Training Module
Auditing AI Risk & Impact Management
Understand how to audit harm, impact, and risk reasoning, intended use alignment, and decision documentation in an ISO/IEC 42001 AI management system
Training Module
Auditing AI Risk & Impact Management
Understand how to audit harm, impact, and risk reasoning, intended use alignment, and decision documentation in an ISO/IEC 42001 AI management system
Training Module
Auditing AI Risk & Impact Management
Understand how to audit harm, impact, and risk reasoning, intended use alignment, and decision documentation in an ISO/IEC 42001 AI management system
Move from “risk paperwork” to defensible, traceable AI risk and impact decisions
AI risk and impact management is credible when it clearly connects intended use, affected stakeholders, and documented decisions to real controls and oversight. This module helps auditors test that chain and recognise where reasoning, traceability, or documentation breaks down in practice.
Move from “risk paperwork” to defensible, traceable AI risk and impact decisions
AI risk and impact management is credible when it clearly connects intended use, affected stakeholders, and documented decisions to real controls and oversight. This module helps auditors test that chain and recognise where reasoning, traceability, or documentation breaks down in practice.
Move from “risk paperwork” to defensible, traceable AI risk and impact decisions
AI risk and impact management is credible when it clearly connects intended use, affected stakeholders, and documented decisions to real controls and oversight. This module helps auditors test that chain and recognise where reasoning, traceability, or documentation breaks down in practice.
Training module overview
Training module overview
Training module overview
In ISO/IEC 42001 audits, weak AI risk and impact management rarely fails because an organisation “didn’t use the right framework.” It fails because the organisation cannot show a coherent line from intended use and stakeholders to impact reasoning, risk decisions, and documented acceptance of trade-offs. This creates false assurance: the system looks controlled on paper, while key harms, misuses, and operational realities remain unaddressed.
This standard-specific audit add-on focuses on how to audit the quality of reasoning and documentation behind AI risk and impact decisions, without re-teaching generic risk methods or generic audit craft. It is mandatory in the ISO/IEC 42001 auditor pathway and is applicable to internal auditors and third-party auditors (including certification-body and independent assurance contexts).
In ISO/IEC 42001 audits, weak AI risk and impact management rarely fails because an organisation “didn’t use the right framework.” It fails because the organisation cannot show a coherent line from intended use and stakeholders to impact reasoning, risk decisions, and documented acceptance of trade-offs. This creates false assurance: the system looks controlled on paper, while key harms, misuses, and operational realities remain unaddressed.
This standard-specific audit add-on focuses on how to audit the quality of reasoning and documentation behind AI risk and impact decisions, without re-teaching generic risk methods or generic audit craft. It is mandatory in the ISO/IEC 42001 auditor pathway and is applicable to internal auditors and third-party auditors (including certification-body and independent assurance contexts).
Applicable environments
This module focuses on auditing clauses and controls that are specific to ISO/IEC 42001. It is intended for auditors working with organisations operating an AI management system (AIMS) according to this standard.
Target audience
Target audience
Target audience
Aspiring auditors who want to audit AI management systems against ISO/IEC 42001 following best practices
Practising ISO/IEC 42001 auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Aspiring auditors who want to audit AI management systems against ISO/IEC 42001 following best practices
Practising ISO/IEC 42001 auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Decision support
Is this module for you?
It is a good fit if you…
seek to audit the quality of AI risk and impact reasoning.
are aiming to judge alignment between intended use, impacts, and decisions.
focus on traceability from risk reasoning to documented controls.
are prepared to test whether decisions hold up under real use conditions.
expect to strengthen audit conclusions on AI risk governance.
seek to audit the quality of AI risk and impact reasoning.
are aiming to judge alignment between intended use, impacts, and decisions.
focus on traceability from risk reasoning to documented controls.
are prepared to test whether decisions hold up under real use conditions.
expect to strengthen audit conclusions on AI risk governance.
If most of the points above apply, this module is likely a good fit.
It may not be the best fit if you…
prefer to design AI risk frameworks or impact assessment methods.
are looking for guidance on harm analysis or ethical risk modelling.
focus primarily on managing or mitigating AI risks yourself.
do not intend to audit AI risk and impact management under ISO/IEC 42001.
prefer to design AI risk frameworks or impact assessment methods.
are looking for guidance on harm analysis or ethical risk modelling.
focus primarily on managing or mitigating AI risks yourself.
do not intend to audit AI risk and impact management under ISO/IEC 42001.
Agenda
Agenda
Agenda
What “AI risk & impact management” means in an ISO/IEC 42001 audit
Testing harm and impact reasoning
Intended use integrity and stakeholder alignment
Decision documentation quality
Evidence trails, sampling focus, and red-flag patterns
Case-based audit simulation
Show detailed agenda...
What “AI risk & impact management” means in an ISO/IEC 42001 audit
Testing harm and impact reasoning
Intended use integrity and stakeholder alignment
Decision documentation quality
Evidence trails, sampling focus, and red-flag patterns
Case-based audit simulation
Show detailed agenda...
What “AI risk & impact management” means in an ISO/IEC 42001 audit
Testing harm and impact reasoning
Intended use integrity and stakeholder alignment
Decision documentation quality
Evidence trails, sampling focus, and red-flag patterns
Case-based audit simulation
Show detailed agenda...
Learning outcomes
Learning outcomes
Learning outcomes
Key outcomes
Evaluate whether harm/impact reasoning is specific, complete enough for decisions, and consistent across artefacts
Test traceability from intended use and stakeholder considerations to impact assessment, risk decisions, and controls
Assess whether risk and impact decisions are documented in a way that supports accountability and later review
Evaluate whether harm/impact reasoning is specific, complete enough for decisions, and consistent across artefacts
Test traceability from intended use and stakeholder considerations to impact assessment, risk decisions, and controls
Assess whether risk and impact decisions are documented in a way that supports accountability and later review
Additional capabilities
Identify and prioritise evidence sources that demonstrate real operation (not just planned intent)
Recognise common ISO/IEC 42001 risk/impact audit red flags that indicate false assurance
Define focused audit tests for decision quality without substituting for generic audit planning or interviewing techniques
Identify and prioritise evidence sources that demonstrate real operation (not just planned intent)
Recognise common ISO/IEC 42001 risk/impact audit red flags that indicate false assurance
Define focused audit tests for decision quality without substituting for generic audit planning or interviewing techniques
Additional benefits
Additional benefits
Additional benefits
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
Intended use integrity checklist (intended vs actual use; drift and misuse prompts)
Stakeholder alignment evidence map (expectations/obligations → where to verify)
Decision documentation review checklist (rationale, trade-offs, approvals, residual acceptance)
Traceability test worksheet (use case → impact → risk decision → control/monitoring evidence)
Red-flag library for AI risk/impact management audits (typical patterns and what to test next)
Intended use integrity checklist (intended vs actual use; drift and misuse prompts)
Stakeholder alignment evidence map (expectations/obligations → where to verify)
Decision documentation review checklist (rationale, trade-offs, approvals, residual acceptance)
Traceability test worksheet (use case → impact → risk decision → control/monitoring evidence)
Red-flag library for AI risk/impact management audits (typical patterns and what to test next)
Confirmation
Certificate of completion
Module ID
HAM-AI-A-01
Domain
Audience
Auditor
Language
English
Delivery
Live virtual
Duration
3 h
List price
CHF 250
Excl. VAT. VAT may apply depending on customer location and status.
Delivery & learning format
Delivery & learning format
Delivery & learning format
Virtual live teaching
This module is delivered live, with a strong focus on discussion, practical application, and direct interaction with the instructor.
Sessions work through realistic examples, clarify concepts in context, and apply methods directly to participants’ organisational realities.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
Not sure if this module is right for you?
Not sure if this module is right for you?
Not sure if this module is right for you?
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes auditors can already apply core audit evidence and judgement concepts and are familiar with management system basics. It does not teach generic audit craft or generic risk methodology.
Helpful background includes:
Practical ability to evaluate evidence, sampling rationale, and professional judgement
General understanding of how management systems use documented information to support governance decisions
This module assumes auditors can already apply core audit evidence and judgement concepts and are familiar with management system basics. It does not teach generic audit craft or generic risk methodology.
Helpful background includes:
Practical ability to evaluate evidence, sampling rationale, and professional judgement
General understanding of how management systems use documented information to support governance decisions
Preparatory modules
Foundational modules (depending on background)
Useful if you are new to the underlying concepts or want a shared baseline before attending this module.
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
AI Fundamentals II
Understand AI uncertainty, limitations, and common failure modes across predictive and generative AI systems
7 h
AI Fundamentals II
Understand AI uncertainty, limitations, and common failure modes across predictive and generative AI systems
7 h
AI Fundamentals II
Understand AI uncertainty, limitations, and common failure modes across predictive and generative AI systems
7 h
AI Risk, Impact & Harm Assessment
Understand how to assess AI impacts and harms, document results, and connect them to risk decisions in an AI management system
7 h
AI Risk, Impact & Harm Assessment
Understand how to assess AI impacts and harms, document results, and connect them to risk decisions in an AI management system
7 h
AI Risk, Impact & Harm Assessment
Understand how to assess AI impacts and harms, document results, and connect them to risk decisions in an AI management system
7 h
Supporting modules (optional)
Helpful if you want to deepen related skills, but not required to participate effectively.
AI Fundamentals I
Learn core AI concepts, AI system types, and the technical building blocks that underpin modern AI-enabled products and services
7 h
AI Fundamentals I
Learn core AI concepts, AI system types, and the technical building blocks that underpin modern AI-enabled products and services
7 h
AI Fundamentals I
Learn core AI concepts, AI system types, and the technical building blocks that underpin modern AI-enabled products and services
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
After completion of this module, the following modules are ideal to further deepen your competence. If you are looking for a structured learning path, modules can also be taken as part of a professional track.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.