AAIA ISACA Advanced in AI Audit (AAIA) Questions and Answers

Using postal codes as a primary factor in credit scoring raises concerns of geographic and socioeconomic bias. Postal codes can serve as proxies for race, ethnicity, or income level—potentially violating fair lending laws and ethical guidelines.

“Auditors should flag models that rely on proxies for protected attributes. Postal codes are high-risk features that may inadvertently lead to redlining or other discriminatory practices.”

A, B, and C are more justifiable under fair lending guidelines. Thus, D presents the highest concern.

Generative AI excels at synthesizing large datasets and technical documentation into understandable insights. The AAIA™ Study Guide recommends leveraging generative AI to identify domain-specific risks and control considerations by analyzing complex environments and correlating them with industry risk patterns.

“AI can assist auditors during planning by generating tailored risk profiles for technologies under review, helping prioritize audit focus and scoping.”

While summarizing interviews (D) and creating diagrams (B) are helpful, only C directly informs audit planning with actionable intelligence. A (separation of duties) is a later-stage control assessment.

Accountability for data management (option D) is the most crucial consideration. The AAIA™ Study Guide emphasizes that “clear roles, responsibilities, and ownership for data management activities are central to trustworthy AI systems, as they ensure compliance, traceability, and the consistent application of policies and controls.”

Retention, portability, and data training practices are important, but accountability is foundational for the enforcement and monitoring of all other governance practices.

Using AI to make employment decisions such as driver termination or retention introduces significant ethical risks. If based solely on performance metrics without context or human review, such systems can lead to unfair treatment or discrimination—violating principles of transparency and due process.

“Automating workforce decisions must be approached cautiously to prevent discriminatory outcomes. Ethical AI governance requires oversight when AI is used for employment-impacting decisions.”

A, C, and D involve business optimization without directly affecting individual employment rights. Therefore, B poses the greatest ethical risk.

Imputing missing values using the mean, median, or mode is a common technique to fill blanks in datasets. However, according to the AAIA™ Study Guide, this method introduces a significant risk of information distortion, especially if the data is not normally distributed or if imputed values disproportionately impact underrepresented groups.

“Simple imputation can reduce data variability and reinforce existing biases. It may also misrepresent the true distribution of the data, leading to skewed model outputs.”

Other options (B, C, D) may involve transformations, but they do not inherently cause as much bias or data misrepresentation as A.

To assess compliance with intellectual property (IP) and data rights, the IS auditor must review documented data usage agreements that specify ownership, licensing, consent, and limitations of use. The AAIA™ Study Guide underscores the importance of verifying that the data used to train or feed AI models is obtained and utilized within legal and contractual boundaries.

“Auditors must review data usage agreements to validate whether the organization has appropriate rights to use, distribute, or transform data inputs, especially where third-party or sensitive data is involved.”

While open-source usage (C) is a concern, only B provides legal clarity. Metrics (A) and logs (D) reflect performance—not legal compliance.

Transparency in AI systems is a key requirement to ensure trust, accountability, and ethical compliance. According to the ISACA AAIA™ Study Guide under the "AI Governance and Risk Management" section, understanding the decision-making process of an AI system falls under the principle of explainability. Explainability refers to the degree to which an observer can understand the internal mechanics of an AI system and the rationale behind its outputs.

“Reviewing the explainability of AI outputs allows auditors and stakeholders to determine whether model decisions are interpretable and justifiable. High transparency means stakeholders can trace how and why a decision was made.”

While algorithm complexity and computational cost are technical considerations, they do not directly facilitate the audit of decision-making transparency. Similarly, training data diversity is essential for bias reduction but does not explain how decisions are derived. Therefore, option D is the most aligned with auditing transparency.

The use of customer data in AI training presents a significant privacy risk, especially when the data is not properly anonymized or when consent has not been explicitly obtained. The AAIA™ Study Guide classifies the unauthorized or inadvertent disclosure of personally identifiable information (PII) as the most severe risk in such contexts.

“Training AI models on customer data without proper safeguards can result in the unintentional exposure of personal or sensitive information, leading to data breaches and compliance violations.”

While bias (B) and hallucinations (D) are important operational concerns, they do not pose the same regulatory and ethical severity as PII exposure. Therefore, A is the most critical risk.

Assessing data lineage provides insight into the origin, flow, and transformation of data across its lifecycle, which is crucial for validating data governance. The AAIA™ Study Guide states that data lineage is essential to ensure the accuracy, consistency, and trustworthiness of data used in training AI models.

“Traceability of data sources is a core tenet of effective data governance. Data lineage validation ensures data quality, prevents unauthorized modifications, and maintains auditability.”

BIA (A) focuses on impact, not data quality. Reviewing SDLC (B) is broad and may not highlight data-specific risks. Penetration testing (C) addresses security, not governance. Therefore, D is the best method.

