The audit profession has a credibility problem with AI. Traditional credentials weren’t built to evaluate machine learning models, algorithmic bias, or AI-specific control failures (and regulators, boards, and executives are starting to notice the gap). ISACA launched the Advanced in AI Audit (AAIA) in May 2025 to close it. With 51% of digital trust professionals citing AI skills as critical for career advancement within two years, this isn’t a speculative credential. It’s a response to a structural market failure.

What Is ISACA AAIA Certification?

ISACA (the organization behind CISA, CRISC, and CISM) launched the AAIA in May 2025 as a specialist credential for audit and assurance professionals who need to evaluate AI systems, controls, and governance frameworks. It’s a deliberate add-on, not a standalone entry point. You must already hold a qualifying certification before you can sit the exam.

What makes AAIA different from every other AI credential on the market is the audit-first lens. It’s not about building AI systems. It’s about examining them (assessing AI risk, validating governance frameworks, and providing independent assurance that AI deployments operate as intended). No other credential combines the full scope of AI governance, operations oversight, and audit methodology in a single exam. Because the certification launched in May 2025, certified holder counts aren’t yet publicly available. ISACA has not published a first-attempt pass rate.

Who Should Get ISACA AAIA Certified?

Four professional profiles make the strongest candidates.

Senior IT auditors with active CISA credentials are the natural fit. The CISA and AAIA share an estimated 60–70% knowledge overlap, and most CISA holders already have the audit methodology foundation the exam demands. For them, AAIA is a specialization, not a pivot.

Internal auditors holding CIA with IT advisory focus who are watching AI governance become a boardroom priority will find AAIA positions them ahead of colleagues who haven’t made the move.

Risk and compliance managers in financial services, healthcare, or technology facing AI-specific regulatory exposure (the EU AI Act, NIST AI RMF, ISO/IEC 42001) need exactly the framework vocabulary this credential validates.

CPA holders (US, Canadian, Australian, or Japanese) with IT audit or IT advisory role focus who want to expand their assurance scope into AI governance are also eligible.

Who shouldn’t pursue it: anyone without an active qualifying prerequisite certification, anyone with fewer than three years in audit or compliance, and anyone whose primary goal is building AI systems rather than auditing them. General AI practitioner credentials like CertNexus’s CAIP are a better fit for that audience.

ISACA AAIA Exam Domains and Weights

The AAIA exam covers three domains, and the weights are not even. AI Operations carries 46% of the exam (nearly half), covering the full AI system lifecycle from data management through incident response. AI Governance and Risk accounts for 33%, and AI Auditing Tools and Techniques rounds out the remaining 21%. That distribution tells you exactly where to spend your study time.

ISACA AAIA Exam Cost, Format, and Pass Score

The AAIA is 90 scenario-based, multiple-choice questions in 150 minutes, delivered via PSI test centers worldwide or remote proctoring (India, Mainland China, and Hong Kong require in-person testing). The passing score is 450 out of 800 (56.25%). ISACA members pay $459; non-members pay $599. Annual maintenance runs $20 for members, $35 for non-members, with a minimum of 10 CPE hours annually in AI-related content.

ISACA AAIA Salary and Job Outlook 2026

Entry-level AAIA-adjacent roles earn approximately $70,000-$73,000 based on ZipRecruiter IT auditor data. Experienced professionals (5+ years) in AI audit and governance roles can reach $125,000-$150,000 based on BLS information security analyst data and ISACA survey projections. The BLS projects 29% growth for information security analysts through 2034, with approximately 16,000 annual openings. Technology, financial services, and healthcare are the highest-demand industries for AI governance expertise. Target job titles include AI Audit Manager, AI Risk Consultant, AI Ethics Officer, and Regulatory Compliance Specialist.

ISACA AAIA Requirements: Experience and Eligibility

The prerequisite requirement is the defining feature of this credential. You must hold one of seven active certifications: CISA, CIA with IT audit focus, US CPA with IT audit focus, ACCA/FCCA with IT audit focus, Canadian CPA with IT audit focus, CPA Australia with IT audit focus, or Japanese CPA with IT audit focus. There are no substitutions and no associate pathway.

Beyond the prerequisite cert, ISACA recommends a minimum of three years in audit, risk, or compliance with at least one year in technology-related auditing. Some guidance cites five years in IT audit or assurance as the stronger preparation baseline. The underlying prerequisite certification must also stay active throughout your AAIA maintenance cycle (so you’re maintaining two credentials simultaneously).

