AI governance

↪ for the enterprise

Contents 01 → 05 →
Introduction watsonx.governance for
responsible, transparent
02 → and explainable AI
Challenges
of scaling AI 06 →
AI governance in action
03 →
All models 07 →
need governance Next steps

04 →
Holistic AI governance
01
Introduction

Governance makes Are your colleagues pushing Keep reading for the full story
to operationalize AI? They’re
AI practical at the or try watsonx.governance
right to be excited.
enterprise level at no charge.
The Harvard Business Review reports1 that
“to call generative AI revolutionary is not
hyperbole. It has the potential to improve
productivity in any function that involves
cognitive tasks.”

Certainly, the promise of AI is undeniable.

And just as surely, the risks of AI are real.
A well-considered approach to governance
gives everyone permission to move ahead.

With governance as your safety net,

there’s no reason to hold back from
the revolutionary aspects of AI.

Set your enterprise on a fast path.

Previous chapter Next chapter 3

The market size in the
generative AI market
is expected to show
an annual growth rate
of 24.40%. 2

Previous chapter Next chapter 4

02
Challenges
of scaling AI

The influence of AI is growing It's hard to operationalize Read key takeaways from
exponentially as organizational AI with confidence
a poll of global IT senior
leaders deploy the technology A wide variety of tools exists for AI
in nearly every industry. governance—but too often, models are decision-makers on the
built without proper clarity, monitoring pace of AI adoption.
At the same time, employees and leaders or cataloging. Without end-to-end AI
at many of these organizations have lifecycle tracking using automated
difficulty with the following aspects processes, scalability and transparent IBM Global AI Adoption
of implementing AI. processes are hindered. Explainable
results are elusive.
Index 2022 →

You may have heard of “black box

models,” which are a growing concern for
AI stakeholders. AI models are built and
deployed, but it isn’t always easy to trace
how and why decisions were made, even
for the data scientists who created them.
These challenges lead to inefficiencies
resulting in scope drift, models that are
delayed or never placed into production,
or that have inconsistent levels of quality
and unperceived risks.

Previous chapter Next chapter 5

02
Challenges
of scaling AI

It’s difficult to manage risk and reputation AI regulations just keep changing
You’ve seen the headlines: unfair, Successful AI requires adherence to
unexplainable or biased AI models, laws and regulations—local, regional
in production. The resulting incorrect and national—which are proliferating at
assumptions and decisions can affect a rapid pace. Noncompliance could cost
customers and harm your brand. your organization tens of millions of dollars
in fines, as demonstrated by some of the
Explainable processes and results most stringent AI regulations currently
help auditors and customers know how debated globally, such as the proposed EU
specific analytic results were reached. AI Act. The current draft of the EU AI act
Such processes help ensure that results contemplates fines of up to €30 million,
don’t reflect bias around race, gender, age or 6% of a company’s global revenue.
or other key factors. These processes are
critical for patient diagnoses and treatment Model documentation is crucial—and
plans, reviewing transactions flagged it’s an area with aspects that are easy to
as suspicious, and loan applications miss for a data scientist who’s pressed for
that are denied. time and whose organization lacks clear
requirements.
Take action to build AI systems that are
transparent, explainable, fair and inclusive. Don’t disregard this step: new regulations
You’ll help preserve privacy, security, will require model documentation for
customer loyalty and trust. metadata and lineage.

Previous chapter Next chapter 6

02
Challenges
of scaling AI

Timeline of global Canada:

Bill C27, AI
AI regulation
and Data Act
↓
European Union: Fine: $25M or 5%
GDPR of company’s gross
↓ global revenue
Fine: €20M or 4% Australia: United States: United Kingdom:
of company’s AI Ethics National Artificial AI Regulation New York City:
annual turnover Framework Intelligence Initiative Policy AI Hiring Law

