Certified: The ISACA AAIA Audio Course
By Jason Edwards
Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.
Image by Jason Edwards
Category: Technology
Open in Apple Podcasts
Open RSS feed
Open Website
Rate for this podcast
Subscribers: 0
Reviews: 0
Episodes: 113
Description
Welcome to Certified: The ISACA AAIA Audio Course. I’m your guide for this series, and my job is to make AI auditing feel clear, structured, and doable for people who already have a full plate. Across these episodes, you’ll build a practical mental model for how AI systems work in an organization and how an auditor or assurance professional should evaluate them. Expect plain language, a steady pace, and a focus on what you can actually test, document, and defend. We’ll spend time on governance, data, models, controls, and monitoring, but we’ll always bring it back to audit outcomes: scope, criteria, evidence, findings, and reporting that leaders can act on.
Here’s how to use Certified: The ISACA AAIA Audio Course. Start at the beginning, even if you’re experienced, because the early episodes set shared definitions and a consistent way to think about evidence. Listen once for understanding, then listen again when you’re ready to turn concepts into checklists you can use in the real world. If a term is new, don’t pause to research it mid-episode—keep going and let repetition do its job, because we’ll reinforce the same ideas from multiple angles. If this course is helping you, follow the show so new episodes land automatically. Subscribe wherever you get podcasts.
| Episode | Date |
|---|---|
|
Welcome to the ISACA AAIA Audio Course
|
Feb 15, 2026 |
|
Episode 112 — Exam-Day Tactics: Calm, fast, defensible answers for AAIA scenarios (Exam-Day Tactics)
|
Feb 15, 2026 |
|
Episode 111 — Spaced Retrieval Mega-Review: All 23 tasks in one connected storyline (Review: Tasks 1–23)
|
Feb 15, 2026 |
|
Episode 110 — Spaced Retrieval Review: Domain 3 audit tools and techniques, simplified (Review: Domain 3)
|
Feb 15, 2026 |
|
Episode 109 — Utilize AI to enhance audit reporting without hallucinated conclusions (Task 23)
|
Feb 15, 2026 |
|
Episode 108 — Utilize AI to enhance audit execution while preserving evidence quality (Task 23)
|
Feb 15, 2026 |
|
Episode 107 — Utilize AI to enhance audit planning without outsourcing judgment (Task 23)
|
Feb 15, 2026 |
|
Episode 106 — Prevent AI-in-audit blind spots: bias, leakage, and overreliance risks (Task 22)
|
Feb 15, 2026 |
|
Episode 105 — Evaluate impacts and risk when integrating AI into the audit process (Task 22)
|
Feb 15, 2026 |
|
Episode 104 — Follow up AI audits so fixes stick and risk stays reduced (Domain 3E)
|
Feb 15, 2026 |
|
Episode 103 — Write AI findings that tie cause, risk, evidence, and remediation together (Domain 3E)
|
Feb 15, 2026 |
|
Episode 102 — Deliver AI audit reports executives understand and teams can act on (Domain 3E)
|
Feb 15, 2026 |
|
Episode 101 — Use analytics to detect drift, anomalies, and control breakdown trends (Domain 3D)
|
Feb 15, 2026 |
|
Episode 100 — Audit data quality before trusting any AI output or model score (Domain 3D)
|
Feb 15, 2026 |
|
Episode 99 — Validate evidence integrity when models and data change over time (Domain 3C)
|
Feb 15, 2026 |
|
Episode 98 — Collect AI audit evidence: logs, lineage, artifacts, and change records (Domain 3C)
|
Feb 15, 2026 |
|
Episode 97 — Test AI controls with evidence, not opinions or vendor demos (Domain 3B)
|
Feb 15, 2026 |
|
