As Artificial Intelligence (AI) continues to revolutionize industries, the role of auditors has to evolve to meet the unique challenges posed by this transformative technology. AI is reshaping every process in enterprises, initially focusing on areas with less governance and higher costs. However, as AI technology advances and becomes easier to implement and use, it will eventually influence all company processes. Governing bodies and regulators already are identifying risks associated with AI and developing various regulations defining requirements on AI governance. The lack of AI governance and legal constraints can have a negative impact on the pace of AI implementation, hindering the technology’s potential benefits.
AI, as an emerging technology, presents a unique challenge for IT auditors. Research indicates that auditors responsible for auditing AI systems must possess knowledge in AI, including the underlying models, data science, statistics and mathematics. AI-based systems are inherently more complex and fundamentally different from traditional IT systems, particularly with deep learning models that lack transparent logic. Consequently, this introduces new risks associated with a technology that is not widely understood by IT auditors. Auditors need to develop expertise in AI to continue providing value to their organizations, particularly in assurance functions and in advisory roles.
To address this challenge and increasing demand for AI auditing expertise, ISACA has put forward a new certification, ISACA Advanced in AI Audit (AAIA), to support qualified IT audit/IT advisory professionals with a CISA or another qualifying credential* to enhance their expertise in navigating AI-driven challenges while upholding the highest industry standards. The new certification is designed for professional auditors who already possess a strong understanding of the auditing process and seek to understand how AI is transforming IT audits. Additionally, the certification addresses the risks and explores the opportunities for auditors utilizing AI in the audit process.
AAIA is structured around three domains:
- AI Governance and Risk
- AI Operations
- AI Auditing Tools and Techniques
AI Governance and Risk
The AI Governance and Risk domain starts with an in-depth understanding of various AI models, their applications, and the specific requirements for their implementation. It further encompasses the governance and program management of AI models, including managing risks associated with AI. Given the integral role of data in AI, auditors must be proficient in safegarding information, ensuring compliance with legal and ethical standards. Additionally, auditors should be comfortable with leading practices and possess understanding of global and regional regulations governing AI.
AI Operations
The AI Operations domain addresses the risks arising throughout the AI lifecycle. Starting with data management, which is the backbone of AI, this domain evaluates the auditor’s knowledge of algorithm development, change management and supervision of AI solutions. Additionally, it covers threats and vulnerabilities specific to AI, along with the testing techniques for AI solutions. Auditors must be skilled in identifying potential security risks and recommending measures to protect AI systems. Auditors also should understand how AI-specific incidents impact incident response management.
AI Auditing Tools and Techniques
The final domain focuses on the transformative impact of AI on the auditing profession. The AI Auditing Tools and Techniques domain assesses the auditor’s ability to use AI to enhance the audit process, including planning, execution and reporting. Candidates must understand how to leverage AI in designing audits, employing testing and sampling methodologies, utilizing evidence collection techniques, and applying data analytics. Additionally, auditors should be proficient in generating comprehensive audit reports that effectively communicate their findings.
ISACA’s Response to the AI Skills Gap
Over the next five years, AI is projected to be the main driver behind the creation of 170 million new jobs. Simultaneously, 70% of the skills needed for all jobs are expected to change due to the influence of AI. Despite the opportunities presented by AI-related job creation, significant challenges exist in workforce adaptation and skills development. According to the research cited in the International Journal of Engineering, Science and Information Technology, 84% of survey respondents highlighted difficulties in workforce adaptation due to inadequate AI training programs. Many workers remain unprepared for emerging AI roles, particularly in governance and auditing functions that require specialized knowledge of technology, ethics and regulatory frameworks.
Technological change often outpaces educational and training responses, creating misalignment between available talent and employment opportunities. In creating AAIA, ISACA is addressing this situation and providing the ability for audit professionals to future-proof their skillset.
*Those with an active credential from the following list are eligible to pursue the AAIA:
All qualify:
- CISA (Certified Information Systems Auditor from ISACA)
Must be in an IT audit or IT advisory role to qualify:
- CIA (Certified Internal Auditor from the Institute of Internal Auditors (IIA))
- CPA (Certified Public Accountant from the American Institute of Certified Public Accountants (AICPA))
- ACCA (Association of Chartered Certified Accountants Qualification from the Association of Chartered Certified Accountants)
- FFCA (ACCA Fellow Chartered Certified Accountant from the Association of Chartered Certified Accountants (ACCA))
- Canadian CPA (Canadian Chartered Professional Accountant from the Chartered Professional Accountants of Canada)
- CPA Australia (Certified Practicing Accountant)
- FCPA (CPA Australia Fellow Certified Practicing Accountant)
- Japanese CPA (Japanese Certified Public Accountant from the Japanese Institute of Certified Public Accountants (JICPA))
