A AAIA Study GuideISACA Advanced in AI Audit™
Free · Complete · Up to date for 2026

Pass the ISACA Advanced
in AI Audit™ (AAIA™) exam.

Everything you need in one place: all three exam domains explained in plain language, worked audit examples, the frameworks the exam loves to test, a step-by-step study plan with progress tracking, and a bank of scenario-style practice questions.

Start the 8-week plan → Begin Domain 1 Try practice questions
0scenario questions
0exam duration
0to pass (200–800)
0domains

What is the AAIA?

The Advanced in AI Audit™ (AAIA™) is ISACA's specialist credential for experienced audit, assurance, and risk professionals who need to plan, scope, and execute audits of AI systems — and to advise organizations on governing AI responsibly. It builds on a base certification (most commonly the CISA) and tests applied judgement, not memorization: nearly every question is a short workplace scenario asking what an auditor should do next, first, or best.

🎓
Who should take it

IT auditors, internal/external auditors, risk and compliance professionals, and assurance leaders who already hold an active CISA (or CIA/CPA in an IT-audit role, or CISM/CRISC/CGEIT with AI-audit experience) and now audit — or will audit — AI and machine-learning systems.

Exam at a glance

Questions90 multiple-choice, all scenario-based
Duration2 hours 30 minutes
ScoringScaled 200–800; 450 = pass
DeliveryOnline proctored or at a test center
EligibilityActive CISA (no extra experience) · or CIA/CPA in an IT-audit/advisory role · or CISM/CRISC/CGEIT with demonstrated AI-audit experience
Exam fee≈ USD 459 (ISACA member) / USD 599 (non-member), plus a one-time application fee after passing
Eligibility window6 months from registration to sit the exam
MaintenanceContinuing professional education (CPE) in the AI domain + annual maintenance fee
⚠️
Always confirm the current numbers

Fees, windows, and policies change. Verify everything against the official ISACA AAIA page and the candidate guide before you register.

The three domains

The exam is weighted unevenly — spend your time accordingly. Nearly half the exam is Domain 2.

33% Domain 1

AI Governance & Risk

AI models & requirements, governance and program management, risk management, privacy & data governance, ethics, regulation and standards.

 46% Domain 2 · biggest

AI Operations

Data management, the AI development lifecycle, change management, model supervision, testing techniques, AI-specific threats, and incident response.

 21% Domain 3

AI Auditing Tools & Techniques

Audit planning & design, testing & sampling, evidence collection, data quality & analytics, and AI audit reporting.

How to use this guide

1 · Learn each domain

Work through Domain 123. Each page has plain-language explanations, the auditor's angle on every topic, and worked examples that mirror the exam's "what should the auditor do?" style.

2 · Master the frameworks

The exam leans on NIST AI RMF, ISO/IEC 42001, the EU AI Act, and the AI lifecycle. Know what each is for and how they map to controls.

3 · Follow the plan

The 8-week study plan turns all of this into daily tasks with checkboxes that save your progress in your browser.

4 · Test yourself

Drill the scenario practice questions with full explanations, then skim the glossary the night before.

The exam-passing mindset

AAIA rewards the auditor who thinks in terms of risk, evidence, and independence. When a question feels close between two options, pick the one that (a) addresses the root risk, (b) is something an auditor would do rather than own as management, and (c) follows the proper sequence — understand & plan before you test, test before you conclude.