AI Governance & Compliance Explained – Why the Human Element Still Matters!

Table of Contents   

1. Introduction and Agenda 
2. Governance vs Compliance Analogy
3. Creating a Visual with AI
4. What AI Thinks?
   
5. Personality Differences and Common Ground
6. Responsible AI Approach 
7. Personal Use and Safety Considerations
   
8. Inspiration and Audience Interaction

Transcript

Introduction and Agenda 

So, Trina, you mind introducing us to our presentation?  Absolutely. Well, my name is Trina Huntsman. I am um audit and compliance analyst with ERP and uh I have a helper with me today. Uh Sean, if you don't mind introducing yourself.

My name is Sean Meade. I'm the information security officer for ERP Suites and I also have uh uh audit and compliance connected to me. So, we are I'm I'm very excited for Trina to be helping everyone out and and giving us some knowledge on how all of this links together, especially with AI involved as well.

Perfect. Well, so you are in um AI governance and compliance. Uh I actually wanted to start off with a question. Uh how many of you uh have definitions for governance and compliance? I'll let you uh put it in the chat if you have any any feedback for what you believe it is. Um because today is about helping you truly understand what governance and compliance is. So today we're going to cover uh definitions. We're actually going to cover AI definitions and human definitions. We're going to talk about the similarities and the differences. We're going to talk about what ERP is doing about AI. How you're going to implement governance and compliance with AI and we're going to give some examples. That's what we're uh we're planning on covering today.

Governance vs Compliance Analogy

 So, I'm going to go through what really helped me at the beginning understand that governance and compliance are actually different. Um, we always hear them together, but they're actually not the same. So an analogy that really helped  was uh governance is build the house and decide how it should operate. So it's the framework of compliance. So compliance is follow the rules about how to live in the house.  So for me that really opened up oh so the the outer workings the foundation the frame of this house is governance and what you're doing on the inside is actually compliance.

Creating a Visual with AI

When I was building this slide, I actually used AI to help me with the picture itself. I thought it would be a fun way to use human interaction with an AI to try to create a slide together. So I prompted I used chat GBT in this particular instance and I went through you know hey can you give me a picture of governance being a house and compliance being inside the house to try to give you a really clear picture of what they are.  And I actually had to prompt it quite a sorry. Uh I had to prompt it quite a few times. Um it started out with really blah. It kind of looked like a for sale sign for a house. I didn't love it and I had to get very specific with it. So I would add something and it would actually take something away.

So, for one example, it actually took away the the crane hook that's holding on the roof of governance. And I'm like, "No, no, no. That that's not not what I meant." You know, let's let's go through what I'm wanting again. And so, um, I kind of had to baby it a little bit. I had to I had to give it a lot of input to get what I wanted. And then it was just a very blah picture. I said, you know, make it colorful. And this is the first image it gave me. And it just made me so happy because I'm like, it really showed how AI is still a child in some instances. This being one of them. There were a lot a lot of prompts that I had to go through with this one.

So, you and I spoke some about that about you having to build this. Please tell us what happened when you wound up putting in all the guidance and all the prompts.  So, it was a lot of back and forth. It was about um probably 10 times of me saying, "No, no, no. I want it this way." And um I actually overheated the server. Uh it said, "Hey, uh I I need to take some time to cool down. Uh I will produce this in a few minutes. please, you know, come back. And when I came back, I actually let it cool down for a couple hours and I had to reprompt it because it didn't give me a picture at the end when it said, you know, I'll I'll automatically upload this. So, we still had some struggles there, but I I
had no idea you could actually overheat the server. It It was quite funny.  I guess that means Skynet's not not around the corner yet.  Maybe not as close as we thought. Uh so you mentioned these are human definitions, correct? Correct. Yes.

What AI Thinks?

So we're actually going to be covering next what does AI think? I was curious at if you asked AI, hey, what is governance and compliance? What's it going to tell me? Because it's such a hot topic right now. And so the next slide is a reference slide for you of what I got out of it.

Um I'm not sure everyone is aware, but AI has been around for lot longer than I realized. Um its first big milestone was in 1951. It's called Program Pro program Nimrod. It was a mathematical game. Uh Sean, I think when we talked about this, you referenced a movie. Um I don't remember what it was.

War Games.

Oh, okay. So War Games. Um the first AI, so the term AI was first coined in 1956. I had no idea how old it was. It was kind of incredible for me to think that it's been around for that long. So when I asked the AIS what they thought about govern or you know what is governance and compliance I really got a lot of the same answer.

Um at the very end after uh the closing I actually have the actual responses from the AI themselves. So I'll go through them so that you can come back to the recording and actually see what they said for reference to this. But just time constraint I kind of summarized it for you. For me it I noticed more of their personalities is how I would put it. Chat GBT was more formal. It focused more on risk. It was very clear. like I really enjoyed how clear it was. Co-pilot was more strategic. It had more uh of an ethical tone and for me, you know, that is helpful in certain instances whereas Gemini would it's very wordy. Gemini really is wordy. So for training or educational materials was awesome. But the way that it structured it was really helpful to me to be able the way my brain works to see it. And so there really weren't, you know, like it it it was more of a personality to me as far as, you know, when I was going through and reading the responses that that's what I got. And we'll actually talk about the nitpicky differences in the next slide.

Personality Differences and Common Ground

So in this slide I kind of covered governance and compliance together. So the focus of some of some of them agreed. So in the focus you can see chatgbt and co-pilot were really that they were the same and Gemini was more strategic direction and then chat GBT and Gemini agreed in terminology whereas co-pilot was different risk and trust you can see that two of them agreed as well one focused a little bit more on you know risk mitigation and stakeholder trust and the others were very, you know, strict rule followers. And then I did find it interesting that on scope clarity, uh, Gemini was the only one that distinguished between internal and external rules. Just one of those that's that personality coming through of programmers. It's easy to see it when you put it in a in this sort of format. It really helped me just be able to see it more clearly. So, we've talked, you know, about the differences. Let's talk about the similarities. So, I wanted to include this because all so all three of the AIS this was consistent. So in governance there was um focus on accountability, organizational goals, values, ethical conduct and compliance. It was legal conformity, maintaining trust, ethical conduct and integrity and accountability. So all all of them agreed on this and I just found that that was just fascinating to me because if it's that important it it really must be something because humans also agree.

Responsible AI Approach

So as we look at this I mean you've talked about what AI thinks about itself and some of the governance compliance the differences between them and everything. you've done some really interesting research here, but how in the end what what is this telling us when we really apply it as far as the human versus the AI and governance and compliance? So, they're very similar, but the human component is the most important. So you can input things into AI but it there are certain things it can't grasp. It can't grasp the culture in your uh in your work environment. It you know the specific values um and the specific requirements. So if you're HIPPA compliant or you know anything like that, it doesn't know that and it can't interpret that like a human can. Does that does that answer your question, Sean? Yes. Yes. I like that. Okay, perfect. So you we've talked about the similarities, we've talked about the differences, we've talked about personalities. Now for me, what's important working for ERP? What is ERP doing about it? So what we're doing, you know, we're not just going out willy-nilly creating AI. We're trying to be the front runners of developing it responsibly. So we're wanting to mitigate risks. we're developing in a way that both aligns with societal values and benefits everyone. Um, we don't want to hurt or harm anybody. That that that's not the goal. We're being accountable. We're continuing to be transparent. I mean, we're hosting an AI conference. We're showing you, hey, this is what we know. This is where we're going. This is what we're doing. And we're just we're being very open about it. We're staying secure and we're also staying in compliance with all of that.

Personal Use and Safety Considerations

So now that you've seen what ERP is doing, let's talk about how to implement that in your own company. So when you're going, you know, let's say you're working on a project in your company and you're like, man, AI would be really helpful right now. There are some questions that need to be asked before you just start using it. One is which which AI is approved. Does your company work strictly with copilot? Does it work strictly with Gemini? You know which one is the one that your company has said yes, you can use this one. Then you need to talk about what you're using it for. Are you using it for marketing? Are you using it for coding? What about customer support? Those things all should be in a policy or you should be trained on uh what information can be shared. So you want to make sure you're not sharing customer data. They sign NDAs for a reason and you want to make sure that you are not giving AI information that it shouldn't have. Uh always keeping a human in the loop. So this comes back to important decisions not being made by AI alone. So a human can audit and understand and overrule AI because it does not understand your culture, your values, where the direction that your company is going. It doesn't understand that and it can't interpret like a human and it there always needs to be an override. So the the really there are a couple really big ones and this is one AI makes mistakes. It's at the bottom or bottom. Hey AI makes mistakes. We're not perfect. You know, you just need to be aware. And there are instances even locally um that I know of. I can't share a ton, but I know that some lawyers had used it in court cases and it's come back and it it created new cases that never existed and the judge actually told the lawyer, "Hey, you need to do your job. AI can't be doing this for you because it's a great reference, but it's not perfect." And that's not what it's intended for. Legal advice is not one of those things. And then finally, uh you need to train your team. So it's really easy to have these policies and these things in place, but you need to teach them. You need to stay up todate with AI and where your company's going and how it's growing. So and that that the rest does not mean anything if you're not training your team.

Inspiration and Audience Interaction

So now we've talked about your company. And so this is a little PSA about you. So you're wanting to use AI, but you're wanting to be safe. So let's discuss, you know, what about you? Are you learning a new skill? You need to know why you're using it. Are you brainstorming? Are you life planning? Are you just exploring? It matters because it helps you stay intentional. You're not supposed to be using AI for mental health advice or legal guidance. That's not what it's for. And then you need to protect your personal information. No full address, no full names, no addresses, no phone numbers. Anything you wouldn't want to give a person, stranger on the street, you don't want to be sharing with AI because it is not perfect and it is not always as secure as it may seem. So you can use it responsibly. I don't know how many of you had used AI. If that's something that you all want to throw in there, I would love to know how many of you all have used it. I wanted to show you that AI doesn't have to be scary. And so, I put a little video together to kind of help with what what I use it for.

