Making the Case for Algorithmic Accounting
Accounting is an essential business practice from just about every standpoint. Without proper accounting practices and financial statements, companies are operating in the dark.
Can you imagine a company operating with no financial statements and just money in the bank? It would be nearly impossible for the organization to maintain business continuity or provide accurate financial information to its investors, executives, and board. Management teams would be flying blind, and the business would eventually fail.
From day-to-day operations to investments and beyond, financial statements are the gauge of a company’s financial health. If the financial statements are inaccurate, there is a massive risk of the business overextending itself or misrepresenting its financial health, either of which could result in financial loss, loss of reputation, regulatory sanctions, litigation, and more.
While organizations and businesses place great emphasis on financial reporting and management, this rigor has not been extended to algorithms (AI, ML) and the technology they fuel.
Technology is as pivotal to businesses as the financial transactions themselves. Without it, there is absolutely no way any company could operate.
Regulators, litigants, and external and internal stakeholders have all sorts of expectations surrounding the use and management of algorithms and technology. Federal and international laws also spell out what can and can’t be done. As regulatory frameworks around AI and its data come into clearer focus, how can boards and executive leadership manage a business, its reputation, and compliance without an accounting framework for AI and technology?
Algorithms must be regularly audited to ensure the data and technology they use comply with current and proposed frameworks.
Microsoft, Google,[1] and Amazon, for instance, have all disclosed that there is a risk of material misstatement[2] (RMM) in their financial statements if their algorithms mis-perform, which could happen if there is an error in the algorithm, a data error went undetected, or data that feeds the algorithm is flawed in some way.
Algorithmic audits mitigate risk, making them an essential practice to build into organizational policy and internal software development workflow.
Algorithmic Audits and AI Impact Assessments
Algorithmic auditing and AI impact assessments are risk management tools used to weigh an algorithm’s risks, benefits, and limitations, ideally before implementation (ex-ante[3]), so that negative impacts can be avoided.
Algorithms and technology underpin all aspects of an organization. They can be involved in executing, approving, or facilitating transactions that have a financial impact, making them intrinsically connected to a business’ financial health.
Algorithms and technology may also be making decisions or recommendations on actions that impact a wide range of stakeholders but don’t have a direct financial impact. These decisions could still pose a threat to people or society, not to mention a company’s reputation.
With so much at stake, implementing mandatory audits is a positive step toward ensuring safe use of technology while establishing best practices to align with evolving regulatory frameworks.
An AI impact assessment considers how an AI system works at every stage, from the data it learns on to the results it delivers and outcomes for the end users. In considering these variables, companies must document the processes and show how their systems work. The resulting insights provides transparency for regulators, boards, executive leadership, and any other stakeholder.
Though there is currently no standardized process or mandatory reporting for businesses in the private sector, the human consequences can still be significant, especially in high-risk industries, such as finance, or any other instance where an AI makes decisions or suggestions about health, money, housing, or any other impact area.
The potential for bias in these use cases is exceedingly high, resulting in poor user outcomes based on race, ethnicity, credit status, and more. Harm can be mitigated if the companies managing the AI assess the impacts of using AI for these decisions, hence the need for impact assessments and continuous oversight of automated systems.
Who Needs Algorithmic Auditing?
In lower-risk environments, such as an algorithm making suggestions for your next take-out meal or a movie to watch, the consequences of a poor outcome would not be too concerning in most cases.
Financial statements, on the other hand, must be free of material misstatements. A misstatement in a financial statement could potentially influence decisions made by the people viewing the financial statement. The results will be the same if an issue is identified. Whether it is deliberate fraud or a simple algorithmic error, penalties can be costly.[4]
Unfortunately, no across-the-board metrics can be applied to all algorithms, as the “correct” amount of security, safety, and privacy varies based on the use case. That being said, we are now in a critical phase where there is a need to understand how and why AI is being used.
The EU AI Act is the world’s first mandatory framework. Its risk-driven approach assigns different rules and obligations based on the level of risk posed by the AI, considering the impact of AI as it pertains to its threat to people.
The EU AI Act’s risk-based approach[5] may well become the global standard, but most territories are still scrambling to develop a framework that is comprehensive without restricting innovation.
The US Algorithmic Accountability Act[6] is in its third iteration but is still not law. Currently, the most critical applications of AI are regulated for federal agencies and anyone doing business with the US government. If the Act is passed, it would also apply to any organization regulated by the Federal Trade Commission (FTC).
Requirements under the Act would include algorithmic impact assessments and annual summary reports. Impact assessments would need to be performed before and after the deployment of the AI system.