Episode 96 — Design sampling for AI decisions that reveals bias and failure modes (Domain 3B)
|
Feb 15, 2026 |
|
Episode 95 — Use audit techniques tailored to AI systems, not generic checklists (Domain 3B)
|
Feb 15, 2026 |
|
Episode 94 — Choose audit criteria for AI using policy, risk, and outcomes (Domain 3A)
|
Feb 15, 2026 |
|
Episode 93 — Build AI audit objectives that connect directly to business risk (Domain 3A)
|
Feb 15, 2026 |
|
Episode 92 — Plan an AI audit: scope, criteria, stakeholders, and timing choices (Domain 3A)
|
Feb 15, 2026 |
|
Episode 91 — Spaced Retrieval Review: Domain 2 operations and controls, simplified (Review: Domain 2)
|
Feb 15, 2026 |
|
Episode 90 — Run AI incident response: detect, triage, contain, recover, and learn (Domain 2G)
|
Feb 15, 2026 |
|
Episode 89 — Evaluate AI problem and incident management programs for fast containment (Task 20)
|
Feb 15, 2026 |
|
Episode 88 — Audit AI vendor claims, contracts, and control evidence without getting sold (Task 10)
|
Feb 15, 2026 |
|
Episode 87 — Evaluate AI vendors and supply chain controls where your visibility ends (Task 10)
|
Feb 15, 2026 |
|
Episode 86 — Audit least privilege for pipelines, service accounts, and model endpoints (Task 16)
|
Feb 15, 2026 |
|
Episode 85 — Evaluate identity and access management for AI models, data, and keys (Task 16)
|
Feb 15, 2026 |
|
Episode 84 — Build threat monitoring that catches abuse of models and prompts early (Task 19)
|
Feb 15, 2026 |
|
Episode 83 — Evaluate AI threat and vulnerability management programs for real coverage (Task 19)
|
Feb 15, 2026 |
|
Episode 82 — Understand data poisoning, evasion, and model theft in plain language (Domain 2F)
|
Feb 15, 2026 |
|
Episode 81 — Evaluate AI threats and vulnerabilities that do not exist in normal IT (Domain 2F)
|
Feb 15, 2026 |
|
Episode 80 — Prove AI controls work over time, not only on launch day (Task 12)
|
Feb 15, 2026 |
|
Episode 79 — Evaluate the design and effectiveness of AI-specific controls (Task 12)
|
Feb 15, 2026 |
|
Episode 78 — Choose AI testing methods that match the risk of the use case (Domain 2E)
|
Feb 15, 2026 |
|
Episode 77 — Test AI solutions for accuracy, robustness, bias, and safety (Domain 2E)
|
Feb 15, 2026 |
|
Episode 76 — Validate supervision of AI impacts on fairness, safety, and quality (Domain 2D)
|
Feb 15, 2026 |
|
Episode 75 — Build human oversight triggers for AI decisions that need escalation (Domain 2D)
|
Feb 15, 2026 |
|
Episode 74 — Supervise AI outputs: detect harmful decisions before customers do (Domain 2D)
|
Feb 15, 2026 |
|
Episode 73 — Audit access to model artifacts, pipelines, and configuration repositories (Task 14)
|
Feb 15, 2026 |
|
Episode 72 — Prove reproducibility: model versions, parameters, and training snapshots (Task 14)
|
Feb 15, 2026 |
|
Episode 71 — Evaluate configuration management for AI across code, data, and models (Task 14)
|
Feb 15, 2026 |
|
Episode 70 — Audit emergency changes for AI when risk forces fast decisions (Task 13)
|
Feb 15, 2026 |
|
Episode 69 — Audit model update approvals, testing evidence, and release readiness (Task 13)
|
Feb 15, 2026 |
|
Episode 68 — Evaluate change management for AI where “updates” can change outcomes (Task 13)
|
Feb 15, 2026 |
|
Episode 67 — Evaluate model performance claims using audit-grade skepticism (Task 9)
|
Feb 15, 2026 |
|
Episode 66 — Evaluate model explainability expectations without overpromising certainty (Task 9)
|
Feb 15, 2026 |
|
Episode 65 — Test model alignment to policy: what it should do versus what it does (Task 9)
