AI Act

AAIA: Advanced in AI Audit

The ISACA advanced credential for auditors moving into AI. Audit methodology for AI systems, AI risk assessment, AI governance frameworks. Three-day intensive, CISA recommended as foundation.

ISACAExpert3 daysLiveSelf-pacedIn-house
  • Practitioner-led, taught by a working CISO
  • Exam & certificate included
  • Re-sit covered if needed

Right fit if you are.

  • Senior IT auditors moving into AI assurance.
  • GRC managers building an AI audit programme.
  • Compliance officers in regulated industries deploying AI (banking, insurance, healthcare, public sector).
  • Big Four senior managers and directors taking on AI engagement leadership.

NOT for. When to skip it.

We'd rather you keep your money than buy the wrong path.

  • Practitioners with no audit background. CISA first, then AAIA.
  • AI engineers wanting to learn audit. The AAIA assumes audit fluency; ISO 42001 Lead Auditor is a better starting point.
  • Junior auditors under two years of experience.

What you'll be able to do

  • 1Plan and execute an audit of AI systems against the ISO 42001 AIMS and AI Act obligations.
  • 2Assess model lifecycle controls (data governance, training, validation, monitoring, decommissioning).
  • 3Test AI fairness, explainability and bias-monitoring controls against the regulatory and audit expectations.
  • 4Audit AI vendor risk and third-party model dependencies.
  • 5Produce AI audit reports that withstand notified-body and supervisory-authority review.

Upcoming public sessions

Open-enrolment cohorts. Pick a date and book your seat. Want a private cohort for your team instead? Request an in-house quote.

No confirmed live cohort right now. You can still:

Buyers always ask

Is CISA required to take AAIA?+

CISA is strongly recommended but not strictly required. The AAIA exam assumes IS audit fluency; without it, the practical exercises around control testing, risk assessment and audit reporting will be uphill. Several learners in our cohorts hold ISO 27001 Lead Auditor instead of CISA and progress fine.

If you have neither CISA nor ISO 27001 Lead Auditor, consider taking one of those first. The AAIA is an advanced add-on, not an entry-level audit credential.

How does AAIA differ from ISO 42001 Lead Auditor?+

ISO 42001 Lead Auditor (PECB) is the certification-audit credential for the ISO 42001 AIMS standard specifically. AAIA (ISACA) is broader: it covers AI audit methodology across frameworks (ISO 42001, AI Act, NIST AI RMF) and includes AI-specific control families that the AIMS standard does not detail (model bias monitoring, prompt-injection testing, deepfake detection controls).

Many senior AI auditors hold both: ISO 42001 Lead Auditor for the AIMS certification-audit work, AAIA for the broader engagement portfolio.

How long is the AAIA exam?+

Three hours, scenario-based plus multiple-choice. Computer-based at a PSI testing centre. Passing mark and scoring scale match the other ISACA credentials (200 to 800, 450 to pass).

Is AAIA recognised by EU regulators?+

AAIA is an ISACA credential, not a regulatory one. EU regulators (national supervisory authorities under the AI Act, notified bodies for high-risk AI systems) do not formally recognise specific personal certifications. What they recognise is the audit methodology and the audit report. AAIA-certified auditors apply a methodology aligned with ISACA standards, which regulators generally accept as professional practice.

Ready to get certified?

Taught by a practicing CISO. Prices shown up front. Certified or refunded.