2018 2019 2020 2021 2022 2023 2024

Germany: Colombia: Norway: United States: China: United States: European Union:
AI Strategy National Policy for National NIST issues an AI Internet Information AI Bill of Rights EU AI Act
Digital Transformation AI Strategy risk management Service Algorithmic validation for endorsed and
South Korea: and AI framework Management algorithms to be begins rolling
AI Strategy Serbia: (IISARM) regulations explainable and out in 2024
Strategy for the protect against
India: development discrimination
National of AI European Union:
Strategy for AI The AI Act
↓ Singapore:
Fine: €30M or 6% Launches AI Verify—
of company’s global a testing framework
revenue and toolkit

Previous chapter Next chapter 7

02 Agree Neutral Disagree
Challenges
of scaling AI

80% of business
48% 46%
leaders see at least one
of these ethical issues Explainability Ethics

as a major concern 3 Believe decisions made Concerned about the

by generative AI are not safety and ethical
sufficiently explainable. aspects of generative AI.

46% 42%

Bias Trust
Believe that generative AI will Believe generative AI
propogate established biases. cannot be trusted.

Previous chapter Next chapter 8

03
All models
need governance

AI models are not created Machine learning models

ML models use predictive analytics
equally. But all models
to identify trends and patterns in data.
must be governed. They learn from their experience,
so that they can improve skills and
Most organizations as of 2023 make more accurate analytic decisions.
These models are created from algorithms
employ traditional machine
that are trained using either classified,
learning, and their leaders unclassified or mixed data. ML enables
are beginning to adopt models to learn automatically, without
human intervention.
generative AI.
Different machine learning algorithms
are suited for different goals, such as
classification or prediction modeling,
so data scientists use different algorithms
as the basis for different models. As data
is introduced to a specific algorithm, it’s
modified to better manage a specific task,
and it becomes a machine learning model.

Previous chapter Next chapter 9

03
All models
need governance

Generative models Learn how to

These AI models include both foundation In statistics, generative models have been
scale AI responsibly.
models (FMs) and large language models used for years to analyze numerical data.
(LLMs). They have the potential to unlock Recently, deep learning has made it possible
trillions in economic value, because they to extend these models to generate images, Read the blog →
boost productivity with their remarkable music, speech, video, text and even code.
performance, and because they’re Use cases can include marketing, customer
extensible to a wide range of tasks. service, retail and education.

Such models are highly customizable, While generative models have pushed
scalable and cost effective. They can AI high on the agenda for most business
query extremely large volumes of data— leaders, their capabilities drive a new
and they’re learning all the while. “Off the complexity which can pose risks for
shelf” generative applications require little organizations and for society alike.
expertise and have the potential to eliminate
many tedious, time-consuming tasks.

Previous chapter Next chapter 10

04
Holistic AI governance

Like any other initiative, To implement AI properly, you need Learn how to build a holistic
a strong cross-functional team. AI is
successful AI governance approach to AI governance
very much a strategic imperative for
depends upon the intersection many leaders, and it can feel like the list
of people, process and of stakeholders grows longer by the day. Read the blog →
Some of these people are new to the AI
technology. lifecycle concept, and others have new
reasons to be involved in AI efforts.

Try to meet the needs of all these groups

without overburdening your data scientists,
who have little time to route or manage the
approvals and requests for information.

Start by putting your stakeholders into

alignment. Get buy-in from the proper
interested parties and encourage them
to participate in ideation, align on
outcomes and adopt responsible AI.
Then, take steps to ensure that the correct
set of metrics, KPIs, and objectives are
defined in accordance with your company’s
business controls and regulations. You’ll
also want to monitor the specific metrics
that have been identified for AI models.

Previous chapter Next chapter 11

04
Holistic AI governance

Data scientist Data engineer

Roles across Understand use Find and provide data Encourage collaboration with key
case and feasibility stakeholders and understand their
the AI lifecylce
top concerns:

Operations researcher Data scientist – CFO, risks to profitability

Optimize via decision Explore and – CMO, risks to brand
optimization understand data – CRO, risks to enterprise
– CDO, efficient data operations
– CHRO, potential talent impacts
App developer Data scientist – CEO, organizational accountability
Predictions for Prepare and label data – CPO, regulatory accountability
processes or apps

