As organizations explore and adopt emerging technologies, governance is rarely if ever at the forefront of their agendas. From a business perspective, it is reasonable to expect that the concern and effort is often focused on reaping the benefits of new and innovative technologies. However, we also recognize that change, let alone change introducing emerging technology, is one of the riskiest endeavors that organizations pursue. Therefore, it stands to reason that proper governance is most important when new and easily underestimated risk associated with new technology enters the environment.
Although it is tempting to make it all work now andaddress the risk later, IT governance professionals must have governance conversations early and often throughout the change process. One of the largest factors limiting these conversations is also inherent in emerging technology: the fact that it is emerging. For example, artificial intelligence (AI) and machine learning (ML) are not new technologies in the sense that they are not widespread. On the contrary, these technologies are being widely adopted for various purposes. However, the effective, efficient and ethical implementation of this technology is far from a settled science. Therefore, IT governance professionals must avoid making the assumption that conventional IT governance is sufficient.
How do we govern technology we do not fully understand? To start, we must identify the unique risk introduced by the emerging technology and evaluate our current framework to understand if existing objectives and activities are appropriate. Where the current framework does not address the new risk, we must adapt and expand. One danger to avoid is focusing on adding activities without re-evaluating the objectives. It is important to critically consider where a new objective could enhance our ability to identify, understand and mitigate risk. For example, while maintaining data accuracy is fairly conventional in governance frameworks, the nuances associated with AI and ML outputs could require new and specific objectives to effectively address the risk. A second danger could be force-fitting current activities to the new risk associated with the emerging technology. For example, systems utilizing AI and ML may require additional data security activities to ensure that data utilized in crucial predictions are uncompromised.
Emerging technologies present many opportunities to an organization. IT governance professionals should take advantage of the opportunity to be proactive in addressing the unique risk introduced by emerging technology.
The ethics of emerging technology
Emerging technology such as AI and ML also introduces ethical concerns, posing risk to an organization. When we allow this type of technology to autonomously act in our systems, it becomes critical to address the ethical concerns early on. Specifically, ethical considerations around privacy, disparate impact and discrimination should be prioritized. Setting guidelines around data collection and data privacy are two examples of how organizations can set themselves apart from others on an ethical standard. Organizations are held accountable for transparent data collection and usage. Understanding how your system works and being upfront with your stakeholders about how you use their data can increase brand equity. Hand-in-hand with collection is privacy of data. Especially in a marketing setting, the amount of consumer information that is held by organizations is powerful. Setting standards to protect and preserve consumer privacy is part of the foundation of ethical action.
AI can do magical things for organizations. However, humans are still at the core of building this AI, and humans have biases. As we incorporate this technology into more and more of our decisions, we must be consciously aware of the implications that our biases can have on technology. Ethical discussions and governance building for AI in a neutral environment, without feeding it human biases, will give AI the chance to have a positive influence of change in the way everyday decisions are made.
Emerging technology can introduce significant improvements to an organization’s tools, techniques and procedures. Ensure that these changes are in line with your organization’s values. This might require being willing to ask tough questions around the actual value that technology does (or does not) add to your operating procedures. It is easy to assume that adding technology makes everything better. While this might be true in many cases, understanding the ethical implications and value added should be a top priority for IT professionals.
Editor’s note: For further insights on this topic, read Benjamin A. Witt, Sarah J. Wolanske, and Jeffrey W. Merhout’s recent Journal article, “I&T Governance Framework for Artificial Intelligence in Marketing: A COBIT 2019 Expansion,” ISACA Journal, volume 2, 2021.
Don't forget—Members can earn free CPE from ISACA Journal quizzes!