Model Risk

Assessment

Detailed Explanation

Model risk is the risk of adverse consequences arising from errors, limitations, or inappropriate use of AI models. It encompasses conceptual soundness risk (the model's design is inappropriate for its intended use), estimation risk (the model produces inaccurate predictions), and implementation risk (the model is correctly designed but incorrectly deployed). Model risk is the most AI-specific risk category and the one most likely to be underestimated by organizations accustomed to traditional software risk management. Unlike software bugs, model risks may not produce obvious errors -- a biased credit scoring model might function perfectly from a technical perspective while systematically disadvantaging protected groups. Model Risk Management (MRM), originally codified in the Federal Reserve's SR 11-7 guidance for financial services, is increasingly adopted across industries as a governance discipline.

Why It Matters

Understanding Model Risk is essential for organizations pursuing responsible AI transformation. In the context of enterprise AI governance, this concept directly impacts how organizations design, deploy, and oversee AI systems particularly within the Governance pillar. Without a clear grasp of Model Risk, organizations risk creating governance gaps that undermine trust, compliance, and long-term value realization. For AI leaders and practitioners, Model Risk provides the conceptual foundation needed to make informed decisions about AI strategy, risk management, and stakeholder engagement. As regulatory frameworks such as the EU AI Act and standards like ISO 42001 mature, proficiency in concepts like Model Risk becomes not merely advantageous but operationally necessary for any organization deploying AI at scale.

COMPEL-Specific Usage

Assessment concepts underpin the evidence-based approach of the COMPEL framework. The Calibrate stage uses assessment methodologies to establish baselines, while the Evaluate stage applies them to measure progress. COMPEL mandates that every governance decision be grounded in assessment data, not assumptions, ensuring transformation roadmaps address verified gaps. The concept of Model Risk is most directly applied during the Calibrate and Evaluate stages of the COMPEL operating cycle. Practitioners preparing for COMPEL certification will encounter Model Risk in coursework aligned with the Governance pillar, and should be prepared to demonstrate applied understanding during assessment activities.

Related Standards & Frameworks

ISO/IEC 42001:2023 Clause 9.1 (Monitoring and Measurement)
NIST AI RMF MEASURE function