How do you audit AI performance?
Auditing AI performance is a crucial step to ensure that your AI systems are reliable, fair, and ethical. But how do you measure and evaluate the outcomes and impacts of AI? In this article, we will explore some of the key aspects and methods of AI auditing, and how you can apply them to your own projects.
-
Fanjuan SHI, Ph.DChief Data & Analytics Officer, Grand Frais, PhD in ML
-
Nicholas DavisProfessor of Emerging Tech, advisor, speaker and co-director of the Human Technology Institute (HTI) at UTS
-
Pingky Dezar ZulkarnainDeputy Director of IT Audit Support and IT Performance Management at The Audit Board of Indonesia (BPK RI)
AI auditing is the process of assessing and verifying the quality, accuracy, and effectiveness of AI systems and their outputs. It can help to identify and mitigate potential risks, biases, and errors in your AI models and data, as well as ensure compliance with relevant laws, regulations, and ethical standards. Additionally, AI auditing can enhance transparency, accountability, and trust in your AI systems and their stakeholders. It can also improve the performance, efficiency, and usability of your AI systems and their outputs.
-
In my experience, I see that the need to audit AI arises from the widespread integration of artificial intelligence in society, encompassing both its positive and negative impacts. As AI applications become increasingly pervasive, it becomes crucial to assess the societal implications, ensuring the compliance to the concept of responsible AI. Government audits play a vital role in monitoring and guaranteeing compliance with the principles of Responsible AI, addressing ethical concerns and safeguarding the well-being of individuals and communities affected by these technologies.
-
From my experience, AI auditing is a type of due diligence that examines the societal impact of your AI system in addition to its technical validity. This is especially important in fields like healthcare, criminal justice, or finance where AI has the potential to either reinforce or reduce systemic biases. As AI technology develops, there is a growing need for a uniform framework of governance that strikes a balance between innovation and moral responsibility. Organizations can use auditing to determine whether their AI systems adhere to these new standards.
-
Auditing AI increase trust on your system. A well audited AI system has very minimum risk of bias and can impact the business a lot. Auditing also helps in identify whether we need the AI or that can be done just by simple rule and pattern mining. Avoiding AI in those scenario can help in reducing the computational cost of deploying those algorithms.
-
Our AI consulting projects always include metrics to assess the model quality. Think of model audits like an ISO audit; first, say what you do, and then do what you say. The audit assesses how well you actually do what you say you do.
-
Auditing AI is crucial to ensure that the system is transparent, unbiased, regulatory compliant and ethical. For instance, in my work in Social Media Ads products, we need to make sure that our ads are delivered in an unbiased way to users (not favouring some over the other, especially in the social areas like housing, credit, etc.), are regulatory compliant (e.g., GDPR, etc.) and customers (Advertisers) are comfortable with the transparency into AI. Auditing AI is also essential to make sure the system is performant (accurate and effective) for the goals it is designed for. This can be based on its evaluation against gold standards (which can be human or against next best alternative). All in all, success of AI hinges upon AI auditing.
AI auditing can cover various aspects of your AI systems, depending on your goals, context, and requirements. For example, it's important to audit the data you use to train and deploy your AI models for quality, relevance, diversity, representativeness, security, and privacy. Additionally, you should evaluate the algorithms, frameworks, and parameters used to build and optimize your AI models for accuracy, robustness, scalability, interpretability, and explainability. Furthermore, you should audit the results or actions produced by your AI models for validity, reliability, consistency, fairness, and impact. Finally, you should audit the workflows and tools used to design and monitor your AI systems for efficiency, effectiveness, alignment, and governance.
-
Accordingly, I would inspect 3 aspects in an AI Audit : - reliability (accuracy, precision) - efficiency (time, cost, scalability) - responsibility (security, transparency/explanability, ethnic issues)
-
AI Impact Assessments are an important component of AI system auditing. These differ from risk assessments in that they are outward-looking, focused on how stakeholders and groups may be affected, and include both positive and negative effects. Undertaking rigorous and self-aware impact assessment, documenting the outcomes, and designing appropriate responses is critical to ensuring both trustworthiness and transparency of AI systems. This becomes particularly important for public-sector uses of AI (where the public may not have a choice but to engage), when the output of an AI system has legal consequences, and of course wherever irreversible harm may occur. Doing impact assessments well requires time, thoughtfulness and diverse expertise.
-
A comprehensive AI audit isn't just about the final model's performance; it scrutinises the entire lifecycle of the AI project from data sourcing to deployment. In essence, an AI audit is a holistic review that spans the technical, ethical, and operational aspects of an AI system. As AI systems become more pervasive, a thorough audit framework becomes imperative, ensuring these systems are beneficial, fair, and trustworthy.
-
In addition to auditing broad categories, it's equally important to identify the precise key performance indicators (KPIs) for each aspect you're assessing. Depending on the application, this may change. For instance, the KPIs in a healthcare AI system might include false-negative rates and fairness metrics in addition to accuracy metrics. A crucial component of the audit is knowing what to measure; getting this wrong can mean the difference between a helpful and a harmful AI system.
