Isaca ISACA Advanced in AI Audit (AAIA) AAIA Question # 22 Topic 3 Discussion
AAIA Exam Topic 3 Question 22 Discussion:
Question #: 22
Topic #: 3
An organization deployed an AI-powered customer service chatbot trained using customer chat logs. During a risk assessment, which issue should be the IS auditor’s GREATEST concern?
A.
Limited AI model capability to incorporate new data
B.
Obsolete procedures leading to inadequate data integrity validation
C.
Reputational impacts from inaccurate chatbot responses
D.
Insufficient access controls leading to unauthorized customer data exposure
The GREATEST concern is insufficient access controls (D), which can lead to unauthorized exposure of customer data —a severe privacy, security, regulatory, and reputational risk. Chat logs often contain personally identifiable information and sensitive communications. AAIA prioritizes data confidentiality, access control, and privacy obligations as highest-risk elements, particularly for customer-interactive AI systems.
Inaccurate chatbot responses (C) affect reputation but are less severe than data breaches. Obsolete procedures (B) matter but pose less immediate harm. Limited capability to incorporate data (A) affects performance but not critical risk.
[References:, ISACA, AAIA Exam Content Outline – Domain 5: Legal and Privacy Considerations; Domain 1: AI Governance and Security Controls., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit