Bot Prize

AI Governance, On Repeat: How I Keep Getting Better At It

Written by

in

I keep saying this at work: AI governance should feel like brushing your teeth. Daily, simple, and it keeps the bad stuff away. Not a fire drill. Not a one-time fix. A habit. I break down why that mundane cadence matters in even more detail in this companion piece. For a deeper dive into industry-wide recommendations, see the BSA Best Practices for AI Governance.

I’ve run continuous improvement loops for AI at a credit union and at a children’s hospital. Two very different worlds. Same heartbeat: plan, build, check, fix, repeat. You know what? It sounds dull. But it saved us pain, money, and a few blushes in front of the board.

Want a vivid reminder of how subtle AI behaviors can fool humans? Check out the BotPrize competition, where chatbots aim to pass as people and highlight exactly why tight governance matters.

Let me explain how I set it up, what actually happened, and what stung a bit.

My Setup, No Hype

I keep it tight and boring, on purpose:

  • One place for truth: Confluence for policy pages and model cards.
  • One queue: Jira for every model change, review, or risk note.
  • One friendly nudge: A Slack bot that pings owners if checks fail.
  • One map: Microsoft Purview to track data sources and lineage.
  • One monitor: Fiddler for drift and fairness checks; W&B for runs and versioning.
  • One sanity check: Great Expectations (GX) for data tests before training.
  • One lens: Azure ML Responsible AI dashboard for quick explainability and error slices.

If you’re choosing your own stack, Fiddler has a handy overview of model monitoring tools.

My loop is simple: Plan → Do → Check → Act. Then do it again next week. We post “patch notes” for models like it’s a game update. Small, clear, dated.
That rapid rotation feels almost like a speed-dating circuit—quick encounters, clear signals, next table; see how real-world organizers structure this tempo at the Fond du Lac speed-dating scene for a snapshot of what an efficient, low-friction event flow looks like.

Real Story 1: The Card Declines Spike (Credit Union)

Week 6, our fraud model starts to act cute. Card declines jump on Friday night. Members get loud. My phone buzzes.

  • Fiddler flags drift in two features tied to mobile wallet tokens.
  • Error rate is 19% higher for older iPhone models.
  • We check GX logs: data looks clean. Huh.
  • Purview shows a feed change from a partner—new token format after an iOS update.

We roll back rules for that slice, fast. We retrain Monday with the new pattern. Fairness gap drops from 8.7% to 2.1% in 48 hours. We push a short note to the branch leads. “We fixed weekend declines on older phones.” Not fancy. Clear. That kind of sudden format shift reminded me of the whiplash I felt when trying to coax an image-to-video model into safe outputs—tiny spec changes cause huge ripples—see my field report on what actually worked.

What changed after? We add a “partner change” trigger in Jira. Any upstream tweak must ping our model owners. Also, we add a tiny canary model to shadow the main one on Fridays. It’s silly. It works.

Real Story 2: The No-Show Problem (Children’s Hospital)

We had a model to predict missed visits, so the team could call high-risk families. It worked fine on paper. But hold on—Spanish-speaking families got flagged more. That felt wrong.

  • Azure’s error analysis shows a higher false positive rate for portal users set to Spanish.
  • We check logs. The call center never wrote back call outcomes in one region—missing data.
  • GX adds a simple rule: “No empty call outcome fields” before training.
  • We add a language feature the model can see, plus a fairness guardrail in Fiddler.

Two months later, false alarms drop 31%. Wait times for that clinic improve by 12 minutes on average. The care team trusts the score more. Families feel less poked. That’s the win that matters. Applying these guardrails in healthcare echoes the hard lessons I learned after six weeks of running DentalX AI in a real clinic—here’s my honest take.

The Groove: Cadence That Doesn’t Burn People Out

I keep a light rhythm. It creates trust.

  • Weekly 20-minute standup: model health, any alerts, one change request.
  • Monthly scorecard: drift, fairness gaps, incidents, time to fix, audit notes.
  • Quarterly “red team” hour: we try to break one model with weird inputs. If you're curious how spicy those edge cases can get, I once tested NSFW prompts so production never has to—the safe scoop is here. Looking at how mainstream platforms outside the AI space moderate adult interactions can also spark governance ideas; the French libertine community guide over at NousLibertin outlines consent-first onboarding and privacy practices that are worth stealing for your policy playbook.
  • Twice a year policy check: update our NIST-style risk map and control owners.

We moved from 10 days to 6 days for a full model review. Approval steps are still real. Just smoother.

What I Loved

  • Clear owners, clear notes. No blame games.
  • The combo of Fiddler + GX + W&B gives me eyes on data, runs, and behavior.
  • Purview saves me when someone asks, “Where did this field come from?”
  • The Slack bot feels small, but it keeps things moving.
  • “Patch notes” for models? People actually read them.
  • For another reality check on living with a tool day-in, day-out, see my month-long trial of Wyvern AI.

What Bugged Me

  • Too many tools can tire folks. I killed two dashboards that no one used.
  • Fairness checks trigger false alarms if your slices are tiny. Catching these “false flags” sometimes feels like playing whack-a-mole with proctoring software—I felt the same pain when I put Cheater AI through its paces.
  • Red team days are fun, but hard to schedule in peak season.
  • Cost creeps up if you log everything forever. We now keep 90 days hot, the rest cold.

A Few Numbers I’d Share With Any CFO

  • Review cycle time: down 40%.
  • Incidents per quarter: from 7 to 3.
  • Mean time to detect: from 36 hours to under 4.
  • Fairness gaps on two key models: both under 3% now.
  • Audit findings last year: zero major, two minor (both fixed in a week).

Little Things That Punch Above Their Weight

  • One-page model cards. Short. Plain words. Last updated date in bold.
  • A change freeze the week before holidays. No hero moves.
  • “Traffic light” rules for high-risk models. Red means page me.
  • Shadow tests on Friday afternoons for payment systems. Learned that the hard way.
  • A buddy system: every model has a back-up owner.

If You Want To Try This Tomorrow

Here’s what I’d do on day one:

  • Pick one model. Not five. One.
  • Write the risks on one page. Real words, not buzzwords.
  • Set three checks: data quality (GX), drift (Fiddler), and fairness on one slice.
  • Put all changes in Jira. No change, no push.
  • Share weekly notes in Slack. Two paragraphs. That’s it.

My Verdict

Continuous improvement in AI governance isn’t shiny. It’s a steady beat. But it protects people and keeps trust high. It also saves you from long, awkward meetings with auditors. And yes, it can even make engineers a bit proud.

Would I keep this setup? Yes. I’d rate it 9/10. One point off for tool sprawl and calendar pain. But I sleep better. My teams do, too.

You know what? That’s the whole point.

More posts