🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
AAIR
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
AAIR ISACA Coming Soon

AAIR

The AAIR certification equips IT risk professionals with advanced knowledge to integrate AI risk governance, manage AI risk programs, and control lifecycle risks, ensuring enterprise-wide compliance and strategic decision‑making.

150
Minutes
90
Questions
450/800
Passing Score
${'member': 459, 'non_member': 599}
Exam Cost

Who Should Take This

IT risk leaders who hold CRISC, CISM, or equivalent certifications and oversee enterprise AI initiatives are ideal candidates. They possess several years of risk management experience, seek to embed robust AI governance, and aim to mitigate AI‑related threats throughout development, deployment, and operation.

What's Covered

1 Domain 1: AI Risk Governance and Framework Integration
2 Domain 2: AI Risk Program Management
3 Domain 3: AI Life Cycle Risk Management

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

26 learning goals
1 Domain 1: AI Risk Governance and Framework Integration
3 topics

AI risk governance structures

  • Design AI risk governance frameworks that establish accountability, decision rights, and oversight mechanisms specific to AI risk across the enterprise.
  • Apply AI risk appetite and tolerance frameworks to define acceptable AI risk levels for different use cases, deployment contexts, and organizational functions.
  • Evaluate the integration of AI risk governance with enterprise risk management to assess alignment, coverage gaps, and escalation pathway effectiveness.

AI risk frameworks and regulations

  • Analyze AI risk management frameworks including NIST AI RMF, ISO/IEC 23894, and ISO/IEC 42001 to determine their applicability and implementation requirements.
  • Evaluate AI regulatory requirements including the EU AI Act risk classification, sector-specific AI regulations, and cross-jurisdictional compliance obligations.
  • Recommend AI risk framework adoption strategies that integrate multiple frameworks and address organizational-specific regulatory requirements and risk profiles.

AI risk culture and communication

  • Design AI risk communication strategies that convey AI-specific risks, treatment options, and residual risk levels to technical and non-technical stakeholders.
  • Apply organizational change management techniques to build an AI risk-aware culture that promotes responsible AI development and deployment practices.
  • Evaluate board-level AI risk reporting to assess comprehensiveness, clarity, and decision-support value of AI risk communications to senior leadership.
2 Domain 2: AI Risk Program Management
3 topics

AI risk identification and assessment

  • Apply AI-specific risk identification techniques to systematically discover risks related to data quality, model bias, algorithmic fairness, and operational reliability.
  • Evaluate AI risk assessment methodologies to determine appropriate approaches for different AI use cases including high-risk, medium-risk, and low-risk applications.
  • Analyze emerging AI risks including generative AI hallucination, autonomous decision-making failures, AI-enabled disinformation, and deepfake threats.
  • Design comprehensive AI risk assessment programs that address the full spectrum of AI risks across the organization with consistent methodology and documentation.

AI risk treatment and controls

  • Apply AI control frameworks to select and implement controls addressing model risk, data risk, operational risk, and ethical risk across AI systems.
  • Evaluate AI risk treatment options including risk avoidance by declining high-risk AI use cases, risk mitigation through controls, and risk transfer through insurance and contracts.
  • Recommend AI risk treatment strategies that balance innovation enablement with risk reduction while maintaining compliance with regulatory requirements.

AI risk monitoring and metrics

  • Apply AI risk monitoring frameworks including key risk indicators for model performance, bias metrics, drift detection, and security incident rates.
  • Design AI risk dashboards and reporting mechanisms that provide actionable insights on AI risk posture to risk owners and senior management.
  • Evaluate third-party AI risk management processes including vendor AI risk assessments, SLA monitoring, and contractual risk allocation for AI services.
3 Domain 3: AI Life Cycle Risk Management
2 topics

Data and model development risks

  • Evaluate data acquisition and preparation risks including data bias, incomplete data, mislabeled data, and privacy violations in training data collection.
  • Apply model development risk controls including validation holdout strategies, cross-validation, overfitting detection, and model documentation requirements.
  • Analyze model testing and validation risks to ensure adequate coverage of edge cases, adversarial inputs, and real-world distribution shifts before deployment approval.

Deployment and operational risks

  • Evaluate AI deployment risk controls including staged rollout procedures, canary deployments, A/B testing, and rollback mechanisms for production AI systems.
  • Apply operational risk monitoring techniques to detect model drift, concept drift, data distribution changes, and performance degradation in production AI systems.
  • Design AI model retirement and decommissioning risk management procedures including impact assessment, migration planning, and knowledge preservation.
  • Recommend continuous AI risk management improvements based on operational incident analysis, regulatory changes, and evolving AI technology landscape.

Scope

Included Topics

  • All domains and objectives in the ISACA Advanced in AI Risk (AAIR) exam: Domain 1 AI Risk Governance and Framework Integration (estimated 30%), Domain 2 AI Risk Program Management (estimated 35%), and Domain 3 AI Life Cycle Risk Management (estimated 35%).
  • Advanced-level AI risk management including AI risk governance frameworks, AI risk identification and assessment, AI risk treatment strategies, and AI risk monitoring throughout the model lifecycle.
  • AI risk governance: AI risk appetite definition, AI risk policies, integration of AI risk with enterprise risk management, regulatory compliance for AI risk (EU AI Act, NIST AI RMF), and board-level AI risk reporting.
  • AI risk program management: AI risk assessment methodology, AI control frameworks, AI risk metrics and KRIs, third-party AI risk, AI risk culture, and cross-functional AI risk coordination.
  • AI lifecycle risk management: data acquisition risks, model development risks, deployment risks, operational risks including drift and degradation, decommissioning risks, and continuous monitoring requirements.
  • Emerging AI risks including generative AI risks, autonomous system risks, AI-enabled disinformation, deepfake threats, and algorithmic amplification risks.

Not Covered

  • General IT audit procedures and audit program management (covered by CISA and AAIA).
  • AI security operations and technical security control implementation (covered by AAISM).
  • General IT risk management not specific to AI systems (covered by CRISC).
  • Deep machine learning model development and optimization beyond risk implications.
  • Actuarial and financial modeling specific to non-AI contexts.

Official Exam Page

Learn more at ISACA

Visit

AAIR is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

ISACA®, CISA®, CISM®, CRISC®, CGEIT®, and CDPSE® are registered trademarks of ISACA. ISACA does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.