ISACA Launches AI Risk Cert

ISACA launched its Advanced in AI Risk certification on April 15, adding a new credential for professionals who manage artificial intelligence risk inside large organizations. (isaca.org) (morningstar.com) The certification is called AAIR, short for Advanced in AI Risk, and ISACA says it is built for experienced IT risk professionals rather than general technology staff. (isaca.org) (morningstar.com) AAIR is organized around three practice areas: AI risk governance and framework integration, AI life cycle risk management, and AI risk program management. ISACA says candidates are trained to recommend responses to AI risk and work across functions on oversight and communication. (isaca.org) (morningstar.com) In plain terms, AI risk work is the job of tracking where an AI system can fail, who owns the decision, and how the company stops harm when something breaks. ISACA frames that as an enterprise risk problem, not just a technical one. (isaca.org) That framing matches the way companies now use AI in customer service, operations, security and decision-making, where failures can hit compliance, privacy, resilience and reputation at the same time. (isaca.org) ISACA’s own polling shows the control gap the certification is trying to address. In a March 23, 2026 preview of its AI Pulse Poll, the group said 56% of digital trust professionals do not know how quickly they could halt an AI system after a security incident. (isaca.org) The same poll found 20% do not know where ultimate responsibility for AI would lie inside their organization. Another 28% pointed to the board or executives, 18% to the chief information officer or chief technology officer, and 13% to the chief information security officer. (isaca.org) ISACA has been documenting related governance gaps for months. In June 2025, it said 83% of IT and business professionals in Europe believed employees were using AI, but only 31% of organizations had a formal, comprehensive AI policy. (isaca.org) AAIR is not a first certification for newcomers. ISACA says applicants need proven experience in IT risk or advisory roles and must already hold one of 25 prerequisite certifications or designations, including CISA, CISM, CRISC, CGEIT, CDPSE, CISSP, CRMA, CGRC, CERP or CRCM. (isaca.org) (morningstar.com) ISACA Chief Executive Officer Erik Prusch said in the launch announcement that “AI is moving faster than many organizations are prepared for,” tying the new exam to the pace of enterprise adoption. (morningstar.com) The group is also bundling study materials with the rollout, including an online review course, a questions-and-answers database and a review manual in digital or print form. (isaca.org) (morningstar.com) The launch gives ISACA a third AI-focused credential alongside Advanced in AI Audit and Advanced in AI Security Management, as the association pushes its audit, security and risk members deeper into AI oversight work. (morningstar.com)