AI Auditing - Checklist for AI Auditing
12
o Is there documentation which assure that, when programming AI-based components,
the coding principles, codes and coding, best practices applied are followed in order to
guarantee that the code is readable, secure, low-maintenance and robust?
o Is the basic architecture of the AI component identified and documented? It must
include information on the chosen machine learning technique, the type(s) of tested
and, when appropriate, dismissed algorithms at the learning and training stages, and
other data on the functioning of the relevant component, such as the model loss
function or cost function.
o Does a systematic procedure for documenting the component implementation
procedure exist? Is it implemented? It is necessary to guarantee registration and
subsequent acquisition of all necessary information to identify such component, its
elements and its environment, understanding what it does and why it does it, and
enables to verify code quality and legibility for auditing purposes: description of the
programming language(s) used, most recent code version, commented-out code,
necessary packages and libraries, and interfaces with other components, when
appropriate, used APIs and useful documents such as requirements specifications,
functional and organic analyses, guidelines, etc.
o Is the AI component code impossible to access? If yes, is a reverse-engineering process
or other alternative method used (i.e., a zero-knowledge proof (ZKP))? A reverse-
engineering process enables to know more about the component function and to
establish the logic of rules applied in order to detect inconsistencies, direct
manipulations and underestimation or overestimation of the variables used in the
original component.
3.3. Moments and sources of bias
Bias refers to a deviation from the standard. As such, and in technical terms, bias may be needed and
desirable. In the context of AI accountability, however, “bias” has become an hypernym or umbrella
term for lack of fairness and discrimination in data processes which result in individual and/or
collective harms. By identifying and mitigating bias, we can ensure or protect fairness in AI systems.
Bias is the result of many factors, social and technical: from systematic errors introduced by
algorithmic design choices, dirty data, sampling procedures, reporting protocols, or wrong
assumptions that cause a mismatch between the input features and the target outputs. To date, most
studies on bias have focused on historical and aggregation bias, that is, the need to identify protected
groups and calculate disparate treatment and impact. This is at the heart of the E2EST/AA
methodology. However, bias and inefficiencies can emerge at other times, and a focus on historical
and aggregation bias alone will lead to incomplete and therefore harmful assessments of bias. This
will result in rights violations, stereotyping, bad or inefficient decisions, discrimination of individuals
and groups, and the reproduction of processes of inequality and dispossession. Partial or wrongful
identification of bias sources and inadequate mitigation measures will lead to unacceptable societal
harms and compliance risks.
The E2EST/AA distinguishing between moments and sources of bias. This provides the auditor with an
overview of the possible causes of a given disparate impact, understood not only as an individual
function of accuracy or performance but also as a general measure of (lack of) fairness in an
algorithmic process. The E2EST/AA method defines and identifies moments and sources of bias,
establishes the documents and tests needed to assess compliance with legal and social requirements,
provides an opportunity to address and mitigate inefficiencies and harms, and provides a measure for
overall system fairness and impact.