Trust Me - AI Risk Management

If you want to understand EU AI Act or any of the new risk based standards coming out. It has a balanced view of threats and AI risks. This is an easy book to understand AI governance and risk management. Simple. Easy to understand. Lots of stuff on controls. Strong recommendation.

Greg Hutchins is an expert in Risk Based Auditing and Enterprise Risk Management. He has consulted with public and private sector organizations and written numerous books and articles on each topic. He has turned this knowledge and experience to the topic of Artificial Intelligence (AI). In this book the explains what AI is. The risks associated with it and how those risks can be mitigated using Risk Based Auditing.

How to save $60: Step 1: Download iso 31000 iso 42001, iec 23894, NIST RMF, NIST CSF, or CRI. Step2: find all instances of the words GRC, ERM, or risk and add “AI” before them. You now have an AI risk management framework. Finally, the book references the NIST AI RMF as a source but that isn’t even published yet, only the request for input and some responses from The industry. This book is weak on references and has about a page and a half in the back for cited works. it also has a disclaimer in the front that portions of it were written using chat GPT. This book is poorly organized and offers No new concepts to any seasoned GRC or ERM professional. it may offer some basic insight into GRC concepts for an AI professional that doesn’t have a clue about risk management management.

Managing AI-related risks represents a vast, diverse and nuanced domain. It is clear that identifying, assessing and treating these risks will be complicated and require expertise in numerous disciplines. It is also clear that businesses and other organizations will be subject to overlapping standards and regulatory frameworks, especially if they operate internationally. Compliance with these standards and frameworks will require people, resources and processes, all of which will have to be designed, approved and implemented. This book is intended for compliance professionals. It introduces them to the full scope of AI risks that must be addressed, presented in a format consistent with approaches in current use for risk management and compliance. Thus, it should be familiar to them while also paving a path toward how existing approaches must be extended to address the evolving risks that AI represents. If you are just beginning to think about how you will manage AI risks, this book is for you.

Whether we like it or not AI is not only already here but is shaping our future in a multitude of seen and unseen ways. The question isn’t only can we trust it but how can we shepherd this technology in a responsible discerning way? This book does a good job at delineating all of the relative factors to be taken into account when shifting systems to an AI framework.

AI is in almost all products. In the US, we got California and Colorado laws. These require controls. Nothing really explains how. These 2 books are a good intro to start thinking about how to comply with AI regulations.