Automation, including the adoption of machine learning and natural language processing tools, has many benefits but also challenges for the organization. This is not only due to legal and regulatory requirements that may apply to certain types of institutions but also social responsibility and reputation. This is why many internal organizations and institutions, including the European Union with its proposal for Data Governance Act and Artificial Intelligence Regulation, are calling for robust internal governance while using automation tools.
The effective and thoughtful composition of reporting lines, responsibility, and effective technical organization is crucial for every institution that is using data as a source of information or ‘feed’ for its services and products. This will not only ensure that any potential gaps and incidents will be eliminated and reported but this will be also an important factor at the implementation stage of the automation tools. Feedback is one of the most important factors that will guarantee (or not) successful adoption and significant operational savings and without effective communication and responsibility structure this may not be achieved.
Every tool that is using more advanced techniques – sometimes called artificial intelligence – will require more attention as it may generate the risk of algorithmic bias or other ‘error’ that may have real – not digital – consequences. Internal governance may be defined as the organizational and technical solutions within the organization, including the structure of the business, reporting lines, rules for audit and control, and data governance. The level of advancement and complexity of a particular structure will always depend on the size and scope of activity of the company (so-called ‘proportionality rule’).
The company that is willing to adopt automation and digitalization should have at least:
A risk management system that is aligned to the profile of the business.
Record-keeping policies and procedures – for own purpose and external controls and audits.
Human oversight procedures will ensure that any potential errors are identified and eliminated.
Processes for creating and archiving documentation and
Specific procedures for incident reporting and security breaches and
Strategy for the adoption of ICT tools.
Why is it important? We are in a digital world with many incentives for fraud. Many cyber-fraudsters are looking for opportunities and easy profit. Using models and algorithms may sometimes make the organization vulnerable to security breaches and for example – data poisoning – and this is why regulators and supervisors are giving particular attention to robustness and cybersecurity. Think about it as insurance not cost. Good governance should give you more comfort and save time, money, and stress.
