What is covered on the AAIA exam?

This domain demonstrates your ability to advise stakeholders on implementing AI solutions to meet organizational strategic goals, creating ethical and responsible AI policy and governance practices, and mitigating implementation risks, including leading practices in data governance, privacy and security.

A–AI Models, Considerations, and Requirements
B–AI Governance and Program Management
C–AI Risk Management
D–Privacy and Data Governance Programs  
E–Leading Practices, Ethics, Regulations, and Standards for AI

This domain confirms your skill in assessing an organization’s risk profile and the rewards and consequences of AI implementations while ensuring the organization is operationally ready for successful adoption of this powerful technology.

A–DATA MANAGEMENT SPECIFIC TO AI 
B–AI SOLUTION DEVELOPMENT METHODOLOGIES AND LIFECYCLE 
C–CHANGE MANAGEMENT SPECIFIC TO AI  
D–SUPERVISION OF AI SOLUTIONS  (E.G., OUTPUTS, IMPACTS, AND DECISIONS) 
E–TESTING TECHNIQUES FOR AI SOLUTIONS
F–THREATS AND VULNERABILITIES SPECIFIC TO AI  
G–INCIDENT RESPONSE MANAGEMENT SPECIFIC TO AI 

This domain focuses on optimizing audit outcomes through innovation while highlighting your knowledge of audit techniques tailored to AI systems and your use of AI-enabled tools to streamline audit efficiency and provide faster, quality insight.

A–AUDIT PLANNING AND DESIGN
B–AUDIT TESTING AND SAMPLING METHODOLOGIES 
C–AUDIT EVIDENCE COLLECTION TECHNIQUES 
D–AUDIT DATA QUALITY AND DATA ANALYTICS
E–AI AUDIT OUTPUTS AND REPORTS 

1. Evaluate AI solutions to advise on impact, opportunities, and risk to organization.
2. Evaluate the organization's AI policies and procedures, including compliance with legal and regulatory requirements.
3. Evaluate the impact of AI solutions on system interactions, environment, and humans.
4. Evaluate the role and impact of AI decision-making systems on the organization and stakeholders.
5. Analyze the impact of AI on the workforce to advise stakeholders on how to address AI-related workforce impacts, training, and education
6. Evaluate that awareness programs align to the organization’s AI-related policies and procedures.
7. Evaluate system/business requirements for AI solutions to ensure alignment with enterprise architecture.
8. Evaluate the AI solution lifecycle (e.g., design, development, deployment, monitoring, and decommissioning) and inputs/outputs for compliance and risk.
9. Evaluate algorithms and models to ensure AI solutions are aligned to business objectives, policies, and procedures.
10. Evaluate vendors and supply chain management programs specific to AI solutions.
11. Evaluate whether the organization has defined ownership of AI-related risk, controls, procedures, decisions, and standards.
12. Evaluate the design and effectiveness of controls specific to AI.
13. Evaluate the organization's change management program specific to AI.
14. Evaluate the organization's configuration management program specific to AI.
15. Evaluate the organization's data governance program specific to AI.
16. Evaluate the organization's identity and access management program specific to AI.
17. Evaluate data input requirements for AI models (e.g., data appropriateness, bias, privacy).
18. Evaluate the organization's privacy program specific to AI.
19. Evaluate the organization's threat and vulnerability management programs specific to AI.
20. Evaluate the organization’s problem and incident management programs specific to AI.
21. Evaluate the monitoring and reporting of metrics (e.g., KPIs, KRIs) specific to AI.
22. Evaluate impacts, opportunities, and risk when integrating AI solutions within the audit process.
23. Utilize AI solutions to enhance audit processes, including planning, execution, and reporting.