{"id":980,"date":"2021-02-01T08:27:04","date_gmt":"2021-02-01T07:27:04","guid":{"rendered":"https:\/\/forhumanity.dev\/web\/blog\/2021\/02\/01\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/"},"modified":"2021-08-23T10:54:57","modified_gmt":"2021-08-23T08:54:57","slug":"auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust","status":"publish","type":"post","link":"https:\/\/forhumanity.dev\/web\/blog\/2021\/02\/01\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/","title":{"rendered":"Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"980\" class=\"elementor elementor-980\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6d46ba0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6d46ba0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-28b53426\" data-id=\"28b53426\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-44f97426 elementor-widget elementor-widget-text-editor\" data-id=\"44f97426\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t<h4><strong><em>How do we build trust? How can we systematically assure trust in our systems? How would auditing AI and autonomous systems contribute to this goal?<\/em><\/strong><\/h4><h4><strong><em>Explaining how the world\u2019s most famous accounting\/audit disaster &#8211; Enron &#8211; exemplifies the merits of Independent Audit, helps illustrate how a robust system of oversight is essential to building trust.<\/em><\/strong><\/h4><p>Few would disagree with the statement \u201cWe need to be able to trust our artificial intelligence and autonomous systems\u201d. But achieving that trust \u2014 rather than merely desiring it \u2014 commands an understanding of what trust is: how is it achieved, what factors need to be in place in order for it to be assured? What processes, standards, behaviours \u2014 and accountability \u2014 needs to be guaranteed in order to confidently say: \u201cI trust this\u201d?<\/p><p>This paper explores those questions by outlining key elements to building and preserving trust and exploring how these elements have and do apply to a range of industries and historic events.\u00a0 It also suggests some solutions for building trust in AI and autonomous systems.\u00a0 Solutions we have enough confidence in that we are beginning to operationalise them now.<\/p><p>On its face, Enron, the world\u2019s most famous audit\/accounting disaster, might highlight the failure of auditing, and point to the struggles facing any attempt to audit AI and autonomous systems.\u00a0 But that would be to look and not really see&#8230;\u00a0<\/p><p>The vast majority of audits do not uncover disasters, large scale frauds or malfeasance.\u00a0 \u00a0 Indeed, thousands of public entities are audited without fanfare every year.\u00a0 The Enron case\u00a0 is an outlier of the most extreme kind, which, if studied correctly and reconciled with the 99.99% of regular audits, can inform what correct and robust structures are needed for an #infrastructureoftrust.<\/p><p>By designing and creating Independent Audit of AI Systems (IAAIS), ForHumanity will help build a system of trust in our AIs and autonomous systems.\u00a0 Trust has been studied by many for centuries, and there is no universal and perfect process that guarantees it. So, instead, we look for instances of trust and see which elements they have in common.\u00a0 Here we submit some of the elements that consciously and subconsciously combine to allow us to trust:<\/p><p data-rte-preserve-empty=\"true\">\u00a0<\/p><ol data-rte-list=\"default\"><li><p><strong>Predictability<\/strong> (a belief or perception about the likelihood of future outcomes from an interaction)<\/p><\/li><li><p><strong>Transparency<\/strong> (access to information allowing for decision-making, especially changes from current trajectories)<\/p><\/li><li><p><strong>Understanding <\/strong>(awareness of a sufficient level of information and knowledge to feel comfortable with a decision or choice)<\/p><\/li><li><p><strong>Control<\/strong> (power equating to a sense of being in-charge and the belief that a decision has multiple viable and beneficial choices)<\/p><\/li><li><p><strong>Security<\/strong> (protection from harm: physical, mental, spiritual, financial or emotional)<\/p><\/li><li><p><strong>Fairness<\/strong> (the belief that the interaction has a balanced set of pros and cons for both\/all parties)<\/p><\/li><li><p><strong>Equity<\/strong> (the belief that an individual\u2019s interaction is comparable to others with similar circumstances)\u00a0<\/p><\/li><li><p><strong>Morality<\/strong> (belief that the trusted party\/entity cares about their impact on us or at least they are not intending to harm people)<\/p><\/li><\/ol><p>Each of us \u2018trusts\u2019 in different ways. Depending on the interaction in question, we ascribe more or less value to these listed attributes.\u00a0 Monetary interactions might score lower on the Moral variable and higher on Fairness while trust in manual driving scores high on Predictability (if not, it would be nearly impossible to share a road).