Chapter 03. Managing Risk in AI Systems¶
Every AI system carries risk, but risks don’t just appear at deployment. They emerge from assumptions, design choices, and unknown interactions across the AI lifecycle. Trustworthy AI demands that risks be identified early, assessed clearly, and governed responsibly.
In this chapter, we follow the AI risk management lifecycle as defined by ISO/IEC 23894, the international standard for AI-specific risk management. It outlines eight structured phases:
Context establishment, Risk identification, Risk analysis, Risk evaluation, Risk treatment, Monitoring, Communication, and Documentation.
We focus on the phases where practical risk governance begins and where breakdowns are most likely to escalate if ignored:
- Context Establishment (3.1): Defining system boundaries, stakeholders, and impact assumptions
- Risk Identification & Analysis (3.2): Discovering and understanding where harm can arise
- Risk Evaluation & Treatment (3.3): Prioritizing what matters most and designing effective mitigations
- Monitoring & Review (3.4): Ensuring risks evolve with the system, and are never treated as “solved”
These four phases are emphasized because they represent the core of anticipatory governance, the point at which risks can be recognized, scoped, and addressed before they propagate across the lifecycle.
- Most catastrophic failures come from poorly defined assumptions (context)
- Most ethical blind spots originate in narrow risk framing (identification)
- Most compliance gaps stem from untracked residual risk (evaluation)
- Most long-term harm grows from unmonitored model drift (monitoring)
Other phases like communication, documentation, and coordinated risk acceptance require enterprise-wide governance maturity, legal clarity, and audit infrastructure. These are introduced in the Advanced Level with detailed techniques and role-mapping tools.
By the end of this chapter, you’ll understand how AI risks are structured, how they escalate, and where to place early guardrails that shape long-term trust.