Question 14 - Isaca AAIA Real Exam Questions [Feb 2026 Update]

Q: 14

Which of the following is MOST important for an IS auditor to review during an AI system audit in order to determine compliance with intellectual property and data rights?

Options

Correct Answer:

Explanation

Data usage agreements are the foundational legal documents that stipulate the permissible use of data, including any restrictions related to intellectual property (IP), privacy, and licensing. For an IS auditor, reviewing these agreements is the most direct and critical step to verify that the organization has the legal right to use the data for training, testing, and deploying the AI system. This review confirms compliance with contractual obligations and data rights, which is the central focus of the question.

Why Incorrect

A. Data performance metrics: These metrics evaluate the quality and effectiveness of the data for model training (e.g., accuracy, completeness), not the legal rights to use it.

C. Use of open-source intellectual property: While a component of IP compliance, this is narrower than data rights. Data usage agreements cover the core asset (the data), which is often more sensitive and legally complex.

D. Model runtime efficiency logs: These logs measure the computational performance and resource consumption of the AI model, which is an operational concern, not a legal or compliance issue.

References

1. ISACA. (2023). Artificial Intelligence Audit Framework. Section 2.2

Data Governance. The framework emphasizes that a key audit step is to "verify that data acquisition and usage are in accordance with legal

regulatory

and contractual requirements

" which are documented in data usage agreements.

2. ISACA. (2023). Auditing Artificial Intelligence. Chapter 3: AI Data and Governance. This chapter details the importance of auditing data sourcing and licensing

stating auditors must "review data-sharing and data use agreements to ensure that the organization has the right to use the data for the intended purpose."

3. Mittelstadt

B. (2019). "Principles alone cannot guarantee ethical AI." Nature Machine Intelligence

501–507. https://doi.org/10.1038/s42256-019-0114-4. This article discusses the governance of AI

implicitly highlighting that legal frameworks and agreements (data usage agreements) are essential mechanisms for ensuring data is used ethically and legally

a core concern for auditors.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE