Artificial intelligence has moved from pilot projects to production faster than most assurance teams can keep up with, and that gap is exactly what the ISACA AAIA certification is built to close. AAIA, short for Advanced in AI Audit, is ISACA's credential for experienced auditors who now have to evaluate machine learning models, AI governance and automated decision systems instead of just traditional IT controls. If you are a CISA holder wondering whether AAIA is worth the fee and the study time, this guide gives you the exam domains, the full cost, the prerequisites and an honest verdict.
AAIA sits alongside two sibling credentials ISACA launched in the same wave: AAIR (Advanced in AI Risk) for risk professionals and AAISM (Advanced in AI Security Management) for security managers. AAIA is the one aimed squarely at the audit and assurance function, and it is the most natural next step for anyone who already holds a CISA.
What Is the ISACA AAIA Certification?
The Advanced in AI Audit (AAIA) is an advanced, experience-gated certification that validates your ability to plan and execute audits of AI systems, advise stakeholders on AI governance and risk, and use AI tooling within the audit function itself. ISACA introduced it in 2025 as part of its push to give established professionals a recognised AI specialisation rather than forcing them to start a new credential from scratch.
It is not an entry-level qualification. AAIA assumes you already understand audit methodology, control frameworks and the assurance lifecycle, and it layers AI-specific knowledge on top. That focus is what separates it from broad "AI fundamentals" certificates, which teach concepts but do not test whether you can actually audit a model in a regulated environment.
Exam Tip: AAIA is built on the assumption that you can already audit. The exam tests how you apply audit discipline to AI systems, not whether you understand auditing in the first place.
Who AAIA Is For
AAIA is aimed at internal and external auditors, IT audit managers, assurance leads and compliance professionals who are being asked to give an opinion on AI systems. If your audit plan now includes a generative AI tool, a fraud-detection model or an automated credit-decision engine, AAIA is designed to give you the structured vocabulary and methodology to assess it.
It also suits CISA holders who want to stay relevant. AI assurance is one of the fastest-growing demands on audit teams, and a recognised credential is a clear signal to employers and clients that you can do the work.
AAIA Exam Domains and Weightings
The AAIA exam is organised around three domains. The weighting matters because it tells you exactly where to spend your study hours. AI Operations is by far the heaviest domain, so a study plan that treats all three equally is a study plan that wastes time.
| Domain | Weighting | What It Covers |
|---|---|---|
| AI Operations | 46% | The AI system lifecycle: how models are trained, deployed, monitored and maintained, data management, and incident response |
| AI Governance and Risk | 33% | AI policy, ethical and responsible AI, risk assessment, regulatory compliance and stakeholder advisory |
| AI Auditing Tools and Techniques | 21% | Audit methodology for AI, evidence gathering, testing approaches and documenting findings |
Domain 1: AI Operations (46%)
Nearly half the exam sits here, which surprises a lot of candidates who expected an audit certification to be dominated by audit theory. To audit an AI system credibly, you have to understand how it actually works, so this domain covers the full lifecycle from data sourcing and model training through deployment, monitoring, drift detection and incident response.
Expect questions on training data quality, model validation, performance monitoring and what happens when a model degrades in production. This is the domain where pure auditors tend to lose marks, so it deserves the most study time.
Domain 2: AI Governance and Risk (33%)
This domain is closest to familiar ISACA territory. It covers building AI policy, embedding ethical and responsible AI practices, assessing AI-specific risks and advising stakeholders on compliance with emerging regulation such as the EU AI Act. If you have a CRISC or risk background, you will find this the most comfortable section.
Domain 3: AI Auditing Tools and Techniques (21%)
The smallest domain focuses on the mechanics of an AI audit: scoping the engagement, gathering evidence from models and pipelines, selecting testing techniques and documenting findings in a way that holds up. It connects your existing audit skills directly to the AI context.
AAIA Exam Format
The AAIA exam is a focused, scenario-driven test rather than a marathon. Here are the confirmed details for 2026.
- Number of questions: 90 multiple-choice questions
- Duration: 150 minutes (2.5 hours)
- Passing score: 450 on a scaled range of 200 to 800
- Question style: Scenario-based items that ask you to apply judgement, not just recall definitions
- Eligibility window: Six months to sit the exam from the date you register
Exam Tip: The AAIA passing score is 450 out of 800, which is a scaled score and not a simple percentage. ISACA weights questions by difficulty, so do not assume 450 means you can drop 44 percent of the paper.
Ninety questions in 150 minutes gives you roughly 100 seconds per question. That is comfortable for recall items but tighter for the multi-step scenarios that dominate the AI Operations domain, so practising under timed conditions matters.
