Isaca AAIA Exam - Topic 3 Question 18 Discussion

Actual exam question for Isaca's AAIA exam

Question #: 18
Topic #: 3

Which of the following is MOST important for an IS auditor to consider when identifying AI risk in a know your customer (KYC) application within a banking organization?

AIntellectual property leakage and invalidation

BBenchmarking against peer organizations

CIncident response plan

DBusiness disruption and financial impact

Show Suggested Answer

Suggested Answer: D

In high-stakes financial applications like KYC, the primary concern is the potential business and regulatory impact of an AI error---such as false customer rejection or failure to detect fraudulent accounts. The AAIA Study Guide emphasizes aligning AI risk assessments with business impact and regulatory exposure.

''In financial institutions, the most material risk of AI errors lies in operational disruption and regulatory fines. KYC models must be assessed for how errors can lead to compliance failures or reputational harm.''

Benchmarking (B) supports best practice alignment, and incident response (C) is part of mitigation, but D addresses the most critical consequence of AI risks in banking.

by Ashlee at May 15, 2026, 03:51 PM

Limited Time Offer

25%

Off

Get Premium AAIA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Keena

16 days ago

I think I remember discussing the importance of business disruption in KYC applications, but I'm not entirely sure if it's the most critical factor.

upvoted 0 times

...