-
AI auditing can vary depending on the specific system being audited. However, some common steps include: 1) Understanding the System: How system works, what are the data sources, algorithms and outputs. 2) Identifying potential risks: such as bias, discrimination, and security and vulnerabilities. 3) Testing the system: how system performs and to identify the problems. 4) Making recommendation: how to improve the system and mitigate the risks.
AI auditing involves different methods and techniques, depending on the aspect and level of detail you need. Testing is the process of verifying the functionality, performance, and behavior of AI systems and their outputs. Evaluation measures and compares the quality, accuracy, and effectiveness of AI systems and their outputs. Review examines the data, models, outputs, and processes of AI systems. Validation confirms and verifies the compliance, alignment, and ethics of AI systems and their outputs. Various types of testing, metrics and indicators, methods and tools, as well as standards and frameworks can be used to evaluate different aspects of AI systems.
-
On the level of one model, AI auditing means checking how an AI system works, making sure it's fair and does its job well. First, we decide what we want to check. We look at the data the AI uses to ensure it's good quality. We try to understand how the AI makes decisions, and for complex AI systems, we use tools to help explain the predictions. We measure how well the AI performs according to quality metrics (math stuff) and key performance indicators (business and money stuff). It's also useful to assess if the AI continues to work well over time or to state our assumptions about the stability of the inputs the model will encounter. Clients should have a high-level understanding of how the AI system works and be able to own the solution.
-
In my opinion, it's important to validate the procedures used to audit AI systems. In the audit, there is a meta-layer that asks, "Is the method of auditing itself sound?" For instance, are the metrics used to gauge fairness universally applicable or do they have restrictions? Is the data actually representative that was used for validation? Auditors also need to be aware of the risk of "overfitting" the audit, where the AI system is tuned to perform remarkably well on the auditing metrics but fails to generalize to real-world, unobserved data.
-
Methodology matters, especially in AI auditing. However, don’t get too caught up in the jargon of 'Validation,' 'Review,' etc. Instead, integrate a diverse toolkit that combines conventional IT auditing standards like ISO 27001 with emerging AI-specific frameworks. Blend the wisdom of traditional models with the agility of AI-specific tools for a more comprehensive view.
-
To audit AI, initiate with a thorough assessment of the training data, ensuring its quality, diversity, and security. Next, evaluate the algorithms and frameworks for accuracy and robustness. Scrutinize AI model outputs for reliability and fairness. Finally, review the design and monitoring processes for efficiency and alignment. This structured approach guarantees a comprehensive AI system evaluation, fostering trust and reliability.
-
AI Auditing can be can done during any stage of the System Lifecycle. In a way to increase confidence and more trust around AI and it’s implementation. AI Auditing can be achieved through 1.context understanding and risk mapping the AI System. 2.Assess AI systems on efficacy , robustness & safety , explain ability , algorithm way of handling sensitive data , inherent bias mitigation , assurance Through this we can clearly distinguish the use case n context for the system as opposed to the delivery made.
AI auditing is not a one-time activity, but rather an ongoing, iterative process throughout the lifecycle of your AI systems. Before you start building or deploying your AI systems, you should audit your data, models, outputs, and processes to define and validate objectives, requirements, and specifications, as well as to identify and mitigate any potential risks. During the development or deployment of your AI systems, you should audit to monitor and evaluate progress, performance, and behavior. After the completion or deployment of your AI systems, auditing can help measure and compare outcomes, impacts, and benefits. All of this will provide feedback, insights, and lessons to learn from and improve upon.
-
I like to compare the audit process to the life cycle of software development, where regular checks and debugging are incorporated into the process. This should go beyond deployment and into the operational phase for AI systems. This is due to the fact that AI models can "drift" as data and the environment they operate in change over time. To make sure the system is adjusting correctly and not picking up new biases or inaccuracies, continuous auditing is required.
-
It is important to establish a clear process for the AI model development and maintenance lifecycle, where auditing is one of the key stages. A defined time period should be set for how often the audit step gets conducted, such as every 3 months, though this depends on the business dynamics. Having a scheduled audit cadence ensures models are continuously refined and optimized based on the latest insights. Additionally, it is possible to create automated workflows that evaluate specific metrics and trigger predetermined actions like notifying a team via email or retraining the model. This allows efficient, real-time monitoring and response to keep the AI optimized.
-
Auditing should follow the AI lifecycle, from cradle to grave. This not only minimizes risks but also capitalizes on potential optimizations. Consider periodic ‘health-checks’ at intervals that correlate with your update and release cycles. Also, use these audits as a learning tool to iteratively improve your models and systems, making the whole process more dynamic and responsive.
-
When considering the evolution of AI auditing, it is clear that timing is crucial. A continual, iterative approach emphasizes the importance of monitoring from conception to completion. Auditing requirements change along with the AI ecosystem. Early data and model audits set the stage for reliable systems, while ongoing assessments throughout development and deployment keep performance on track. Far from being an afterthought, post-implementation audits provide vital currency for refinement and future innovation.