\u00a0 If we are to build trust an #infrastructureoftrust that serves all people, then all of these elements must be accounted for in a robust way.\u00a0<\/p><p>From this foundation, we tackled AIs and Autonomous Systems. We didn\u2019t have to start from scratch: in our purview was an existing #infrastructureoftrust with a nearly 50 year track record \u2014 the system of Independent Audit already well established in the world of Financial Reporting and Financial Accounting.\u00a0\u00a0<\/p><p>We took the \u2018Trust Variables&#8217; above and considered them in relation to the key three parties (auditor, compliant entity, society) engaged in an existing financial audit.<\/p><ol data-rte-list=\"default\"><li><p><strong>Predictability<\/strong>\u00a0<\/p><ul data-rte-list=\"default\"><li><p>\u00a0A 3rd party auditor will examine numbers and financial accounts, each year, in a nearly identical manner. Notwithstanding changes to the rules necessary to properly maintain the system.<\/p><\/li><li><p>The compliant entity can plan on compliance and even build compliance-by-design. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) system of Internal Risk and Controls was built on this very premise.<\/p><\/li><li><p>Society knows what compliance means. It can anticipate how usual and unusual events will be treated, which makes the results relatable over extended time periods for valuable evaluations<\/p><\/li><\/ul><\/li><li><p><strong>Transparency<\/strong>\u00a0<\/p><ul data-rte-list=\"default\"><li><p>These rules are publicly available to the auditor, and the auditor\u2019s work is also reviewed. The auditor can participate in but not control changes to those rules which may facilitate their ability to assure compliance.<\/p><\/li><li><p>The compliant entity knows the rules and has the ability to participate in but not control changes to those rules which may facilitate their ability to comply and accurately represent their work<\/p><\/li><li><p>Society knows the rules (even if a specialised profession largely deploys the results on their behalf) and has the ability to review the result.\u00a0 Society has an ability to participate in but not control changes to those rules which may facilitate their ability to understand the entity and the outputs<\/p><\/li><\/ul><\/li><li><p><strong>Understanding<\/strong>\u00a0<\/p><ul data-rte-list=\"default\"><li><p>Understanding different professions requires expertise about these numbers and what they mean.\u00a0 Those explanations are widely available and consistently delivered to all who seek knowledge about how to audit.<\/p><\/li><li><p>The compliant entity has equal knowledge on how to comply with the audit<\/p><\/li><li><p>Society understands how financial audits are conducted, what compliance means, and understands the output\u00a0<\/p><\/li><\/ul><\/li><li><p><strong>Control<\/strong>\u00a0\u00a0<\/p><ul data-rte-list=\"default\"><li><p>A 3rd party auditor has complete and unconflicted responsibility for assuring compliance with the rules and standards; assuring compliance is in their sole discretion based on pre-defined and well-understood proofs supplied by the compliant entity<\/p><\/li><li><p>The compliant entity reduces its own risk and dictates the manner in which it\u00a0 provides compliance satisfaction.\u00a0 Compliance satisfaction is well known and understood to avoid failed compliance. Satisfactory compliance will equate to assurance by the auditor.<\/p><\/li><li><p>Society has more limited control here, except that a vital feedback loop is created as the rules are established by trusted industry specialists.\u00a0 If society does not use these outputs (ultimate choice) then the whole system fails and folds back upon itself.\u00a0 As long as the system functions positively, then society continues to use the outputs, and the system repeats<\/p><\/li><\/ul><\/li><li><p><strong>Security<\/strong><\/p><ul data-rte-list=\"default\"><li><p>The Auditor has the contractual structure and \u2018power\u2019 to demand the information required to assure compliance. They have the imprimatur to do so because they are not authors of the rules.\u00a0 They have full transparency through their contract with the compliant entity.<\/p><\/li><li><p>The compliant entity protects its intellectual property from the whole world, including its competitors.\u00a0 It is responsible for all aspects of compliance and all information, except disclosures, maximizing the protection of that information vis a vis omnibus transparency.\u00a0 The compliant entity maximizes security by being compliant.<\/p><\/li><li><p>Society protects itself by establishing the rules which raise transparency, increase governance, oversight, and protection\/safety mechanisms for humans.\u00a0 When laws are codified into audit rules we achieve proactive compliance rather than the traditional reactive compliance courtesy of laws and punishment ***<\/p><\/li><\/ul><\/li><li><p><strong>Fairness<\/strong>\u00a0<\/p><ul data-rte-list=\"default\"><li><p>Auditors are independent (legal term) and only receive commensurate compensation for conducting audits.