AAIR Exam Dumps - Isaca AI Risk Questions and Answers

Synthetic data is generated algorithmically to resemble real data while protecting individual privacy. However, synthetic data generation processes may not perfectly capture the full statistical diversity of real-world populations—particularly rare conditions, edge cases, and underrepresented demographic groups.

Why A is Correct: According to ISACA AAIR data quality guidance for AI, the greatest risk of training on synthetic data is that it may not reflect real-world diversity. In healthcare, this is particularly consequential because AI models trained on non-diverse synthetic data may perform poorly for patient populations not well-represented in the original real data—potentially producing inaccurate diagnoses or treatment recommendations for vulnerable groups, perpetuating health inequities.

Why B is Wrong: While reduced diversity could contribute to increased false negatives in some scenarios, this is a specific manifestation of the broader diversity problem. The root cause—lack of real-world representativeness—is the more fundamental and comprehensive risk.

Why C is Wrong: Regulatory noncompliance from synthetic data use depends on jurisdiction-specific requirements. Many regulations explicitly encourage synthetic data to protect privacy. While compliance must be verified, it is not the greatest inherent risk of synthetic data quality.

Why D is Wrong: Synthetic data generation occurs in controlled internal environments and is not inherently more susceptible to data poisoning than other data types. Poisoning risk is a function of data pipeline controls, not whether data is synthetic or real.

Third-party AI suppliers introduce significant risk through model updates, changes in training data, and modifications to system behavior. Contractual disclosure requirements ensure the acquiring organization can maintain active risk oversight despite not controlling the vendor's development processes.

Why B is Correct: The ISACA AAIR framework emphasizes that third-party AI contracts must protect against harms arising from undisclosed changes. When vendors make silent updates to models, the acquiring organization cannot assess new risks before they affect users, decisions, or regulated outcomes. Timely disclosure requirements enable proactive risk detection and mitigation before individuals are harmed.

Why A is Wrong: Availability guarantees are service-level concerns addressed by SLA provisions. While important operationally, they do not address the risk management imperative of understanding what changes have been made to AI models.

Why C is Wrong: Internal trust-building is a change management consideration, not the primary purpose of contractual disclosure requirements. Contracts address risk obligations, not organizational confidence.

Why D is Wrong: Vendor staff access to sensitive datasets is a data access and privacy concern addressed through data processing agreements and access controls, not model update disclosure requirements.

Autonomous agents creating HR system identities that exist outside the organization's federated identity management system create invisible, unmanaged access pathways. These shadow identities bypass the centralized access governance controls designed to enforce least privilege, monitor access activity, and enable rapid deprovisioning.

Why D is Correct: According to ISACA AAIR identity and access management guidance for autonomous AI systems, identities not incorporated into the federated system pose the greatest risk because they are invisible to access governance processes. Federated identity management provides centralized provisioning, deprovisioning, monitoring, and policy enforcement. Autonomous identities outside this system can accumulate inappropriate access rights, persist after their legitimate purpose expires, and be used for unauthorized actions—entirely outside the organization's visibility.

Why A is Wrong: Breach identification delays are a consequence of the visibility gap created by ungoverned identities, not the root risk. The primary risk is the existence of invisible access pathways; delayed detection is a downstream effect.

Why B is Wrong: Ineffective credential management is a specific implementation problem with known credentials. The greater risk here is identities that the credential management system doesn't know about at all—complete invisibility is worse than imperfect management.

Why C is Wrong: Increased staffing for human validation is an operational resource impact. While relevant to managing autonomous agent oversight, staffing requirements are a manageable operational concern, not the greatest governance risk from ungoverned identities.

Credit scoring AI systems are subject to anti-discrimination regulations that prohibit using models that produce biased outcomes affecting protected classes. When bias cannot be eliminated through technical means, continuing to operate the system creates ongoing legal violations and harm to affected individuals.