The greatest challenge for IS auditors in evaluating the explainability of generative AI models is the changing nature of algorithms as AI continues to learn (option D). Generative AI models, especially those using advanced techniques like deep learning and reinforcement learning, often employ continuous or dynamic learning, which results in models that evolve over time. This adaptability can significantly hinder explainability because the logic, parameters, or decision pathways may shift with ongoing retraining or real-time learning.

The ISACA Advanced in AI Audit™ (AAIA™) Study Guide stresses that: “Continually learning AI systems present unique audit challenges, as their internal representations and reasoning can change after deployment, making it difficult to fully capture and explain the rationale for outputs at any given point.”

Other options, such as bias in input data or computational performance, are significant but do not pose as fundamental a challenge to explainability as a model whose internal workings can dynamically change.

Clustering, especially in sensitive domains like healthcare, can inadvertently expose confidential patient data if the resulting groups are too specific or reveal underlying health conditions. The AAIA™ Study Guide warns that clustering can increase privacy risks when small, homogenous groups are formed that effectively re-identify individuals or reveal sensitive traits.

“Clustering results must be carefully reviewed to prevent indirect re-identification or unintended exposure of sensitive traits. Ethical handling of aggregated patient data is essential to protect individual privacy.”

While A and B involve general concerns, and C focuses on performance, D directly addresses the most significant privacy threat: exposure through cluster outputs.

Human-centered design (HCD) focuses on integrating stakeholder needs, ethical implications, and social impact into AI system development. The AAIA™ Study Guide emphasizes the role of HCD in minimizing negative workforce impacts and ensuring inclusive design.

“Auditors should review whether the AI system design process included human-centered practices—particularly for applications affecting jobs or critical human roles. HCD ensures responsible adoption.”

While feedback collection (C) and impact assessments (D) provide useful context, A directly addresses ethical impact mitigation at the design level.

The AAIA™ Study Guide emphasizes that AI implementations introduce dynamic and non-deterministic elements into systems, increasing the risk associated with changes. A comprehensive, AI-specific risk assessment is therefore the most critical component of a change management program to ensure that updates, retraining, or parameter adjustments do not introduce vulnerabilities or unintended consequences.

“Risk assessments tailored to AI are crucial because changes to models, training data, or infrastructure can affect performance, ethical compliance, or expose the system to new threats. A standard IT change review is often insufficient.”

While having a governance committee (A) and reviewing documentation (B) are important supporting practices, only option C directly mitigates the core risks of AI system change. Ethics training (D) supports awareness but is not directly tied to change control.

The F1 score is the harmonic mean of precision and recall, offering a balanced measure of model accuracy, especially when there is an imbalance in the classes (e.g., more “no-maintenance” than “needs-maintenance” outcomes). According to the AAIA™ Study Guide, the F1 score is used to evaluate how well the model identifies true positives while balancing the risk of false positives and false negatives.

“An F1 score summarizes the model's ability to correctly identify relevant events—in this case, true maintenance needs. A 76% F1 score means the model is relatively balanced and effective at catching maintenance requirements without generating too many false alerts.”

Thus, D is correct. Option A misrepresents recall as predictive accuracy. Option B misinterprets accuracy. Option C has no direct basis in the excerpt.

Transparency is a foundational principle for AI governance and effective risk management. When evaluating AI systems, IS auditors must assess not just how an algorithm functions, but also whether its processes and decisions are understandable and explainable. According to the ISACA Advanced in AI Audit™ (AAIA™) Study Guide, "algorithmic transparency—enabling auditors and stakeholders to see and understand the rationale behind automated decisions—is essential for ensuring accountability, fairness, and compliance with both organizational policies and regulatory requirements."

Transparent justification of decisions (option C) directly supports an auditor’s ability to evaluate the appropriateness, logic, and fairness of the AI’s outputs. This is critical in identifying bias, ensuring ethical considerations are met, and verifying that outcomes are consistent with intended objectives. Without transparent justification, it is difficult for an IS auditor to independently assess whether decisions are being made based on valid, legal, and ethical grounds.

By contrast, options A, B, and D are either standard operational aspects or supportive features, but they do not directly empower auditors to evaluate or scrutinize the algorithm’s decision-making process. The Study Guide explicitly highlights, “Effective AI governance frameworks require that systems provide clear, interpretable explanations for their decisions, supporting auditability and accountability across the AI lifecycle.”

When organizations leverage off-the-shelf AI models, effective vendor management is critical to ensure operational reliability, compliance, and long-term support. The ISACA Advanced in AI Audit™ (AAIA™) Study Guide highlights that the "establishment of clear contractual terms regarding responsibilities for ongoing model updates, maintenance, support, and incident response is essential for managing third-party AI risks."