\u00a0 The Auditor has liability for certifying compliance where it is not earned and proved by the compliant entity. This creates a natural \u201ctension\u201d between auditor and compliant entity where the auditor can effectively imply \u201cprove it\u201d in regards to the audit criteria.<\/p><\/li><li><p>The compliant entity knows that if it is compliant and can reasonably prove compliance then assurance will occur.\u00a0 The fees associated with the audit do not outweigh the economic benefit of compliance<\/p><\/li><li><p>Society benefits from an unconflicted process and the leverage provided by an audit firm acting as an unbiased proxy for verification and assurance of an entity\u2019s financial reports. It acts as \u2018shorthand\u2019 for all members of society doing their own work.<\/p><\/li><\/ul><\/li><li><p><strong>Equity<\/strong><\/p><ul data-rte-list=\"default\"><li><p>Auditors provide the same assurance for the same compliance based upon a set of accepted third-party rules (avoiding the inherent conflict of interest of auditing your own rules) and are simply applying them in return for a fair wage.<\/p><\/li><li><p>All compliant entities receive the same assurance for the same compliance based upon a set of rules they did not create and receive public notoriety for complying with the rules demanded by society on a level playing field.<\/p><\/li><li><p>Society establishes a set of rules for all.\u00a0 A level playing field of compliance and assurance on a set of rules that treat the individual in a fair way vis a vis the compliant entity during the exchange of goods and services.<\/p><\/li><\/ul><\/li><li><p><strong>Morality<\/strong><\/p><ul data-rte-list=\"default\"><li><p>The Auditor understands they act as a proxy for society and have a duty of care to assure compliance where it exists and withhold assurance when compliance is not achieved.<\/p><\/li><li><p>The compliant entity willfully complies with societal rules in exchange for the right to earn a profit or the right to continue to deliver its\u00a0 goods and services.<\/p><\/li><li><p>Society makes rules and processes that satisfy their needs for trust, balanced against the economic needs of the compliant entity\u2019s ability to profitably or successfully deliver their goods and services<\/p><\/li><\/ul><\/li><\/ol><p>Using the trust framework derived from financial accounting, it is instructive to examine a monstrous failure of the system to understand the ways in which it was manipulated. This gigantic fraud was facilitated by fundamental failures of the infrastructure (now rectified).\u00a0<\/p><p><strong>The Enron Story<\/strong><\/p><p>Before 2001, Enron employed approximately 29,000 staff and was a major <a href=\"https:\/\/en.wikipedia.org\/wiki\/Electricity\">electricity<\/a>, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Natural_gas\">natural gas<\/a>, communications, and pulp and paper company, with claimed revenues of nearly $101 billion during 2000.<a href=\"https:\/\/en.wikipedia.org\/wiki\/Enron#cite_note-1\">[1]<\/a> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Fortune_(magazine)\"><em>Fortune<\/em><\/a> named Enron &#8220;America&#8217;s Most Innovative Company&#8221; for six consecutive years.\u00a0 Its stock market capitalization peaked at or around $11 billion. Enron\u2019s auditor was Arthur Anderson.\u00a0 After the scandal was uncovered, all of that equity was destroyed.\u00a0\u00a0<\/p><p>In the next section\u00a0 we return to elements of the framework of trust and map the Enron scandal against each. We will skip the role of one of the three key parties &#8211;\u00a0 society here because it is not unreasonable to conclude that society was universally and completely neglected and subsequently harmed by this fraud and malfeasance.\u00a0 Later, we address the role of fraud and malfeasance in this system.<\/p><ol data-rte-list=\"default\"><li><p><strong>Predictability<\/strong> &#8211;\u00a0<\/p><ul data-rte-list=\"default\"><li><p>\u00a0A 3rd party auditor will examine numbers and financial accounts, each year, in a nearly identical manner. Notwithstanding changes to the rules necessary to properly maintain the system.<\/p><\/li><li><p>The compliant entity can plan on compliance and even build compliance-by-design. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) system of Internal Risk and Controls was built on this very premise.<\/p><\/li><\/ul><\/li><\/ol><p><em>Enron and Arthur Anderson conspired to use this predictability against society. They manipulated the rules, maximised loopholes and tailored contracts and business functions to fit into those loopholes. Collusion and communication were required to maximize these manipulations of Predictability.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Transparenc<\/strong>y &#8211;\u00a0<\/p><ul data-rte-list=\"default\"><li><p>The rules are publicly available to the auditor, and the auditor\u2019s work is also reviewed. The auditor can participate in but not control changes to those rules which may facilitate their ability to assure compliance.