Isaca ISACA Advanced in AI Security Management (AAISM) Exam AAISM Question # 48 Topic 5 Discussion
AAISM Exam Topic 5 Question 48 Discussion:
Question #: 48
Topic #: 5
After implementing a third-party generative AI tool, an organization learns about new regulations related to how organizations use AI. Which of the following would be the BEST justification for the organization to decide not to comply?
A.
The AI tool is widely used within the industry
B.
The AI tool is regularly audited
C.
The risk is within the organization’s risk appetite
The AAISM framework clarifies that compliance decisions must always be tied to an organization’s risk appetite and tolerance. When new regulations emerge, management may choose not to comply if the associated risk remains within the documented and approved risk appetite, provided that accountability is established and governance structures support this decision. Other options such as widespread industry use, third-party audits, or lack of cost assessment do not justify noncompliance under the governance principles. The risk appetite framework is the only recognized justification under AI governance principles.
[References:, AAISM Study Guide – AI Governance and Program Management, ISACA AI Risk Guidance – Risk Appetite and Compliance Decisions, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit