ICAEW.com works better with JavaScript enabled.

How to create a risk mitigation plan when using AI


Published: 26 Sep 2024

Exclusive content
Access to our exclusive resources is for specific groups of students, users and subscribers.

Here is a step-by-step plan you can use to assist with managing the risks associated with deploying AI tools.

Taking the time upfront to identify the risks associated with deploying your selected AI tools will help you implement the appropriate mitigating steps from the onset. Putting risk management, legal teams and a corporate finance working group alongside the technology team during the AI design process will be vital to enable this. Given the broad range of AI risks, the most effective approach to implementing the necessary mitigating steps is through a thorough risk prioritisation approach, with the teams mentioned above providing guidance on how to evaluate and prioritise the risks identified.

Waiting until after the development of AI tools to determine where and how to mitigate risks could be costly. 

  1. Identify and log all the risks (or negative events) that could result from using the new AI tool, considering each component of deploying such a tool (for example: tool selection risks, data risks, algorithm risks, tool training risks, infrastructure risks, laws and regulation risks, staff risks, quality risks)

  2. Define clear methodology to evaluate, prioritise and test the risks to be managed first (such as the likelihood of the risk occurring and gravity of its impact). Existing regulatory frameworks should be used as guidance when identifying which risks to manage first.

  3. Define factors and methodology to consider when selecting mitigating steps (such as the gravity of the impact if the negative event occurred relative to the cost, resources and time to manage the risk).

  4. Apply agreed prioritisation methodology and identify the risks your firm will focus on managing

  5. For these prioritised risks, identify all mitigating steps that could be implemented to manage that risk

  6. If a risk has more than one potential mitigating action, use factors in step 3 above to select the mitigating actions to implement alongside the AI deployment

  7. Monitor and report on the effectiveness of the mitigating actions taken on a consistent and regular basis

  8. Based on your assessment of the effectiveness of these actions, revise your mitigation plan as required on a timely basis


We delve into more detail about the common risks associated with deploying AI tools and possible mitigating factors in Common risks of using AI during a deal.


AI in corporate finance

Insights and resources on how AI is being used in corporate finance.

AI hub promo image of robot hand

This AI in Corporate Finance content is being provided for information purposes only. ICAEW will not be liable for any reliance you place on the information in this material. You should seek independent advice © ICAEW 2024