Skip to main content

The study sought to answer three questions:


The survey results identify fourteen activities that are present in at least some business RAIM programs. They suggest that risk assessment, the building of a management structure, and the establishment of standards (ethical principles, policies) are the most common components of business RAIM initiatives. By contrast, measuring the firm’s RAIM performance, evaluating employees’ RAIM performance, and requiring a company’s suppliers to follow its RAIM policies are among the least common.


The survey responses suggest that businesses are most likely to vest RAIM responsibility in those with expertise in privacy governance. That is perhaps unsurprising given the connections between privacy governance and AI governance. Firms also assign RAIM responsibility to those with data analytics, risk, and ethics expertise. This suggests that organizations may benefit from a multi-disciplinary approach to AI governance.


Respondents clearly stated that RAIM produced substantial value and that it did so in areas important to business strategy and competitiveness such as product quality, trustworthiness, and reducing regulatory risk. Businesses contemplating whether to implement their own RAIM program, and policymakers making the case for RAIM requirements, should find this relevant.