So, I love to cook and I get really stuck and sometimes you only have a couple of ingredients and you've used those five recipes over and over and over. Tired of those. So, I use chat GPT. I said I have chicken, I have sweet potatoes, and I have rice. Help me come up with something to eat. So, this is all normal. This is what it looks like when you are using it, you know. and it comes up with, hey, here's my suggestion on an easy one pan sweet potato casserole. So, you can see, and I love that it gives you tips. Love that. But I also really love at the end where it talks or it asks, you know, do you want it slow cooker friendly or meal prep? I would have never thought, hey, let's do it this way. So, it was nice to have that stimulation of, hey, think outside the box. Let's push these boundaries here. So, I decided to go with the slow cooker. So, it prompts with the slow cooker. It gives me tips again, which I really appreciate. And then it prompts me again, do you want uh a one pot version with coconut milk or a more tropical flavor? And I'm like, sweet potatoes, chicken, and rice, tropical. What? So I was like, "Sure, let's see what tropical does." And so it goes through again and it rice. It talks about putting pineapple in it. Like things that I would never have dreamt of doing. It helped spur that on. And for me, the inspiration of being able to for it to be this easy, I just really loved it. It was very nice. Really good experience. Satrina, I mean, I love to cook as well, but why why are we pulling this in when we're talking about governance and compliance with AI? Why would we mention cooking? So, I wanted to give something that was more relatable to most people.

So, not everybody works in governance and compliance. And I wanted to show you that a policy, you have to put the ingredients in to be able to get a policy. So for me, I just use an actual recipe to show you that if you input the correct things within compliance, then it can help you produce what you are looking for. So for me that's information, you know, the ingredients are the compliant information and then the end can be a policy. So I just was trying to make it a little bit more relatable to uh to most others. Gotcha. So basically learning how to frame our questions in the first place to get what you're after. Correct. Yes. So Oh, did I lose you? No, you're fine. Okay. No, sorry. It it broke up. So, I want to challenge you to try it. So, Sean, did anybody answer if we if they've used AI before? No, but we've gotten some thumbs up and a and an applause uh so far. All righty. Well, so um this was trying to encourage you to not be afraid of AI. It is full of opportunities. Um you it is a great resource. It's a great tool as you saw. It can inspire or it can stimulate you on how to help you grow and push those boundaries.

So I want to challenge you to use AI today safely. So have it give you the definition for something. Have it give you a recipe. see if it can inspire you to do something you wouldn't normally. And so since you're want, you know, this challenge is out there, I also wanted to give you the links to the AI. When I first started looking, it's easy to get lost in the sauce, so to speak. So, I wanted to give you the links directly because it's easy to type in chat GPT and you don't end up where you want to be. So here are the links to those just so that you know everybody kind of has them and then I kind of I want to open the floor for questions if there's anything that you all have questions about and then uh finally you know how can we help.

So actually I did want to go back to one thing when you were telling us putting out your challenge and everything to do this and by the way we have had a couple of comments. Uh Susan says she has used it and is using it now for documenting their SDLC process which is fantastic. Used it employee reviews uh with no names. Thank you Susan. That's from the security side. I'll tell you that's that's a big thank you. Uh and uh Kylie I hope I'm pronouncing that properly. uh prompted co-pilot for help uh with what to include on a personal dashboard and it helped me come across new process automation ideas. So yeah, so I think from what I'm hearing from others as far as practicing with this and what you're trying to get across Trina just to see if this example works. You're basically saying we need to practice with this a little bit before we have a big important document that we need to do. We don't want to be uh you know Thomas Jefferson on the evening of July 3rd 1776 saying oh was that due tomorrow? So exactly. So using it in your personal life I found helped me transition to using it in my professional life because I'm not doing the hey it's the night before a big review you know let's write this. I've used it personally now and can use it professionally when needed. So yes, I agree 100% with you.

Okay, now that we've touched that, we're so at the very end I do have um what the actual responses from the AIS were. So, I'll scroll through those slowly, so not too slowly, but you can go back and watch the video if you need to. Uh, and just let you all ask questions while I scroll through these. If you have anything, please feel free to throw it out there. Uh, we'd love to love to talk with you. And if there's something that you need to reach out to me personally, here's that again. Uh, feel free to shoot me an email. Not opposed. I will definitely get back to you. Uh willing to talk about any of it. So, and then this one was uh chat GBT, what does governance and compliance mean to you? And this was its response. We're going to move on to co-pilot also same question. And then we'll get to the uh wordy Gemini. Like I said, I love the structure, but there was just a lot happening. And then there were some other questions that I asked that you all may find interesting. Um, I asked about limitations. Do you feel that governance and compliance limits you? I know that a lot of people personally can feel that way. Uh, so this is what the AIS think. Um, I did find it interesting that the only one that I was even somewhat concerned about was Gemini where it specifically talks about um, let's see violations it at one point. Yeah, overly so if you go about mid page overly strict regulations could potentially stifle development of AI. So that for me I was like, "Oh, well that's kind of the answer I was expecting from AI, but you know, you threw it in a whole lot of words, but it did bring it back with lack of regulation could lead to harmful consequences." Just thought that was interesting. One of those just to throw out there for you. So were there uh any any questions? Um we're we're open for questions if anyone wants to put any in.