<\/p><\/li><li><p>The compliant entity knows the rules and has the ability to participate in but not control changes to those rules which may facilitate their ability to comply and accurately represent their work<\/p><\/li><\/ul><\/li><\/ol><p><em>As a result of the collusion between the two entities, application of the rules was manipulated.\u00a0 The\u00a0 clarity of the rules was used against the system to exploit the loopholes. This was only possible because auditor independence was compromised.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Understanding <\/strong>&#8211;\u00a0<\/p><ul data-rte-list=\"default\"><li><p>Understanding different professions requires expertise about these numbers and what they mean.\u00a0 Those explanations are widely available and consistently delivered to all who seek knowledge about how to audit.<\/p><\/li><li><p>The compliant entity has equal knowledge on how to comply with the audit<\/p><\/li><\/ul><\/li><\/ol><p><em>In the Enron story \u201cspecialised\u201d and industry expertise was used against society.\u00a0 Insufficient scrutiny led to these manipulations.\u00a0 However, it is also how the fraud was eventually uncovered.\u00a0 Because there were still reporting requirements, disclosure and transparency requirements, sophisticated investors and analysts eventually called out the fraud and investigations were launched.\u00a0 Understanding remains key and the more general the understanding is made, the greater defence against fraud and malfeasance.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Control<\/strong> &#8211;\u00a0<\/p><ul data-rte-list=\"default\"><li><p>A 3rd party auditor has complete and unconflicted responsibility for assuring compliance with the rules and standards; assuring compliance is in their sole discretion based on pre-defined and well-understood proofs supplied by the compliant entity<\/p><\/li><li><p>The compliant entity reduces its own risk and dictates the manner in which it\u00a0 provides compliance satisfaction.\u00a0 Compliance satisfaction is well known and understood to avoid failed compliance. Satisfactory compliance will equate to assurance by the auditor.<\/p><\/li><\/ul><\/li><\/ol><p><em>Arthur Anderson was utterly compromised in its role: paid as a consultant, advisor, and auditor meant its independence to act in the best interests of the audit process was impossible.\u00a0 This failure was rectified by the Sarbanes Oxley Act (2001), passed in direct response to this incident.\u00a0 Later, we highlight how this law remedied key shortcomings in the infrastructure resulting in this fraud. Enron exerted control by manipulating its accounting to magnify earnings and other related assets,making the company appear more valuable than it would have appeared under standard accounting practices.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Security &#8211;<\/strong><\/p><ul data-rte-list=\"default\"><li><p>The Auditor has all of the information they require to assure compliance and need to assure compliance until they are satisfied.\u00a0 They have the authority to request all relevant information and the imprimatur to do so because they are not the authors of the rules.\u00a0 They are availed of full transparency through their contract with the compliant entity<\/p><\/li><li><p>The compliant entity protects its intellectual property from complete transparency to the whole world, including its competitors.\u00a0 It is responsible for all aspects of compliance and all information, except disclosures, maximizing the protection of that information vis a vis omnibus transparency.\u00a0 The compliant entity maximizes security by being compliant.<\/p><\/li><\/ul><\/li><\/ol><p><em>By violating the principle of Independence, the colluding auditor and compliant entity conspired to manipulate the accounting practices.\u00a0 They actively worked together to manufacture numbers and accounts into beneficial expressions in public reports.\u00a0 Security was never at risk for either firm because they worked together to manage the risk.\u00a0 However, the harm to Society was monumental as many employees and investors lost their entire investments.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Fairness<\/strong> &#8211;<\/p><ul data-rte-list=\"default\"><li><p>Auditors are independent (legal term) and only receive commensurate compensation for conducting audits.\u00a0 The Auditor has liability for certifying compliance where it is not earned and proved by the compliant entity.This creates a natural \u201ctension\u201d between auditor and compliant entity where the auditor can effectively imply \u201cprove it\u201d in regards to the audit criteria.<\/p><\/li><li><p>The compliant entity knows that if it is compliant and can reasonably prove compliance then assurance will occur.\u00a0 The fees associated with the audit do not outweigh the economic benefit of compliance<\/p><\/li><\/ul><\/li><\/ol><p><em>During 2000, Andersen earned $25 million in audit fees and $27 million in consulting fees from Enron alone.\u00a0 Under such an arrangement it is difficult to see how an auditor could be expected to deny compliance.