ISACA has a robust collection of AI resources, including new courses and upcoming certifications.

Schaumburg, IL—Enterprise use of AI systems for streamlining operations, improving decision making and enhancing customer and user experience has been booming. But with those benefits come challenges and risk, as well as the need for strong governance and management of AI. One way that organizations can manage AI system governance is by using ISACA’s COBIT framework. COBIT is the long-time gold standard for enterprise information and technology (I&T) governance, and it can bring a host of benefits.

Traditionally employed for I&T governance, COBIT is uniquely positioned to address the distinct challenges AI systems introduce, including issues related to ethics, accountability, transparency, and compliance. By using COBIT for AI system governance, organizations can realize six key benefits:

1. Aligning AI objectives directly to business goals: This alignment enables enterprises to achieve specific, quantifiable outcomes, such as increased operational efficiency, positive return on investment (ROI), enhanced decision making, or improved customer engagement.

2. Emphasizing accountability: Enterprises can ensure that each AI initiative has clear ownership and a roadmap for achieving defined business outcomes. Organizations are then better equipped to drive real, tangible benefits from their AI investments.

3. Providing a robust framework for identifying, assessing, and mitigating risk throughout the AI life cycle: COBIT’s mandated risk assessment focuses on performance and conformance monitoring evaluation and assessment, ensuring that any emerging risk is promptly identified and mitigated to minimize potential disruptions.

4. Managing AI systems resources: COBIT assists organizations in efficiently managing resources— such as high-quality data, skilled personnel, and a robust technology infrastructure—to avoid waste and maximize the ROI, while also helping them scale AI initiatives as the organization’s needs evolve.

5. Emphasizing continuous improvement: COBIT embeds ongoing monitoring and assessment practices to ensure that AI systems are continually evaluated against performance metrics, compliance standards, and evolving business requirements. This allows organizations to identify performance gaps, adapt to emerging trends, and integrate feedback into the AI system’s life cycle.

6. Encouraging a feedback loop and guiding documentation of improvements: COBIT’s continuous improvement cycle, which includes feedback from stakeholders from various departments, allows a holistic view of how AI systems impact the organization and ensures that AI systems remain relevant, effective, and aligned with an organization’s strategy over time. Documenting improvements fosters a culture of transparency and accountability that enhances trust in AI systems across all levels of the organization.

By implementing COBIT’s risk management guidelines, organizations can systematically address and reduce risk, ensuring that AI systems remain reliable, compliant, and ethically sound.

In addition to COBIT, ISACA offers a range of other AI resources, including the Artificial Intelligence Audit Toolkit and several courses—including AI Fundamentals, AI Governance, and AI Threat Landscape. ISACA has also recently released its new Advanced in AI Audit (AAIA) certification—a first-of-its-kind certification that can be earned by professionals with a CISA or another qualifying credential*— and will be launching its Advanced in AI Security Management (AAISM) certification, which can be earned by CISMs and CISSPs, in August.

Read more about how to leverage COBIT for AI system governance in a complimentary ISACA white paper at https://www.isaca.org/resources/white-papers/2025/leveraging-cobit-for-effective-ai-system-governance. More information about COBIT can be found at www.isaca.org/resources/cobit.

About ISACA

ISACA^® (www.isaca.org) represents the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its global community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, data privacy, risk management and emerging tech. With a presence in 195 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also champions IT education and career pathways for underrepresented and underresourced communities, fostering a diverse and inclusive technology workforce.

LinkedIn: www.linkedin.com/company/isaca 
Facebook: www.facebook.com/ISACAGlobal 
Instagram: www.instagram.com/isacanews 

Contact:

communications@isaca.org
Emily Ayala, +1.847.385.7223
Bridget Drufke, +1.847.660.5554

*Those with an active credential from the following list are eligible to pursue the AAIA:

All qualify:

• CISA (Certified Information Systems Auditor from ISACA)

Must be in an IT audit or IT advisory role to qualify:

• CIA (Certified Internal Auditor from the Institute of Internal Auditors (IIA))
• CPA (Certified Public Accountant from the American Institute of Certified Public Accountants (AICPA))
• ACCA (Association of Chartered Certified Accountants Qualification from the Association of Chartered Certified Accountants)
• FFCA (ACCA Fellow Chartered Certified Accountant from the Association of Chartered Certified Accountants (ACCA))
• Canadian CPA (Canadian Chartered Professional Accountant from the Chartered Professional Accountants of Canada)
• CPA Australia (Certified Practicing Accountant)
• FCPA (CPA Australia Fellow Certified Practicing Accountant)
• Japanese CPA (Japanese Certified Public Accountant from the Japanese Institute of Certified Public Accountants (JICPA))