AI Governance Framework Audit for Sanoma Group

Background

Sanoma Group is the largest media company in Finland, and a leading European service company in the learning market with a reach of about 25 million students. 

To review their practices around AI Governance, Sanoma sought the expertise of Advisense’s team to review the policies and processes that govern their AI systems in the different stages of their life cycle. 

As a result, Advisense was appointed to audit the state of Sanoma’s general AI Governance Framework. The scope of this audit was to review the governance model and processes of Sanoma, and the objective was to ensure that the policies, guidelines, roles, and training defined at the governance level complied with the Ethics of AI and AI principles in general. As well as to ensure there were the controls and monitors necessary to identify and manage the risks related to the usage of AI. 

Challenge

In today’s landscape where AI presents significant opportunities for businesses, AI Governance has become crucial because it helps companies manage the risks related to AI by ensuring their systems are developed and deployed in a manner that is ethical, transparent, responsible, and safe for society. Moreover, a strong governance model builds trust with stakeholders and ensures compliance with the fast-evolving AI regulatory framework. For example, with the already applicable AI Act. 

Given that, the scope of this audit required deep subject expertise in the body of multiple, laws, policies, frameworks, and standards that govern the use of AI. The challenge was to obtain a comprehensive overview of the governance framework in the complex and transformative context of AI technologies. But at the same time provide recommendations that would effectively improve Sanoma’s practices. 

Solution

Advisense carried out this audit using a cross-competence team combining experience from Auditing, Corporate and IT Governance, Technology risk, and Privacy, as well as, using a strong understanding of new technologies such as Generative AI. 

Advisense conducted this audit by taking a holistic approach that considered aspects such as: 

• Strategy and management
• Governance model
• Usage
• Controls and monitor

With this approach, Advisense identified policies and processes in place, assessed their effectiveness, and highlighted any deficiencies. Ensuring that even when innovative technologies are being used, robust controls are in place. 

Result

The audit resulted in a detailed report, including a high-level illustration and summary of the findings on the organisation’s AI governance practices. The observations highlighted key risks and provided recommendations for monitoring and control measures to ensure proper mitigation.

Advisense delivered actionable insights to Sanoma regarding the implementation of policies, governance guidelines, assessments, and controls for effectively identifying and mitigating AI-related risks. This comprehensive approach will help Sanoma remain an innovative company while ensuring the responsible use of AI by proactively managing and controlling associated risks. 

The review aimed to ensure compliance with the forthcoming EU AI Act, among other objectives. It provided valuable insights and identified areas for improvement in the ongoing development of AI governance. This review reinforced our commitment to responsible AI development.

Thomas Forstén, Head of Group Internal Audit, Sanoma Group 

Sanoma is a very interesting client from AI governance point-of view. Media and learning business are in the forefront of use of AI. In this complex regulatory and technological landscape, Advisense was able to use our multidisciplinary team to ensure Sanoma is well-positioned to innovate while maintaining ethical and secure AI practices.

Joonas Värtinen, Director, Audit & Control, Advisense

Read more client stories here