Assign roles and responsibilities

Our methodology recommends to assign AI governance roles and responsibilities according to the Three Lines of Defence Model (The Institute of Internal Auditors (IIA), 2024; Schuett, 2023). This model suggests to assign the system level governance responsibility to business where AI is being purchased, developed and used. Risk management, legal and compliance functions are typically in the second line of defence, creating guidelines and providing support for the business and system owners in AI governance. Third line of defence, the internal and external auditors, audit AI governance and therefore need visibility to system and organisation level governance. A governing body oversees and supports the three lines of defence and the management team in decision making and following the overall governance progress.

Assign AI system level ownership

When registering a system, AI System owner is assigned automatically to the person doing the registration. AI system can have several System owners and System owner can be changed after the registration. System can also have other non-mandatory roles such as

• Business owner

• Technical specialist

• Data steward

• Compliance specialist

• Reviewer

• Oversight manager

The members who are invited to the System team, regardless of their role, can contribute to the governance of the system by editing information. The members who are invited to the Space but not to the System team, can view the system information but not edit it. They can’t also be invited to review the system.

In addition to System level ownership, Saidot also allows to assign

• Risk owner

• Dataset owner

• Model owner

• Reviewer

Assign AI system level ownership

Admins can setup Space-level roles in Space settings. Admins can identify default owners for systems, models, agents, tools, control and datasets. In addition, Admins can specify who has the rights to approve risks and controls and be assigned to system reviewers automatically. When creating a system, member can change the system ownership to themselves.

Administrate AI governance platform

Organisation level responsibilities define the rights to act as an administrator or a space manager. Administrators and Space managers have the rights to

• Invite new members (when Saidot access right management is used)

• Create new Spaces and add members to existing Spaces

• Move and delete Systems

• Configure organisation settings

• Configure integrations

• Manage custom lists

• Activate automations

Assign AI governance review and audit responsibilities

Saidot allows to assign a Review to

• Entity, such as a Governing Body

• Reviewer, such as a Legal Council or an Internal Auditor

• Specify if the Review is internal of external

Follow AI governance progress and success

Saidot provides tools for the AI Governance Director, Governing Body or Auditors to analyse the AI Governance progress and quality against the set success metrics.

This information is provided through

• Home page with insights about

  • AI systems in different risk levels and lifecycle phases

  • The most common risks

  • Metrics about number of AI systems, Models and Datasets in the Catalogues

• Automations with insights about

  • Active automations

  • Time saved with automations

• Systems with possibility to filter and analyse the inventory based on

  • System owner, context and lifecycle phase

  • System components and any other linked data

  • Risk and policy management items

  • Number of linked risks, policies, Evaluations and Reviews

• Risk tab with insights about

  • Inherent and residual risk levels

• Policy tab with insights about

  • Applicable policies and status of the policy reports

  • Status of the implemented controls

• Evaluations tab with insights about

  • Automatically generated Evaluations

  • Activated and run evaluations

  • Evaluation reports with possibility to compare several evaluations

• Review tab with insights about

  • Created, scheduled and completed reviews