ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

How AI, Automation, and Emerging Technologies are Impacting Risk and Opportunities in 2024

blog-homepage-2159418579-desktop 1
7 min read

Introduction

When ChatGPT entered the market early this year, it brought Artificial Intelligence (AI) into the mainstream and changed the way the world worked. From software engineering to education, law, and finance there are very few sectors that have not been impacted by ChatGPT. In addition to my role at MetricStream, I also teach at a university, and I have seen firsthand how ChatGPT is changing the way we teach and evaluate. I have had to remove several of my open-book questions since the answers were now available on ChatGPT! As concerns about how such new technologies continue to mount, enterprises, regulators, and governments need to focus on simultaneously managing the risks posed by these technologies and accelerating the opportunities they present. 

I moderated an interesting discussion on how AI, automation, and emerging technologies are impacting risks and opportunities at the 2023 GRC Summit in Miami with eminent industry experts Brian Fricke, Managing SVP, CISO, City National Bank of Florida, and Alex Gacheche, Global Head of Information Security, Technology Infrastructure and Emerging Technology Audit, Meta. 

Here are the key areas discussed during the session. 

Watch Now: How AI, Automation and Emerging Technologies are Impacting Risk and Opportunities

The ChatGPT Impact

ChatGPT’s impact on the world cannot be underestimated. But it is important to remember that despite the hype, it is a tool in the toolbox, designed to make work easier. There will be other, better AI-powered platforms in the future, each of which will impact the way we work in its own way. But none of these platforms can replace human jobs – people will be replaced by other people who can use the platforms better, and subject matter expertise will remain vitally important. A foundational understanding of the technology, creative problem solving, and the agility to be able to adapt the results thrown up by an AI platform will be increasingly valuable in the years to come. 

When it is considered a tool in a toolbox, it is easier for organizations as well—to shape policy, define acceptable risks, and establish technology controls. Organizations also need to develop robust efficiencies across the three lines of defense to maintain a comprehensive risk posture in the era of AI. Once the front line is empowered to leverage and use AI platforms effectively, the second and third lines will need to adapt quickly as well.

The Risks and Opportunities of an AI Economy

There is, of course, no denying that the rapid emergence of AI-powered platforms poses some immediate and long-term risks: 

  • Data Privacy and Confidentiality – When ChatGPT launched, initially, there was a spate of individuals putting confidential business information, and code onto the public platform. Organizations swung into action with blanket bans on usage of the platform. But such a ban is counterproductive and counterintuitive. AI platforms can go a long way in improving productivity by helping to automate mundane tasks. A better way to manage data privacy risks is to educate the workforce on the best ways to leverage the platform without exposing confidential information. 
  • Misinformation – This technology can be used to misinform. There is a need to go back to the drawing board to ensure the code is bias free. There is also a need for better governance.
  • Cybersecurity – The other implication of AI platforms is their possible misuse by bad actors to launch sophisticated attacks on organizations. Security strategies must be revised for the AI era, and AI-related risks and taxonomies must be integrated into the risk register to better manage this threat.

Of course, there is no denying that AI offers a number of opportunities for enhancing productivity, improving key processes and driving responsible business growth. AI-powered platforms can help improve threat analyses significantly by analyzing large volumes of threats against existing mitigation capabilities quickly and accurately. AI can also help bridge skilled manpower shortages. For example, the cybersecurity field is projected to have a 50% shortage of talent by 2025. AI platforms can help companies manage and even improve their cyber security practices even in the absence of resources.

Regulations and Policies for the AI Era

Understandably, organizations, regulators, and even governments need to understand and work towards addressing some of the concerns around AI tools and platforms. 

  • Government Regulations – Governments across the world will play a crucial role in driving regulations for the emerging AI economy. In the US, the Biden-Harris administration’s executive order for AI safety and security aims to promote responsible AI innovation in the country as well as protect people’s rights and security. The EU parliament has proposed the landmark AI Act, with final approval expected this year. And other countries are following suit. But at the same time, it is important for governments to regulate AI without shackling it. Cross-functional teams with creatives, technologists, and regulators can help develop sound frameworks that protect individual rights, privacy, and security while enabling innovation. 
  • Regulators – There are trade regulatory bodies governing different sectors. Best practices from these sectors can be leveraged to create regulations for AI. Regulations governing each sector can be expanded to include AI and its impact on that sector. And as the technology continues to evolve, there may be merit in creating an entirely new agency for AI regulations.
  • Enterprises – It is crucial to empower the three lines of defense for the AI era. The third line will have to drive active governance of these technologies. Cross-functional groups to drive governance is a good idea, and such groups must create repositories of current and potential use cases to address variations in risks that may emerge.

