Good practice guidance has been published by the National Audit Office (NAO) to aid public sector organisations in mitigating the “significant risks and challenges” associated with implementing AI.
The “Good Practice Guide for Organisations Using AI” highlights the government's ambition to use AI to improve the quality and efficiency of public services, but also warns that poorly governed deployments could pose significant risks to personal data, decision-making, accuracy and security, harming public trust. In light of this, the guide presents a series of questions and problem areas for the consideration of audit and risk assurance committees charged with overseeing the adoption of AI.
This comes as the government is seeking to move its usage of AI “beyond optional experimentation to more deliberate, well-managed adoption”.
According to the report, government bodies are increasingly using AI in a variety of forms, from embedded productivity tools to cloud-based AI services. The NAO cautions organisations against assuming that individual productivity gains will automatically translate into organisation-wide savings and notes that AI-driven activity outside government may also create new operational challenges.
A central theme of the guidance is the need to establish “appropriate foundations” for AI implementation, with the guide listing a number of areas to assess to ensure safe and successful adoption. One key area of consideration concerns an organisation’s approach to, and reasons for, using AI. It distinguishes between “blue-sky” innovation and adoption which seeks to solve the most pressing business challenges, advising leaders to approach both cases in different ways.
Data quality is also highlighted as a critical factor in successful AI adoption. Noting that AI models trained, tested, or deployed on poor data are more likely to produce unreliable results and demonstrate bias, the NAO advises audit and risk assurance committees to consider the fitness for purpose of data, as well as the legal basis for its use.
With AI increasing an organisation’s risk to operational and security threats, particularly when used alongside older legacy systems, the NAO also stresses the importance of cybersecurity. It urges organisations to treat ‘security by design’ - the government's ten mandatory principles embedding security considerations into digital services - as integral to AI development, rather than an afterthought.
In addition, the guide emphasises the need to manage risks throughout pilot projects and while scaling. It highlights the importance of a clearly-articulated and business-led AI strategy, digital fluency at senior levels, ethics and transparency guidelines, and workforce planning to anticipate changes to job design as AI becomes increasingly prominent.
A workshop focused on overcoming barriers to confident AI adoption will be held at Church House in Westminster on 25 June. The event, hosted by Government Digital Service, DSIT and Snowflake, will cover how to build trusted data pipelines, manage secure-by-design access, create the conditions to iterate quickly, and keep humans meaningfully in the loop.
You can register for the event here.