The Yuan requests your support! Our content will now be available free of charge for all registered subscribers, consistent with our mission to make AI a human commons accessible to all. We are therefore requesting donations from our readers so we may continue bringing you insightful reportage of this awesome technology that is sweeping the world. Donate now
Lessons Learned from Sarbanes Oxley IT Controls Can Improve AI Deployment Compliance
By Jan Sevcik  |  Oct 04, 2021
Lessons Learned from Sarbanes Oxley IT Controls Can Improve AI Deployment Compliance
Image courtesy of and under license from
The process of developing and deploying artificial intelligence models is a complex one that needs closer inspection. Jan Sevcik considers the best practices, compliance, and risk mitigation, and suggests ways to implement and improve the AI model development and deployment processes.

CHATTANOOGA, TENNESSEE - Much discussion swirls about ethics in artificial intelligence (AI), but the process of developing and deploying AI models also deserves attention. When considering best practices, compliance, and risk mitigation with any emerging technology such as AI, understanding how similar challenges have been solved historically is helpful. Sarbanes Oxley (Sarbox or SOX) information technology (IT) controls have been used successfully for nearly 20 years to mitigate risks and may be deployed to improve AI model development and deployment processes.   

SOX is United States federal legislation governing financial reporting for publicly traded companies. While financial compliance is core to the legislation, it also holds significant provisions for assessing IT risks and controls. The objective of SOX is to safeguard companies from risk associated with rogue software code, manipulation of data, security, and other IT risks that may affect financial performance and reporting. While IT SOX controls are also helpful for developing controls to meet Health Insurance Portability and Accountability Act (HIPAA) compliance, this article will focus on applying software development lifecycle controls and access controls for software code and databases in the deployment of AI models. 

The software development lifecycle is the process of developing software from design to release into production. When new code is written, it is first deployed to a development environment and then to a testing environment where it is tested prior to release in production. AI model development follows similar processes and hence similar controls might be applied. 

The first step to developing IT controls for AI model deployment is for a management team to design the controls. Controls are a set of formal, written rules and procedures. They must incorporate the risks of each model, how and who will be involved in deve

The content herein is subject to copyright by The Yuan. All rights reserved. The content of the services is owned or licensed to The Yuan. Such content from The Yuan may be shared and reprinted but must clearly identify The Yuan as its original source. Content from a third-party copyright holder identified in the copyright notice contained in such third party’s content appearing in The Yuan must likewise be clearly labeled as such.
Continue reading
Sign up now to read this story for free.
- or -
Continue with Linkedin Continue with Google
Share your thoughts.
The Yuan wants to hear your voice. We welcome your on-topic commentary, critique, and expertise. All comments are moderated for civility.