Advanced in AI Risk

Prerequisites

Learners should have a solid understanding of governance, risk management and information security principles. Prior experience working within risk or compliance functions is recommended.

This course is designed for experienced governance, risk and security professionals who want to extend their expertise into AI risk management. It is particularly relevant for individuals who hold certifications such as:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance, Risk and Compliance (CGRC)
• Certified Information Systems Security Professional (CISSP)

Advanced in AI Risk Course Content

Domain 1: AI risk governance and framework integration
This domain focuses on establishing strong governance foundations for AI risk management and aligning AI initiatives with organisational strategy.

• AI models, frameworks, strategies and use cases
• AI organisational processes and alignment
• AI ownership, oversight and accountability
• AI policies, procedures and organisational training
• AI regulatory compliance and legal considerations
• AI trustworthiness, ethics and societal implications including ESG

Domain 2: AI life cycle risk management
This domain explores how risk is managed across each stage of the AI lifecycle, from design through to decommissioning.

• AI design, development or procurement and documentation
• AI model training, testing and validation
• AI implementation, maintenance and decommissioning
• AI data and asset management

Domain 3: AI risk programme management
This domain focuses on operationalising AI risk management through structured programmes, controls and continuous monitoring.

• AI risk scenario identification and assessment including threats, vulnerabilities and attacks
• AI risk treatment strategies
• AI controls management including evaluation, selection and validation
• AI risk metrics, monitoring and reporting
• AI supply chain risk management including third-party resources
• AI incident response, business impact analysis, business continuity and disaster recovery

Exam and certification

This course prepares learners for the ISACA Advanced in AI Risk (AAIR) certification. An exam voucher is included and can be redeemed after the course. Exams are scheduled directly with ISACA.

Hands-on learning

Participants will:

• Analyse case studies simulating real-world AI risk challenges
• Perform structured walkthroughs and risk assessments
• Evaluate risk evidence using simulated data sets
• Apply concepts through guided scenarios on AI lifecycle, privacy, and governance
• Participate in instructor-led discussions to enhance cross-functional AI risk understanding

Product Access Change

Important Update to ISACA Product Access Periods

Effective 16 April 2026, ISACA is changing product access times from 12-months to 6-months across Exams, QAE, Online Review Courses, non-sponsored Webinars, and Virtual Workshops.

Access periods will change from 12 months to 6 months, as outlined below.

How the New Access Windows Work

• 1. Assignment & Redemption Window: Products must be assigned and redeemed within 6 months of the purchase date.
• 2. Access & Completion Window: Once redeemed, learners will have 6 months of access to use the product. This includes - Accessing learning content, Scheduling exams, Sitting exams (where applicable).

What This Means for You as a Learner

• Review Manuals – Learners will continue to have longterm access
• QAE Databases & Online Review Courses – Available for 6 months after redemption
• Exams – Must be scheduled and completed within 6 months of redemption
• We recommend redeeming products promptly and planning your study and exam schedule early to make the most of your access period.