AAIA, AAISM, and AIGP all launched in the last 18 months, and the question I get most often from CISA holders is: which one should I take?
They aren't interchangeable. AAIA is an audit credential. AAISM is a security-management credential. AIGP is a privacy and policy credential. The exam fees are similar; the prerequisites and the body of knowledge are not.
Target role: IT auditors and assurance professionals who need to audit AI systems. Prerequisite: Active CISA, CIA, CPA, or equivalent audit credential. Exam: 90 questions, 150 minutes, 200–800 scaled score, passing score 450. Domain weighting: AI Governance and Risk (33%), AI Operations and Monitoring (46%), AI Auditing Tools and Techniques (21%).
The AAIA is the right credential if your job is to audit AI systems — evaluate their governance, assess their risks, and provide assurance to stakeholders. It is the only AI credential that requires a prior audit qualification. That prerequisite is the signal: ISACA built this for auditors, not for AI practitioners.
Target role: IT managers, project managers, and technology leaders who design, implement, or oversee AI systems. No audit prerequisite required. The AAISM focuses on AI system design, implementation governance, and operational management rather than independent assurance.
Choose AAISM if you manage AI projects or lead AI implementation teams. Choose AAIA if you provide independent assurance over AI systems.
Target role: Privacy professionals, legal counsel, compliance officers, and policy professionals who need to understand AI governance from a regulatory and legal perspective. The AIGP focuses on AI law, regulation, and policy — EU AI Act, US Executive Order on AI, and emerging global frameworks.
Choose AIGP if your primary concern is legal and regulatory compliance. Choose AAIA if your primary concern is audit assurance and technical risk assessment.
AAIA: Issuer ISACA, role IT Auditor, prerequisite CISA/CIA/CPA required, focus Audit assurance for AI systems, exam 90 questions 150 min. AAISM: Issuer ISACA, role IT Manager, no prerequisite, focus AI system design and management, exam format varies. AIGP: Issuer IAPP, role Privacy/Legal/Compliance, no prerequisite, focus AI law and regulatory compliance, exam 90 questions 150 min.
If you are an IT auditor with CISA, CIA, or CPA: AAIA is the clear choice. It is the only credential specifically designed for auditors who need to provide independent assurance over AI systems. The prerequisite requirement ensures you enter the credential with the audit foundation ISACA expects.
If you manage AI projects or lead AI teams: AAISM aligns with your role. It does not require a prior audit credential and focuses on the management and governance of AI systems rather than independent assurance.
If you work in privacy, legal, or compliance: AIGP covers the regulatory landscape that matters most for your role — EU AI Act, US AI policy, and global governance frameworks from a legal and compliance perspective.
Many professionals will eventually hold more than one. An IT auditor who also holds the AIGP has both the technical assurance skills and the regulatory knowledge to cover the full AI governance landscape.