AI systems introduce new categories of risk—model drift, adversarial attacks, algorithmic bias, hallucination—that conventional IT controls were not designed to address. AI-specific controls must complement existing controls to create comprehensive coverage across both traditional and emerging risk domains.
Why C is Correct: The ISACA AAIR curriculum identifies the holistic, comprehensive coverage of both conventional governance exposures and emerging AI vulnerabilities as the primary benefit of AI-specific controls. By designing controls that address AI-unique risks while integrating with existing governance structures, organizations achieve end-to-end risk management without creating coverage gaps between the old and new control environments.
Why A is Wrong: Compliance reporting prioritization is a governance administration activity. While AI-specific controls may clarify compliance requirements, identifying and prioritizing reporting requirements is not the primary purpose of implementing new controls.
Why B is Wrong: Cost reduction through control consolidation is an efficiency benefit that may result from control rationalization but is not the primary benefit of incorporating AI-specific controls. Adding necessary controls may actually increase costs in the short term.
Why D is Wrong: Accelerating deployment through efficient pre-deployment analysis is an operational efficiency benefit. The primary governance purpose of AI-specific controls is comprehensive risk coverage, not deployment speed.
Submit