Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Framework for Assurance Audits of Algorithmic Systems

Khoa Lam, Benjamin Lange, Borhane Blili-Hamelin, Jovana Davidovic, Shea Brown, Ali Hasan

TL;DR

The paper tackles the lack of standardized AI auditing practices by proposing a criterion audit framework inspired by financial audits to provide external assurance on algorithmic systems. It defines criterion audits against publicly accessible criteria, outlines direct and indirect auditing approaches, and prescribes a standard engagement process with public disclosure and certification. The authors illustrate the framework by adapting it to NYC Local Law 144 bias audit requirements, detailing three criteria areas—disparate impact analysis, governance, and risk assessment—and showing how sections interact to provide robust assurance. They also discuss benefits, such as adaptability and transparency, and significant challenges, including standardization, auditor training, and the need for an operating audit ecosystem. Overall, the work argues that such a framework can improve accountability for AI, while recognizing that audits are one piece of a broader responsible AI ecosystem.

Abstract

An increasing number of regulations propose AI audits as a mechanism for achieving transparency and accountability for artificial intelligence (AI) systems. Despite some converging norms around various forms of AI auditing, auditing for the purpose of compliance and assurance currently lacks agreed-upon practices, procedures, taxonomies, and standards. We propose the criterion audit as an operationalizable compliance and assurance external audit framework. We model elements of this approach after financial auditing practices, and argue that AI audits should similarly provide assurance to their stakeholders about AI organizations' ability to govern their algorithms in ways that mitigate harms and uphold human values. We discuss the necessary conditions for the criterion audit and provide a procedural blueprint for performing an audit engagement in practice. We illustrate how this framework can be adapted to current regulations by deriving the criteria on which bias audits can be performed for in-scope hiring algorithms, as required by the recently effective New York City Local Law 144 of 2021. We conclude by offering a critical discussion on the benefits, inherent limitations, and implementation challenges of applying practices of the more mature financial auditing industry to AI auditing where robust guardrails against quality assurance issues are only starting to emerge. Our discussion -- informed by experiences in performing these audits in practice -- highlights the critical role that an audit ecosystem plays in ensuring the effectiveness of audits.

A Framework for Assurance Audits of Algorithmic Systems

TL;DR

The paper tackles the lack of standardized AI auditing practices by proposing a criterion audit framework inspired by financial audits to provide external assurance on algorithmic systems. It defines criterion audits against publicly accessible criteria, outlines direct and indirect auditing approaches, and prescribes a standard engagement process with public disclosure and certification. The authors illustrate the framework by adapting it to NYC Local Law 144 bias audit requirements, detailing three criteria areas—disparate impact analysis, governance, and risk assessment—and showing how sections interact to provide robust assurance. They also discuss benefits, such as adaptability and transparency, and significant challenges, including standardization, auditor training, and the need for an operating audit ecosystem. Overall, the work argues that such a framework can improve accountability for AI, while recognizing that audits are one piece of a broader responsible AI ecosystem.

Abstract

An increasing number of regulations propose AI audits as a mechanism for achieving transparency and accountability for artificial intelligence (AI) systems. Despite some converging norms around various forms of AI auditing, auditing for the purpose of compliance and assurance currently lacks agreed-upon practices, procedures, taxonomies, and standards. We propose the criterion audit as an operationalizable compliance and assurance external audit framework. We model elements of this approach after financial auditing practices, and argue that AI audits should similarly provide assurance to their stakeholders about AI organizations' ability to govern their algorithms in ways that mitigate harms and uphold human values. We discuss the necessary conditions for the criterion audit and provide a procedural blueprint for performing an audit engagement in practice. We illustrate how this framework can be adapted to current regulations by deriving the criteria on which bias audits can be performed for in-scope hiring algorithms, as required by the recently effective New York City Local Law 144 of 2021. We conclude by offering a critical discussion on the benefits, inherent limitations, and implementation challenges of applying practices of the more mature financial auditing industry to AI auditing where robust guardrails against quality assurance issues are only starting to emerge. Our discussion -- informed by experiences in performing these audits in practice -- highlights the critical role that an audit ecosystem plays in ensuring the effectiveness of audits.
Paper Structure (43 sections, 2 tables)

This paper contains 43 sections, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Motivation
  4. Taxonomy
  5. The Criterion Audit
  6. Objectives
  7. Definition
  8. Auditing approaches
  9. Direct assessment.
  10. Indirect verification.
  11. Audit procedures
  12. Target scoping.
  13. Documentation submission.
  14. Evidence verification.
  15. Publication of the audit report.
  16. ...and 28 more sections