Businesses face constant challenges to comply with the EU AI Act. Concurrently, businesses focus on new and persistent risks as a consequence of providing services using or developing AI. Compliance failures can lead to customer loss, reputational damage and high-profile legal exposure. In the existing market environment, risk management should be a business-as-usual approach manifesting in more confidence from customers and consequently more financial yields. Our strategy supports this process.
How Do We Assure Quality?
The primary elements of our approach are efficiency and reducing the disruption of business processes during the implementation and audit. This necessitates effective planning and open communication with our clients during the planning phase, throughout the entire engagement, especially during the reporting and audit phase.
Our approach is concentrated on delivering quality throughout the entire process and is subject to AI & Partners' quality standards. The process of the implementation and audit for the EU AI Act comprises six phases. These phases are outlined below:
Phase 1. Impact Assessment & Preparation
In Phase 1, the impact (GAP analysis) of the implementation for your business is determined. Based on the impact and the defined scope of the implementation, a detailed plan is constructed in which the numerous milestones are identified and arrangements with senior leadership are made.
Phase 2. Controls & Processes
In Phase 2, interviews are hosted with your employees to identify risks, determine the impact, the existing working method, and take stock of the information present within your business. Following this, your company control measures are prepared according to the EU AI Act requirements, based on the information obtained from the interviews. These are recorded in a control matrix; a matrix containing the control objectives and control measures.
Phase 3. Internal Control Framework
In Phase 3, AI & Partners will describe the control framework based on the standards outlined in the EU AI Act and will construct the general part of the reporting. In the general part a description of the processes in scope, the business, services, structure, and the compliance controls is included.
Phase 4. EU AI Act Reporting
In Phase 4, the compliance report is further prepared based on the general description, Control Matrix, management statement and confidentiality statement. During this phase, your business will implement any absent controls within the business, if necessary. The processing time of the first four phases will usually be within a month, depending on the commitment and availability of your employees. The deployment of your employees is expected to be one day per week during that period. AI & Partners also provides the opportunity to process phase 1 to 4 using our software tools. Phase 4 results in a draft of the EU AI Act report.
Phase 5. Pre-Audit
Phase 6. Rectification
After the description, AI & Partners consultants will undertake a pre-audit or "readiness assessment" in Phase 5. The controls and the entire framework will be assessed and tested during the pre-audit, and potential problem areas will be identified prior to performing the audit procedures. Throughout this phase your company will provide the documentation and evidence required for the pre-audit.
During Phase 6, as a consequence of the pre-audit, improvements in control measures and the management system are implemented, and solutions are realized for the identified problem areas. We suggest solutions to be implemented by your company within the organization and the report. Phase 6 will result in the final EU AI Act report.