Question 29
IVA regulator requests an independent assessment of a deployed credit model. Which activity most clearly falls within an AI audit rather than routine model tuning?
Correct answer: B
Explanation
An AI audit is a formal, independent review that “systematically” evaluates the model’s development process, documentation, performance, fairness, robustness, and compliance with policies and laws. Routine model tuning changes parameters to improve performance, while an audit produces a formal report assessing governance and risk across the full lifecycle.
Why each option is right or wrong
A. Tweaking hyperparameters to slightly improve accuracy on recent data.
Hyperparameter changes are model optimization work, not an independent governance or compliance review.
B. Systematically evaluating the model’s development process, documentation, performance, fairness, robustness, and compliance with applicable policies and laws, and producing a formal report.
The regulator’s request points to an independent assurance activity, which aligns with an audit-style review rather than model maintenance. Under the NIST AI Risk Management Framework 1.0, the Govern/Map/Measure/Manage functions contemplate documented, repeatable evaluation of an AI system’s design, data, performance, robustness, and governance controls; by contrast, routine tuning is an internal optimization step, not a formal assessment. The presence of a structured review and a written report is the key marker here, because audits assess compliance and risk across the lifecycle rather than changing parameters to improve metrics.
C. Migrating the model from on-premises servers to a cloud platform.
Platform migration is infrastructure modernization and does not evaluate model risk, fairness, or compliance.
D. Updating the user interface layout for better user experience.
User interface updates affect presentation, not the model’s lifecycle controls or regulatory assessment.