AI systems make decisions that can affect individuals, organizations, and society. When no individual or function is clearly accountable for those decisions, the organization cannot demonstrate due diligence, remedy harms, or mount a coherent legal defense when challenged.
Why D is Correct: The ISACA AAIR framework identifies legal liability as the greatest organizational risk from absent accountability mechanisms. When AI outputs cause harm—discriminatory lending decisions, unsafe autonomous vehicle actions, inaccurate medical diagnoses—the absence of documented accountability makes it impossible to demonstrate responsible governance to courts, regulators, and affected parties. This creates maximum legal exposure across contract, tort, and regulatory law.
Why A is Wrong: Intellectual property exposure is a significant risk in AI contexts (particularly around training data and model weights) but is not primarily caused by absent accountability mechanisms. IP risk arises from access controls and contractual protections.
Why B is Wrong: Ineffective model training is a technical quality issue. While accountability for model development may influence training quality, ineffective training is not the primary risk from absent accountability for outputs and decisions.
Why C is Wrong: Reduced availability is an operational resilience concern. Accountability gaps do not directly cause availability failures, which are driven by architectural and operational factors.