|
Feb 15, 2026 |
|
Episode 64 — Evaluate algorithms and models for alignment to business objectives (Task 9)
|
Feb 15, 2026 |
|
Episode 63 — Audit AI decommissioning: retirement criteria and data cleanup duties (Task 8)
|
Feb 15, 2026 |
|
Episode 62 — Audit AI monitoring controls: drift, performance, and incident triggers (Task 8)
|
Feb 15, 2026 |
|
Episode 61 — Audit AI deployment controls: approvals, gates, and rollback readiness (Task 8)
|
Feb 15, 2026 |
|
Episode 60 — Embed vendor AI security requirements before procurement begins (Task 9)
|
Feb 14, 2026 |
|
Episode 59 — Retest and document fixes so AI vulnerabilities stay closed (Task 7)
|
Feb 14, 2026 |
|
Episode 58 — Build AI vulnerability management from discovery to remediation (Task 7)
|
Feb 14, 2026 |
|
Episode 57 — Design AI security testing that matches your model, data, and use case (Task 7)
|
Feb 14, 2026 |
|
Episode 56 — Build a reassessment cadence that prevents stale AI risk decisions (Task 6)
|
Feb 14, 2026 |
|
Episode 55 — Monitor external changes like laws, vendors, and new AI capabilities (Task 6)
|
Feb 14, 2026 |
|
Episode 54 — Monitor internal changes that require AI risk reassessment (Task 6)
|
Feb 14, 2026 |
|
Episode 53 — Keep threat understanding current as attackers and tools evolve (Task 5)
|
Feb 14, 2026 |
|
Episode 52 — Assess AI threats by likelihood and impact, not hype and fear (Task 5)
|
Feb 14, 2026 |
|
Episode 51 — Identify the AI threat landscape using realistic abuse cases (Task 5)
|
Feb 14, 2026 |
|
Episode 50 — Assign AI risk owners and approvals so accountability is never unclear (Task 4)
|
Feb 14, 2026 |
|
Episode 49 — Connect AI risks to enterprise risk reporting and decision-making (Task 4)
|
Feb 14, 2026 |
|
Episode 48 — Run the AI risk management life cycle from intake to monitoring (Task 4)
|
Feb 14, 2026 |
|
Episode 47 — Domain 2 overview: manage AI risk while enabling business opportunity (Task 4)
|
Feb 14, 2026 |
|
Episode 46 — Domain 1 recap drill: pick the right task under pressure (Tasks 1–21)
|
Feb 14, 2026 |
|
Episode 45 — Plan for vendor outages and safe degraded modes in AI systems (Task 17)
|
Feb 14, 2026 |
|
Episode 44 — Set recovery goals for AI services, data pipelines, and vendors (Task 17)
|
Feb 14, 2026 |
|
Episode 43 — Add AI systems to business continuity plans without hidden weak points (Task 17)
|
Feb 14, 2026 |
|
Episode 42 — Eradicate root causes and recover safely after AI security incidents (Task 16)
|
Feb 14, 2026 |
|
Episode 41 — Notify and escalate during AI incidents with the right triggers (Task 16)
|
Feb 14, 2026 |
|
Episode 40 — Contain AI incidents quickly by limiting access and stopping risky flows (Task 16)
|
Feb 14, 2026 |
|
Episode 39 — Report AI security incidents on time without losing accuracy (Task 15)
|
Feb 14, 2026 |
|
Episode 38 — Document AI incidents clearly for regulators, contracts, and executive updates (Task 15)
|
Feb 14, 2026 |
|
Episode 37 — Investigate AI security incidents by collecting the right evidence fast (Task 15)
|
Feb 14, 2026 |
|
Episode 36 — Domain 1 quick review: governance, policies, assets, metrics, and training (Tasks 1–3)
|
Feb 14, 2026 |
|
Episode 35 — Operationalize tools with tuning, ownership, and measurable outcomes (Task 19)
|
Feb 14, 2026 |
|
Episode 34 — Implement AI security tools into monitoring, alerting, and response workflows (Task 19)
|
Feb 14, 2026 |
|
Episode 33 — Review AI security tools by coverage, gaps, and operational fit (Task 19)
