This template provides a structured approach for identifying, scoring, and treating risks associated with AI systems. It covers four primary risk dimensions: bias and fairness, security, privacy, and reliability. Adapt the risk register, scoring scales, and treatment options to fit your organization's context and regulatory requirements.
Bias and Fairness
Risk
Description
Indicators
Training data bias
Historical biases in training data leading to discriminatory outcomes across protected characteristics.
Disparate performance metrics across demographic groups; skewed training data distribution.
Proxy discrimination
Non-protected variables (ZIP code, name) serving as proxies for protected characteristics.
Correlation analysis reveals proxy relationships; disparate impact in outcomes.
Feedback loop amplification
AI decisions reinforcing existing biases through data collection that reflects biased prior decisions.
Performance metrics diverge over time across groups; outcome distributions shift.
Security
Risk
Description
Indicators
Adversarial attacks
Crafted inputs designed to cause misclassification, data extraction, or system manipulation.
Unusual input patterns; unexpected model behavior on edge cases; prompt injection attempts.
Model theft or extraction
Unauthorized extraction of model weights, training data, or decision boundaries through API queries.
High-volume API queries with systematic input variation; unusual access patterns.
Data poisoning
Malicious modification of training data to introduce backdoors or degrade model performance.
Unexpected performance changes after retraining; anomalous training data samples.
Privacy
Risk
Description
Indicators
Training data memorization
Model memorizing and reproducing personal data, trade secrets, or copyrighted material from training data.
Model outputs contain verbatim training data; personal information appears in generated text.
Inference attacks
Deriving sensitive attributes about individuals from model outputs or behavior.
Model confidence scores reveal membership; outputs vary predictably with sensitive attributes.
Unauthorized data collection
AI system collecting or processing personal data beyond stated purpose or consent scope.
Data logs show processing of out-of-scope data; user complaints about unexpected data use.
Reliability
Risk
Description
Indicators
Model drift
Degradation in model performance over time as the relationship between inputs and outcomes changes.
Declining accuracy metrics; increasing error rates; prediction distribution shift.
Hallucination and confabulation
Generative AI producing factually incorrect, fabricated, or unsupported content with high confidence.
Fact-checking failures; user reports of inaccurate outputs; citation verification failures.
Single point of failure
Critical business processes depending on a single AI system without fallback or human override capability.
No manual fallback procedure documented; system outage causes complete process stoppage.
Risk Scoring Matrix
Likelihood Scale
1
Rare
Unlikely to occur in the next 12 months. No known instances in comparable deployments.
2
Unlikely
Could occur but not expected. Isolated instances in comparable deployments.
3
Possible
Might occur at some point. Occasional instances in comparable deployments.
4
Likely
Expected to occur. Regular instances in comparable deployments.
5
Almost Certain
Expected to occur frequently. Common in comparable deployments.
Impact Scale
1
Negligible
Minimal operational impact. No regulatory, financial, or reputational consequences.
2
Minor
Limited operational disruption. Minor financial cost. Internal process correction needed.
Severe operational disruption. Regulatory enforcement action likely. Substantial financial or reputational harm.
5
Critical
Existential threat. Significant harm to individuals. Regulatory penalties, litigation, or loss of operating license.
Risk Score = Likelihood x Impact. Scores 1-6: Low (accept or monitor). Scores 8-12: Medium (mitigate). Scores 15-25: High (mitigate urgently, consider avoidance).
Risk Treatment Options
Option
Description
When to Apply
Mitigate
Implement controls to reduce risk likelihood or impact. Examples: debiasing techniques, input validation, output filtering, human-in-the-loop review, monitoring and alerting.
Default treatment for most identified risks. Prioritize based on risk score.
Transfer
Shift risk to a third party through contracts, insurance, or outsourcing. Examples: vendor SLAs with liability clauses, AI-specific insurance policies, contractual indemnification.
When the organization lacks internal expertise to manage the risk, or when insurance is cost-effective relative to potential loss.
Accept
Acknowledge the risk and proceed without additional controls. Document the rationale, residual risk level, and conditions for reassessment.
When residual risk is within organizational risk tolerance, or when the cost of treatment exceeds the expected loss.
Avoid
Eliminate the risk by not proceeding with the AI use case, or by redesigning the system to remove the risk source.
When the risk level is unacceptable and cannot be adequately mitigated, or when the use case does not justify the residual risk.
Residual Risk Acceptance
After treatment, document the residual risk level for each identified risk. Residual risk acceptance must be approved by the appropriate authority based on the residual risk score: low residual risk may be accepted by the project owner, medium by the AI governance committee, and high residual risk requires executive leadership approval. All residual risk acceptances must include the rationale, conditions for reassessment, and a review date not exceeding 12 months.