No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • Artificial Intelligence (AI)
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Downloads
    • Download Whitepapers & Reports
    • Download eBooks
  • Research
  • Books
    • CCI Press
    • New: Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act by Severin Wirz
    • CCI Press & Compliance Bookshelf
    • The Seven Elements Book Club
  • Podcasts
  • Webinars
  • Videos
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

10 Questions Every Organization Should Ask a Potential AI Vendor

Adopting AI without understanding how it was built and how it handles data can expose an organization to risks that surface only once something goes wrong

by Angela Juneau
July 15, 2026
in Risk
hand checking off checklist

Using a third party’s AI does not relieve an organization of its duties to consumers and employees affected by it. Angela Juneau of Pashman Stein Walder Hayden lays out the questions organizations should ask before they buy — from how a model was trained to who owns its outputs — so that legal, compliance and business teams can weigh the risks before deployment rather than after.

Organizations are using AI in virtually every aspect of their business: filtering job applicants, generating content, analyzing data, streamlining internal investigations, responding to customer service inquiries and generally accelerating business operations.

But businesses that adopt AI without understanding how a model was developed, how it operates and how it handles data may expose themselves to risks that do not become apparent until problems arise. As regulators, consumers, employees and business partners increasingly scrutinize AI use, organizations should approach AI procurement with the same diligence they would apply to any critical technology investment.

The following questions can help organizations evaluate third-party AI before deployment and establish a framework for evaluating AI-related risk.

Data lineage

Where did the AI’s training data come from? Was the model trained on data that was lawfully obtained and properly licensed? Did the developer take steps to minimize the use of personal information, copyrighted material or other sensitive data that could create legal or compliance risks?

Data quality

Can you trust the quality of the data behind the model? The quality of an AI system depends on the quality of the data used to train it. What steps has the vendor taken to ensure data accuracy, reduce bias and improve data quality?

Intended use

Is the AI suitable for your intended use case? An AI tool that performs well in one context may perform poorly in another. Has the model been tested for the specific business purpose for which it will be used?

fork in the road
Governance

At AI’s Inflection Point, How Do You Go From Experimentation to Enterprise Value?

by Jim DeLoach
June 30, 2026

Capturing enterprise value from AI now depends less on the technology itself than on how rigorously executives and boards govern, oversee and steer it

Read moreDetails

Reliability

How accurate and reliable are the outputs? What testing has been performed to evaluate accuracy, consistency and error rates? How will your organization verify AI-generated content, recommendations or conclusions before relying on them?

Output ownership

Who owns the outputs and related intellectual property? Review the vendor’s terms carefully. Does your organization own the content generated by the AI or does the provider retain certain rights? Are there restrictions on how outputs may be used or shared?

Human oversight

What human oversight exists? Who is responsible for reviewing AI-generated outputs or AI-assisted decisions? If the AI influences employment, customer, financial or operational decisions, what mechanisms exist for review, escalation or correction?

Privacy and security

How does the AI handle sensitive information? What data is collected, stored, retained or shared? If employees, applicants, customers or proprietary business information are involved, what safeguards protect that information?

Transparency

How transparent is the system? Do users know when they are interacting with AI? Can the vendor explain how the system reaches conclusions, makes recommendations or generates outputs to the extent necessary for business and regulatory requirements?

Governance and monitoring

How is the AI monitored and governed over time? AI performance can change as data, business conditions and user behavior evolve. How does the vendor monitor performance, address model drift, respond to incidents and implement updates?

Business continuity

What happens if the system fails or becomes unavailable? Does your organization have a contingency plan if the tool becomes unavailable, produces harmful outputs, experiences a security incident or no longer meets business needs? What happens to your data if you terminate the relationship?

Organizations are responsible for their AI use and its outputs. Using third-party AI does not relieve an organization of its legal and regulatory duties to consumers and employees. Effective governance requires collaboration among legal, compliance, privacy, security, technology, human resources and business stakeholders to evaluate risks and establish appropriate safeguards.

The questions above are not intended to discourage innovation. Rather, they provide a practical framework for identifying risks before they affect operations, compliance or business objectives. Organizations that conduct due diligence and implement effective governance measures will be better-positioned to realize AI’s benefits while managing the legal, operational and reputational risks that accompany its use.

Tags: Artificial Intelligence (AI)Due DiligenceRisk Assessment
Previous Post

For Some Workers, AI Resistance Is a Matter of Faith

Next Post

When Oversight Findings Lead to More Oversight: An OIG Report on China Exports

Angela Juneau

Angela Juneau

Angela Juneau is an attorney at Pashman Stein Walder Hayden and is certified as an AI Governance Professional (AIGP) by the International Association of Privacy Professionals (IAPP). She advises organizations on the legal, compliance, governance and operational risks associated with implementing AI.

Related Posts

ai religious exemption collage pope leo

For Some Workers, AI Resistance Is a Matter of Faith

by Bernadette Sargeant and Luke VanFleteren
July 15, 2026

Employee resistance to AI in the workplace may be more than a PR problem. For some workers, especially after Pope...

manchester uk terrorist attack flowers

Martyn’s Law: What New Anti-Terrorism Guidance Means for Event Organizers

by Liam Lane and Constance Strasser
July 14, 2026

Ahead of the act's expected entry into force next year, the guidance signals a cultural shift: counterterrorism preparedness embedded into...

nist sign building

NIST Database Change Rebalances Burden of Risk

by Nichole Windholz
July 13, 2026

Register of common vulnerabilities and exposures will have less federal context, leaving organizations to decide if a vulnerability warrants quick...

news roundup data grungy

Only 26% of Companies Say Governance Frameworks Are Fully Aligned With AI Adoption

by Staff and Wire Reports
July 8, 2026

Plus: Few organizations report demonstrable return from AI investments

Next Post
shipping containers

When Oversight Findings Lead to More Oversight: An OIG Report on China Exports

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2026 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • Artificial Intelligence (AI)
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Downloads
    • Download Whitepapers & Reports
    • Download eBooks
  • Research
  • Books
    • CCI Press
    • New: Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act by Severin Wirz
    • CCI Press & Compliance Bookshelf
    • The Seven Elements Book Club
  • Podcasts
  • Webinars
  • Videos
  • Subscribe

© 2026 Corporate Compliance Insights