AAIA Prerequisites
This is the single biggest gate on AAIA, and it is where many interested candidates stop. AAIA is not open to everyone. To certify, you must already hold one of a defined set of qualifying designations.
You qualify if you hold an active CISA, or one of the following with an IT audit or IT advisory focus:
- CIA (Certified Internal Auditor, from the IIA)
- US CPA
- ACCA or FCCA
- Canadian CPA
- Australian CPA or FCPA
- Japanese CPA
In practice, the overwhelming majority of AAIA candidates come to it via CISA. If you do not yet hold a qualifying credential, the realistic path is to earn CISA first, then add AAIA as your AI specialisation. Our CISA versus CISM comparison is a useful starting point if you are deciding which ISACA credential to pursue first.
Exam Tip: You can sit and pass the AAIA exam before you hold a qualifying designation, but you cannot be awarded the certification until the prerequisite is active. Plan the order so you are not left holding a pass you cannot redeem.
How Much Does AAIA Cost in 2026?
The headline exam fee is only part of the picture. Here is the full cost breakdown so there are no surprises.
| Cost Item | ISACA Member | Non-Member |
|---|---|---|
| Exam registration | $459 | $599 |
| Certification application fee | $50 | $50 |
| Annual maintenance fee | $45 | $85 |
| Annual CPE requirement | 20 hours (10 in AI) | 20 hours (10 in AI) |
ISACA membership costs roughly $135 a year plus a local chapter fee, so for many candidates joining as a member before registering actually works out cheaper once you factor in the discounted exam fee and lower maintenance cost. If you plan to hold AAIA long term, membership usually pays for itself.
To keep the credential active you must earn continuing professional education (CPE) hours each year, including a minimum number specifically in AI-related content, and pay the annual maintenance fee. Let the maintenance lapse and the certification is revoked, so treat the recurring cost as part of the commitment.
Is the ISACA AAIA Worth It in 2026?
For the right person, AAIA is one of the better-timed certifications on the market. For the wrong person, it is an expensive credential with a prerequisite they do not have. The honest answer depends entirely on your role.
When AAIA Is Worth It
- You already hold CISA and audit is your career. AAIA is the natural specialisation and the cost is marginal on top of credentials you already maintain.
- AI is on your audit plan. If you are being asked to give assurance over AI systems now, a recognised credential protects your credibility and your firm's.
- You want first-mover advantage. AAIA launched in 2025, so the pool of certified AI auditors is still small. Scarcity of qualified people is exactly what drives a salary premium, and industry estimates put the uplift for AI-audit specialists in the region of $15,000 to $25,000.
When to Wait
- You do not hold a qualifying designation. Earn CISA first. AAIA without a prerequisite is a pass you cannot cash in.
- You are new to audit. AAIA assumes audit fluency. Start with CISA or an entry-level credential and build the foundation before specialising.
- AI is not yet in your remit. If your work does not touch AI assurance, the credential will not pay back quickly. Revisit it when the demand reaches your desk.
AAIA vs AAIR vs AAISM
ISACA's three advanced AI credentials are easy to confuse. AAIA is for auditors giving assurance over AI. AAIR is for risk professionals managing AI risk. AAISM is for security managers securing AI systems. Pick the one that matches your day job, not the one that sounds most impressive. If you audit, AAIA is your credential.
How to Prepare for AAIA
Because AAIA is experience-gated, most candidates already have the audit foundation. The work is layering AI-specific knowledge on top and getting comfortable with the heavily weighted AI Operations domain.
- Start with the official exam content outline. Map your study time to the domain weightings, giving AI Operations the most attention.
- Close the technical gap. If your AI knowledge is light, invest early in understanding the model lifecycle, training data and monitoring. This is where audit-strong candidates lose marks.
- Practise with scenario questions. AAIA rewards applied judgement, so drilling realistic scenarios is far more effective than memorising definitions.
- Sit timed mock exams. Build the pacing to handle 90 questions in 150 minutes without rushing the longer scenarios.
A structured question bank is the fastest way to find your weak domains and fix them before exam day. You can build a complete ISACA study routine through our certification courses, which pair concise explanations with realistic practice questions.
Ready to Start Practising?
The ISACA AAIA certification is a strong, well-timed move for CISA-qualified auditors who now have AI in their scope, and the limited pool of certified professionals makes early adoption genuinely valuable. The keys are the CISA prerequisite, the AI Operations domain that carries 46 percent of the exam, and steady scenario practice under timed conditions.
CertCrush helps you turn that plan into a pass. Create your free account to start practising with realistic questions, track your progress across every AAIA domain, and walk into the exam knowing exactly where you stand. Explore our full range of ISACA and AI audit courses and start building toward your AI specialisation today.