Certified in Risk and Information Systems Control (CRISC) — Question 1145

An organization has recently corrected its machine-learning model that had been producing automated decisions that had adverse impact on its customers. Which of the following is the BEST course of action?

Answer options

• A. Discontinue use of machine learning for customer-related decision making.
• B. Report the adverse impact to regulatory authorities.
• C. Request risk acceptance from senior management.
• D. Implement appropriate data governance to monitor decision-making outcomes.

Correct answer: D

Explanation

Implementing appropriate data governance is crucial to ensure ongoing oversight and to monitor the outcomes of decisions made by the machine-learning model. Discontinuing machine learning (A) would eliminate the benefits it provides, while reporting to regulators (B) might not be necessary if the issue is resolved. Requesting risk acceptance (C) does not address the need for continuous monitoring and improvement of the model.