ISACA Advanced in AI Risk (AAIR) Certification

Module 1: AI Risk Governance and Framework Integration

AI Models, Frameworks, Strategies, and Use Cases

• Types of AI
• AI Frameworks
• Business Use Case and AI Use Case Review
• AI Business Strategies

AI Organizational Processes and Alignment

• AI Governance Fundamentals
• Alignment to Existing Organizational Structures

 AI Ownership, Oversight, and Accountability

• AI-related Roles and Responsibilities
• Accountability and AI
• RACI for AI Solutions

AI Policies, Procedures, and Organizational Training

• AI Acceptable Use Policy
• AI Policy Development
• AI Procedures and Manuals
• Organizational Culture and AI Risk Governance
• Elements of Effective AI Training and Awareness

AI Regulatory Compliance and Legal Considerations

• Compliance With Laws and Regulations
• Gaps in Regulatory Coverage
• Mapping Legal Requirements for AI
• Assessing Legal Exposure and Liability for AI Actions
• Intellectual Property Considerations in AI
• Vendor Contract Review

AI Trustworthiness, Ethical and Societal Implications

• Responsible Use of AI Systems 68
• Bias and Fairness
• Transparency and Explainability
• Trust and Safety
• Human Rights and Societal Impact
• Environmental Impact

Module 2: AI Life Cycle Risk Management

AI Design, Development, Procurement, and Documentation

• Plan and Design
• Data Requirements for AI Models
• Procurement of AI Solutions
• Build, Adapt, and Document Models

AI Model Training, Testing and Validation

• Sourcing Datasets
• Validating the Data
• Model Training
• Model Testing and Validation
• Model Performance and Fine Tuning

AI Implementation, Maintenance, and Decommissioning

• AI Deployment and Implementation
• Robustness and Scalability Considerations
• Monitoring and Managing Model Drift
• Change Management in AI Systems
• Decommissioning AI Solutions

AI Data and Asset Management

• AI Asset Inventory
• Data Collection for AI
• Data Classification
• Data Confidentiality
• Data Quality
• Data Balancing
• Data Scarcity
• Data Security
• Data Preparation and Normalization
• Data Minimization and Privacy Considerations

Module 3: AI Risk Program Management

AI Risk Scenario Identification and Assessment

• AI Threat Landscape
• AI Threat Modeling
• Development of AI Risk Scenarios
• AI Risk Classification
• AI Risk Assessment

AI Risk Treatment Strategies

• Accept
• Avoid
• Mitigation
• Transfer/Share

AI Controls Management

• AI Control Types and Control Frameworks
• AI Control Selection and Validation
• Control Performance
• Controls Specific to AI Solutions
• Use of AI in Control Management

AI Risk Metrics, Monitoring, and Reporting

• Risk and Performance Metrics
• AI Risk Reportings

AI Supply Chain Risk Management

• AI Vendor Management
• AI Shared Responsibility Model
• AI Software Supply Chain Risk
• Cloud Computing Risk in AI Supply Chains

AI Incident Response, BIA, Business Continuity, and Disaster Recovery

• AI Business Impact Analysis
• Prepare
• Identify and Report
• Assess
• Respond
• Post-incident Review