Pass the Isaca AI Risk AAIR Questions and answers with CertsForce

Generative AI capabilities and the associated risk landscape evolve rapidly. Governance policies and controls must be refreshed through a structured, regular process rather than reactively or only when compliance requirements change.

Why A is Correct: According to ISACA AAIR, establishing a regular review cadence with codified reassessment procedures is the most robust approach because it creates a systematic, predictable process for keeping governance current. By documenting when and how policies will be reviewed—including triggers for ad hoc review (new deployments, incidents, regulatory changes)—the organization ensures governance never stagnates regardless of external pressures.

Why B is Wrong: Regulatory alignment is an important input to governance refresh but represents a reactive, external-trigger approach. Relying primarily on regulatory signals means governance lags behind organizational AI changes not covered by new regulations.

Why C is Wrong: Centralizing authority in executive and technical leadership creates decision bottlenecks and reduces the operational agility needed to keep pace with rapidly evolving AI deployments. Distributed governance with clear escalation paths is more effective.

Why D is Wrong: Annual reviews are too infrequent for generative AI tools, which may see significant capability changes and risk profile shifts multiple times per year. Annual compliance audits cannot keep governance current in a rapidly evolving AI environment.

Credit scoring AI systems make high-stakes financial decisions that directly affect individuals' access to credit. Post-implementation review for such systems must confirm that the system performs within ethical, legal, and regulatory boundaries—particularly regarding fairness and explainability.

Why B is Correct: According to ISACA AAIR post-implementation review guidance for high-stakes AI, confirming explainability and fairness is the most critical review element for credit scoring systems. Anti-discrimination laws (Equal Credit Opportunity Act, Fair Housing Act) require that credit decisions be explainable and not discriminatory. Fairness testing detects whether the system produces disparate outcomes across demographic groups, while explainability ensures individual decisions can be justified if challenged.

Why A is Wrong: Access token logging is a security audit trail mechanism. While important for access governance, it does not address the primary regulatory and ethical obligations of a credit scoring system regarding decision quality and fairness.

Why C is Wrong: Stakeholder communication of performance metrics is a governance reporting activity. Metric communication does not confirm the system is making fair, explainable decisions—it only reports on performance indicators.

Why D is Wrong: User ease of learning and use is a user experience and adoption concern. System usability does not determine whether credit scoring decisions are accurate, fair, or legally compliant—which are the primary post-implementation concerns.

Model drift occurs when the statistical relationship between model inputs and outputs changes over time, causing previously accurate predictions to become less reliable. Regular retraining with updated, relevant data recalibrates the model to current real-world patterns.

Why A is Correct: According to ISACA AAIR model maintenance guidance, regular retraining with new relevant datasets is the most direct mitigation for model drift. By periodically retraining on current data, the model learns the latest patterns and relationships—counteracting the drift that accumulates as real-world conditions diverge from the original training data. This is the standard industry practice for maintaining production AI models in dynamic environments.

Why B is Wrong: Restricting automated data validation to low-risk models creates a governance double standard that leaves high-risk models more vulnerable. If anything, high-risk models require more rigorous automated validation, not less. This approach increases rather than mitigates drift risk for critical applications.

Why C is Wrong: Maintaining existing dataset variance during preprocessing preserves statistical characteristics from a historical snapshot. If drift has occurred in real-world data, deliberately maintaining old variance levels prevents the model from adapting to new conditions.

Why D is Wrong: Role-based access controls protect model parameters and data from unauthorized modification. While important for security, access controls do not address model drift, which is driven by changing real-world conditions rather than unauthorized changes.

An AI inventory that lists systems, models, and datasets separately without showing how they relate to each other creates significant governance blind spots. Understanding interdependencies is critical for comprehensive risk assessment and impact analysis.

Why A is Correct: The ISACA AAIR framework emphasizes that AI governance requires understanding how AI components interact. Mapping interdependencies reveals which datasets feed which models, which systems depend on which models, and how failures cascade across the AI ecosystem. Continuous mapping ensures this understanding remains current as the AI landscape evolves, enabling accurate risk assessment, change impact analysis, and incident response.

