Introduction

So as you can see, as you can definitely see, nowadays most of the companies dream of becoming AI-driven and leaving their competitors behind. Most of them fall short, and it's not for technical reasons, but it's very often for reasons which are non-technical.

Together with my colleague Marek, I'm Christoph, as you've already heard. We would like to take you on a journey to AI maturity using our AI governance framework, how I like to call it.

Understanding AI Adoption Challenges

Why does AI adoption take so long? So, London-based Osborne-Clark law firm asked over 6,000 companies around the world why they struggle with adopting AI. And the answer wasn't technology or stuff like this. It was compliance and procurement.

I'm an engineer by degree, so I understand that most of us would like to progress as quickly as possible with implementing AI, but we struggle with all the paperwork. So today we would like to show you how you can swiftly go through the problems and challenges caused by all the compliance and legal stuff.

AI Governance Framework Overview

And here you can see the AI pillars of AI governance, which we divided into two sections, the technical capabilities and business readiness.

Technical Capabilities

Marek, please tell us about the technical part. Actually, our friends before, they were talking about some positive things, right? Building the RLMs, building the platforms to help the people to do the business. But we are from Poland, so we need to complain a little bit. This is just our nature, but a little bit.

About the core technical capabilities. Actually, I want it to be heard why AI governance is important.

So probably all of us, we are working for some companies or we have our companies. And we can be Python developers, data scientists, data analysts. We can be... product owners and working for some business lines.

And we are working on POC, POV. We have sandbox environments where we build our AI tools, solutions. But at the end, we want to have it on production, right? And we want to have some fast go to market and return of investment.

but sometimes we may have problems and it cannot, actually sometimes it can, maybe it's not even related with the model itself, but with the regulations in our company. So today we would like to talk about AI governance and why it's important.

Building Skills and Competencies

First pillar here is related with the people and the skills. So in our company we need to build the skills, right? At the beginning, probably will not have the proper skills to do machine learning models and AI models. So we need to have the external support. It's fine.

But during our journey, we should focus on building the competencies inside the organization. So employee development, trainings, knowledge sharing, right? It's something very important because who will work on our models? our data scientists probably, right?

Infrastructure and Technology Readiness

And they will know the models and what is really needed in our company better than the external resources. The second pillar is related with technology, so infrastructure, right? Once again, at the beginning of our journey, we can build a small sandbox somewhere and do our POC and we can prototype our AI solution.

But then when we want to move on the production, probably we need to have more advanced solution and the infrastructure needs to be ready. the best option is well if we have the infrastructure where we don't need to have a support from the IT department for example right but the data scientist can build his own environment just on demand and work on the model on the full lifecycle of the model The rollout and integration with existing systems, it's something that actually needs to be addressed during our journey.

Data Governance and Quality

Data and the governance, so it's the core, right? It's our base. All the time we talk about the data governance in terms of the high quality of the data, about the master data management. So it's important, of course, but it's not enough if we think about to be the AI-driven company or at least to have our products implemented.

Business Readiness

So these three pillars are important and they are related with the core technical capabilities but also what is very important, the business readiness is something what actually will, what can stop us in our journey. Yeah, the business readiness is vital, especially the whole management support. 1It's absolutely key that the whole senior management of the company has a clear vision and shares one strategy of implementing the AI. So it's really important that there is one shared vision among all stakeholders.

If they view it only as a marketing stunt, and not as a way of actually doing their business better, it will most likely fail.

If they don't agree to allocate resources, which means time, people, and money, there will simply not be enough opportunities to make this work. And what is extremely important is the steering committee. which prioritizes the needs for new AI tools, new AI application within the company.

Because you can imagine various departments have different needs. They approach the IT or whoever is responsible and they state their needs. So someone needs to take the budget and say, well, we'll start with this because this will bring the best results. and the biggest impact and later if there is still some budget left we'll follow with this and this and this so that's what the steering committee is for to maximize the impact the AI can have.

When it comes to financing, which is always a huge problem, obviously, by budget management, we should understand that at most companies, AI is financed by the innovation funds, innovation budgets, which are usually not sufficient. They are nice to build some POCs, but not enough to have company-wide rollouts. So the goal should be to move the AI budgets to all business units respectively, which means if you have an accounting and then they have a problem with something and they are using AI to solve this problem, then the budget should be coming from the accounting, not from the IT or not from the R&D and not from innovation. which helps a lot when you have additional funds.

And also, the results tracking is key. You need to have KPIs. When you have solid numbers, and I can tell you from my experience, when you have solid numbers to justify the expense, you can justify even huge expenses, because you are clearly showing the company that they are investing, say, 100,000, but they are getting one million in return. You can agree with emotion, with arguments, but when you have clear data, it's very difficult to argue with that.

Processes and Ethics in AI

And when it comes to processes and ethics, this is an area which is very often overseen. Definitely taking the ownership and setting the accountability. AI is just a digital thing, so someone needs to be accountable in a situation when something happens. So who should that be?

