Agenda item

To receive a presentation on the Council’s approach to governance and risk management in relation to Artifical Intelligence (AI).

The Head of IT Infrastructure gave a detailed presentation on the Council’s approach to the governance and risk management of Artificial intelligence (AI). A copy of the presentation had been circulated to each Member and a copy of which appears as Appendix 'B' to these Minutes in the Minute Book.

In summary the presentation explained why the Council needed AI Governance and outlined the AI use case assessment framework, including how desirability, viability and feasibility were considered. It set out the AI procurement checklist associated with the use case assessment framework before purchase. It also covered the role of senior leadership in approving/rejecting the use of tools and in providing strategic oversight and approving funding. The presentation highlighted the current AI initiatives used by the Council and their associated benefits.

The Director of IT and Programmes and the Head of IT Infrastructure responded to questions and comments. They explained that the Council had received widespread recognition for adopting a considered approach to the use of AI and ensuring that governance and controls were developed from the outset. At present this framework was managed through the Corporate Management Board (CMB) but was under continuous development. Guidelines had been issued to employees on the seven rules for using AI responsibly. One of the main AI initiatives, Microsoft CoPilot, had been approved for use due to its ensured data compliance and security. CoPilot was a multi-purpose enabling tool available to all employees at no extra cost. Access to the premium version for which there was a fee was limited and its use closely assessed. Another tool, MagicNotes, was adding value to adult social care work.

Members asked about the potential risks if AI was not used responsibly. The Officers explained the role of the digital adoption team and how training and guidance for employees was being embedded. The Council had taken proactive steps to promote CoPilot and the seven rules as a way of discouraging the use of unauthorised tools for work on personal devices. The importance of human judgement in using AI was included in the framework and there was clear messaging around taking responsibility for your work (‘read it, edit it, own it’). In terms of hosting, all providers were required to meet cybersecurity standards and all data was hosted in the UK. The IT team monitored AI regulations to ensure compliance and shared information and best practice with sector specific groups and other councils.

Members asked about measuring the benefits of AI and whether there were sufficient finances to support further development. The Officers explained that KPIs would be developed as part of the next phase using quantitative and qualitative feedback and metrics were available to measure. Funding approval was currently controlled by CMB but the need for investment was clear. Members were advised that a continuous improvement and innovation programme was being developed, focussing on invest to save use cases which would help inform business cases. It was noted that the overall aim was to move eventually to a ‘build not buy’ mentality.

Other comments included potential efficiencies in Planning and the use of other AI tools such as Claude. On the environmental impact on net zero targets, this was included in the framework, was monitored and it was noted that Microsoft was committed in its carbon buyback credentials. A Member also asked about action to speed up blue badge applications. It was explained that this was not just about IT, it raised wider questions around scrutiny of process and was being addressed by a specialist team.

Committee members considered whether there was a need at this stage to recommend to Cabinet the development of a governance and risk management policy but following discussion agreed this was a little premature. Members were interested in how the use case assessment and ongoing monitoring would be embedded at departmental level into the three lines of assurance and how tools would be registered and benchmarked. It was noted that learning continued to evolve as the pace of technology developed.

The Chair thanked the officers for their presentation and the Committee requested an update on progress in around six months including the development of a governance and risk management policy.