Auditing large language models: a three-layered approach

The emergence of large language models (LLMs) represents a major advance in artificial intelligence (AI) research. However, the widespread use of LLMs is also coupled with significant ethical and social challenges. Previous research has pointed towards auditing as a promising governance mechanism to help ensure that AI systems are designed and deployed in ways that are ethical, legal, and technically robust. However, existing auditing procedures fail to address the governance challenges posed by LLMs, which are adaptable to a wide range of downstream tasks. To help bridge that gap, we offer three contributions in this article. First, we establish the need to develop new auditing procedures that capture the risks posed by LLMs by analysing the affordances and constraints of existing auditing procedures. Second, we outline a blueprint to audit LLMs in feasible and effective ways by drawing on best practices from IT governance and system engineering. Specifically, we propose a three-layered approach, whereby governance audits, model audits, and application audits complement and inform each other. Finally, we discuss the limitations not only of our three-layered approach but also of the prospect of auditing LLMs at all. Ultimately, this article seeks to expand the methodological toolkit available to technology providers and policymakers who wish to analyse and evaluate LLMs from technical, ethical, and legal perspectives.Comment: Preprint, 29 pages, 2 figure

Ethics-based auditing of automated decision-making systems: considerations, challenges, na

Decisions impacting human lives and livelihoods are increasingly being automated. While the use of automated decision-making systems (ADMS) improves efficiency, it is coupled with ethical risks. Previous research has pointed towards ethics-based auditing (EBA) as a promising governance mechanism for managing the ethical risks ADMS pose. However, the affordances and limitations of EBA have yet to be substantiated by empirical research. This thesis seeks to clarify and resolve fundamental questions surrounding EBA. What are the limitations of EBA? How can feasible and effective EBA procedures be designed? These questions are approached on three levels. The conceptual level concerns what EBA is and how it works. The descriptive level focuses on the challenges organisations face when implementing EBA. The applied level concerns how to design EBA procedures that are feasible and effective in practice. This is an integrated thesis, in which the substantive chapters (3–7) are based on published journal articles. Chapter 3 provides a theoretical explanation of how EBA contributes to good governance; Chapter 4 presents new empirical data from a case study of a real-world EBA implementation; Chapter 5 analyses the role of auditing in the proposed EU AI Act; Chapter 6 provides guidance on how to demarcate the material scope of EBA; and Chapter 7 outlines a blueprint for how to audit ADMS with highly general capabilities. My findings suggest that EBA is subject to significant conceptual, technical, and institutional limitations. However, they also indicate that EBA – if properly designed and implemented – helps organisations identify and mitigate some of the ethical risks ADMS pose. I conclude by providing recommendations for how researchers, industry practitioners, auditors, and policymakers can facilitate the emergence of feasible and effective EBA procedures. This thesis thereby serves the purpose of better equipping societies to reap the benefits of ADMS while managing the associated risks