\u00a0 Further, that compliance is dictated by itself and its own actions. Matching its audit to the advice given for audit compliance.\u00a0 For Enron, there was no natural tension between itself and its auditor &#8211; there was nothing to \u201cprove\u201d &#8211; the proof was often constructed by the auditor.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Equity &#8211;<\/strong><\/p><ul data-rte-list=\"default\"><li><p>Auditors provide the same assurance for the same compliance based upon a set of accepted third-party rules (avoiding the inherent conflict of interest of auditing your own rules) and are simply applying them in return for a fair wage.<\/p><\/li><li><p>All compliant entities receive the same assurance for the same compliance based upon a set of rules they did not create and receive public notoriety for complying with the rules demanded by society on a level playing field.<\/p><\/li><\/ul><\/li><\/ol><p><em>Arthur Anderson conspired with senior executives at Enron, providing Special Purpose Vehicles (SPV\u2019s) and unusual accounting treatments compared with the rest of the marketplace.\u00a0 Special treatment was provided by the auditor. Non-standard and inherently conflicted solutions were developed by Enron (such as creating SPVs) and executing hedges with itself.\u00a0 The opposite of Equity.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Morality &#8211;<\/strong><\/p><ul data-rte-list=\"default\"><li><p>The Auditor understands they act as a proxy for society and have a duty of care to assure compliance where it exists and withhold assurance when compliance is not achieved.<\/p><\/li><li><p>The compliant entity willfully complies with societal rules in exchange for the right to earn a profit or the right to continue to deliver its\u00a0 goods and services.<\/p><\/li><\/ul><\/li><\/ol><p><em>Arthur Anderson did not behave as a proxy for society. It failed to consider the consequences and risk to people, notably the employees &#8211; many of whom lost everything from pensions, to 401k\u2019s and jobs.\u00a0 Enron intentionally subverted rules, regulations, and transparency in order to increase profits. The opposite of Moral behavior.<\/em><\/p><p>It is important to state here that fraud and malfeasance\u00a0 &#8211; perpetrated by bad actors &#8211; will ALWAYS defeat a transparent system.\u00a0 It is impossible to build a transparent set of rules without &#8211; inadvertently &#8211; explaining to bad actors how to beat them.\u00a0 Rather, build the system for willful compliance, for entities that want to perpetuate compliance.\u00a0 Bad actors will eventually be caught and terminated, when the law, punishment, and markets finish with them.\u00a0 Disclosure, transparency, checks-and-balances, the prohibition of conflicts-of-interest and robust incentive schemes will dissuade most bad actors, but no system is foolproof and this one is not either.<\/p><p>To paraphrase Sarbanes-Oxley\u00a0 &#8211; passed to legally define \u201cindependence\u201d:\u00a0<\/p><p><strong>\u00a0<em>If you audit, then you cannot receive any other upside benefits from a relationship with the auditee.\u00a0 If you provide service, consult or otherwise help a client prepare or comply with an audit, then you cannot be the auditor.\u00a0 Finally, if you audit or serve a client, you must use third-party to establish audit rules<\/em><\/strong><\/p><p>This law, combined with the system we propose has a good chance of establishing an #infrastructureoftrust for our AIs and autonomous systems.\u00a0\u00a0<\/p><p>To end, we take one last walk through our trust device, this time mapping Independent Audit of AI Systems against it &#8211; with summary paragraph after each section and strikethroughs indicating a change from financial auditing:<\/p><ol data-rte-list=\"default\"><li><p><strong>Predictability<\/strong> &#8211;<\/p><ul data-rte-list=\"default\"><li><p>\u00a0\u00a0A 3rd party auditor will examine numbers and financial accounts AI audit criteria, each year, in a nearly identical manner. Notwithstanding changes to the rules necessary to properly maintain the system.<\/p><\/li><li><p>The compliant entity can plan on compliance and even build compliance-by-design. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) system of Internal Risk and Controls\u00a0 was built on this very premise will need to be adapted to these audits.<\/p><\/li><li><p>Society knows what compliance means. It can anticipate how usual and unusual events will be treated, which makes the results relatable over extended time periods for valuable evaluations<\/p><\/li><\/ul><\/li><\/ol><p><em>ForHumanity has developed a process and is expanding audit criteria for all AIs and Autonomous systems that impact humans (over 3400 lines of audit already).\u00a0 These rules will be publicly available as they are approved by regulators around the world.\u00a0 Companies and auditors will know exactly what the compliance criteria are and they are\u00a0 encouraged to participate in the development process.