ML engineer Business lead

Deploy, manage scale, Share insights
monitor in production

Data scientist Data scientist

Experiments, Extract features
automates training

Previous chapter Next chapter 12

04
Holistic AI governance

Process Technology
AI governance traces and documents the The establishment of well-planned, well-
origin of data, associated models and executed, and well-controlled AI requires
metadata, and overall data pipelines for specific technological building blocks. Look
audit. Your documentation should include for a solution that governs the end-to-end AI
the techniques that trained each model, lifecycle and has the following capabilities:
the hyperparameters that were used,
and the metrics from testing phases. This – Integrates data of many types and
results in increased transparency visibility sources across diverse deployments
by the appropriate stakeholders into the – Is open, flexible and works with your
model’s behavior throughout the lifecycle, existing tools of choice
including the data that was influential in its – Offers self-service access with privacy
development and the model’s possible risks. controls and a way to track lineage
– Automates model building, deployment,
You’ll first want to benchmark and evaluate scaling, training and monitoring
your organization’s current AI technology – Connects multiple stakeholders
and processes. Some processes and through a customizable workflow
stakeholders may already be aligned and can – Provides support to build customized
be extended, while others might need to be workflows for different personas using
replaced. Then create a set of automated governance metadata
governance workflows in line with compliance
requirements. New and existing AI models
can adopt these workflows, which should
be designed to avoid the process delays
mentioned above. Finally, set up a framework
to alert owners and users when a model’s
metrics exceed the acceptable threshold.

Previous chapter Next chapter 13

04
Holistic AI governance

A framework for Operationalize Manage risk Strengthen Meet stakeholder

with confidence and reputation compliance demands
responsible, governed AI

Plan Define measurable Review existing processes Conduct gap analysis Review existing skills and
performance metrics that monitor fairness and against current and demand for responsible
for AI usage across explainability potential AI regulations AI, and align with
your organization business objectives

Build Establish traceability Operationalize updated Make sure model Specify the new roles, skills
and auditability of processes and checkpoints documentation and learning agendas required
current processes throughout the AI lifecycle is accessible to implement responsible AI

Create Create automatic Enable AI models that Act to strengthen Establish a repeatable, end-
documentation of model are fair, explainable and regulatory compliance to-end workflow with built-in
lineage and metadata high-quality, minimize for data science teams stakeholder approvals to
drift and conduct regular without overhead lower risk and increase scale
policy reviews

Previous chapter Next chapter 14

05
watsonx.governance for responsible,
transparent and explainable AI.

Meet the toolkit for AI Built on the IBM® watsonx™ AI and data With this governance toolkit, audits
platform, this toolkit employs software can become easier. Trace and document
governance. The IBM®
automation to strengthen your ability the origin of data, the models and their
watsonx.governance™ to meet regulatory requirements and associated metadata, and the pipelines.
approach helps you to direct, address ethical concerns. You get
comprehensive AI governance without The documentation will include the
manage and monitor your the excessive costs of switching from techniques that trained each model,
organization’s AI activities. your current data science platform. the hyperparameters used, and the
metrics from testing phases.
Before a model is put into production,
it’s validated to assess business risks. Expect increased transparency into each
Once the model goes live, it’s continuously model’s behavior throughout its lifecycle,
monitored for fairness, quality and drift. knowledge of the data that was influential
Regulators and auditors can get access in its development, and the ability
to documentation that provides to determine possible risks.
explanations of the model’s behavior
and predictions.

You can offer visibility into how the

model works, and which processes
and training the model received.
Watsonx.governance spans the
entire lifecycle, and your teams get help
as they design, build, deploy, monitor,
and centralize facts for AI explainability.

Previous chapter Next chapter 15

IBM principles
of responsible AI
↷ ↷ ↷
The purpose of AI is Data and insight AI systems must
to augment human belong to be transparent
intelligence their creator and explainable

Previous chapter Next chapter 16

05
watsonx.governance for responsible,
transparent and explainable AI.

Consider these
components:

Regulatory compliance Risk management Lifecycle governance

Manage AI to meet upcoming safety Proactively detect and mitigate risks Manage, monitor, and govern AI models
and transparency regulations and policies monitoring fairness, bias, drift, and from IBM, open source communities,
worldwide—a “nutrition label” for AI. new LLM metrics. and other model providers.

