What is covered on the AAIA exam?
The ISACA® Advanced in AI Audit (AAIA® ) exam consists of 90 questions covering 3 job practice domains, all testing your knowledge and ability on real-life job practices leveraged by AI audit expert professionals.
Job practice areas tested for and validated by an AAIA certification
33% DOMAIN 1 – AI GOVERNANCE AND RISK
This Domain demonstrates your ability to advise stakeholders on implementing AI solutions through appropriate and effective policy, risk controls, data governance and ethical standards.
A–AI Models, Considerations, and Requirements
B–AI Governance and Program Management
C–AI Risk Management
D–Privacy and Data Governance Programs
E–Leading Practices, Ethics, Regulations, and Standards for AI
46% DOMAIN 2 – AI OPERATIONS
This domain confirms your skill in balancing sustainability, operational readiness, and the risk profile with the benefits and innovation AI promises to support enterprise-wide adoption of this powerful technology.
A–DATA MANAGEMENT SPECIFIC TO AI
B–AI SOLUTION DEVELOPMENT METHODOLOGIES AND LIFECYCLE
C–CHANGE MANAGEMENT SPECIFIC TO AI
D–SUPERVISION OF AI SOLUTIONS (E.G., OUTPUTS, IMPACTS, AND DECISIONS)
E–TESTING TECHNIQUES FOR AI SOLUTIONS
F–THREATS AND VULNERABILITIES SPECIFIC TO AI
G–INCIDENT RESPONSE MANAGEMENT SPECIFIC TO AI
21% DOMAIN 3 – AI AUDITING TOOLS AND TECHNIQUES
This domain focuses on optimizing audit outcomes through innovation and highlights your knowledge of audit techniques tailored to AI systems and the use of AI-enabled tools streamline audit efficiency and provide faster, quality insight.
A–AUDIT PLANNING AND DESIGN
B–AUDIT TESTING AND SAMPLING METHODOLOGIES
C–AUDIT EVIDENCE COLLECTION TECHNIQUES
D–AUDIT DATA QUALITY AND DATA ANALYTICS
E–AI AUDIT OUTPUTS AND REPORTS
SECONDARY CLASSIFICATIONS – TASKS
- Evaluate impacts, opportunities, and risk when integrating AI solutions within the audit process.
- Utilize AI solutions to enhance audit processes, including planning, execution, and reporting.
- Evaluate AI solutions to advise on impact, opportunities, and risk to organization.
- Evaluate the impact of AI solutions on system interactions, environment, and humans.
- Evaluate the role and impact of AI decision-making systems on the organization and stakeholders.
- Evaluate the organization's AI policies and procedures, including compliance with legal and regulatory requirements.
- Evaluate the monitoring and reporting of metrics (e.g., KPIs, KRIs) specific to AI.
- Evaluate whether the organization has defined ownership of AI-related risk, controls, procedures, decisions, and standards.
- Evaluate the organization's data governance program specific to AI.
- Evaluate the organization's privacy program specific to AI.
- Evaluate the organization’s problem and incident management programs specific to AI.
- Evaluate the organization's change management program specific to AI.
- Evaluate the organization's configuration management program specific to AI.
- Evaluate the organization's threat and vulnerability management programs specific to AI.
- Evaluate the organization's identity and access management program specific to AI.
- Evaluate vendors and supply chain management programs specific to AI solutions.
- Evaluate the design and effectiveness of controls specific to AI.
- Evaluate data input requirements for AI models (e.g., data appropriateness, bias, privacy).
- Evaluate system/business requirements for AI solutions to ensure alignment with enterprise architecture.
- Evaluate the AI solution lifecycle (e.g., design, development, deployment, monitoring, and decommissioning) and inputs/outputs for compliance and risk.
- Evaluate algorithms and models to ensure AI solutions are aligned to business objectives, policies, and procedures.
- Analyze the impact of AI on the workforce to advise stakeholders on how to address AI-related workforce impacts, training, and education.
- Evaluate that awareness programs align to the organization’s AI-related policies and procedures.
Getting ready for the exam
ISACA offers a variety of exam preparation resources including group training, self-paced training and study resources to help you prepare for your certification exam. Choose what works for your schedule and your studying needs.