The ISACA advanced credential for risk managers building an AI risk programme. AI risk assessment, risk treatment, AI risk governance. Three-day intensive, CRISC recommended as foundation.
For
Honest call
We'd rather you keep your money than buy the wrong path.
Outcomes
Public sessions
Open-enrolment cohorts. Pick a date and book your seat. Want a private cohort for your team instead? Request an in-house quote.
No confirmed live cohort right now. You can still:
FAQ
CRISC is strongly recommended. The AAIR curriculum assumes risk-management fluency (risk identification, assessment methodology, treatment options, monitoring). Without that foundation, the methodology discussions are uphill.
Equivalents accepted: ISO 31000 Lead Risk Manager, ISO/IEC 27005 Lead Risk Manager, or three years operating an enterprise risk programme. Cyber Academy assesses prerequisites case-by-case.
ISO/IEC 23894 is the international standard for AI risk management, published in 2023, aligned with ISO 31000. AAIR (ISACA) is a personal credential that draws on ISO 23894 alongside the AI Act, NIST AI RMF and ISACA risk standards. Many practitioners working in the AI risk space will reference ISO 23894 as the methodology; AAIR is the credential that attests they apply it competently.
Regulatory exposure under the AI Act (classification, conformity assessment, transparency obligations). Model risk (bias, fairness, hallucination, model drift). Data risk (training-data quality, lineage, consent under GDPR). Operational risk (model downtime, fallback handling, human-in-the-loop design). Reputational risk (visible AI failures, public sector deployments, vulnerable populations). Third-party AI risk (foundation-model dependency, vendor lock-in, supply-chain attacks).
Three hours, scenario-based plus multiple-choice. Computer-based at a PSI testing centre. Same scoring scale as other ISACA credentials (200 to 800, 450 to pass).
Taught by a practicing CISO. Prices shown up front. Certified or refunded.