Not that long ago, Garry Mansell gave us a post on The Procurement Operating System for AI where he made a lot of very, very good points. Points we need to cover in detail because, while I don’t think you need an operating system (because you don’t and, even worse, you’ll misread that as put AI at the core of every product you use, and that’s, well, WRONG), you do need to get a detailed written rulebook in place on where AI can, and can’t be used, and how. But we’ll get to that. First, Garry’s points.

As Garry points out, there are two main reactions to AI in procurement.

BAN IT. Which, in my view is a great policy if your definition of AI is restricted to Gen-AI LLMs (but more on that later). But this usually results in people doubling down on using tools they find useful (which are usually the worst examples of such tools) and the wrong tools being banned from the organization.

IGNORE IT. Which results in rampant, uncontrolled spread of a myriad of systems of different quality and usefulness that produce vastly different results with different levels of explanation, auditability, correctness, and accountability.

And, as I’ll point out, an increasingly common secondary reaction to AI in procurement.

All In. In smaller departments behind on tech who have succumbed to the AI hype, they are convinced they can skip a generation of tech, go straight to AI, and reap instant benefits that took their peers months and years to obtain.

And, as Garry points out, all of these reactions make the same mistake: treating AI as a feature rather than a capability that changes how decisions are made.

The only way to progress without increasing risk is to adopt a small set of rules and mechanisms that make AI use safe, auditable, and commercially sensible without turning Procurement, or any department, into a compliance factory.

Moreover, these rules must take into account the following:

• it’s not control, it’s repeatable judgement (because you need smart people who make good judgements)
• you need clarity on whether AI is assisting or deciding (because there are only a few situations where AI can truly “decide”, and as per our prior posts, that’s where the impact of a bad decision are low and the cost of an occasional bad decision is less than wasting the precious time of a critical human resource)
• you need evidence thresholds (that are appropriate for the cost of failure) regardless of where and how the AI is applied (and what AI is used)
• auditability must be at the core of every workflow, not an after-thought
• you need accountable owners (not committees) AND accountable users
• AI drift must be treated like supplier performance because it’s just as critical
• even the best AI will fail, so you need well defined escalations to humans who can respond quickly, even when the AI is just assisting

So what would a good set of rules look like?

• no Gen-AI unless there is no other solution (and the risk has been pre-defined to be acceptable) — LLMs are overused considering they are under effective and hallucinate regularly and there are often other, better, solutions
• integrate classic optimization, predictive analytics, and AI (ML, NN, etc.) anywhere and everywhere it makes sense, but only if any false positives or negatives can be detected and escalated to a human, and done so in a repeatable manner
• document all of the rules used, the exception conditions, and the process changes when a human has to enter the loop (as well as what the human has to do)
• don’t use any AI tech until it’s integrated into a workflow with automatic logging and audit trails
• only let the AI “decide” where the cost of failure is low or the cost of failure is acceptable and the confidence the AI is right is high enough
• make it clear that anyone who uses AI takes full responsibility for the outcomes, and will be held fully accountable for any use that falls outside the rules

While these can be adapted to your liking and comfort (but don’t get too comfortable with Gen-AI), the important thing is the set of rules you adopt allow you to move fast and do so safely wherever speed is possible while ensuring you slow down when you need to. And it ensures no one gets out of line because they will be held fully accountable for any negative effects that result from stepping out of line. Procurement can trust its processes and people in the organization can trust Procurement.

That’s what good AI rules look like. Procurement that functions repeatedly, reliably, and accountably in an auditable function with low rates of failure, lower rates of hallucination, and almost no machine judgement. (When the machine decides, the majority of the time it’s really executing a pre-defined action based on an identified pattern using A-RPA and patterns identified using optimization, analytics and classic ML.)