Abstract:AI audits are an increasingly popular mechanism for algorithmic accountability; however, they remain poorly defined. Without a clear understanding of audit practices, let alone widely used standards or regulatory guidance, claims that an AI product or system has been audited, whether by first-, second-, or third-party auditors, are difficult to verify and may exacerbate, rather than mitigate, bias and harm. To address this knowledge gap, we provide the first comprehensive field scan of the AI audit ecosystem. We share a catalog of individuals (N=438) and organizations (N=189) who engage in algorithmic audits or whose work is directly relevant to algorithmic audits; conduct an anonymous survey of the group (N=152); and interview industry leaders (N=10). We identify emerging best practices as well as methods and tools that are becoming commonplace, and enumerate common barriers to leveraging algorithmic audits as effective accountability mechanisms. We outline policy recommendations to improve the quality and impact of these audits, and highlight proposals with wide support from algorithmic auditors as well as areas of debate. Our recommendations have implications for lawmakers, regulators, internal company policymakers, and standards-setting bodies, as well as for auditors. They are: 1) require the owners and operators of AI systems to engage in independent algorithmic audits against clearly defined standards; 2) notify individuals when they are subject to algorithmic decision-making systems; 3) mandate disclosure of key components of audit findings for peer review; 4) consider real-world harm in the audit process, including through standardized harm incident reporting and response mechanisms; 5) directly involve the stakeholders most likely to be harmed by AI systems in the algorithmic audit process; and 6) formalize evaluation and, potentially, accreditation of algorithmic auditors.

What problem does this paper attempt to address?

The paper primarily explores the challenges and opportunities faced by algorithm auditing (also known as AI auditing) in the current technological and social context, and proposes recommendations for improving algorithm auditing practices and policies. The paper points out that although algorithm auditing is increasingly popular as a means to enhance algorithm accountability, its definition remains ambiguous, lacking clear standards and regulatory guidance. This results in difficulties in verifying the authenticity of AI products or systems that claim to have been audited, and may even exacerbate rather than mitigate issues of bias and harm. To address this knowledge gap, the authors conducted the first comprehensive field scan, covering individuals and organizations engaged in algorithm auditing, and collected data through anonymous surveys and interviews with industry leaders. The research identified some emerging best practices as well as common methods and tools, and listed the main obstacles encountered when using algorithm auditing as an effective accountability mechanism. Based on these findings, the paper proposes 6 policy recommendations to improve the quality and impact of algorithm auditing: 1. Require owners and operators of AI systems to conduct independent algorithm audits based on clearly defined standards; 2. Notify individuals when they are affected by algorithmic decision-making systems; 3. Mandate the disclosure of key parts of audit results for peer review; 4. Consider real-world harms in the auditing process, including standardized harm incident reporting and response mechanisms; 5. Involve stakeholders who are most likely to be harmed by AI systems directly in the algorithm auditing process; 6. Formalize the evaluation of algorithm auditors and potentially certify them. These recommendations are significant for legislators, regulatory bodies, internal company policy makers, standard-setting organizations, and auditors themselves. In summary, the paper aims to promote more effective and responsible algorithm auditing practices by proposing specific policy recommendations.

Who Audits the Auditors? Recommendations from a field scan of the algorithmic auditing ecosystem

The algorithm audit: Scoring the algorithms that score us

Closing the AI Accountability Gap: Defining an End-to-End Framework for Internal Algorithmic Auditing

A Framework for Assurance Audits of Algorithmic Systems

Auditing of AI: Legal, Ethical and Technical Approaches

Towards algorithm auditing: managing legal, ethical and technological risks of AI, ML and associated algorithms

Audit and Assurance of AI Algorithms: A framework to ensure ethical algorithmic practices in Artificial Intelligence

AI auditing: The Broken Bus on the Road to AI Accountability

Towards AI Accountability Infrastructure: Gaps and Opportunities in AI Audit Tooling

Outsider Oversight: Designing a Third Party Audit Ecosystem for AI Governance

From Transparency to Accountability and Back: A Discussion of Access and Evidence in AI Auditing

The Right Tool for the Job: Open-Source Auditing Tools in Machine Learning

Problematic Machine Behavior: A Systematic Literature Review of Algorithm Audits

Algorithmic Bias and Risk Assessments: Lessons from Practice

Algorithmic audits of algorithms, and the law

Auditing the AI auditors: A framework for evaluating fairness and bias in high stakes AI predictive models.

Law and the Emerging Political Economy of Algorithmic Audits

Ethics-Based Auditing to Develop Trustworthy AI

The Necessity of AI Audit Standards Boards

Black-Box Access is Insufficient for Rigorous AI Audits

Everyday Algorithm Auditing: Understanding the Power of Everyday Users in Surfacing Harmful Algorithmic Behaviors