SecProve
ExpertVendor-neutralISACA· issued from US

AAIR

Advanced in AI Risk

ISACA specialization for AI risk management. Beta phase since April 2026. Requires active ISACA or equivalent certification. Focus on AI Risk Governance, AI Risk Program Management, and AI Life Cycle Risk Management.

Official page at ISACA↔ Compare with another cert
Exam fee
$399
Ongoing
$45/yr AMF · 20 CPE/yr
Study time
60–120 hrs
Delivery
Test center
Validity
3 yrs (renewal cycle)

› Quality score

21.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
ISACA's AI Risk credential covers AI-specific risk identification and treatment.
7.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
Pure MCQ. No live risk-register or DPIA artefact.
1.0/10
Currency & upkeep
How aggressively content is kept current with the field.
Tracks the EU AI Act and ISO/IEC 42001 closely.
8.0/10
Market recognition
How often this signal actually moves a hiring decision.
New (2024); primarily relevant to AI-track risk and audit roles. [Holders: 2k, 2024-12]
4.5/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
2,000
as of 2024-12 · source

› Built for these roles

IT Risk Managers with AI focusGRC AnalystsAI Program Managers

› Exam format

In beta, details pending

Passing score
450/800 (scaled)
Retake policy
Fee: $575 per attempt
Wait: 30d between attempts
Cap: 4 attempts/year

ISACA member $575 / non-member $760. 4 attempts per rolling 12-month window.

› Recertification

CPEs per ISACA policy

› 3-year cost of ownership

Exam (1×)
$399
AMF (3×)
$135@$45/yr
Total
$534

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

DD-WRL-001OG-WRL-014OG-WRL-012OG-WRL-002
Recognition
Global
Exam languages
en

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

C7AI Governance & Risk

EU AI Act compliance, NIST AI RMF, AI risk assessment, model cards, algorithmic auditing, AI incident response.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

› Prerequisites

Experience

Active CISA, CISM, CRISC, CGEIT, CDPSE or equivalent

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (1)
AIGPIAPP
AAIR
ISACA
Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Training providers
  • ISACA Official AAIR Online Course
Practice tests
  • ISACA AAIR QAE

› Version & lifecycle

Current version
Launched 2024
Released
2024-09

Requires CRISC + AI experience.

› Salary signal

AI risk officer / model risk lead, US, 5+ years. Requires CRISC prerequisite.

$130K$200K
median $160K

ISACA Salary Survey extrapolation · 2024 · US base only · p25–p75 range

› How it compares

vs
AIGP

AAIR focuses on AI risk-management discipline; AIGP covers broader governance + privacy + ethics.

↔ Compare side-by-side
vs
CRISC

AAIR is a CRISC add-on for AI-specific risk.

↔ Compare side-by-side

› Careers that commonly pursue this cert

AI Governance / AI Risk Specialist

The policy/controls counterpart to the AI Security Engineer — owns risk frameworks, regulatory mapping (EU AI Act, NIST AI RMF), model documentation, and AI incident response policy.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications