Public authorities and government entities have started to develop and put into production ML algorithms in order to possibly improve services and lower costs. This new technology comes with new challenges. SAIs need to be able to assess and audit ML applications, and several countries have started pilot projects.
This paper presents some of the issues and risks of ML applications in the public sector, and suggests suitable audit methods. Structured into five audit areas focusing on governance, data, model development, the model in production, as well as evaluation that includes ethical aspects, the audit catalogue guides auditors through a typical ML development process. The auditing techniques described here were applied in case studies to assess the utility and trustworthiness of ML applications, as well as the efficiency and effectiveness of the implementation and operation of such applications.
ML models are used for a large variety of topics, with different risks applying to different model classes. Therefore, this audit catalogue could be refined and extended by applying it to more diverse and more complex ML models. As the field of ML is still evolving in line with new research developments, this audit catalogue needs to be updated regularly.
This paper is accompanied by an ML audit helper tool that enables auditors to choose from a host of questions and create a tailor-made questionnaire that is suitable for their specific audit. Auditors can select steps of the ML development process, possibly structured along the CRISP-DM cycle, that they would like to study. They are provided with recommendations for suitable questions as well as hints on which interview partners might be suitable to answer these questions and what audit evidence one should expect from the auditee organisation. The authors hope to enable the international audit community to begin auditing ML systems with the guidance and good practices provided within this paper and the audit helper tool.