ProfessionalVendor-neutralISO 17024ISACA· issued from US

CRAI

ISACA Certified in Risk of Artificial Intelligence (emerging)

AI risk management and governance — emerging blueprint, expect revisions.

Official page at ISACA ↔ Compare with another cert

Exam fee

$575

Ongoing

$45/yr AMF · 14 CPE/yr

Study time

40–80 hrs

Delivery

Online proctored

Validity

3 yrs (renewal cycle)

› Quality score

18.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

ISACA's job-practice domains are detailed but the underlying field is fast-moving.

6.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Pure MCQ. Audit-style scenarios but no model-card or DPIA work.

0.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Currency tracks the EU AI Act and NIST AI RMF closely.

7.5/10

Market recognition

How often this signal actually moves a hiring decision.

New (2024); ISACA brand carries weight but role-specific recognition is still building.

3.5/10

› Built for these roles

AI Risk ManagerGRC Analyst (AI-focused)Internal Audit (AI-track)

› Exam format

Multiple-choice exam, ~85 questions over 2 hours, online proctored. Newly launched (2024) — expect content updates.

Passing score

450/800 (scaled)

Retake policy

Fee: $575 per attempt

Wait: 30d between attempts

Cap: 4 attempts/year

ISACA member $575 / non-member $760. 4 attempts per rolling 12-month window.

› Recertification

Continuous CPE earning under ISACA's standard model: ~14 CPEs/yr plus the $45/yr ISACA member fee ($85/yr non-members).

› 3-year cost of ownership

Exam (1×)

$575

AMF (3×)

$135@$45/yr

Total

$710

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-008OG-WRL-014

Recognition

GlobalUS

Exam languages

› Core domains covered

The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

C7AI Governance & Risk

EU AI Act compliance, NIST AI RMF, AI risk assessment, model cards, algorithmic auditing, AI incident response.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

C4AI Data Security

Training data poisoning, PII leakage from models, differential privacy, federated learning security.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

C8AI Safety & Alignment

Guardrails, content filtering bypass, model monitoring, drift detection, output control.

A12Data Security, Privacy & Protection

Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.

› Prerequisites

Experience

Risk, audit, or GRC background recommended. Emerging credential — expect blueprint changes over the next 18 months.

Knowledge assumed

AI lifecycle risk frameworks
NIST AI RMF / EU AI Act familiarity
Model governance concepts

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (2)

CRISCISACA AIGPIAPP

CRAI

ISACA

Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides

ISACA Risk of AI Resources — ISACA

Training providers

ISACA Official Risk of AI Online Course

Practice tests

ISACA QAE (when released)

Free / community

› Version & lifecycle

Current version

Launched 2024

Released

2024-09

Newer ISACA AI-risk credential — separate from AAIR (which has CRISC prerequisite).

› Salary signal

AI risk professional, US, 3-5 years.

$110K–$165K

median $135K

ISACA Salary Survey extrapolation · 2024 · US base only · p25–p75 range

› How it compares

AIGP

AIGP is broader AI governance program; ISACA Risk of AI is risk-discipline focused.

↔ Compare side-by-side

AAIR

AAIR requires CRISC; this one is the standalone AI-risk entry.

↔ Compare side-by-side

› Careers that commonly pursue this cert

AI Governance / AI Risk Specialist

The policy/controls counterpart to the AI Security Engineer — owns risk frameworks, regulatory mapping (EU AI Act, NIST AI RMF), model documentation, and AI incident response policy.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications