Advanced in AI Risk

Learners should have a solid understanding of governance, risk management and information security principles. Prior experience working within risk or compliance functions is recommended.

This course is designed for experienced governance, risk and security professionals who want to extend their expertise into AI risk management. It is particularly relevant for individuals who hold certifications such as:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance, Risk and Compliance (CGRC)
• Certified Information Systems Security Professional (CISSP)

By the end of this course, learners will be able to:

• Evaluate risks associated with AI models and solutions, including design, algorithms, training, drift and lifecycle considerations
• Integrate AI risk management into enterprise risk management frameworks and programmes
• Develop and implement an AI risk management framework, including roles, responsibilities and risk tolerance
• Conduct structured risk assessments to identify and classify AI-related risks
• Recommend and justify appropriate risk treatment strategies
• Assess compliance with AI-related regulations, standards and legal requirements
• Embed AI risk considerations into governance structures, risk registers and control frameworks
• Evaluate AI use cases against organisational risk appetite
• Monitor and test processes to identify emerging AI risks
• Collaborate across functions to embed AI risk awareness and training
• Develop AI risk metrics and reporting for operational and executive audiences
• Conduct threat and vulnerability assessments on AI initiatives
• Integrate AI risk into incident management, business continuity and disaster recovery planning
• Continuously monitor the evolving AI risk landscape
• Evaluate and validate controls to ensure risks remain within acceptable tolerance
• Advise on AI-related contractual risks, including data usage and intellectual property
• Assess AI risk within supply chains and third-party relationships
• Address ethical, societal and ESG implications including bias, privacy and safety
• Leverage AI capabilities to enhance risk management processes
• Integrate AI risk considerations into change management processes
• Evaluate human oversight controls at critical decision points

Domain 1: AI risk governance and framework integration
This domain focuses on establishing strong governance foundations for AI risk management and aligning AI initiatives with organisational strategy.

• AI models, frameworks, strategies and use cases
• AI organisational processes and alignment
• AI ownership, oversight and accountability
• AI policies, procedures and organisational training
• AI regulatory compliance and legal considerations
• AI trustworthiness, ethics and societal implications including ESG

Domain 2: AI life cycle risk management
This domain explores how risk is managed across each stage of the AI lifecycle, from design through to decommissioning.

• AI design, development or procurement and documentation
• AI model training, testing and validation
• AI implementation, maintenance and decommissioning
• AI data and asset management

Domain 3: AI risk programme management
This domain focuses on operationalising AI risk management through structured programmes, controls and continuous monitoring.

• AI risk scenario identification and assessment including threats, vulnerabilities and attacks
• AI risk treatment strategies
• AI controls management including evaluation, selection and validation
• AI risk metrics, monitoring and reporting
• AI supply chain risk management including third-party resources
• AI incident response, business impact analysis, business continuity and disaster recovery

Exam and certification

This course prepares learners for the ISACA Advanced in AI Risk (AAIR) certification. An exam voucher is included and can be redeemed after the course. Exams are scheduled directly with ISACA.

Hands-on learning

Participants will:

• Analyse case studies simulating real-world AI risk challenges
• Perform structured walkthroughs and risk assessments
• Evaluate risk evidence using simulated data sets
• Apply concepts through guided scenarios on AI lifecycle, privacy, and governance
• Participate in instructor-led discussions to enhance cross-functional AI risk understanding

Product Access Change

Important Update to ISACA Product Access Periods

Effective 16 April 2026, ISACA is changing product access times from 12-months to 6-months across Exams, QAE, Online Review Courses, non-sponsored Webinars, and Virtual Workshops.

Access periods will change from 12 months to 6 months, as outlined below.

How the New Access Windows Work

• 1. Assignment & Redemption Window: Products must be assigned and redeemed within 6 months of the purchase date.
• 2. Access & Completion Window: Once redeemed, learners will have 6 months of access to use the product. This includes - Accessing learning content, Scheduling exams, Sitting exams (where applicable).

What This Means for You as a Learner

• Review Manuals – Learners will continue to have longterm access
• QAE Databases & Online Review Courses – Available for 6 months after redemption
• Exams – Must be scheduled and completed within 6 months of redemption
• We recommend redeeming products promptly and planning your study and exam schedule early to make the most of your access period.