Get to the roots: Managing algorithmic risks from the bottom up

Let’s say you’re looking over your well-manicured lawn when you spot a weed. It’s just one, solitary weed. So you might be tempted to snip it off and go about your day. But the following week, there’s another weed. And the next week, another.

Suddenly, you can’t see the grass for the weeds.

The same can be true with algorithmic risks. It can be tempting to patch up issues as you spot them. But algorithmic risk management shouldn’t be a periodic exercise. It calls for continuous monitoring of algorithms, perhaps even through the use of other algorithms. 

Inherent risks in the use of algorithms

Algorithms are becoming pervasive, and organizations are investing heavily in them. Data analytics and cognitive technology-based algorithms are increasingly being integrated into many core functions, including finance, marketing, operations, IT, risk management, and HR. And they add tremendous value, ranging from innovative products to improved customer service and strategic planning.

But a quick glance at business headlines makes it clear that managing algorithmic risks can be complex. There are risks inherent in the design, implementation, and use of algorithms. When not managed effectively, they have the ability to damage your organization’s reputation, operations, and financials. 

Not your traditional risk management

Managing the risks from using algorithms is different from traditional risk management. Here’s why:

1.     Algorithms are complex, unpredictable, and difficult to explain. Many algorithms are based on machine learning and other advanced technologies which depend on data that evolve over time. These algorithms can even develop their own languages to communicate with each other. This can have tremendous potential—but also lead to unanticipated risks.

2.     Algorithms are proprietary. This makes it difficult for regulatory agencies and outside watchdog groups to monitor them.

3.     Standards and regulations aren’t in place. There are no widely accepted cross-industry standards to govern many types of complex algorithms and the associated processes around data collection, training, and algorithm design.

Modernize your risk management framework

To manage these risks, while still reaping the benefits of using algorithms, modernizing your organization’s traditional risk management framework is key. Enterprise risk management should be a strong foundation for a risk management approach, covering:

1.     Strategy and governance, which manages technical and cultural risk

2.     Algorithm design, development, deployment, and use throughout the algorithm life cycle, starting with data selection and ending with the actual live use of the algorithms

3.     Monitoring and testing, including objective reviews of algorithms and the data used to train these algorithms, by internal and external parties

Get to the root of managing algorithmic risks

Organizations can get to the root of the matter by asking key questions:

1.     Does your organization have a good handle on where algorithms are deployed?

2.     Have you evaluated the potential organizational impact, should these algorithms malfunction?

3.     Do you have a program in place to manage these risks? And are you continuously enhancing it as technology evolves?

Assessing your organization’s use of algorithms in high-risk and high-impact situations can help you implement leading practices to manage the risks.

Don’t let the weeds win

The body of knowledge about algorithmic risks is still growing. But it’s important to start managing those risks from the ground up, lest they begin spreading like weeds. By getting to the root of the issue and putting a strong framework in place, organizations can use complex data analytics and machine learning algorithms to accelerate performance, while actively managing the associated risks.

To learn more, read Managing algorithmic risks: Safeguarding the use of complex algorithms and machine learning.

And please take a moment to comment below or send me a message. I’d like to hear from you.