Assessment

1. What is the primary task of GOVERN in the NIST AI RMF?

GOVERN is the foundation: without an organizational framework, MAP/MEASURE/MANAGE are ineffective.

2. A company asks: 'What AI risks does our new recommendation system have?' Which function addresses this directly?

MAP identifies and contextualizes risks — who is affected, what can go wrong?

3. An AI system has 96% accuracy but systematically disadvantages applicants from certain regions. What does this indicate?

MEASURE requires multi-layered analysis — fairness metrics across groups, not just aggregated accuracy.

4. What does 'Data Drift' mean?

Data Drift: reality changes, the model remains the same — e.g., new customer groups or altered market conditions.

5. What is Human-in-the-Loop (HITL) in the MANAGE context?

HITL = Human as a control instance in consequential decisions — one of the most important MANAGE measures.

6. Why is MANAGE not an endpoint but a cycle?

Insights from MANAGE flow back into MAP and MEASURE — the cycle is the core principle of the RMF.

7. How does the NIST AI RMF relate to the EU AI Act?

Perfect complement: EU AI Act = legal requirements, NIST RMF = operational implementation methodology.

8. Which EU AI Act article requires an AI risk management system for high-risk AI?

Art. 9 requires a documented risk management system for high-risk AI — NIST AI RMF is a recognized approach.

9. An AI project team asks: 'Who is responsible if our AI system makes an error?' Which function must clarify this?

Responsibilities are a GOVERN issue — part of the organizational framework.

10. An insurance company wants to use AI for risk classification. According to MAP, what should be analyzed first?

MAP begins with context and stakeholders — who is affected, what damages could occur? Only then technology.