ISACA Advanced in AI Audit (AAIA) Practice Test

The AAIA is intended for experienced IT auditors, internal auditors, and assurance advisors who already hold a qualifying credential such as the CISA, CIA, US CPA, ACCA/FCCA, Canadian CPA, CPA Australia, or Japanese CPA (JICPA). It is best suited for professionals with several years of audit or advisory experience who are now encountering AI systems in the scope of their work and need a recognized credential to formalize that expertise.

Beyond traditional IT audit roles, the certification is also relevant to risk managers, compliance officers, technology consultants, and governance professionals in industries such as financial services, healthcare, and government—anywhere that AI deployments require independent assurance and structured oversight.

Candidates must hold an active, in-good-standing qualifying credential from an approved list: CISA (ISACA), CIA (IIA), US CPA (AICPA), ACCA or FCCA (Association of Chartered Certified Accountants), Canadian CPA, CPA Australia (CPA or FCPA), or Japanese CPA (JICPA). There are no formal work-experience requirements beyond holding one of these designations, but the exam content presupposes familiarity with audit methodology, risk assessment frameworks, and IT controls.

ISACA recommends that candidates have practical experience conducting IT or operational audits before attempting the AAIA, as the questions are scenario-based and test applied judgment rather than rote knowledge. Candidates do not need a prior AI background, though familiarity with AI concepts, machine learning lifecycles, and data governance will significantly aid preparation.

The AAIA exam consists of 90 multiple-choice questions, each presenting four answer options. Candidates have 150 minutes to complete the exam. Questions are entirely scenario-based, requiring candidates to analyze situations and select the best course of action rather than recall definitions. There are no unscored pretest items disclosed publicly.

The exam is delivered via computer at authorized PSI testing centers worldwide or through live remote proctoring. Candidates residing in India, Mainland China, or Hong Kong must test at a PSI center and are not eligible for remote proctoring. Scoring uses a scaled system ranging from 200 to 800; the passing score is 450. Preliminary pass/fail status is displayed on screen immediately after completion, and official scaled scores are emailed and posted to the candidate's ISACA account within 10 business days. Candidates who do not pass may retake up to four times within a 12-month period, with mandatory waiting periods of 30 days after the first failure and 90 days after subsequent failures.

• 1.Domain 1 – AI Governance and Risk (33%): Establishing AI governance frameworks aligned with organizational strategy and ethical principles; defining roles and responsibilities for AI oversight; conducting AI-specific risk assessments; implementing data governance, privacy, and security controls; ensuring regulatory and compliance adherence; and advising stakeholders on policy development for responsible AI use.
• 2.Domain 2 – AI Operations (46%): Evaluating organizational readiness for AI adoption; assessing data management practices that support AI solutions; reviewing AI solution development methodologies and change management processes; supervising AI solution performance and monitoring metrics; applying testing techniques to validate AI model behavior; identifying AI-specific threats and vulnerabilities; and managing incident response for AI-related failures or breaches.
• 3.Domain 3 – AI Auditing Tools and Techniques (21%): Scoping and planning AI-focused audit engagements; designing and testing controls specific to AI systems; gathering and documenting audit evidence for AI processes; applying AI-enabled data analytics to enhance audit efficiency and coverage; assessing algorithm outputs for bias, fairness, and explainability; and communicating audit findings and recommendations to technical and non-technical stakeholders.

• Start with the official AAIA Exam Content Outline published on isaca.org to map every subdomain before opening any study material—allocate your preparation time proportionally to domain weights (46% for Operations, 33% for Governance, 21% for Tools).
• Use the ISACA AAIA Review Manual as your primary study resource; it is authored to align precisely with exam objectives and is updated to reflect the current content outline.
• Supplement reading with the ISACA Questions, Answers, and Explanations (QAE) Database, which provides 12 months of access to scenario-based practice questions mirroring the exam's applied-judgment format—prioritize understanding the rationale behind correct and incorrect answers.
• Leverage ISACA's member-exclusive online study group forum to discuss ambiguous scenarios with peers and subject-matter experts; this is particularly valuable for Domain 2 (AI Operations) subdomains like incident response and algorithm testing that require contextual judgment.
• Ground your study in real AI governance frameworks referenced in the exam—specifically NIST AI RMF, ISO/IEC 42001, and the EU AI Act—so you can apply regulatory context when answering compliance and risk scenario questions.
• Because the exam is entirely scenario-based, practice timed sets of 30 questions at a stretch to build the decision-making stamina needed for 90 questions in 150 minutes; aim for consistent 90-second-per-question pacing.
• Cross-reference your existing CISA or CIA knowledge with AI-specific extensions: map familiar control frameworks (COBIT, ISO 27001) to AI contexts, since many AAIA questions test how traditional audit concepts apply when AI is the subject of the audit.

The AAIA positions holders at the intersection of two high-demand disciplines—AI governance and professional audit—at a time when enterprises are rapidly scaling AI deployments while regulators worldwide (EU AI Act, SEC guidance, NIST AI RMF) are tightening accountability requirements. Certified professionals report salary premiums averaging 15–20% over non-certified peers in comparable audit roles, and the credential opens pathways to specialized positions including AI Audit Lead, Chief Risk Officer, AI Compliance Manager, and technology assurance advisory roles.

Because the AAIA is the only advanced, audit-specific AI credential in the market, it carries early-mover advantage: organizations in financial services, healthcare, government, and technology are actively seeking auditors who can independently assess AI risk without relying solely on data science teams. The certification is globally recognized and maintains the ISACA brand's credibility with audit committees and regulators, making it a strong differentiator when competing for senior internal audit, consulting, or advisory mandates involving AI systems.