Isaca ISACA Advanced in AI Audit (AAIA) AAIA Question # 21 Topic 3 Discussion
AAIA Exam Topic 3 Question 21 Discussion:
Question #: 21
Topic #: 3
During a pre-implementation risk assessment, an AI model is determined to present a significant risk of bias and potential harm in excess of the organization’s risk tolerance. Which of the following is the MOST appropriate response?
A.
Postpone deployment until the risk can be safely managed.
B.
Enhance the data that the model is trained on.
C.
Obtain board approval for an exception.
D.
Revisit the risk tolerance to ensure it is appropriate.
The AAIA™ Study Guide advises that if an AI model presents a risk that exceeds the organization's predefined risk tolerance—especially in cases of ethical harm or bias—deployment should be delayed until proper safeguards are in place. This approach prevents legal exposure and preserves stakeholder trust.
“When AI risks exceed acceptable thresholds, organizations must suspend implementation until corrective action reduces the risk to within tolerance levels. Proceeding without mitigation violates sound governance principles.”
While improving data (B) may help, it does not address the immediate governance concern. Risk tolerance (D) should not be adjusted to fit flawed systems. Thus, A is the correct course.
[Reference: ISACA Advanced in AI Audit™ (AAIA™) Study Guide, Section: “AI Governance and Risk Management,” Subsection: “Risk Evaluation and Implementation Decision-Making”, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit