Authors : Kavya Surendranath

Volume/Issue : Volume 10 - 2025, Issue 5 - May

Google Scholar : https://tinyurl.com/2snsk3p2

DOI : https://doi.org/10.38124/ijisrt/25may365

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The potential for transformation within Artificial Intelligence (AI) brings about considerable risks associated with ethics, fairness, security, and transparency. However, it is crucial that organizations effectively manage these risks through Responsible AI (RAI) assurance to build trust and ensure compliance. Although high–level RAI principles are necessary, they are not sufficient on their own. This report then introduces the Responsible AI Assurance Maturity Model (RAIAMM) as a comprehensive maturity model to assist organizations in evaluating and improving RAI assurance capability. RAIAMM is the only methodology that integrates systematic management uniquely (ISO/IEC), risk management (NIST AI RMF), and prerequisite cybersecurity controls (NIST CSF/ISO). The model outlines maturity along key dimensions, such as Governance, Risk Management, Data Practices, Model Lifecycle Management, Security, Ethics and fairness, and transparency and explainability through five maturity levels: Initial, Managed, Defined, Quantitatively Managed, and Optimizing. The roadmap of this structure is geared toward ensuring continuous improvement. RAIAMM has been validated through case studies in finance, healthcare, and government. It enables organizations to systematically improve their RAI posture, reduce risk, help build stakeholder confidence, and work towards a responsible future of AI.

References :

