Exam AAIA Topic 2 Question 132 Discussion
Actual exam question for ISACA's AAIA exam
Question #: 132
Topic #: 2
Question #: 132
Topic #: 2
An organization is developing an AI system that integrates data from multiple external sources without clearly defined data ownership policies. Which of the following is the GREATEST concern in this situation?
Suggested Answer: D Vote an answer
When integrating data from multiple external sources, uncleardata ownershipdirectly affects accountability for privacy, consent, retention, and lawful processing. This createsgaps in AI privacy compliance and accountability(option D), which is the greatest concern because violations can lead to regulatory sanctions, litigation, and serious reputational damage. AAIA's governance and risk domain emphasizesprivacy and data governance programs, including clear roles, responsibilities, and ownership.
Option A is important but relates more to accuracy and performance validation, not the foundational legal and accountability issues. Option B (access permissions) is a control issue but usually easier to remediate once ownership and responsibilities are clarified. Option C (dependence on automated data collection/cleansing) can introduce quality risks but does not directly resolve or define who is accountable. Thus, the primary risk is the lack of clear privacy and accountability structures across external data sources.
References:
ISACA,AAIA Exam Content Outline- Domain 1: Privacy and Data Governance Programs (data governance, privacy considerations).
ISACA guidance on AI governance, roles, responsibilities, and accountability for data use.
Option A is important but relates more to accuracy and performance validation, not the foundational legal and accountability issues. Option B (access permissions) is a control issue but usually easier to remediate once ownership and responsibilities are clarified. Option C (dependence on automated data collection/cleansing) can introduce quality risks but does not directly resolve or define who is accountable. Thus, the primary risk is the lack of clear privacy and accountability structures across external data sources.
References:
ISACA,AAIA Exam Content Outline- Domain 1: Privacy and Data Governance Programs (data governance, privacy considerations).
ISACA guidance on AI governance, roles, responsibilities, and accountability for data use.
by Neil at Jul 12, 2026, 04:02 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).