Corporate Management

Artificial intelligence in companies: why a certified management system is strategic

DNV Business Assurance highlights the risks of AI implementation and the importance of responsible management

by Gianni Rusconi

Aggiungi Il Sole 24 Ore
ai preferiti su Google
Intelligenza Artificiale, nuove sfide per le imprese

4' min read

4' min read

"The premise is necessary: no one wants to diminish the value of the opportunities offered by artificial intelligence, which are great, visible and tangible. The adoption of AI is a road of no return and everyone is understanding and testing its potential and benefits, but as a certification body and as a company we are obliged to highlight the risks associated with its implementation." In the words of Massimo Alvaro, managing director for Italy of DNV Business Assurance (a Norwegian multinational that operates as an independent entity in the field of certification and risk management services), one grasps a perfect synthesis of the now endless discussion on the technology of the moment and an invitation to delve deeper into what are precisely the risks associated with its (incorrect) adoption, from the prejudices and conceptual biases that it can generate on certain categories of people to the internal responsibilities that are not clearly defined with respect to who is authorised to use this tool and through which procedures.

If the common goal is to mitigate risk, there are, according to DNV, two ways to pursue it: one involves the legislative aspect and the other the more purely technical component. The AI Act, the European regulation on artificial intelligence that has just come into force, in the first case represents an excellent step in the direction of necessary regulation and strengthens the role and regulatory weight of the European Union. There is therefore a context of technical codes, formal standards (the ISO/IEC 42001:2023), processes and procedures (the UNI CEI EN ISO/IEC 23894:2024) that determine how artificial intelligence should be managed responsibly and ethically, defining requirements and operational guidelines to balance and integrate risks and opportunities by balancing innovation and governance. 'There is nothing mandated yet,' Alvaro explained in this regard, 'but we can consider it a normal and even correct situation in relation to the fact that we are witnessing a spontaneous push by companies towards certification and full compliance. I therefore believe that, before making it compulsory to comply with standards, for which there are no certain and defined timeframes today, we need adequate risk mapping and the right maturity of companies'.

Loading...

The model referred to is basically a framework based on three pillars, which are the non-profit standardisation body (ISO and IEC or UNI) and the accreditation body (Accredia in Italy), which in turn authorises the certification body to operate and certify the IA management system. "We do not provide generic consultancy,' says the CEO of DNV Business Assurance, 'but we make a judgement that detects compliance or non-compliance with the regulations, assessing the degree of maturity of the organisation and pointing out the lack of objective evidence regarding the IA management system. We operate within the verification perimeter against precise requirements, measured by dedicated figures that we call auditors and aimed at issuing the certificate on a periodic basis for the company that requests it".

The assessment model is based on the concept of 'risk-based certification' and in fact takes a precise and comprehensive snapshot of how the organisation intends to manage this risk, how it is mapped, who is responsible for it and how they arrange the use of the technology, how data security and accessibility and people's privacy are ensured, the impacts of AI on staff and the determination of what information and documents can be fed to the algorithms, and more.

Generally speaking, the advice to be given to companies and their management is a clear strategic vision and an equally well-defined policy on the use of AI, on the assumption that the certifying body sets guidelines, but each case is unique. Moreover, there is no single figure in charge of managing this activity, because all functions of management are involved.

The general management pays a lot of attention to the subject and in many cases delegates this responsibility to the person from It (the Chief Information Officer) or HR or even to a member of the business line, including the head of the quality department. But where are companies on this path? And how are they reacting to all the stresses they are under? The answer given by Alvaro is on the whole positive. "We are observing a lot of curiosity about the knowledge of the regulations and we are registering an important movement in terms of training, while there is less willingness to implement, although there is no shortage of examples of those who have already taken the concrete step towards certification. It is understandable,' concluded the DNV manager, 'that there is prudence in the implementation of the management system, and it was unthinkable that overnight all Italian companies, small and large, would throw themselves headlong into this issue. We are in a necessary exploration phase, which I am convinced will produce positive elements'.

Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti