Understanding AI Auditing through Core Concepts

Feeling overwhelmed by where to start with AI auditing? AI has moved beyond a mere technology trend and is rapidly expanding into corporate decision-making, workflow automation, customer service, recruitment, security, and risk management. However, compared to the speed of AI adoption, not many people systematically understand questions like: "Is the AI being properly controlled?", "Can we trust the AI's judgment?", or "What risks could arise from the data, models, and operational processes?" In particular, those working in IT auditing, security, internal control, and project management often face these concerns: - How does AI auditing differ from traditional IT auditing? - Is it enough to just look at the code for an AI model, or must we examine the data and training process as well? - How do AI governance, risk, bias, explainability, MLOps, and incident response connect to one another? - Where should I start to understand the concepts covered in AI auditing certification courses like AAIA from a practical perspective? This course was created specifically to resolve this sense of uncertainty. For about 20 years, I have gained experience in IT service planning, development, PM, collaboration platform operation, groupware construction, chatbot service planning, and security and audit-related tasks. I have firsthand experience in how systems are planned, developed, and operated in actual organizations, and how failures, changes, security, and user requirements are interconnected. Furthermore, I have synthesized the perspectives of IT auditing and AI auditing through CISA and AAIA study programs. In this course, rather than diving deep into complex AI technology through math or development, I focus on the core concepts that auditors and IT practitioners must understand. We will examine AI systems by breaking them down into the flow of data, models, operations, security, governance, risk, and audit procedures, and summarize what controls and checkpoints are required at each stage. Through this course, students will understand that AI auditing is not simply "evaluating AI," but rather the task of inspecting governance, risk, and control systems to ensure that AI is used safely and responsibly within an organization. This course is suitable for: - Those new to AI auditing. - Those in IT auditing or security who want to expand into the AI domain. - Those who want to organize AI governance and risk from a practical perspective. - Those who want to grasp the overall concepts before starting AI audit-related studies such as AAIA. Upon completing the course, you will be able to answer the following questions yourself: - What components make up an AI system? - What should an AI auditor check during the data, model, and operation stages? - Why are AI governance and Responsible AI important? - How are AI risk, bias, explainability, privacy, and security connected? - What perspectives and evidence should be included in an AI audit report? In the rapidly changing era of AI, the ability to manage and inspect technology to make it trustworthy is just as important as the ability to use it well. This course is an introductory program for those who want to understand the big picture of AI auditing step-by-step from the beginning. Let's build the first standard for looking at IT and AI from an auditing perspective together.