The ISACA Advanced in AI Auditing (AAIA) credential launched in 2024 as the first professional certification purpose-built for auditors who need to provide independent assurance over AI systems. This guide covers every decision point: eligibility, the real cost, exam format, domain weights, and an honest assessment of whether it is worth pursuing in 2026.
The AAIA requires an active ISACA or equivalent credential in a related discipline. ISACA expanded eligibility in 2025. The three qualifying paths are: (1) active CISA — the most direct route, no additional experience requirement; (2) active CIA or CPA in an IT-audit or advisory role — requires documented evidence of IT-audit scope; (3) CISM, CRISC, or CGEIT with demonstrated AI-audit experience — evaluated case by case. All credentials must be active at the time of application. A lapsed CISA does not qualify. If you do not currently hold a qualifying credential, the CISA is the recommended first step.
Exam fee: $599 for non-members, $459 for ISACA members. Certification application fee: $50 (paid after passing). Annual maintenance fee: $85 for members, $175 for non-members. CPE requirement: minimum 10 CPE hours per year in the AI domain, 30 hours over each three-year cycle. ISACA membership: $135/year, which reduces the exam fee by $140 and the annual maintenance fee by $90 — membership pays for itself in the first year for anyone taking the exam. Total first-year cost for a member: approximately $644 plus study materials. Total first-year cost for a non-member: approximately $824 plus study materials.
90 questions, 2.5 hours, delivered at a PSI testing center or via remote proctoring. All questions are scenario-based multiple choice. The passing score is 450 on ISACA’s 200–800 scaled scoring system. You have a six-month eligibility window from the date of registration. You can schedule as early as 48 hours after payment and up to 90 days in advance.
Domain 1 — AI Governance and Risk (33%): frameworks, accountability, ethics, regulatory alignment. Domain 2 — AI Operations and Monitoring (46%): model lifecycle, drift, bias, explainability, incident response. Domain 3 — AI Auditing Tools and Techniques (21%): audit methodology, evidence gathering, finding documentation. Domain 2 carries the most weight and is where most candidates with a traditional IT-audit background lose points. It tests operational AI knowledge — how models are trained, monitored, and maintained — not just governance policy.
For credentialed IT auditors who have AI systems on their audit plan, yes. The credential is early-stage, which means the market signal is strong relative to the number of holders. ISACA’s brand carries weight with audit committees and regulators. The exam content is substantive — it tests real AI operational knowledge, not just framework recitation. For those without a qualifying credential, the CISA remains the better first investment. It is the most widely recognized IT-audit credential, it qualifies you for the AAIA, and it opens more doors in the short term than the AAIA alone.
The AAIA exam tests 21 AI governance frameworks by name. NIST AI RMF, EU AI Act, ISO/IEC 42001, and 18 others are all in scope. Domain 2 requires operational AI knowledge that most IT-audit study materials do not cover. The AAIA Prep app has 1,155 original practice questions written after taking the exam, mapped to the 33/46/21 domain weighting, with eight study modes including a Weakest Subject mode that targets your gaps automatically.
Do I need a CISA to take the AAIA? No — a CISA is the most direct path, but ISACA expanded eligibility in 2025 to include CIA and CPA holders working in IT-audit or advisory roles. The credential you hold must be active. How long is the AAIA exam? 90 questions, 2.5 hours, delivered at a PSI testing center or via remote proctoring. What is the passing score for the AAIA? 450 on ISACA’s 200–800 scaled scoring system. How much does the AAIA exam cost? $599 for non-members, $459 for ISACA members. Add a $50 certification application fee after passing, plus annual maintenance fees and CPE. How long do I have to schedule the AAIA after registering? You have a six-month eligibility window from the date of registration. You can book as early as 48 hours after payment, up to 90 days in advance. What CPE is required to maintain the AAIA? At least 10 CPE hours per year in the AI domain, with 30 hours required over each three-year cycle. What is the difference between AAIA and AAISM? AAIA is for auditors providing independent assurance over AI systems. AAISM is for security leaders managing AI security operations. They target different roles and build on different prerequisite credentials. Is the AAIA worth it in 2026? For credentialed auditors with AI on their audit plan, yes — it’s a well-timed, recognizable signal in a domain with genuine scarcity of qualified people. For those without the prerequisite credential, the foundational certification (CISA) is the better first investment.
Written by Dr. Baz Abouelenein, AAIA, CISA, CISM, CRISC, CISSP, PMP. The AAIA Prep App has 1,155 original practice questions covering all three AAIA domains.