1. Responsible AI: Driving Progress, Innovation, and Social Good - Tata Consultancy Services https://www.tcs.com/what-we-do/services/artificial-intelligence/white-paper/responsible-ai-driving-progress-innovation-social-good
2. A Pattern Collection for Designing Responsible AI Systems | Request PDF - ResearchGate. https://www.researchgate.net/publication/366900171_Responsible-AI-by-Design_A_Pattern_Collection_for_Designing_Responsible_AI_Systems
3. How to assure trustworthy AI in local government - LOTI. https://loti.london/blog/dsit-ai-assurance/
4. Sr. Manager Responsible AI Assurance, AWS Compliance & Security Assurance - Job ID. https://amazon.jobs/en/jobs/2947519/sr-manager-responsible-ai-assurance-aws-compliance-security-assurance
5. ISO/IEC 42001 Certification: AI Management System - DNV. https://www.dnv.com/services/iso-iec-42001-artificial-intelligence-ai--250876/
6. Responsible AI Institute Welcomes KPMG as Our Newest Member!. https://www.responsible.ai/responsible-ai-institute-welcomes-kpmg-as-our-newest-member/
7. Dr Paul Dongha: Guardian of Responsible and Ethical AI - CIO Business World Magazine. https://ciobusinessworld.com/dr-paul-dongha-guardian-of-responsible-and-ethical-ai/
8. 3 Hidden Risks of AI for Banks and Insurance Companies - Lumenova AI. https://www.lumenova.ai/blog/risks-of-ai-banks-insurance-companies/
9. AI and Finance : Compliance, risks and regulation impact - Naaia. https://naaia.ai/ai-finance-risks-regulation/
10. (PDF) Recent Emerging Techniques in Explainable Artificial Intelligence to Enhance the Interpretable and Understanding of AI Models for Human - ResearchGate. https://www.researchgate.net/publication/388801151_Recent_Emerging_Techniques_in_Explainable_Artificial_Intelligence_to_Enhance_the_Interpretable_and_Understanding_of_AI_Models_for_Human
11. Socially responsible AI assurance in precision agriculture for farmers and policymakers. https://www.researchgate.net/publication/367480456_Socially_responsible_AI_assurance_in_precision_agriculture_for_farmers_and_policymakers
12. software engineering for responsible ai: an empirical study and operationalised patterns - arXiv. https://arxiv.org/pdf/2111.09478
13. Trustworthy versus Explainable AI in Autonomous Vessels - ResearchGate. https://www.researchgate.net/publication/336210763_Trustworthy_versus_Explainable_AI_in_Autonomous_Vessels
14. Banking risks from AI and machine learning | EY - US. https://www.ey.com/en_us/board-matters/banking-risks-from-ai-and-machine-learning
15. FDA lists top 10 artificial intelligence regulatory concerns - Hogan Lovells. https://www.hoganlovells.com/en/publications/fda-lists-top-10-artificial-intelligence-regulatory-concerns
16. Understanding AI in government: Applications, use cases, and implementation | Elastic Blog. https://www.elastic.co/blog/ai-government
17. AI ML Testing - Qualitrix. https://qualitrix.com/ai-ml-testing/
18. Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector - Treasury. https://home.treasury.gov/system/files/136/Managing-Artificial-Intelligence-Specific-Cybersecurity-Risks-In-The-Financial-Services-Sector.pdf
19. arXiv:2306.08056v1 [cs.CR] 25 May 2023. https://arxiv.org/pdf/2306.08056
20. ISO/IEC 42001: The latest AI management system standard - KPMG International. https://kpmg.com/ch/en/insights/artificial-intelligence/iso-iec-42001.html
21. NIST AI Risk Management Framework: The Ultimate Guide - Hyperproof. https://hyperproof.io/navigating-the-nist-ai-risk-management-framework/
22. Assurance of Third-Party AI Systems for UK National Security. https://cetas.turing.ac.uk/publications/assurance-third-party-ai-systems-uk-national-security
23. What is Capability Maturity Model Integration (CMMI)? - SixSigma.us. https://www.6sigma.us/process-improvement/capability-maturity-model-integration-cmmi/
24. IT Governance Capability Maturity Model (CMM) | KnowledgeLeader. https://www.knowledgeleader.com/tools/it-governance-capability-maturity-model-cmm
25. IT Governance Maturity Models - CIO Portal. https://cioindex.com/cio-training/courses/cios-guide-to-it-governance/lessons/introduction-it-governance/topic/it-governance-maturity-models/
26. Software Capability Maturity Model (CMM) - IT Governance. https://www.itgovernance.eu/fi-fi/capability-maturity-model-fi
27. Capability Maturity Model Integration (CMMI): An Introduction – BMC Software | Blogs. https://www.bmc.com/blogs/cmmi-capability-maturity-model-integration/
28. Software Capability Maturity Model (CMM) | IT Governance UK. https://www.itgovernance.co.uk/capability-maturity-model
29. ISO/IEC 42001: What You Need to Know - Centraleyes. https://www.centraleyes.com/iso-iec-42001/
30. AI RMF - NIST AIRC - National Institute of Standards and Technology. https://airc.nist.gov/airmf-resources/airmf/
31. NIST CSF vs. ISO 27001: What's the difference? - Vanta. https://www.vanta.com/collection/iso-27001/nist-csf-vs-iso-27001
32. ISO 27001 vs. NIST Cybersecurity Framework | Blog - OneTrust. https://www.onetrust.com/blog/iso-27001-vs-nist-cybersecurity-framework/
33. Capability Maturity Model Integration - Wikipedia. https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration
34. CMMI Institute. https://cmmiinstitute.com/capability-maturity-model-integration
35. The role of ISO/IEC 42001 in AI governance - Osler, Hoskin & Harcourt LLP. https://www.osler.com/en/insights/updates/the-role-of-iso-iec-42001-in-ai-governance/
36. An extensive guide to ISO 42001 - Vanta. https://www.vanta.com/resources/iso-42001
37. Understanding ISO 42001 and Demonstrating Compliance - ISMS.online. https://www.isms.online/iso-42001/
38. An In-Depth Guide to ISO/IEC 42001 for AI Management | Insight Assurance. https://insightassurance.com/an-in-depth-guide-to-iso-iec-42001-for-ai-management/
39. A Comprehensive Guide to Understanding the Role of ISO/IEC 42001 - PECB. https://pecb.com/article/a-comprehensive-guide-to-understanding-the-role-of-isoiec-42001
40. ISO/IEC 42001:2023 Guide to AI Management & IT Security - Linford & Company LLP. https://linfordco.com/blog/iso-42001-it-security/
41. Navigating the NIST AI Risk Management Framework with confidence | Blog - OneTrust. https://www.onetrust.com/blog/navigating-the-nist-ai-risk-management-framework-with-confidence/
42. Artificial Intelligence Risk Management Framework (AI RMF 1.0) - NIST Technical Series Publications. https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf
43. AI Risk Management Framework | NIST. https://www.nist.gov/itl/ai-risk-management-framework
44. AI RMF Core - NIST AIRC - National Institute of Standards and Technology. https://airc.nist.gov/airmf-resources/airmf/5-sec-core/

45. Introduction to the NIST AI Risk Management Framework (AI RMF) - Centraleyes. https://www.centraleyes.com/nist-ai-risk-management-framework/
46. Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile - NIST Technical Series Publications. https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf
47. NIST AI RMF Playbook. https://www.nist.gov/itl/ai-risk-management-framework/nist-ai-rmf-playbook
48. NIST Cybersecurity Framework (CSF) Controls Fundamentals - AuditBoard. https://auditboard.com/blog/fundamentals-of-nist-cybersecurity-framework-controls/
49. The Financial Stability Implications of Artificial Intelligence. https://www.fsb.org/uploads/P14112024.pdf
50. AI in government: AI law, use cases, and challenges - Pluralsight. https://www.pluralsight.com/resources/blog/ai-and-data/ai-government-public-sector
51. ISO 27001 vs NIST Cybersecurity Framework: What's the Difference? - Pivot Point Security. https://www.pivotpointsecurity.com/difference-between-iso-27001-vs-nist-cybersecurity-framework/
52. Mapping ISO/IEC 27001 to NIST Cybersecurity Framework (CSF) - IoT Security Institute. https://iotsecurityinstitute.com/iotsec/index.php/iot-security-institute-blog/94-mapping-iso-iec-27001-to-nist-cybersecurity-framework-csf
53. NIST Cybersecurity Framework (CSF)-vs-ISO 27001 - 6clicks. https://www.6clicks.com/resources/comparisons/nist-cybersecurity-framework-csf-vs-iso-27001
54. The NIST Cybersecurity Framework (CSF) 2.0. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
55. A Guide to AI Risk Management Frameworks | How to Choose One - Hyperproof. https://hyperproof.io/guide-to-ai-risk-management-frameworks/
56. A NIST AI RMF Summary - CyberSaint. https://www.cybersaint.io/blog/nist-ai-rmf-summary
57. Common Use Cases and Risk Management for AI in Banking | Bank Director. https://www.bankdirector.com/article/common-use-cases-and-risk-management-for-ai-in-banking/
58. Assessing Trustworthy AI | FUTURIUM - European Commission. https://ec.europa.eu/futurium/en/ai-alliance-consultation/guidelines/2.html
59. Capability Maturity Model Integration (CMMI), background notes - Azure Boards. https://learn.microsoft.com/en-us/azure/devops/boards/work-items/guidance/cmmi/guidance-background-to-cmmi?view=azure-devops
60. Maturity Models for IT & Technology - Splunk. https://www.splunk.com/en_us/blog/learn/maturity-models.html

