Skip to main content
Back to Academy catalog
LeadershipIntermediate

AI Risk for Audit Committees

A 45-minute working session for audit committee chairs and internal audit leaders — the questions that surface real AI risk.

45 min·7 chapters·Board · Executive · Director·Free

Last updated: 2026-05-19

What you'll learn

By the end of this course you'll be able to:

  • Where AI sits inside the existing risk universe — and where it doesn't fit
  • Inherent vs residual risk applied honestly to AI systems
  • How to map AI risks onto your existing COSO / three-lines / control frameworks
  • The audit committee questions that surface real risk vs. theater
  • Independent assurance approaches — first, second, and third line
  • How to report AI risk to the full board without inducing panic or sleep

Who this is for

Audit committee chairs, audit committee members, chief audit executives, and internal audit leaders. Especially valuable for committees overseeing BFSI, healthcare, public-sector, and listed entities across the GCC, India, and Africa where regulators are converging fast on AI assurance expectations and the existing risk universe wasn't built for model risk and bias risk.

Prerequisites

  • · ai-governance-risk-boards

Curriculum

7 chapters · 2 hands-on exercises · capstone challenge

Each chapter ends with the learning objectives ticked off. Quizzes are auto-graded with feedback; exercises are open-ended and produce artifacts you can take to your team.

1

1. AI in the risk universe

7 min
  • Locate AI risk inside operational, compliance, strategic, and reputational categories
  • Spot the 3 risks AI introduces that don't map cleanly to legacy buckets
2

2. Inherent vs residual risk for AI systems

7 minQUIZ
  • Apply inherent / residual risk thinking to a live AI use case
  • Avoid the "controls assumed" anti-pattern in residual ratings
3

3. Mapping AI to existing control frameworks

7 minEXERCISE
  • Map AI risks onto COSO ERM, three lines of defense, and ISO 31000
  • Use NIST AI RMF Govern/Map/Measure/Manage to fill the AI-specific gaps
4

4. The audit committee questions that surface real risk

8 minQUIZ
  • Apply a 9-question line of inquiry that exposes weak AI controls
  • Distinguish answers that reflect maturity from answers that reflect rehearsal
5

5. Independent assurance approaches

6 min
  • Decide which AI controls need first, second, or third-line assurance
  • Set a 12-month internal audit AI plan that doesn't over-rotate
6

6. Reporting AI risk to the full board

6 minEXERCISE
  • Build the 1-page AI risk view the full board will actually read
  • Avoid the heatmap-as-theater trap

Capstone: Capstone: Your audit committee AI playbook

4 min
  • Draft the 9 questions your committee will ask at the next AI review
  • Define the escalation path from internal audit findings to full-board action

Capstone deliverable: Every learner who completes this course produces «Your Audit Committee AI Playbook» — a tangible artifact you take back to your organization.

Curriculum live · full chapter content rolling out through 2026.

The outline, learning objectives, references, and capstone deliverable are published. Full chapter content (video, narration, exercises) ships progressively. Get notified when each chapter goes live.

Get notified when chapters ship

References & sources

Built on cited sources — not vibes.

Every course is researched fresh against vendor documentation, regulatory sources, and peer-reviewed work. Sources used in this course:

NIST AI Risk Management Framework

National Institute of Standards and Technology · Source link

IIA — Artificial Intelligence Auditing Framework

The Institute of Internal Auditors · Source link

NACD — Director's Handbook on Cyber-Risk Oversight

National Association of Corporate Directors · Source link

PCAOB — Considerations for Audits of AI in Financial Reporting

Public Company Accounting Oversight Board · Source link

OECD AI Principles

OECD · Source link

Course details

Track

Leadership

Level

Intermediate

Audience

Board, Executive, Director

Industry

Cross-Industry

Stack

Stack-agnostic

Paired Gennoor Way phase

sustain

Format

reading, video

You finished the course. Now what?

From course to outcome.

Reading this course is step one. The next step is applying it where you work. Here's how Gennoor helps — without the deck, without the pitch.

Run this for your team

A 2-day workshop or virtual cohort for up to 25 of your people, with exercises run on your data and a 30-day adoption plan.

From $5k · 2 weeks · function-specific

Talk to us about a workshop

Apply this to your data

A 4–6 week pilot that takes what you learned and ships a working system inside your environment. Fixed scope, fixed price, code transferred day one.

From $25k · 6 weeks · production-grade

Scope a pilot

Just want to talk?

Free 30-minute call. No deck, no pitch. We listen to your situation and tell you honestly what makes sense — even if it isn't us.

Free · no commitment · 30 minutes

Book a call

Or just keep learning. We recommend next:

leadership

AI Governance & Risk for Boards

55 min

leadership

AI Strategy for the C-Suite

60 min

leadership

AI Vendor Management

50 min

Just finished «AI Risk for Audit Committees». Want this to go further at your organization?

Back to all 43 Academy courses