– Translate external AI – Automate facts and workflow for – Monitor, catalog and govern AI
regulations into policies compliance to business standards models from where they reside
for automated enforcement – Identify, manage, monitor and report – Automate the capture
– Enhance adherence to regulations on risk and compliance at scale of model metadata
for audit and compliance – Use dynamic dashboards for clear, – Increase prediction accuracy,
– Use dynamic dashboards for concise, customizable results identifying how AI is used
compliance across policies – Enhance collaboration across and where it lags
and regulations multiple regions and geographies

Automatic metadata Open Comprehensive

Data transformation and lineage Support governance of models build Govern the end-to-end
capture through Python notebooks. and deployed in third party tools. AI lifecycle.

Previous chapter Next chapter 17

06
AI governance
in action
IBM Chief Privacy Officer ↷

Scaling automation to address Using IBM’s integrated governance

AI regulatory requirements framework and process to manage and
Building on the company’s AI framework monitor the development and use of AI
to address AI regulatory requirements, across the company so teams can:
IBM’s Chief Privacy Office (CPO) has taken
significant steps in putting into practice AI – Create a robust workflow using IBM tools
and data industry-leading capabilities built to collect, consolidate, display and monitor
on a strong combination of privacy, security, the workflow
AI governance, ethics, processes, – Automate the capture and integration of
technology and tooling. facts from the AI lifecycle to accelerate
the maintenance of the global AI inventory
The IBM CPO, supported by the IBM
AI Ethics Board, developed a set of Learn more →
enhanced processes that enable more
detailed tracking of compliance with
existing standards and applicable legal
requirements.

Previous chapter Next chapter 18

07
Next steps

See how quickly you can create responsible, Get started

transparent and explainable AI workflows
with the watsonx.governance toolkit—without
Request a demo →
the costs of switching from your current data
Learn more about the governance toolkit →
science platform.
Try it yourself at no charge →

– Operationalize AI governance
– Manage risk and reputation
– Support regulatory compliance

Previous chapter Next chapter 19

1. “How to capitalize on generative AI,” © Copyright IBM Corporation 2024 THE INFORMATION IN THIS DOCUMENT IS
Harvard Business Review, 2023. IBM Corporation PROVIDED “AS IS” WITHOUT ANY WARRANTY,
New Orchard Road EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY
2. “Generative AI worldwide,” Statista, 2023. Armonk, NY 10504 WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE AND ANY WARRANTY OR
3. “Generative AI: The state of the market,” Produced in the United States of America CONDITION OF NON-INFRINGEMENT. IBM products
IBM Institute for Business Value, 2023. June 2024 are warranted according to the terms and conditions
of the agreements under which they are provided.
IBM, the IBM logo, IBM watsonx and IBM watsonx.
governance are trademarks or registered trademarks Statement of Good Security Practices: No IT system
of International Business Machines Corporation, in the or product should be considered completely secure,
United States and/or other countries. Other product and no single product, service or security measure
and service names might be trademarks of IBM or can be completely effective in preventing improper
other companies. A current list of IBM trademarks is use or access. IBM does not warrant that any systems,
available on ibm.com/trademark. products or services are immune from, or will make
your enterprise immune from, the malicious or illegal
This document is current as of the initial date of conduct of any party.
publication and may be changed by IBM at any time.
Not all offerings are available in every country in which The client is responsible for ensuring compliance
IBM operates. with all applicable laws and regulations. IBM does
not provide legal advice nor represent or warrant that
All client examples cited or described are presented its services or products will ensure that the client is
as illustrations of the manner in which some clients compliant with any law or regulation.
have used IBM products and the results they may
have achieved. Actual environmental costs and
performance characteristics will vary depending
on individual client configurations and conditions.
Generally expected results cannot be provided as
each client’s results will depend entirely on the
client’s systems and services ordered. It is the user’s
responsibility to evaluate and verify the operation of
any other products or programs with IBM products
and programs.

20