\u00a0 This marketplace is more dynamic than tax law and financial accounting, so we will iterate the process regularly and allow a reasonable time period for compliance to be achieved by compliant entities against newly adopted rules.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Transparency<\/strong> &#8211;\u00a0<\/p><ul data-rte-list=\"default\"><li><p>These rules are publicly available to the auditor, and the auditor\u2019s work is also reviewed. The auditor can participate in but not control changes to those rules which may facilitate their ability to assure compliance.<\/p><\/li><li><p>The compliant entity knows the rules and has the ability to participate in but not control changes to those rules which may facilitate their ability to comply and accurately represent their work<\/p><\/li><li><p>Society knows the rules (even if a specialised profession largely deploys the results on their behalf) and has the ability to review the result.\u00a0 Society has an ability to participate in but not control changes to those rules which may facilitate their ability to understand the entity and the outputs<\/p><\/li><\/ul><\/li><\/ol><p><em>ForHumanity operates a fully-inclusive process for developing the rules.\u00a0 It is crowd-sourced, iterated, and transparent.\u00a0 All may participate in drafting audit criteria in the areas of Ethics, Bias, Privacy, Trust, and Cybersecurity.\u00a0 All qualified firms will be licensed to audit or provide compliance services.\u00a0 The only requirements for participation in the ForHumanity audit drafting process are a contact mechanism (such as\u00a0 email) and a willingness to sign our code of conduct asking humans to act respectfully to other humans during the process.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Understanding<\/strong> &#8211;\u00a0<\/p><ul data-rte-list=\"default\"><li><p>Understanding different professions requires expertise about these numbers criteria and what they mean.\u00a0 Those explanations are widely available and consistently delivered to all who seek knowledge about how to audit.<\/p><\/li><li><p>The compliant entity has equal knowledge on how to comply with the audit<\/p><\/li><li><p>Society understands how Financial AI audits are conducted, what compliance means, and understands the output\u00a0<\/p><\/li><\/ul><\/li><\/ol><p><em>While auditing AIs and Autonomous systems remains in its infancy, ForHumanity has launched training\u00a0 and learning objectives &#8211; available for all who want to learn how to audit using our approved certification schemes.\u00a0 People can learn how to execute these audits and pass an examination to audit or build systems designed to facilitate audit compliance.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Control<\/strong> &#8211;\u00a0<\/p><ul data-rte-list=\"default\"><li><p>A 3rd party auditor has complete and unconflicted responsibility for assuring compliance with the rules and standards; assuring compliance is in their sole discretion based on pre-defined and well-understood proofs supplied by the compliant entity<\/p><\/li><li><p>The compliant entity reduces its own risk and dictates the manner in which it\u00a0 provides compliance satisfaction.\u00a0 Compliance satisfaction is well known and understood to avoid failed compliance. Satisfactory compliance will equate to assurance by the auditor.<\/p><\/li><li><p>Society has more limited control here, except that a vital feedback loop is created as the rules are established by trusted industry specialists\u00a0 unaffiliated individuals, whose mission is dedicated solely towards mitigating risk to Society, are drafting the rules. If society does not use these outputs (ultimate choice) then the whole system fails and folds back upon itself.\u00a0 As long as the system functions positively, then society continues to use the outputs, and the system repeats<\/p><\/li><\/ul><\/li><\/ol><p><em>Compliance assurance remains solely in the domain of the auditor &#8211;\u00a0 identical to financial audit. Courtesy of our crowdsourced expertise, people can\u00a0 be involved in the drafting process as much or as little as they choose.\u00a0 All are welcome inside ForHumanity; we welcome your perspective, wisdom, culture and your passion for building trustworthy AIs and autonomous systems. You will make a difference.\u00a0 One word, one definition, one improved audit line will make a difference. The ubiquity of AI systems requires all perspectives to make it work for everyone, everywhere.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Security<\/strong><\/p><ul data-rte-list=\"default\"><li><p>The Auditor has the contractual structure and \u2018power\u2019 to demand the information required to assure compliance. They have the imprimatur to do so because they are not authors of the rules.\u00a0 They have full transparency through their contract with the compliant entity.<\/p><\/li><li><p>The compliant entity protects its intellectual property from the whole world, including its competitors.\u00a0 It is responsible for all aspects of compliance and all information, except disclosures, maximizing the protection of that information vis a vis omnibus transparency.