Why B is Wrong: Training frequency is a useful operational metric but represents a single attribute addition to inventory records. It does not address the fundamental governance gap of disconnected asset listings.

Why C is Wrong: Automating reconciliation improves inventory maintenance efficiency but does not resolve the architectural problem of separate, unlinked asset listings. An automated process applied to siloed data still produces siloed results.

Why D is Wrong: Assigning oversight to a committee addresses governance accountability but does not improve the quality or utility of the inventory itself. Oversight without integrated data still leaves governance gaps.

Third-party LLMs process organizational data—including sensitive and proprietary information—during both training and inference. The vendor's data handling practices determine whether the organization's data remains private, secure, and compliant with legal obligations.

Why D is Correct: According to ISACA AAIR third-party risk guidance, data handling practices are the most critical evaluation criterion for AI vendors. How the vendor uses input data—whether for model training, analytics, or retention—directly determines data privacy risk, intellectual property exposure, and regulatory compliance. Vendors who train on customer input data without restriction create significant privacy and confidentiality risks.

Why A is Wrong: SLA alignment with corporate strategy addresses availability and performance obligations. While important, these commercial terms do not address the fundamental data risk created by vendor data handling practices.

Why B is Wrong: ML method selection reflects technical sophistication but does not determine data risk. The risk profile is driven by data governance, not algorithmic choice.

Why C is Wrong: Subscription models represent commercial and procurement considerations. Pricing structure has no bearing on data privacy risk or the organization's risk exposure from vendor data practices.

Credit risk assessment AI models trained on unrepresentative datasets perpetuate and amplify historical financial inequities, producing discriminatory outcomes that violate anti-discrimination laws and harm underrepresented borrowers. Dataset diversity is the primary safeguard against training-data-driven bias.

Why A is Correct: According to ISACA AAIR bias and fairness guidance for financial AI, dataset diversity is the most important factor for supporting accurate and unbiased credit risk outcomes. A diverse dataset that represents the full population of potential borrowers—across demographics, income levels, credit histories, and geographies—enables the model to learn genuine risk relationships rather than proxies for protected characteristics. Without diversity, even technically sophisticated models perpetuate discriminatory patterns from historical data.

Why B is Wrong: Supervised learning is a modeling approach, not a data quality characteristic. The choice of supervised learning is appropriate for credit scoring but does not determine whether the training data is representative or unbiased.

Why C is Wrong: Synthetic data augmentation can supplement real data to address specific gaps but cannot substitute for diversity in the underlying real-world data. Synthetic data derived from biased real data may amplify rather than correct the original bias.

Why D is Wrong: Data normalization is a preprocessing technique that scales numerical features to comparable ranges to improve model convergence. It addresses technical modeling quality but has no effect on the representational diversity or demographic fairness of the dataset.

Business continuity planning for customer-facing AI solutions must ensure service availability and resilience under failure conditions. The BCP must specify the technical and operational mechanisms that maintain service continuity when primary systems are disrupted.

Why B is Correct: The ISACA AAIR business continuity guidance identifies secure access to alternate resources, multi-region failover, and load balancing as the most important additions to a BCP for customer-facing AI. These mechanisms ensure that service disruptions—whether from technical failures, cyber incidents, or regional outages—do not result in total unavailability. For customer-facing solutions, maintaining service continuity directly affects customer trust, revenue, and regulatory compliance with service availability obligations.

Why A is Wrong: Post-incident audits of recovery times and accuracy metrics are monitoring activities that occur after incidents. While valuable for improvement planning, they do not define the recovery mechanisms that the BCP must specify to ensure continuity during disruptions.

Why C is Wrong: Centralizing failover under a single cloud provider creates a concentration risk—if that provider experiences an outage, all failover mechanisms fail simultaneously. Good BCP design requires geographic and provider diversification, not concentration.

Why D is Wrong: Breach containment criteria address security incident response, not service continuity. While related to incident management, breach response procedures are typically documented in the incident response plan rather than the BCP, which focuses on maintaining or restoring business operations.