Why B is Correct: According to ISACA AAIR risk treatment guidance and legal compliance obligations, removing a biased credit-scoring system from production is the appropriate response when bias cannot be technically remediated. Continuing to operate a system known to produce discriminatory credit decisions violates anti-discrimination laws (such as the Equal Credit Opportunity Act), exposes the organization to regulatory enforcement, and causes ongoing harm to affected borrowers. Risk avoidance through system withdrawal is the appropriate treatment when the risk cannot be adequately mitigated.

Why A is Wrong: Requesting senior management risk acceptance for confirmed legal violations is inappropriate because organizations cannot accept risks involving known regulatory breaches. Senior management cannot legitimately authorize continued discriminatory lending practices.

Why C is Wrong: Sourcing a replacement system is a necessary future action but takes time to procure, validate, and deploy. In the interim, the biased system should not continue operating. Removing the system from production should precede replacement planning.

Why D is Wrong: Applying compensating controls to generate offsetting biases compounds the discriminatory problem rather than resolving it. Deliberately introducing additional bias—even in the opposite direction—creates an unpredictably biased model that does not produce fair outcomes.

Model cards are standardized documents that communicate key information about AI models, including their intended use, training data, performance characteristics, limitations, and ethical considerations. They serve as a primary transparency instrument in AI governance.

Why D is Correct: According to the ISACA AAIR curriculum, the primary purpose of model cards is to provide transparency to stakeholders—including developers, users, auditors, and regulators. Transparency enables informed decision-making about model deployment, helps identify potential misuse, and supports responsible AI governance across the life cycle.

Why A is Wrong: Justifying use cases is a secondary benefit. Model cards are not primarily advocacy documents; their core function is objective disclosure of model characteristics and limitations.

Why B is Wrong: Preserving audit trails is a governance function served by version control and change management systems. While model cards contribute to audit readiness, it is not their primary purpose.

Why C is Wrong: Technical specifications represent only a subset of model card content. Model cards go beyond technical detail to address fairness, bias, intended use boundaries, and societal impact considerations.

AI-generated content—including operational procedures—can contain errors, omissions, hallucinations, and contextually inappropriate guidance. Human review is a critical quality control and accountability mechanism that ensures generated procedures are accurate, complete, and appropriate for actual operational use.

Why A is Correct: The ISACA AAIR guidance on human oversight identifies the absence of human review as the greatest risk in AI-generated documentation. Without review, errors and AI hallucinations are propagated directly into operational use, potentially causing safety incidents, compliance violations, or operational failures. Human review is the last line of defense against AI output quality failures, particularly in operational procedure contexts where incorrect instructions can have serious consequences.

Why B is Wrong: Outdated procedures are a content quality issue that would typically be caught during human review. The greater concern is that no review is occurring, which allows all types of errors—including outdated content—to reach operational use unchallenged.

Why C is Wrong: Policy misalignment is a governance concern but represents a specific type of error that would be identified if adequate human review were performed. The absence of review is the root governance failure.

Why D is Wrong: Using AI to generate procedures for high-risk activities is a deployment scope concern that raises the stakes of errors. However, the fundamental governance failure—and the greatest concern—is that no human verification occurs regardless of the risk level of the activity.

Algorithm selection is a foundational risk management decision in AI development. The wrong algorithm for a given use case can produce inaccurate, unreliable, or harmful outputs regardless of the quality of training data or computational resources applied.

Why D is Correct: The ISACA AAIR model development guidance identifies use case alignment as the most critical algorithm selection criterion. Supervised and unsupervised learning are suited to fundamentally different problem types—supervised learning requires labeled training data and learns mappings to known outputs; unsupervised learning discovers patterns in unlabeled data. Selecting algorithms whose capabilities match the use case's structure and objectives prevents systematic performance failures and misapplied AI.

Why A is Wrong: Generalization capability is an important model quality criterion but represents one of many algorithmic properties. Strong generalization on the wrong problem type still produces poor results. Use case alignment precedes generalization as a selection criterion.

