Being diligent about AI

Artificial intelligence (AI) and machine learning (ML), especially generative AI, is front of mind at the moment. AI is a hotbed of activity, grabbing headlines and raising more questions than answers. Almost every organisation is evaluating the impact on their product and service offerings. At the same time, while generative AI is the topic everyone is talking about, many organisations already leverage AI and ML extensively, often as an extension of the data practices within the organisation. Cutting through the hype and understanding the reality of the impact of AI becomes important.

As a company that specialises in commercially grounded technical diligence, CTO Labs deems essential to have a view of AI as part of the formal diligence process of an organisation, to help investors make informed decisions about their investments and what risks or opportunities might impact the performance of the investment. We have a focused process to perform comprehensive diligence to meet this need.

In the context of due diligence, CTO Labs approaches assessing AI of an organisation across three macro dimensions:

Maturity - does the target organisation have effective focus and understanding to utilise AI effectively?

Capability - can the target organisation harness AI to improve business efficiency and effectiveness?

Risk Management - is the target organisation able to effectively understand and manage the risks associated with AI?

Taken together these areas provide a comprehensive view of how an organisation is capitalising on AI as well as being able to understand and manage the risks that arise from its usage.

Maturity

For maturity, we assess a target organisation across several dimensions, assessing both the current and ideal level of capability: awareness, data management, skills & expertise, tools & technology, processes, and culture.

This provides an investor a balanced view across the organisation of how well prepared an organisation is to leverage AI as well as give an indication if there are untapped upsides or areas for uplift and investment.

Capability

One of the most important impacts of AI for business is how it can be leveraged to improve business efficiency. We assess the current state of an organisation’s capabilities to leverage AI across several areas including: development efficiency, cybersecurity, product development, and business performance.

This gives a view to how mature a target organisation is in harnessing AI internally and where opportunities for further upsides in the future. When combined with the view of overall maturity, this gives investors further insight into added multiples around speed and efficiency.

Risk management

The very nature of generative AI brings whole new sets of risks that organisations haven’t traditionally considered. The ability of an organisation to manage the risks is material to their future performance as well as the ability to continue operations. Understanding that ability for a target organisation to identify and effectively manage and mitigate those risks is very important for an investor to understand. Management of risk not only underpins future potential performance but also can be material to the license to operate.

The National Institute of Standards and Technology (NIST) is one of the leading industry standards bodies, especially when it comes to cybersecurity standards and risk management. Because of the rise of AI, NIST in April produced a draft Risk Management Framework for AI.

CTO Labs has aligned its approach to AI risk management to this framework. We assess an organisation across four main areas around AI risk management: governance, mapping risk, measuring risk and managing risk.

We provide a view of the current state of the target organisation aligned to that framework as well as provide uplift recommendations. This provides investors with clear inputs into modelling their investment risk tolerance, deal conditions and uplift spend.

In summary

It is important as part of comprehensive technology and cybersecurity diligence to also understand a target organisation in relationship to AI. Having a clear understanding of the aspects of AI in the organisation, including their current risk posture is not only material to making an investment but also helps forms the basis for the management plan for the asset post investment. The best advice will be multi-dimensional, equipping you with a deep view of maturity, capability and risk so you can move forward on commercial foundations with confidence.

Got a target or asset you'd like to discuss further? Reach out to Kit directly using his profile photo link at the top of this page.

Or book a callback using the scheduling links below.