Lessons Learned from Sarbanes Oxley IT Controls Can Improve AI Deployment Compliance
By Jan Sevcik  |  Oct 04, 2021
Lessons Learned from Sarbanes Oxley IT Controls Can Improve AI Deployment Compliance
Image courtesy of and under license from Shutterstock.com
The process of developing and deploying artificial intelligence models is a complex one that needs closer inspection. Jan Sevcik considers the best practices, compliance, and risk mitigation, and suggests ways to implement and improve the AI model development and deployment processes.

CHATTANOOGA, TENNESSEE - Much discussion swirls about ethics in artificial intelligence (AI), but the process of developing and deploying AI models also deserves attention. When considering best practices, compliance, and risk mitigation with any emerging technology such as AI, understanding how similar challenges have been solved historically is helpful. Sarbanes Oxley (Sarbox or SOX) information technology (IT) controls have been used successfully for nearly 20 years to mitigate risks and may be deployed to improve AI model development and deployment processes.   

SOX is United States federal legislation governing financial reporting for publicly traded companies. While financial compliance is core to the legislation, it also holds significant provisions for assessing IT risks and controls. The objective of SOX is to safeguard companies from risk associated with rogue software code, manipulation of data, security, and other IT risks that may affect financial performance and reporting. While IT SOX controls are also helpful for developing controls to meet Health Insurance Portability and Accountability Act (HIPAA) compliance, this article will focus on applying software development lifecycle controls and access controls for software code and databases in the deployment of AI models. 

The software development lifecycle is the process of developing software from design to release into production. When new code is written, it is first deployed to a development environment and then to a testing environment where it is tested prior to release in production. AI model development follows similar processes and hence similar controls might be applied. 

The first step to developing IT controls for AI model deployment is for a management team to design the controls. Controls are a set of formal, written rules and procedures. They must incorporate the risks of each model, how and who will be involved in deve

The content herein is subject to copyright by The Yuan. All rights reserved. The content of the services is owned or licensed to The Yuan. The copying or storing of any content for anything other than personal use is expressly prohibited without prior written permission from The Yuan, or the copyright holder identified in the copyright notice contained in the content.
Continue reading
Sign up now to read this story for free.
Get started