Articles on AAIA exam prep, CISA certification, AI governance frameworks, and IT audit strategy — written by Dr. Baz Abouelenein, a CIO with six active ISACA credentials: AAIA, CISA, CISM, CRISC, CISSP, and PMP.
The transition from CISA to AAIA is not a simple step up. It is a fundamental shift in how you view systems and risk. This guide maps the gaps and how to close them.
Three credentials dominate AI governance in 2026: ISACA's AAIA, ISACA's AAISM, and IAPP's AIGP. They target different roles and test different skills. Here is how to choose.
The AAIA exam divides into three domains weighted 33/46/21. Most IT auditors pass Domain 1 and struggle with Domain 2. Domain 2 is the largest section by weight, the most technical in content, and the section that feels least like a traditional CISA exam — most of what's tested here didn't exist in the audit world ten years ago. Here is what the operations domain actually tests and where preparation breaks down.
Most IT auditors who fail the AAIA exam don't fail because they didn't study. They fail because they studied the wrong way. 25 scenario-based questions mapped to the 33/46/21 domain weighting — with full explanations.