61. Maturity Models, Utilizing the Validation Program as an Example - Investigations of a Dog. https://investigationsquality.com/2024/07/20/maturity-models-utilizing-the-validation-program-as-an-example/
62. Maturity assessment and maturity models in health care: A multivocal literature review - PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC7216018/
63. An Evaluation Framework for Maturity Models in Process Improvement. https://fileadmin.cs.lth.se/cs/Personal/Kim_Weyns/phd/sysrev.pdf
64. Artificial intelligence assurance framework - Biodiritto. https://www.biodiritto.org/ocmultibinary/download/4708/54927/1/2026c3c0da1de5ef5a97237fa09a21bc/file/NSW+Government+AI+Assurance+Framework.pdf
65. AI in Quality Assurance 2024 Ultimate Guide | Revolutionize Your QA Process. https://www.rapidinnovation.io/post/ai-for-quality-assurance
66. Pilot AI assurance framework guidance. https://www.digital.gov.au/policy/ai/pilot-ai-assurance-framework/guidance/step-1
67. AI for IMPACTS Framework for Evaluating the Long-Term Real-World Impacts of AI-Powered Clinician Tools: Systematic Review and Narrative Synthesis - PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC11840377/
68. Data Practices Maturity Model | The ODI. https://theodi.org/insights/tools/data-practices-maturity-model/
69. AI Risks Compliance Strategies | Financial Compliance and Regulation - Kroll. https://www.kroll.com/en/insights/publications/financial-compliance-regulation/ai-risks-compliance-strategies
70. AI Is Creeping Into Every Aspect of Our Lives—and Health Care is No Exception. https://petrieflom.law.harvard.edu/2025/04/08/ai-is-creeping-into-every-aspect-of-our-lives-and-health-care-is-no-exception/
71. How FDA Regulates Artificial Intelligence in Medical Products | The Pew Charitable Trusts. https://www.pewtrusts.org/en/research-and-analysis/issue-briefs/2021/08/how-fda-regulates-artificial-intelligence-in-medical-products
72. US FDA Artificial Intelligence and Machine Learning Discussion Paper. https://www.fda.gov/files/medical%20devices/published/US-FDA-Artificial-Intelligence-and-Machine-Learning-Discussion-Paper.pdf
73. DHAC Executive Summary TPLC Considerations for Generative AI-Enabled Devices - FDA. https://www.fda.gov/media/182871/download
74. How the challenge of regulating AI in healthcare is escalating | EY - Global. https://www.ey.com/en_gl/insights/law/how-the-challenge-of-regulating-ai-in-healthcare-is-escalating

75. Artificial intelligence in medicine: mitigating risks and maximizing benefits via quality assurance, quality control, and acceptance testing - National Institutes of Health (NIH). https://pmc.ncbi.nlm.nih.gov/articles/PMC10928809/
76. FDA Issues Draft Guidances on AI in Medical Devices, Drug Development - Fenwick. https://www.fenwick.com/insights/publications/fda-issues-draft-guidances-on-ai-in-medical-devices-drug-development-what-manufacturers-and-sponsors-need-to-know
77. Tackling AI Challenges in Public Services with Solutions Designed for the Complexity | F5. https://www.f5.com/company/blog/tackling-ai-challenges-in-public-services-with-solutions-designed-for-the-complexity
78. AI in government: Top use cases - IBM. https://www.ibm.com/think/topics/ai-in-government
79. The Government and Public Services AI Dossier - Deloitte. https://www2.deloitte.com/us/en/pages/consulting/articles/ai-dossier-government-public-services.html
80. AI Governance: Managing the Risks in the Public Sector - CBIZ. https://www.cbiz.com/insights/articles/article-details/ai-governance-managing-the-risks-in-the-public-sector
81. Brief Artificial Intelligence in Government: The Federal and State Landscape. https://www.ncsl.org/technology-and-communication/artificial-intelligence-in-government-the-federal-and-state-landscape
82. Artificial Intelligence and Privacy – Issues and Challenges - Office of the Victorian Information Commissioner. https://ovic.vic.gov.au/privacy/resources-for-organisations/artificial-intelligence-and-privacy-issues-and-challenges/
83. Methods and techniques for maturity assessment | Request PDF - ResearchGate. https://www.researchgate.net/publication/305909880_Methods_and_techniques_for_maturity_assessment
84. WA Government Artificial Intelligence Assurance Framework. https://www.wagov.pipeline.preproduction.digital.wa.gov.au/system/files/2024-11/wagovernmentaiassuranceform1.2.pdf
85. What is the AI Management System Standard ISO/IEC 42001:2023? - YouTube. https://www.youtube.com/watch?v=hSz71vISZMA
86. Test Maturity Model – Software Testing - GeeksforGeeks. https://www.geeksforgeeks.org/software-testing-test-maturity-model/