A July 2025 eligibility expansion broadened access to more audit professionals, so if you checked requirements at launch and didn’t qualify, it’s worth reviewing the current ISACA Candidate Guide directly.

Realistic timeline: a CISA holder with five-plus years in IT audit should plan six to eight weeks of focused preparation. Someone newer to AI concepts should budget closer to twelve to thirteen weeks.

How to Study for ISACA AAIA: Resources and Plan

The official ISACA QAE Database ($249) is the most consistently recommended resource because AAIA’s scenario-based question style rewards practice, not memorization. The self-paced online course runs $695, or you can bundle resources through ISACA directly. Chapter review courses from ISACA’s Greater Washington D.C. and Greater Hartford chapters offer instructor-led prep for $400–$600 depending on membership status.

What Changed in the ISACA AAIA 2025 Update

The AAIA launched in May 2025 and received a meaningful eligibility update in July 2025, expanding the pool of qualifying prerequisite certifications. Content-side additions since launch include dedicated coverage of Generative AI auditing, AI model governance, and data ethics, plus tighter alignment with ISO/IEC 42001 and expanded inclusion of real-world case studies.

Sub-topic details were removed from the official ISACA website post-launch, signaling that content is under active revision. ISACA has not announced a fixed update schedule but has indicated revisions will track regulatory and technological developments.

Practical implication: the Exam Content Outline on isaca.org/credentialing/aaia is the only reliable source for what’s currently tested. Third-party study materials published before July 2025 may not reflect eligibility changes or content additions. Verify before buying.

How AI Is Changing Audit Careers

AI doesn’t eliminate audit jobs. It eliminates the low-judgment portions of them. Automated tools increasingly handle routine sampling, transaction testing, and data extraction (and that’s exactly what makes human expertise in evaluating AI systems more valuable, not less).

Industry estimates place AI deployment at roughly 72% of organizations by 2024. That adoption rate creates a parallel compliance problem: who audits the AI? Governance frameworks including the EU AI Act, NIST AI RMF 1.0, and ISO/IEC 42001 are creating formal assurance requirements that didn’t exist three years ago. ISACA’s digital trust research indicates that a majority of audit and assurance professionals expect to need increased AI competency within one year just to maintain their current roles.

The skills that matter most going forward: algorithmic bias assessment, explainable AI evaluation, AI-specific incident response, and the ability to apply assurance frameworks to systems that don’t behave like traditional IT infrastructure. The AAIA directly addresses all of them. For a broader view of how AI audit roles fit within the AI governance career landscape, the certification hub maps the full path from entry-level to executive.

Is ISACA AAIA Worth It in 2026?

For a qualified auditor, yes. The credential cost of $459–$695 is modest relative to the salary range for AI audit and governance roles ($70K entry-level to $150K+ experienced), and the supply of certified AI auditors is genuinely limited. The closest competitor for audit-focused professionals is CISA, which is a prerequisite, not a substitute.

How to Get ISACA AAIA Certified: Step by Step

1. Confirm you hold an active qualifying prerequisite certification (CISA is the most common path).
2. Verify you meet the experience threshold (minimum three years in audit, risk, or compliance with at least one year in technology-related auditing).
3. Download the free AAIA Exam Content Outline and map your knowledge gaps to the three domains.
4. Build a study plan weighted toward Domain 2 (AI Operations, 46%) and complete scenario-based practice with the QAE Database.
5. Register through ISACA’s official credentialing page and schedule your exam via PSI.
6. After passing, submit your CPE plan (10 AI-focused CPE hours annually, 30 over three years).

The AAIA is the first credential built specifically for auditors who need to answer one question: can this AI system be trusted? If that’s your job, this is your cert. Start at isaca.org/credentialing/aaia.

Reference Resource List

1. ISACA AAIA Certification Official Page
2. ISACA AAIA Exam Content Outline
3. U.S. Bureau of Labor Statistics (Information Security Analysts Outlook)
4. ZipRecruiter (Entry-Level IT Auditor Salary)
5. Zippia (IT Auditor Demographics and Salary)
6. Vinsys ISACA AAIA Certification Guide
7. Firebrand Training (ISACA AAIA Course)
8. ISACA Greater Washington D.C. Chapter AAIA Review Course
9. EDUSUM (Free AAIA Sample Questions)
10. ISACA CISA Certification
11. ISACA CRISC Certification
12. ISACA CDPSE Certification