-
In my opinion, reliability and efficiency audit shall be considered as standard MLOps tasks. The responsibility audit should, instead, be performed on a periodic basis and when needed.
AI auditing is a multidisciplinary and collaborative endeavor that requires the participation of various stakeholders and experts. Depending on the scope and complexity of your AI systems and their outputs, you may need to involve different roles and functions. Developers should audit their data, models, outputs, and processes to ensure their functionality, performance, and quality. Similarly, users should audit their data, models, outputs, and processes to ensure usability, reliability, and satisfaction. Managers should audit their data, models, outputs, and processes to ensure efficiency, effectiveness, and alignment. Lastly, auditors should audit their data, models, outputs, and processes to guarantee compliance, ethics, and transparency.
-
AI auditing is not a task for just one role or function within an organisation but demands the expertise and perspectives of a diverse group. Developers play a crucial role in this process, given their intimate knowledge of the data, models, and the processes underpinning the AI system. Users, as the primary consumers of AI solutions, have a first-hand experience of the system's usability. Managers, on the other hand, focus on the bigger picture. There's also a need for third-party, unbiased auditing by specialised AI auditors. These professionals possess expertise in both AI and regulatory standards, ensuring that AI systems not only function optimally but also adhere to relevant ethical guidelines and maintain transparency.
-
AI audits should be conducted by multidisciplinary teams comprising experts in data science, ethics, law, and domain-specific knowledge. External third-party auditors can provide an unbiased perspective, while internal teams offer deep insights into system design and objectives. Including diverse stakeholders ensures a comprehensive review, capturing potential biases and ethical concerns. Collaboration between internal experts and external specialists ensures a thorough, objective, and holistic AI system evaluation, upholding trust and accountability.
-
Various auditors are involved in the evaluation of AI systems: 1) Internal auditors: As part of the organisation, they are familiar with the system yet may be biassed. 2) External auditors are independent and objective, but may be unfamiliar with the system. 3) Government regulators: Regulate AI use by conducting audits to ensure compliance. 4|) Non-profit organisations should promote responsible AI by undertaking risk assessments. 5) Academic scholars should investigate AI ethics and legality, discovering problems through audits.
-
In my experience, different groups can audit AI in various ways. End users can report divergences between real-world observations and AI outputs. Developers can identify areas for improvement as part of the continuous improvement cycle over the model's lifecycle. Managers can pinpoint that key business results are not being achieved. Each has a distinct vantage point but all play an important role. Users provide feedback on how the AI performs in practice. Developers optimize the technology itself. Managers align the AI to broader business goals. Combining these perspectives creates a comprehensive audit that ensures the AI sustains relevance and value.
-
It's essential to keep in mind that auditing an AI system involves both technical and ethical considerations. As a result, it's critical to incorporate viewpoints from ethicists, community leaders, or even subject-matter specialists who can evaluate the societal implications of the system.
-
As we gradually see the adoption and implementation of AI solutions in our daily activities, it is important we ensure that these systems are ethical, unbiased, effective and efficient in solving real problems and not contributing to or escalating the world's problem, therefore the need for early, regular and continuous AI auditing is of great necessity and important to us all.
-
AI audit and having the mechanism in place to effectively address it, should be a key 🔑 part of AI ethics and compliance. Actively developing and implementing AI Audits will determine the maximum effectiveness of AI Ethics Programs and the true Ethical application of AI throughout any society.
-
Auditing AI performance involves assessing algorithms, data, and design processes to ensure transparency and accountability. AI technology has enabled the development of AI-enhanced systems that can efficiently perform various audit tasks, such as risk assessment, fraud detection, and document testing. To promote the development of more understandable AI systems and engender trust, a Multisource AI Scorecard Table (MAST) has been proposed, which provides a checklist based on good analysis principles. The application of digital technologies, such as AI, descriptive and predictive analysis, can accelerate data mining, automate procedures, and enhance understanding in the audit process. However, there are challenges in SAI performance, orga...
-
Auditing AI requires a collaboration among the various control functions, as it has to cover a wide variety of risks. Especially the aspects of ethics and compliance are a focus area and possible unknown biases of the AI have to be uncovered, as the audit function build an expertise in uncovering this with humans, for AI this requires a different kind of skillset which has to be build over time.
-
Never underestimate the power of continuous monitoring alongside traditional audits. Real-time data can offer immediate insights for course correction that waiting for a quarterly audit just won’t catch. Keep the audit adaptive, and integrate machine learning into your audit strategies to 'learn to improve' the process continually.
Rate this article
More relevant reading
-
IT AuditWhat are the main challenges and risks of auditing AI and ML systems and processes?
-
Artificial IntelligenceWhat do you do if your clients are unaware of the potential risks and limitations of AI technologies?
-
IT AuditHow do you collaborate and coordinate with other stakeholders and experts in AI and ML audits?
-
Artificial IntelligenceHere's how you can establish and uphold trust in AI-driven decision-making processes.