One-Page Cheat Sheet
Condensed, high-yield revision for the night before. Use Print for a clean paper copy (nav, footer and buttons are hidden automatically).
When two answers seem right, pick the one that (1) tackles the root risk, (2) is what an independent auditor would do (recommend, don't own/implement controls), and (3) respects sequence: understand & plan → test → conclude → report.
Exam facts
| Questions | 90, all scenario-based multiple choice |
|---|---|
| Time | 2 hours 30 minutes |
| Score | Scaled 200–800; 450 to pass |
| Eligibility | Active CISA · or CIA/CPA (IT-audit role) · or CISM/CRISC/CGEIT + AI-audit experience |
| Pace | ≈ 100 sec/question — flag & move on; never leave blanks (no negative marking) |
Domain weights — spend time accordingly
D1 Governance & Risk
Models & requirements · governance/program mgmt · risk mgmt · privacy & data governance · ethics, regs & standards.
D2 AI Operations
Data mgmt · lifecycle/MLOps · change mgmt · supervision/drift · testing · threats · incident response. Biggest — master this.
D3 Audit Techniques
Planning & scoping · testing & sampling · evidence · data quality/analytics · reporting.
NIST AI RMF — 4 functions
GOVERN
Culture, policies, roles, accountability across the org & lifecycle. (Cross-cutting — applies to all others.)
MAP
Establish context & frame the risks of the AI use case (who, what, impacts).
MEASURE
Analyze, assess, benchmark & monitor risks — metrics for trustworthiness.
MANAGE
Prioritize & act on risks — treat, allocate resources, respond, recover.
Trustworthy-AI characteristics: valid & reliable · safe · secure & resilient · accountable & transparent · explainable & interpretable · privacy-enhanced · fair (harmful bias managed).
EU AI Act — risk tiers
| Tier | Examples | Obligation |
|---|---|---|
| Unacceptable | Social scoring, manipulative/subliminal, most real-time biometric ID in public | Prohibited |
| High-risk | Credit, hiring, education, critical infra, medical, law enforcement | Risk mgmt, data governance, documentation, logging, human oversight, accuracy/robustness, conformity assessment |
| Limited | Chatbots, deepfakes, emotion recognition | Transparency / disclosure ("you're dealing with AI") |
| Minimal | Spam filters, AI in games | No mandatory obligations (voluntary codes) |
GPAI / foundation models have their own transparency & systemic-risk duties. Act has extraterritorial reach and large fines (% of global turnover).
Standards & principles
ISO/IEC 42001
AI Management System (AIMS) — Plan-Do-Check-Act, Annex A controls, certifiable; sibling to ISO 27001.
ISO/IEC 23894 & 22989
23894 = AI risk-management guidance; 22989 = AI concepts & terminology.
OECD / UNESCO / G7
Voluntary principles: human-centred values, transparency, robustness, accountability.
GDPR & AI
Art. 22 (automated decisions + human review), DPIA, lawful basis, data minimization, purpose limitation.
Model metrics — when to use which
| Metric | Meaning | Use when |
|---|---|---|
| Accuracy | % correct overall | Balanced classes only — misleading if imbalanced |
| Precision | TP / (TP+FP) | False positives are costly (e.g., flagging good customers as fraud) |
| Recall (sensitivity) | TP / (TP+FN) | Missing a positive is costly (e.g., disease, fraud detection) |
| F1 | Harmonic mean of P & R | Need balance & classes are imbalanced |
| AUC / ROC | Ranking quality across thresholds | Compare classifiers independent of threshold |
Confusion matrix: TP / FP / FN / TN. Fairness: compare error rates across protected groups (e.g., four-fifths / adverse-impact rule). Explainability: SHAP, LIME.
Drift & monitoring
Data drift
Input distribution changes (the world shifts). Model unchanged but inputs no longer match training data.
Concept drift
Relationship between inputs & target changes — what "good" looks like has moved. Retrain trigger.
Controls auditors look for: defined KPIs/KRIs, automated drift detection, retraining triggers & approval, genuine human-in-the-loop (not rubber-stamp), override & rollback, escalation paths.
AI threats — name & mitigation
| Threat | What it is |
|---|---|
| Prompt injection / jailbreak | Malicious input (incl. indirect, hidden in data) overrides instructions. Mitigate: input/output filtering, least privilege, no excessive agency. |
| Data poisoning | Corrupting training data to bias/backdoor the model. Mitigate: data provenance, validation, integrity controls. |
| Adversarial examples | Crafted inputs that fool the model. Mitigate: adversarial testing/training, robustness checks. |
| Model inversion / membership inference | Extract training data / confirm a record was used. Mitigate: privacy-preserving ML, output limits. |
| Model extraction/stealing | Reconstruct the model via queries. Mitigate: rate limiting, monitoring, watermarking. |
Remember: the OWASP Top 10 for LLM Applications (prompt injection, insecure output handling, training-data poisoning, model DoS, supply chain, sensitive-info disclosure, excessive agency…).
Audit essentials
4 Cs + recommendation (findings)
Condition (what is) · Criteria (what should be) · Cause (why) · Effect (impact/risk) · then the recommendation. Weak findings usually miss cause or effect.
Evidence reliability (high→low)
Auditor reperformance > inspection of records > observation > inquiry alone (weakest). Corroborate inquiry; pin the exact model version & data snapshot tested.
TOD vs TOE
Test of design — would the control work if operating? Test of operating effectiveness — did it actually work over the period?
Independence
Auditor recommends; management owns & implements controls. Designing the control = self-review threat → becomes advisory + needs disclosure.
Sampling
Match design to objective: stratify by protected subgroup/time for fairness; use full-population CAATs when data is digital & complete.
Auditable units of an AI system
Data · model · infrastructure/MLOps · governance · outputs & decisions · monitoring.
Exam-day strategy
- Read the question stem last word first: FIRST / BEST / MOST / NEXT changes the answer. "First" → earliest correct step in sequence.
- Auditor lens: you assess and report; you don't manage, fix, or own controls.
- Risk-based: the best answer addresses the highest/root risk, not a symptom.
- Eliminate extremes: "always/never/shut it all down" answers are usually wrong; balanced, proportionate answers usually win.
- Sequence: understand the use case & risk tier → plan/scope → set criteria → test → evidence → conclude → report → follow up.
- Time: ~100 sec each; flag hard ones, answer everything (no penalty for guessing).
Confirm all fees, eligibility and policies on the official ISACA AAIA page. This sheet is a study aid, not official ISACA material.