By clearly defining the roles and expectations for updates and support (option B), organizations reduce the risk of unaddressed vulnerabilities, outdated models, or unclear recourse in the event of an incident or system failure. This approach supports ongoing risk management and ensures that both parties understand their obligations throughout the model’s lifecycle.

While market research, vendor accreditation, and contract review by information security are important due diligence steps, they do not directly address the need for clarity in ongoing vendor responsibilities, which is critical for effective governance and sustained operation of AI solutions.

Ensuring AI model resilience against external threats involves validating that the model is configured to resist attacks, such as adversarial inputs, data poisoning, or misuse. The AAIA™ Study Guide emphasizes configuration testing as a crucial control to simulate threat scenarios and assess robustness.

“Model configuration testing simulates real-world threat conditions to validate model resilience. This includes testing against adversarial attacks, input manipulation, and exposure of sensitive outputs.”

While access monitoring (C) and anonymization (A) reduce risks, they don’t actively validate model behavior under threat conditions. Therefore, D offers the most effective resilience measure.

In the context of AI-driven audit planning, the AAIA™ Study Guide identifies incomplete or inaccurate data as the most significant risk. If the data input into AI tools is missing, outdated, or inconsistent, the model's suggestions for risk prioritization or control testing will be flawed.

“Audit planning supported by AI tools is only as strong as the underlying data. Incomplete data may cause incorrect risk assessments or misallocate audit resources, undermining audit effectiveness.”

While scope creep and cost are common concerns in project management, and limited AI knowledge can be mitigated through training, only incomplete data directly impacts the validity of audit planning outputs.

The AAIA™ Study Guide stresses that inputting confidential or proprietary data into third-party generative AI tools may result in unauthorized data disclosure. These tools may store, process, or retrain on the input data, leading to privacy and intellectual property risks.

“When employees input sensitive data into external AI tools, organizations risk losing control over that information. This may result in regulatory non-compliance, legal exposure, and irreversible data leakage.”

While business disruption (C) and reliance (D) are notable, the most severe and immediate risk is B—unauthorized disclosure. Data contamination (A) impacts model reliability, not data security.

Problem framing (option D) is the process of clearly defining the purpose, scope, and desired outcomes of an AI system before it is built or deployed. According to the ISACA AAIA™ Study Guide, “problem framing is the critical first step that aligns model development and subsequent behaviors with the strategic and operational objectives of the organization.” If the AI problem is not framed in accordance with organizational goals, even a technically successful AI model could generate outputs that do not support the organization’s mission or priorities.

Algorithm debugging, data transformation, and model training are all important phases but rely on the initial problem framing to ensure their efforts are correctly directed.

Supervised learning is a foundational type of machine learning in which the model is trained on a labeled dataset. According to the AAIA™ Study Guide, labeled data includes input features along with the correct output, enabling the model to learn the mapping function accurately.

“In supervised learning, models learn from input-output pairs provided in the training data. This method enables predictive modeling tasks such as classification and regression.”

Unlabeled data (A) is used in unsupervised learning; clustered data (B) is a technique rather than a data type; and randomized data (D) refers to distribution strategy, not labeling. Hence, labeled data is the correct answer.

Bias in AI decision-making is one of the most critical risks, particularly when AI influences areas like hiring, lending, or healthcare. The AAIA™ Study Guide highlights the ethical and operational consequences of biased models, which may lead to discrimination, legal liability, and reputational damage.

“Bias in AI outputs can originate from skewed training data or flawed algorithms. Auditors must evaluate whether mitigation techniques, such as bias detection and fairness testing, are in place.”

While costs (A) and industry maturity (B) are considerations, they do not pose the same systemic ethical risk. Resistance (D) is a change management issue. C represents the most impactful and widespread risk.

Data cleaning is a foundational task in the AI development lifecycle. The AAIA™ Study Guide identifies data quality—ensuring completeness, accuracy, consistency, and correctness—as critical to building effective and unbiased AI systems. Cleaning the data involves removing duplicates, correcting errors, addressing missing values, and standardizing formats.

“Data cleaning is a prerequisite for effective training and evaluation. Poor-quality data leads to inaccurate or misleading model outputs, increasing operational and ethical risks.”

While training (D) is essential, it must occur only after the data has been adequately prepared. Stratification (A) supports certain modeling approaches but is secondary to data integrity. Therefore, C is the most important task at the data-gathering stage.

To prevent data poisoning, especially in systems relying on publicly submitted content such as product reviews, access authentication is critical. The AAIA™ Study Guide specifies that authenticated input sources help ensure data integrity and traceability, reducing the likelihood of adversarial or malicious contributions.

“Limiting review input to authenticated users restricts unauthorized actors—such as competitors or bots—from submitting biased or harmful data. This control protects model training and outputs from being manipulated.”

Options A and C address technical data handling but not source authenticity. Option B may inadvertently incentivize biased reviews. Option D provides a robust control against poisoning.