Appendix 5: Roles

The following list attempts to summarise the responsibilities in an AI project that can be relevant in an audit. It is provided to help auditors identify contacts within the auditee’s organisation. AI roles are evolving rapidly as technologies and practices mature, so this list is not exhaustive and will likely change over time to reflect new tools, methodologies, and ethical considerations.

Comparatively small auditee organisations might combine several of the roles below into a single person or team.

Some roles can furthermore be taken on by external consultants; however, in the case of the audit happening after the consultants’ assignment is finished, internal personnel should have acquired the knowledge of the respective roles. It is thus the responsibility of the auditee to ensure sufficient documentation of any work done by external consultants.

AI Architect/Engineer

This person defines the overall AI system architecture and integration strategy. They help define how models, data pipelines, APIs and applications fit together. They choose frameworks, platforms and cloud services for AI deployment, ensuring scalability and security.

Budgetary commissioner

This person is responsible for the budget of the auditee organisation and thus for any spending on AI software development projects, procurements or consulting. They are the authority on whether the development and operation of such software is a worthwhile use of the auditee organisation’s budget and should be able to provide all budgetary information on the AI system’s development and operation.

Chief information officer (CIO)

The CIO of the auditee organisation is responsible for all its IT and thus should be informed about all AI systems already in operation and all projects that are developing such software.

Commissioner for data protection and privacy

This is the chief data protection official of the auditee organisation. They must be informed of any concerns about the use of personal data by the AI system. Their role is to ensure that the software adheres to data privacy laws and regulations, such as the EU’s GDPR.

Controller

The person who audits projects and checks for adherence to governance principles.

Data analyst/scientist

The person who analyses and works with the data that is to be fed to the AI system. They are responsible for data understanding and should be closely involved with the development process. They assist the product owner, by translating their demands into specifications and requirements for the developers.

Data engineer

The person responsible for technical aspects of the raw data (data warehousing, data quality, access control) as well as understanding of the raw data and sources. They are also responsible for data provision and data management.

Developer

The person/people who produce the AI system according to the specifications and requirements that were agreed upon with the product owner (and train the model, for models that require a training phase). They are responsible for transformations of the raw data to the final variables used by the model (‘feature engineering’), and they are closely involved with the data scientists and engineers, the project leader and the product owners.

IT security officer

This the chief IT security official of the auditee organisation. They must be informed about any and all IT security aspects of the development and operation of the AI system.

Process hotline/user helpdesk

The team that is tasked with providing support for users/processing officials. They should be able to answer all questions that arise during the routine operation of the software.

Project leader

The person responsible for all project management/project governance topics. They should be able to provide any required project management documents.

Project owner/product owner

The team or unit within the auditee organisation that is responsible for the task that now should be supported or automated with an AI system. They decide on which performance measures are required from the AI system and the acceptance of the deliverables at the end of an AI development project

User/processing official

The person or unit that is supposed to use the results of the AI system for their job. They are a deciding factor for the success of AI projects as they have to understand the suggestions or results from the AI system and apply them to their (routine) tasks.

Subject matter expert

This is a generic term for someone with expert knowledge in a specific domain.