AI Governance Toolkit for General Counsel and Boards

By Valeska Bloch
AI Boards & NEDS Cyber General Counsel Risk & Compliance Technology & Outsourcing Technology, Media & Telecommunications

Guiding principles to help manage AI risk

The exponential uptake of generative AI, including tools such as ChatGPT, means that both the opportunities and risks of its use and deployment are increasing at scale.

We believe companies need to start applying guardrails to AI development, use and deployment, but we understand that it can be hard to know where and how to start.

That's why we've developed an AI Governance Toolkit for General Counsel and Boards, to help companies manage their AI risk in a way that:

  • is fit-for-purpose and proportionate to the risks, in light of current levels of investment (which, in many cases, are still limited); and
  • is an enabler to the responsible deployment of AI within organisations, especially as deployment becomes more widespread.

The toolkit includes:

  • questions to ask your business to help identify and manage AI risks
  • information about establishing your AI governance committee
  • a roadmap to design and implement an AI governance framework
  • a checklist for directors to guide oversight of AI
  • lessons from the approach taken by regulators in relation to the management of cyber risks that can be applied to AI governance.

12 simple questions to ask your business

1. Accountability: who is responsible for managing AI risks?

2. Visibility: how is AI being used across the business?

3. Regulatory compliance: what are our legal and regulatory requirements?

4. Risk management systems: what are our key AI risks?

5. Policies and processes: what guidance do we give staff about their use of AI?

6. Data governance, quality and privacy: how are we using data in connection with AI?

7. Transparency, explainability and interpretability: can (and do) we explain how the AI that we develop or use works?

8. Consumer engagement: what do we say externally about our use of AI and related data?

9. Supplier risk management: how do we identify and manage the risks involved in procuring AI tools or services from third parties?

10. Accuracy, robustness and security: what technical and operational controls do we have in place to address security and reliability of AI?

11. AI incidents and resilience: do we have a documented AI incident response plan?

12. Training: do we provide relevant roles-based training?

Download toolkit

Complete below to download toolkit

Your privacy: Allens collects your personal information so we can provide and market services to you. Your information may be shared with other members of the Allens Group both in Australia and overseas. You have a right to access certain personal information that we collect and hold about you. You may contact us at Further information is available on this page.