Why B is Wrong: Requiring supervised learning for all training projects is an inappropriate blanket policy. Many valuable use cases—anomaly detection, customer segmentation, exploratory analytics—are better served by unsupervised approaches. Mandating supervised learning prevents optimal use case matching.

Why C is Wrong: Computational cost is a resource management consideration. Optimizing for cost at the expense of use case fit risks deploying inappropriate models that produce unreliable outputs, creating far greater costs through remediation or harm.

AI systems introduce new categories of risk—model drift, adversarial attacks, algorithmic bias, hallucination—that conventional IT controls were not designed to address. AI-specific controls must complement existing controls to create comprehensive coverage across both traditional and emerging risk domains.

Why C is Correct: The ISACA AAIR curriculum identifies the holistic, comprehensive coverage of both conventional governance exposures and emerging AI vulnerabilities as the primary benefit of AI-specific controls. By designing controls that address AI-unique risks while integrating with existing governance structures, organizations achieve end-to-end risk management without creating coverage gaps between the old and new control environments.

Why A is Wrong: Compliance reporting prioritization is a governance administration activity. While AI-specific controls may clarify compliance requirements, identifying and prioritizing reporting requirements is not the primary purpose of implementing new controls.

Why B is Wrong: Cost reduction through control consolidation is an efficiency benefit that may result from control rationalization but is not the primary benefit of incorporating AI-specific controls. Adding necessary controls may actually increase costs in the short term.

Why D is Wrong: Accelerating deployment through efficient pre-deployment analysis is an operational efficiency benefit. The primary governance purpose of AI-specific controls is comprehensive risk coverage, not deployment speed.

The shared responsibility model creates complexity in AI governance because control obligations are distributed between the organization and the vendor. The most critical risk is ambiguity about who owns specific controls and who makes decisions when issues arise.

Why D is Correct: The ISACA AAIR framework identifies documented assignment of control ownership as the cornerstone of shared responsibility governance. Without explicit documentation of which controls the organization owns versus which the vendor owns, and who has decision authority in each scenario, gaps and overlaps emerge that allow risks to go unmanaged. Named ownership ensures accountability persists across the shared boundary.

Why A is Wrong: Staff training on procedures is important but addresses operational readiness rather than the fundamental governance challenge of shared responsibility. Training supports a well-structured model but cannot substitute for defined ownership.

Why B is Wrong: Contractual liability clauses are legal protections that determine financial recourse after incidents. While essential, they do not prevent governance gaps from forming during normal operations.

Why C is Wrong: Data pathway testing is a security assurance activity addressing technical controls. It verifies control function but does not establish who owns those controls or what authority they have in the shared model.

Output deterioration despite stable inputs is a classic indicator of model drift—specifically concept drift, where the underlying relationships between inputs and targets change over time even when the distribution of inputs appears stable. This requires ongoing monitoring and systematic recalibration.

Why D is Correct: The ISACA AAIR life cycle management guidance identifies continuous performance monitoring and scheduled recalibration as the appropriate response to model drift. Monitoring provides early warning when performance degrades below thresholds, while scheduled recalibration ensures the model is periodically updated to reflect current real-world patterns. This systematic approach prevents continued deterioration and maintains model reliability.

Why A is Wrong: Source code audits and peer reviews address development quality and code integrity, not model drift. Drift is a statistical phenomenon driven by changing data relationships, not code defects that code reviews can identify.

Why B is Wrong: Replacing predictive AI with static rule-based systems eliminates the adaptive capabilities that make AI valuable. Static rules cannot respond to evolving patterns and typically perform worse in dynamic environments.

Why C is Wrong: Dataset cleansing addresses data quality for model retraining but does not establish the ongoing monitoring mechanism needed to detect future drift. A one-time cleansing activity cannot prevent recurrent deterioration.