Affected parties would include any organization using AI-driven algorithms as an automated decision-making system (ADS). As you might imagine, this description covers a vast category of potential use cases, underscoring the importance of building in accountability and documentation from the earliest stages of development.
To support compliance, the FTC will provide guidelines for organizations to inform the impact assessment process, indicating that some level of standardization[7] is in the works.
How Can Company Management, Algorithmic Auditing, and Risk Management Be Effective Without Algorithmic Accounting?
The short answer to that question is – they can’t.
Algorithmic accounting is essential to help companies properly manage the business, gain visibility, and mitigate risk. Simply put, algorithmic auditing and impact assessments will never be fully effective or efficient without proper algorithmic accounting.
Management should know what their algorithms do, which ones have the greatest impact on day-to-day business, and which pose the greatest risk. When we understand where algorithms intersect with stakeholders and how their functions impact those individuals or entities, we gain perspective into the organization’s risk profile and where effort is required.
Should The Board and C-Suite Be Concerned?
The C-suite and board cannot appropriately manage a business without visibility into the criticality of their algorithms and the risk they pose.
Failure to respond to the current risk climate or disclose details of the company’s algorithmic activities may result in loss of business or prevent growth through investment.
Algorithmic accounting answers the following questions:
1. Which algorithms and technology are most pivotal and impactful to the business?
2. What is the risk profile of each algorithm and technology in use?
3. What is the impact to my business if these algorithms and technology are not compliant or arrive at an incorrect outcome?
4. If a particular algorithm is wrong, what is the risk of financial misstatement?
5. Where should I introduce more controls based on what the reports show?
6. What type of controls should be put in place?
7. How can we begin to put a management and reporting framework in place to account for AI and technology?
8. How should I evaluate the use (risk) of AI and technology beyond its cost before implementation?
Algorithmic accounting is a precursor to algorithmic auditing. Without it, management will not know the true impact algorithms are having on their business.
Impact assessments provide the necessary information to inform leadership about the need for guardrails and controls in their technology, while algorithmic accounting provides transparency into the algorithms that drive AI/ML’s decision-making process.
Algorithms can be considered both assets and liabilities. Without an impact assessment and algorithmic audit, boards would not likely know which algorithms are most critical and impactful and which are most risky. Algorithmic accounting informs these processes, keeping leadership abreast of potential risk before it becomes a problem.
Given the prevalence of algorithms, the board and executive leadership would be operating with blinders on if they lacked an algorithmic accounting framework. Without this knowledge, serious regulatory concerns and fines should an issue arise—and ignorance is not a viable defense.
Stringent reporting and visibility are essential to every algorithmic or automated process. Nothing less is acceptable, as an organization’s health, solvency, and sustainability are at stake. Algorithmic accounting should be the foundation upon which by the algorithmic auditing and impact assessments are performed on.
Conclusion
As algorithmic decision-making continues to penetrate multiple sectors worldwide, the need to ensure accountability and fairness in algorithmic usage has become paramount, resulting in various laws, regulations, and third-party frameworks that insist on impact assessments as part of a standardized algorithmic auditing and review process.
Impact assessments offer many benefits, not the least of which is to reduce liability. As we anticipate ongoing regulatory changes in this area, building this process into product and algorithmic development supports compliance as frameworks become standardized.
As the journey to standardization in AI and algorithmic reporting evolves, companies must use a bit of prescience to lay the groundwork for what lies ahead.
Getting Started
Algorithmic accounting promises to support organizations by improving process efficiency at scale. Still, ensuring those algorithms are built on a foundation you, your board, and stakeholders understand and can trust is critical.
Though technology is essential to enable efficiencies and scale in every department, it carries significant risk if not managed and audited adequately. Algorithmic audits and AI impact assessments ensure the organization’s financial health, security, and compliance. Speak to us today about how we can help you take control of your technology and prepare you for the future.
[1] https://patents.google.com/patent/US20050222928A1/en
[2] https://www.wired.com/story/google-microsoft-warn-ai-may-do-dumb-things/
[3] https://corporatefinanceinstitute.com/resources/equities/ex-ante-vs-ex-post/
[4] https://www.mayerbrown.com/en/perspectives-events/publications/2019/04/model-risk-strikes-again-sec-imposes-3-million-fine-due-to-error-in-computer-model
[5] https://artificialintelligenceact.eu/the-act/
[6] https://www.wyden.senate.gov/imo/media/doc/algorithmic_accountability_act_of_2023_summary.pdf