At the end of the day, it is important to remember that AI is a technology much like all transformative technologies that came before it. The world has contended with a number of disruptive technology trends over the last couple of decades, ranging from cloud to digital banking and crypto currencies. And it has collectively regulated, secured, and governed each of them effectively. As we gear up to contend with AI, we must remember that information and data lie at the foundation of any AI-derived platform and consider ways in which to adapt existing data privacy laws such as GDPR and CCPA to include AI risks. 

AI is here to stay and will continue to evolve and shape the nature of business, work and even life as we know it. Like any new technology it presents a range of risks and enterprises may be tempted to ban use of AI altogether. But a transformative, and accessible technology cannot and should not be banned in its entirety. Attempting to do so would not only hold the enterprise back from truly exploring its potential but also result in unauthorized and unregulated usage. It would be far more effective to focus on building an AI-aware risk culture by training employees on responsible use of AI. Active discussions at the board level and even the establishment of a risk committee to monitor AI risk is a good idea. By integrating AI into the risk register, organizations can prepare to build policies for it. And most importantly, they must engage with younger generations studying and preparing for careers in a world that is already transformed by AI. Their fresh perspectives, unique approaches, and understanding can help drive better policies for what is undoubtedly going to be a new era of Artificial Intelligence-driven development and growth.

MetricStream’s AiSPIRE: AI-Powered GRC to Augment Decision-Making, Prioritization, and Improve Efficiency

AiSPIRE, an industry-first, state-of-the-art cloud-based product offering from MetricStream, can empower your organization’s GRC functions with proactive intelligence backed by powerful AI- algorithms. 

By leveraging large language models, GRC ontology-based knowledge graphs, and generative AI capabilities, AiSPIRE has the power to utilize the full potential of an organization’s existing GRC and transactional data. Unlike other GRC tools that rely on manually defined rules and workflows, AiSPIRE effectively utilizes your organization’s data to train advanced machine learning models and AI. 

AiSPIRE can empower your organization to: 

  • Remove redundant controls and reduce control tests and costs with AI 
  • Gain intelligent control insights and enhance processes for scheduling and prioritizing control tests 
  • Improve risk management by quickly identifying areas that need to be optimized and minimizing potential risks 
  • Gain insights by asking simple questions using a machine learning-based prompt intelligence

Interested to know more? Request a demo today! 

Download Product Overview: MetricStream AiSPIRE

Raghuram Srinivas MetricStream

Raghuram Srinivas

Raghuram Srinivas is the Senior Vice President, Product Management at MetricStream. In his role, Raghuram is responsible for the product vision and roadmap across the Business, Cyber and ESGRC product lines along with the automation and augmentation capabilities powered by MetricStream intelligence. Raghuram is an accomplished software executive with more than 22 years of progressive leadership experience, successfully creating software products and delivering advanced technology solutions. Raghuram has a mix of academic and industry experience working across Research, Product Development, Consulting and Sales functions for reputed organizations.

Prior to MetricStream, Raghuram was at JPM Chase, where he was leading the corporate technology machine learning practice focused on North America Anti Money Laundering and Audit lines of business. In his role, Raghuram was responsible for product roadmaps, design, and delivery of portfolio of algorithms to introduce intelligent automation and augmentation to mitigate risk postures and improve operational process. Raghuram also worked at the Cognitive Computing Lab at KPMG, building state of the art intelligent Credit Risk Monitoring systems to drive efficiencies in audit engagements. Earlier in his career, Raghuram worked with the Watson Group at IBM, where he was responsible for building high performing ML teams and delivering value by identifying and inducing machine learning capabilities to positively impact the top and bottom lines for his customers.

Raghuram has earned his Masters and PhD from Southern Methodist University, Dallas. Raghuram has filed several patents and authored academic journals and continues to serve as an adjunct professor teaching graduate level courses at the Data Sciences program at Southern Methodist University.

 

Related Resources

Blog
Blog
5 mins
Sumith Sagar
Operational Resilience Takes Regulatory Center Stage. Are You Prepared?
lets-talk-img

Ready to get started?

Speak to our experts Let’s talk