What is covered on the AAIA exam?

This Domain demonstrates your ability to advise stakeholders on implementing AI solutions through appropriate and effective policy, risk controls, data governance and ethical standards.

A–AI Models, Considerations, and Requirements
B–AI Governance and Program Management
C–AI Risk Management
D–Privacy and Data Governance Programs  
E–Leading Practices, Ethics, Regulations, and Standards for AI

This domain confirms your skill in balancing sustainability, operational readiness, and the risk profile with the benefits and innovation AI promises to support enterprise-wide adoption of this powerful technology.

A–DATA MANAGEMENT SPECIFIC TO AI 
B–AI SOLUTION DEVELOPMENT METHODOLOGIES AND LIFECYCLE 
C–CHANGE MANAGEMENT SPECIFIC TO AI  
D–SUPERVISION OF AI SOLUTIONS  (E.G., OUTPUTS, IMPACTS, AND DECISIONS) 
E–TESTING TECHNIQUES FOR AI SOLUTIONS
F–THREATS AND VULNERABILITIES SPECIFIC TO AI  
G–INCIDENT RESPONSE MANAGEMENT SPECIFIC TO AI 

This domain focuses on optimizing audit outcomes through innovation and highlights your knowledge of audit techniques tailored to AI systems and the use of AI-enabled tools streamline audit efficiency and provide faster, quality insight.

A–AUDIT PLANNING AND DESIGN
B–AUDIT TESTING AND SAMPLING METHODOLOGIES 
C–AUDIT EVIDENCE COLLECTION TECHNIQUES 
D–AUDIT DATA QUALITY AND DATA ANALYTICS
E–AI AUDIT OUTPUTS AND REPORTS 

1. Evaluate impacts, opportunities, and risk when integrating AI solutions within the audit process.
2. Utilize AI solutions to enhance audit processes, including planning, execution, and reporting.
3. Evaluate AI solutions to advise on impact, opportunities, and risk to organization.
4. Evaluate the impact of AI solutions on system interactions, environment, and humans.
5. Evaluate the role and impact of AI decision-making systems on the organization and stakeholders.
6. Evaluate the organization's AI policies and procedures, including compliance with legal and regulatory requirements.
7. Evaluate the monitoring and reporting of metrics (e.g., KPIs, KRIs) specific to AI.
8. Evaluate whether the organization has defined ownership of AI-related risk, controls, procedures, decisions, and standards.
9. Evaluate the organization's data governance program specific to AI.
10. Evaluate the organization's privacy program specific to AI.
11. Evaluate the organization’s problem and incident management programs specific to AI.
12. Evaluate the organization's change management program specific to AI.
13. Evaluate the organization's configuration management program specific to AI.
14. Evaluate the organization's threat and vulnerability management programs specific to AI.
15. Evaluate the organization's identity and access management program specific to AI.
16. Evaluate vendors and supply chain management programs specific to AI solutions.
17. Evaluate the design and effectiveness of controls specific to AI.
18. Evaluate data input requirements for AI models (e.g., data appropriateness, bias, privacy).
19. Evaluate system/business requirements for AI solutions to ensure alignment with enterprise architecture.
20. Evaluate the AI solution lifecycle (e.g., design, development, deployment, monitoring, and decommissioning) and inputs/outputs for compliance and risk.
21. Evaluate algorithms and models to ensure AI solutions are aligned to business objectives, policies, and procedures.
22. Analyze the impact of AI on the workforce to advise stakeholders on how to address AI-related workforce impacts, training, and education.
23. Evaluate that awareness programs align to the organization’s AI-related policies and procedures.