output interdependence is of
primary consideration when determining the
inherent risk any particular model can present to
an organization. By understanding the inherent
risk and applying the necessary controls, an
organization can understand whether its residual
risk is within acceptable bounds.
6
CIMCON understands this critical relationship
between inherent and residual risk and is able to
customize an organizations risk assessment
models to ensure that this balance of risk' is
accurately managed. A key functional component
of the CIMCON solution is to provide our
customers with the ability to visualize model
dependencies, both upstream and downstream
including the ability to determine whether a
link is working correctly or is broken and
requires the model owners attention to recover
the link.
4. Inventory Maintain an inventory of all your
AI models, with configurable forms, workflows and
alerts for periodic attestations.
7
5. Monitoring CIMCON monitors the frequency with
which a model is modified or accessed, who makes
the changes, when and what is modified with a
complete audit trail of all changes, that also
includes a side by side compare of the before and
after version.
In summary, by applying both quantitative and
qualitative measurements to these key areas of
risk, a company can implement a structured
process of maintaining a balanced and accurate AI
model risk management program.
8
Concluding Thoughts
Large language models such as Chat GPT, deep
learning text to image models such as DALL-E, as
well as many others are transforming what is
possible for us to accomplish as a society. For
all of us to be a part of that future and reap
the rewards that it can bring, we will need to
embrace this change and become a part of this
rapidly expanding future. We will need to
collaborate, explore and creatively implement
this new technology, while at all times remaining
mindful that it is not perfect. AI Models can and
will generate errors, which in turn could
potentially hurt the organizations bottom line,
or even worst, damage its most valuable asset
the companys reputation.
In the new normal, the world of model risk
management has become exponentially more complex.
Hence investing in automated tools that can
identify, measure, and mitigate AI risk before
any damage is caused has become the new
imperative.
9
About Us
CIMCON Software, LLC, established in 1988, leads
the field in end-user computing (EUC) risk
management, serving over 500 companies globally
across diverse industries. Our software solutions
are comprehensive, well-tested, and feature-rich,
providing unmatched assurance of success. With
headquarters in Boston and offices in Europe and
Asia, we offer strong global support for EUC
system implementation.
www.cimcon.com
10
Contact Us
Boston (Corporate Office)
1 (978) 692-9868
234 Littleton Road Westford, MA 01886, USA
New York
1 (978) 496 7230
394 Broadway New York, NY 10013