Advanced in AI Auditor (AAIA)

This course is designed for IT audit professionals who already hold CISA, CIA, or CPA certifications, although not mandatory. A working knowledge of audit methodology, risk management, and IT governance is expected. Familiarity with data handling and emerging technologies is recommended.

Target audience

This course is intended for:

• Certified auditors such as CISA, CIA, or CPA professionals
• IT governance, compliance, privacy, and assurance teams
• Enterprise risk managers and internal auditors

Security professionals, and audit teams responsible for evaluating AI solutions and controls

By the end of this course, participants will be able to:

• Explain governance principles and evaluate AI-specific risks across the enterprise
• Assess the effectiveness of AI operations, lifecycle processes, and system monitoring
• Apply leading practices in data privacy, model testing, and ethical compliance
• Use AI-specific audit techniques for planning, execution, and reporting
• Collect, test, and analyse audit evidence using modern tools and AI-driven sampling
• Deliver audit outputs aligned with stakeholder needs and regulatory requirements

AI governance and risk

• Types of AI and machine learning models
• Overview of AI lifecycle from planning to decommissioning
• Business use cases, cost-benefit analysis, and deployment options
• Governance strategies, roles, and AI-specific policies
• AI training, awareness, and metrics
• AI risk landscape, identification, assessment, and monitoring
• Data governance for AI (classification, licensing, retention)
• Privacy and regulatory considerations (GDPR, consent, ownership)
• Ethical practices including bias, fairness, and transparency

AI operations

• AI-specific data management (collection, confidentiality, security)
• Managing AI lifecycle phases with development methodologies
• Privacy-by-design and security-by-design principles
• Change management considerations for AI environments
• Supervision strategies: human-in-the-loop, observability, hallucination
• Testing AI models: from conventional to AI-specific techniques
• Threats and vulnerabilities including model poisoning and prompt injection
• Incident response planning, assessment, containment, and review

AI auditing tools and techniques

• Planning and designing an AI audit
  • Identifying AI assets and controls
  • Common audit use cases and auditor training needs
• Audit testing and sampling
• AI testing methodologies and sampling strategies
• Expected outcomes and performance indicators
• Data handling, transformation, and extraction
• Walkthroughs, interviews, and AI-driven log analysis
• Ensuring clean, relevant data
• Applying sentiment analysis and advanced dashboards
• Advisory reporting, visuals, and automation
• Conducting audit follow-up and ensuring quality assurance
• Evidence collection techniques
• Data quality and analytics
• Reporting AI audit outcomes

Exams and assessments

The ISACA Advanced in AI Audit exam voucher is included, taken, and booked post course directly via ISACA

Hands-on learning

Participants will:

• Analyse case studies simulating real-world AI audit challenges
• Perform structured walkthroughs and risk assessments
• Evaluate audit evidence using simulated data sets
• Apply concepts through guided scenarios on AI lifecycle, privacy, and governance
• Participate in instructor-led discussions to enhance cross-functional audit understanding