Cadre de gestion des risques IA du NIST pour les équipes entreprise

Ce qu'elle couvre

Ce programme guide les participants à travers les quatre fonctions principales du NIST AI RMF — GOUVERNER, CARTOGRAPHIER, MESURER et GÉRER — et montre comment les intégrer aux cadres de gestion des risques existants. Les participants travaillent sur des exercices issus du playbook officiel, apprennent à documenter les profils de risque IA et explorent les liens avec l'AI Act européen et l'ISO 42001. Dispensé sous forme d'atelier structuré ou de programme multi-sessions, il allie instruction et analyse de cas concrets pour que les équipes repartent avec un plan de gouvernance opérationnel.

À l'issue, vous saurez

• Apply the four NIST AI RMF core functions to a real or hypothetical AI use case in your organisation
• Complete an AI risk profile using the official NIST AI RMF Playbook worksheets
• Map identified AI risks to existing ERM categories and escalation paths
• Identify which EU AI Act risk tiers and NIST categories overlap for a given AI system
• Draft a governance committee charter with defined AI risk ownership roles

Sujets abordés

• NIST AI RMF core functions: GOVERN, MAP, MEASURE, MANAGE
• Using the NIST AI RMF Playbook for AI system risk profiling
• AI risk categorisation and impact assessment methodologies
• Integrating AI risk into enterprise risk management (ERM) frameworks
• Mapping NIST AI RMF to EU AI Act requirements
• Alignment with ISO/IEC 42001 and NIST Cybersecurity Framework
• Roles and responsibilities: TEVV, governance committees, risk owners
• Documenting AI system inventories and risk registers

Modalité

Typically delivered over two to four half-day sessions (remote or in-person), with pre-reading of the NIST AI RMF 1.0 document and Playbook. Sessions are 60% facilitated instruction and 40% applied exercises using participant-supplied or supplied case studies. Materials include annotated playbook worksheets, a risk register template, and a cross-framework mapping table (NIST ↔ EU AI Act ↔ ISO 42001). In-person delivery is recommended for the governance charter workshop component.

Ce qui fait que ça marche

• Securing cross-functional participation (legal, IT, risk, business owners) from the first session
• Starting with a concrete, live AI system rather than abstract hypotheticals during playbook exercises
• Appointing a named AI Risk Owner before the programme ends to drive post-training adoption
• Scheduling a 30-day follow-up review to assess progress on the draft governance plan

Erreurs fréquentes

• Treating NIST AI RMF as a checklist rather than an iterative risk management cycle
• Assigning AI risk ownership solely to IT or data science teams without involving legal and compliance
• Skipping the MAP function and jumping straight to MEASURE, missing systemic context for AI deployments
• Conflating NIST AI RMF compliance with EU AI Act compliance without mapping the gaps explicitly

Fournisseurs à considérer

• ISACA (CMMI / AI governance training)www.isaca.org/training →
• IAPP — AI Governance Centeriapp.org/train/ai-governance/ →
• Coursera — AI Risk Management (various university partners)www.coursera.org/search?query=AI+risk+management →
• Responsible AI Institutewww.responsible.ai/training →

Sources

• NIST AI Risk Management Framework 1.0 →
• NIST AI RMF Playbook →