\u00a0 The compliant entity maximizes security by being compliant.<\/p><\/li><li><p>Society protects itself by establishing the rules which raise transparency, increase governance, oversight, and protection\/safety mechanisms for humans.\u00a0 When laws are codified into audit rules we achieve proactive compliance rather than the traditional reactive compliance courtesy of laws and punishment ***<\/p><\/li><\/ul><\/li><\/ol><p><em>Independent Audit of AI Systems will not provide ultimate security: all transparent systems are at the mercy of bad actors.\u00a0 However, combined with the laws of independence, the checks and balances, oversight, governance, disclosures, transparency, and robust audit process \u00a0 &#8211; it introduces a substantially heightened level of security for our AIs and Autonomous systems, certainly above our current, unregulated free-for-all.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Fairness<\/strong> &#8211;<\/p><ul data-rte-list=\"default\"><li><p>\u00a0Auditors are independent (legal term) and only receive commensurate compensation for conducting audits.\u00a0 The Auditor has liability for certifying compliance where it is not earned and proved by the compliant entity.<\/p><\/li><li><p>The compliant entity knows that if it is compliant and can reasonably prove compliance then assurance will occur.\u00a0 The fees associated with the audit do not outweigh the economic benefit of compliance<\/p><\/li><li><p>Society benefits from an unconflicted process and the leverage provided by an audit firm acting as an unbiased proxy for verification and assurance of an entity\u2019s financial reports. It acts as \u2018shorthand\u2019 for all members of society doing their own work.<\/p><\/li><\/ul><p data-rte-preserve-empty=\"true\">\u00a0<\/p><\/li><\/ol><p><em>This section is unchanged and expresses exactly how Independent Audit of AI Systems maintains fairness.\u00a0 ForHumanity has one advantage over financial accounting: we have included the Sarbanes Oxley legal structure of independence into our licence agreement to ensure fairness and independence in the audit system.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Equity<\/strong><\/p><ul data-rte-list=\"default\"><li><p>Auditors provide the same assurance for the same compliance based upon a set of accepted third-party rules (avoiding the inherent conflict of interest of auditing your own rules) and are simply applying them in return for a fair wage.<\/p><\/li><li><p>All compliant entities receive the same assurance for the same compliance based upon a set of rules they did not create and receive public notoriety for complying with the rules demanded by society on a level playing field.<\/p><\/li><li><p>Society establishes a set of rules for all.\u00a0 A level playing field of compliance and assurance on a set of rules that treat the individual in a fair way vis a vis the compliant entity during the exchange of goods and services.<\/p><\/li><\/ul><p data-rte-preserve-empty=\"true\">\u00a0<\/p><\/li><\/ol><p><em>ForHumanity is a non-profit organization whose mission is dedicated to mitigating risk to humans from AIs and autonomous systems. So equity for people and not auditors and compliant entities is our focus.\u00a0 However, a system that does not consider the economic impact of audit compliance to compliant entities and their ability to deliver goods and services or the practical impact on auditors and their ability to achieve satisfactory assurance that an entity is compliant would render the system useless.\u00a0 Equity exists in that balance, but in this balance and this structure a system exist to bring an #infrastructureoftrust to people.<\/em><\/p><ol data-rte-list=\"default\"><li><p><strong>Morality<\/strong><\/p><ul data-rte-list=\"default\"><li><p>The Auditor understands they act as a proxy for society and have a duty of care to assure compliance where it exists and withhold assurance when compliance is not achieved.<\/p><\/li><li><p>The compliant entity willfully complies with societal rules in exchange for the right to earn a profit or the right to continue to deliver its\u00a0 goods and services.<\/p><\/li><li><p>Society makes rules and processes that satisfy their needs for trust, balanced against the economic needs of the compliant entity\u2019s ability to profitably or successfully deliver their goods and services<\/p><\/li><\/ul><p data-rte-preserve-empty=\"true\">\u00a0<\/p><\/li><\/ol><p><em>AIs and Autonomous systems facilitate a heightened level of human and personal inclusion in the actual processing.\u00a0 In financial transactions only numbers flow through. Here, data, which is often representative of <\/em><strong><em>who<\/em><\/strong><em> we are, flows through the process.\u00a0 Our privacy is at stake, many of our biases are encoded into the systems &#8211; some of our ethical decisions are abdicated to these systems. The work of Independent Audit of AI Systems endeavors to mitigate bias risk and uncover the embedded ethics in the systems. These mitigations are accomplished via the certification criteria. The criteria requires disclosure, transparency, and explainability so that we may continue to increase our awareness of embedded bias, embedded ethical decisions, risks to privacy, potential trust issues and areas of insufficient security for these systems. This way\u00a0 we increase our ability to rectify these shortcomings and continue to mitigate risk to humans.