How do we build the awareness within the company? Well, this is a bigger thing, so we will tell a bit more in the next slide about it. What is the expected result here in terms of the proper business processes to handle AI?

Well, at the beginning, we need to have innovation budget managed by our management, right? Then, it has to be moved to the business lines. I mean, of course, at the beginning, we can start working on the model, having the innovation budget, right? the business line needs to see the value of it, right? So if they don't see the value and they will say, okay, we don't have the budget for this tool or this solution, it's a red flag for us because probably they think that they will pay more than they will get, right? So maybe it's better to skip this project don't waste more money and start thinking about the next one from the list, from the priority list, right, if you have such list. Yeah, absolutely agree. Exactly.

AI Compliance and Regulations

Okay, so AI compliance. Krzysztof mentioned at the beginning that the compliance department is one of the bottlenecks one of the most problematic ones, let's say. Exactly.

I have one question. Who has noticed that Eric's mentioned about the compliance during his presentation? Actually, sometimes we forget about it, right? To be compliant with many different areas or departments. But at the end, this is the reason why sometimes our project fails.

Navigating Regulations and Security

So, I would like to go through all this, let's say, pillars here. We have, we divided it to the two sections, the regulations and the security. So, regulations, legal department, friend or enemy. I don't, actually, I never know. But to be honest, the legal department, they need to be actually, how to say it? So all the time, they need to have some proofment prove that it works as it should be okay and it has to be compliant with all the regulations external regulations like GDPR or any others like AI Act in the European Union or the industry specific right regulations So we need to go through this way with them to define the proper processes, how it will be handled.

Then we have the ethical standards. So, yes, evidence of discrimination or manipulation, it's pretty obvious we are aware of that. And as I mentioned before, the AI Act.

it's something already implemented in european union i know that you are not under this restriction now but we see that in other regions they're working on something very similar so if you think about the implementation of the ai in your company probably you will have a very similar regulations in your country as well right Then internal rules, risk management, if there is a model management and incident reporting. Very important thing is the incident reporting because if something will go wrong with our models, especially if we talk about the language models. So I don't know. Some will find the zero-day vulnerability and will get the data from our systems. Then we need to have defined the rules how we report this kind of incidents and what we do with these things.

Security and Vulnerability Management

So the security aspect, the data, this is the obvious point here, how we are sure that our data is secured. Then we have the vulnerabilities, and this is, this is important thing here because we talk that the ai help us to avoid the situations uh or to fix the security issues but we don't talk too much that the new solutions in ai like the large language models they have the we have a new kind of the vulnerabilities there. If you heard about the OWASP then they also have provided top 10 vulnerabilities for GenAI and on the first place is there is a prompt injection so how the people they can inject something to the prompt and get the data actually which they shouldn't have access to Yeah, how you can trick the LLM around its own boundaries to think that you are doing something that they can do while they actually can't. So that's very tricky.

The last point here, the last pillar is the monitoring. So, of course, even if you have implemented some rules or processes, we need to try to follow them. Of course, we need to follow them, but we need to also... do the audits to see if they are implemented correctly every time. And the same, we need to have specified how all the issues will be reported, managed, and presented, right? So this is about the compliance here.

The AI Maturity Journey

And here's the AI journey. We talk about these pillars and your company can be on a different level of the maturity in terms of the AI. So here you see we have defined four levels. Two of them are the technology-centric at the beginning of the journey.

Then we have the business adoption, a very expensive step where actually we take all the business lines and actually involve them to building the AI solutions in our company. And the last one is the AI-driven. Here is the hint. how important is each pillar at each stage here.

So we can see that at the beginning we think about the skills, the technology, how we are going to do that, how the management will support our work, but then the different areas change during our journey. and how you can do your own assessment here.

So first of all, we have the company vision and strategy. It was mentioned at the beginning. Then we should have the pillar analysis. So let's do the checklist, what we have done, what needs to be done during action in each pillar.

We will share this list with you, I mean, the proposal. the template, how it can be done. And then we can build the assessment and goals matrix so we know where we want to be, where we are now, and then what we need to do to move from this point to the second one. Then at the end we build the advisory report. and we start the implementation of these rules, processes and finally we increase the chance that at the end our AI implementation will finish with success.

AI Maturity Assessment and Checklist

Together with Marek we work with multiple clients who struggle with the very same problems which seem pretty basic for us. We see them lots of time again and again and again. So we came up with our AI maturity assessment checklist.

You can download it and see for yourself whether your company struggles with certain fields. Some of them are very basic, trivial. Some of them are slightly more complicated, but we believe that without actual business applications, AI will not thrive because there is no sense to implement AI just for the sake of implementing it.

Conclusion

We as engineers love to do it, but without business understanding the business impact, the revenue, additional revenue that it generates will most likely not see it implemented widely. So that's why we also focus not only on the technical side, on the engineering side, but also on the bottlenecks which lay very often in in the hands of people who are non-technical like compliance legal and stuff like this so I hope this will be helpful for us for you and thank you very much for listening to us and I hope you'll have a wonderful evening thank you