|
Feb 14, 2026 |
|
Episode 32 — Use metrics to prioritize work and prove security program value (Task 18)
|
Feb 14, 2026 |
|
Episode 31 — Monitor AI metrics to spot misuse, drift, and early incident signals (Task 18)
|
Feb 14, 2026 |
|
Episode 30 — Define AI security metrics leaders can understand and act on (Task 18)
|
Feb 14, 2026 |
|
Episode 29 — Build an AI security program that fits the enterprise security program (Task 19)
|
Feb 14, 2026 |
|
Episode 28 — Manage retention and deletion to reduce long-term AI data exposure (Task 14)
|
Feb 14, 2026 |
|
Episode 27 — Preserve data integrity so models stay reliable and trustworthy (Task 14)
|
Feb 14, 2026 |
|
Episode 26 — Protect training and test data with access control and secure storage (Task 14)
|
Feb 14, 2026 |
|
Episode 25 — Identify data risks across the AI life cycle: leaks and tampering (Task 14)
|
Feb 14, 2026 |
|
Episode 24 — Keep the AI inventory accurate with routine governance checks (Task 13)
|
Feb 14, 2026 |
|
Episode 23 — Classify AI assets by sensitivity, criticality, and compliance scope (Task 13)
|
Feb 14, 2026 |
|
Episode 22 — Inventory AI assets: models, prompts, data, and key dependencies (Task 13)
|
Feb 14, 2026 |
|
Episode 21 — Refresh training when threats, tools, and regulations change (Task 21)
|
Feb 14, 2026 |
|
Episode 20 — Build AI security awareness training that sticks in daily work (Task 21)
|
Feb 14, 2026 |
|
Episode 19 — Create acceptable use guidelines that reduce risky AI behavior (Task 21)
|
Feb 14, 2026 |
|
Episode 18 — Essential Terms: Plain-Language Glossary for fast, accurate recall (Tasks 1–22)
|
Feb 14, 2026 |
|
Episode 17 — Keep AI security policies current using ownership and change control (Task 2)
|
Feb 14, 2026 |
|
Episode 16 — Turn policies into standards, guidelines, and step-by-step procedures (Task 2)
|
Feb 14, 2026 |
|
Episode 15 — Write AI security policies people can follow without guessing (Task 2)
|
Feb 14, 2026 |
|
Episode 14 — Prove conformity by building defensible evidence for regulators and contracts (Task 8)
|
Feb 14, 2026 |
|
Episode 13 — Perform AI impact assessments with scope, evidence, and actionable results (Task 8)
|
Feb 14, 2026 |
|
Episode 12 — Plan AI impact assessments early so compliance is not an afterthought (Task 8)
|
Feb 14, 2026 |
|
Episode 11 — Translate AI regulations into practical, testable security requirements (Task 3)
|
Feb 14, 2026 |
|
Episode 10 — Apply ethical principles when AI outcomes create real business risk (Task 3)
|
Feb 14, 2026 |
|
Episode 9 — Use industry frameworks to organize AI governance and security work (Task 3)
|
Feb 14, 2026 |
|
Episode 8 — Set governance routines that keep AI security decisions consistent (Task 1)
|
Feb 14, 2026 |
|
Episode 7 — Define AI roles and responsibilities so decisions are owned and clear (Task 1)
|
Feb 14, 2026 |
|
Episode 6 — Build an AI governance charter that aligns to business objectives (Task 1)
|
Feb 14, 2026 |
|
Episode 5 — Domain 1 overview: lead AI governance and program management confidently (Task 1)
|
Feb 14, 2026 |
|
Episode 4 — Exam Acronyms: High-Yield Audio Reference for AAISM daily practice (Tasks 1–22)
|
Feb 14, 2026 |
|
Episode 3 — Walk through an AI system life cycle in clear, simple language (Task 22)
|
Feb 14, 2026 |
|
Episode 2 — Understand how AAISM questions map to real AI security work (Tasks 1–22)
|
Feb 14, 2026 |
|
Episode 1 — Exam orientation and a spoken 30-day plan to pass AAISM (Tasks 1–22)
|
Feb 14, 2026 |