<\/em><\/p><p>No system is perfect, there are no illusions here amongst ForHumanity\u2019s Contributors and Fellows.\u00a0 We, collectively, believe that Independent Audit of AI Systems provides our best opportunity to build a dynamic process, with robust guardrails, transparent, human-centric rules designed to grow, change and adapt to an extremely dynamic marketplace.\u00a0 We feel that this is the best plan to establish an #infrastructureoftrust for all of our AIs and autonomous systems. If you agree come join us and help.\u00a0 If you disagree, come join us and make us better because in the end, we are ForHumanity and we are sure you are too.<\/p><h2>About ForHumanity<\/h2><p><em>ForHumanity<\/em> is a 501(c)(3) tax-exempt public charity formed to examine and analyze the downside risks associated with the ubiquitous advance of AI and automation. To this end, we engage in risk control and mitigation and deploy the lens and filter of Ethics, Bias, Privacy, Trust, and Cybersecurity to ensure the optimal outcome\u2026ForHumanity.<\/p><p>ForHumanity is an interdisciplinary group of dedicated expert volunteers, with over 200 contributors and 30 Fellows, Its collective expertise spans the AI field, ranging from ethics to algorithmic risk and to security. Our team is drawn from the academic, legal, policy, corporate, and public sectors of over 35 countries around the world.\u00a0 Our mission is to help create an \u2018infrastructure of trust\u2019 for all autonomous systems that directly impact humans.\u00a0<\/p><p>ForHumanity drafts comprehensive, pragmatic and implementable audit rules and standards for autonomous systems in every corner of the economy. Our experts collaborate with industry practitioners to ensure these audits achieve our mission of mitigating AI risk to humans. This system of audit rules and standards\u00a0 &#8211; adapted to local jurisdictional laws and regulations\u00a0 &#8211; is called Independent Audit of AI Systems<em> (IAAIS). <\/em>\u00a0\u00a0<\/p><p><strong>***<\/strong> Laws are reactive.\u00a0 They are designed to deter would-be wrongdoers and punish criminals, however, they do not prevent people from being hurt.\u00a0 When ForHumanity talks about the word \u201caudit\u201d, we do not think of simply a detailed\/deep examination of financial records, accounts, or mechanisms. While this form of the word is the common understanding of audit, there is a bigger \u201caudit\u201d and that is the one we refer to here.\u00a0 Audit, when it codifies the law (such as GAAP and IFRS codifying tax law or ForHumanity codifying GDPR on behalf of the Internet Commissioner\u2019s Office (ICO) audit becomes a proactive application of the law.\u00a0 When audits are mandated by law (such is the case for most publicly traded companies), then compliance with the law happens before people are hurt, before laws are broken.\u00a0 Knowing an independent third-party will be examining your compliance has a way of increasing adherence to the law.\u00a0 When audit rules are drafted to codify existing law it is a more proactive application of the law and more protective of people.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>How do we build trust? How can we systematically assure trust in our systems? How would auditing AI and autonomous systems contribute to this goal? Explaining how the world\u2019s most famous accounting\/audit disaster &#8211; Enron &#8211; exemplifies the merits of Independent Audit, helps illustrate how a robust system of oversight is essential to building trust. &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/forhumanity.dev\/web\/blog\/2021\/02\/01\/auditing-ai-and-autonomous-systems-building-an-infrastructureoftrust\/\"> <span class=\"screen-reader-text\">Auditing AI and Autonomous systems &#8211; building an #infrastructureoftrust<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":1645,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-980","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article"],"_links":{"self":[{"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/posts\/980","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/comments?post=980"}],"version-history":[{"count":3,"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/posts\/980\/revisions"}],"predecessor-version":[{"id":1789,"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/posts\/980\/revisions\/1789"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/media\/1645"}],"wp:attachment":[{"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/media?parent=980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/categories?post=980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forhumanity.dev\/web\/wp-json\/wp\/v2\/tags?post=980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}