Shadow AI is a term that describes the unsanctioned or ad-hoc use of generative AI within an organization, which is outside of IT governance. This can occur when AI applications are developed or used without being officially sanctioned or monitored by an organization’s IT department.

In many ways Shadow AI is the next generation of Shadow IT. Likewise Shadow IT also refers to employees using desktop applications that are outside the control of an organization’s IT department. However, the rapid pace of the deployment of AI is unprecedented. Thus, the potential for business users to build and develop AI apps that compromise an organization’s ability to detect, risk assess, and mitigate AI risk is equally unprecedented.

Financial institutions are rapidly adopting AI within their inventory of complex models. We believe, along with most internal auditors and risk managers, that it is imperative to identify and manage the new business and regulatory challenges that accompany the use of AI.

At its core, AI models are simply another form of an End User Computing (EUC) Application.

The recent Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence marks a significant step towards regulating and harnessing the power of AI.

Understanding the Executive Order: The executive order outlines a comprehensive framework for the responsible development and deployment of AI, emphasizing the importance of addressing potential risks associated with its use. From privacy concerns to algorithmic biases, the order aims to create a safer and more transparent environment for AI applications across various industries.

Author: Adrian Maconick, Director of UK Sales and Marketing

The Prudential Regulatory Authority (PRA) has issued a new supervisory statement (SS) – “Model risk management principles for banks” in May 2023. It sets out the PRA’s expectations for banks model risk management (MRM) and is effective from 17 May 2024. Banks will need to move quicky to have revised MRM processes in place by then.

The SS applies to all regulated UK-incorporated banks, building societies, and PRA-designated investment firms.

Errors of accounting are comparable to weeds in a garden—easy to overlook but potentially disastrous if left unattended. The majority of accounting tasks are completed through spreadsheets, and it's startling to know that 90% of spreadsheets with over 150 rows contain errors of accounting. Even seasoned professionals can only spot around 54% of these errors on average. These errors can originate from data entry, flawed formulas, spreadsheet logic, or even incorrect links to other data sources.

Is your organization moving towards cloud computing solutions? If so, these initiatives can typically be viewed as two different types of projects.

1. Moving application servers and databases to cloud servers such as Amazon AWS or Microsoft Azure.
2. Migrating files and data into cloud storage.

How can this be done without disrupting your current EUC and Model controls? CIMCON can help.

There are numerous, well-publicized incidents of data loss and data breach associated with the use of spreadsheets. This perpetual information security risk has led many to call for doing away with spreadsheets entirely. But before you go disrupting any critical business processes that aren’t really broken, consider taking advantage of a new Excel add-in that is available at no cost via Microsoft AppSource.

Having an accurate and up to date inventory of models (whether they are spreadsheet-based or other) is the foundation of any model governance program. Now that you’ve chosen to manage these model risks, what’s the best way to track them?

Nowadays we take spreadsheets for granted. Their power is simply at our fingertips. But it wasn't always this way. How did we come to have these useful tools so readily available? There is surprisingly little formal information about how they came to be, but luckily, there are others who share our passion and have done something about it. 

There should be no schadenfreude experienced after the news reports of BlackRock accidentally leaking a spreadsheet containing the PII (personally identifiable information) of close to 20,000 independent financial advisors who distribute their iShares products. It can happen to anyone and in fact, it happens all the time.