Artificial Intelligence Governance, Risk Management, and Compliance Implementer - AI GRC (Pre-Order)

Module 1 — AI fundamentals

This module introduces the foundations of AI, including its history, key technologies (machine learning, deep learning, NLP, computer vision, and generative AI), and ethical principles such as fairness, transparency, accountability, and privacy. It also explains major global governance frameworks (ISO/IEC 42001, NIST AI RMF, EU AI Act, OECD, and UNESCO) and the AI lifecycle, showing how governance and compliance apply from design to decommissioning.

Module 2 — Introduction to AI governance, risk management, and compliance

This module explores how organizations manage the risks and responsibilities of AI through governance structures, compliance frameworks, and risk management practices. It introduces the core functions of AI GRC and explains how accountability, transparency, fairness, and privacy guide ethical and legal use of AI. The module also highlights stakeholder roles, governance tools, and the importance of aligning AI initiatives with business goals, international standards, and continuous improvement requirements.

Module 3 — The AI regulatory landscape
This module examines major international and national AI regulations, including the EU AI Act, NIST AI RMF, ISO/IEC 42001, ISO/IEC 42005, OECD AI Principles, and other emerging frameworks. It compares risk-based and sectoral approaches, conformity assessments, and assurance mechanisms. The module highlights how organizations can navigate overlapping obligations across jurisdictions and align governance, risk management, and compliance practices to meet ethical, legal, and operational expectations in a rapidly evolving global regulatory environment. 

Module 4 — AI trust, risk, and security management (AI TRiSM) framework

This module introduces Gartner’s AI TRiSM framework, which unites trust, risk, and security management across the AI lifecycle. It explains TRiSM’s pillars (transparency, accountability, fairness, robustness, and governance) and shows how they align with ISO/IEC 42001, ISO/IEC 42005, and the NIST AI RMF. The module covers key elements such as KRIs, KCIs, risk tolerance, red teaming, and risk registers, illustrating how TRiSM operationalizes trustworthy, secure, and compliant AI through integrated governance and continuous monitoring.

Module 5 — Alignment and integration of AI standards

Explores how organizations can reduce duplication and strengthen compliance by integrating overlapping requirements from frameworks such as ISO/IEC 42001, the EU AI Act, and the NIST AI RMF. Covers control mapping, synergy identification, and conflict resolution across standards. Emphasizes harmonized documentation, integrated Statements of Applicability (SoAs), and sector-specific adaptations. The module also introduces automation and GRC tools for monitoring, reporting, and continuous improvement, supported by practical exercises in aligning controls and managing conflicts.

Module 6 — Designing and implementing AI GRC programs

Explains how structured governance policies and documentation form the foundation of AI GRC programs. Covers creating policies aligned with ethical principles, legal requirements, and organizational objectives, ensuring version control, and integrating them into governance processes. Describes how to link policies across multiple frameworks, maintain a central repository, and use documentation to support risk management, audits, and coordination. Includes practical exercises on policy drafting, Statement of Applicability (SoA) structuring, and control record organization

Module 7 — Artificial Intelligence Management Systems (AIMS)

Explores how AIMS under ISO/IEC 42001 establish structured governance for AI across its lifecycle. Focuses on defining governance roles, oversight bodies, and decision-making authority, and integrating AI oversight into existing GRC systems. Covers scope definition, policy creation, auditing, Statements of Applicability (SoA), stakeholder engagement, and change management. Emphasizes how clear accountability, coordinated roles, and continuous improvement strengthen trust, reduce risk, and ensure responsible AI governance.

Module 8 — Methodology for the Implementation of the AIMS

Describes a structured, standards-based approach for planning, deploying, and maintaining an AIMS aligned with ISO/IEC 42001. Covers readiness assessments, leadership and culture, resource planning, and control design. Explains phased implementation, third-party oversight, documentation control, and performance measurement. Details audit readiness, management reviews, corrective actions, and certification preparation. Emphasizes evidence-based governance, continuous improvement, and integration with existing GRC processes to ensure resilient, transparent, and certifiable AI governance across the enterprise.

Module 9 —AI GRC platforms

Explains how GRC platforms manage AI governance across the lifecycle, from risk assessment to multi-framework compliance. Covers core capabilities such as automation, monitoring, control mapping, and evidence collection, integrated with organizational workflows. Reviews platform selection, implementation, and third-party and cross-jurisdiction risk management. Addresses limitations like over-reliance on automation and integration gaps and outlines best practices for scaling and optimization. Includes case studies showing how platforms enhance compliance efficiency, transparency, and accountability. 

Module 10 — Auditing the AIMS

Explains how to plan, conduct, and follow up on audits of an AIMS in alignment with ISO/IEC 42001, the NIST AI RMF, and the EU AI Act. Covers audit scope, criteria, and evidence collection using risk-based and evidence-based methods. Outlines key stages and addresses control effectiveness, nonconformities, and corrective actions. Emphasizes documentation, transparency, and continual improvement to ensure accountable, ethical, and compliant AI governance across the lifecycle. 

Module 11 — Practical applications and case studies

Applies AI GRC principles to real-world contexts across sectors such as healthcare, finance, public administration, and education. Examines case studies using ISO/IEC 42001, the NIST AI RMF, and the EU AI Act to identify governance successes and failures. Covers bias mitigation, transparency, oversight, and remediation practices. Includes interactive exercises on workflow mapping, stakeholder accountability, and audit remediation to strengthen practical understanding of how effective AI GRC frameworks operate in organizational environments.

Module 12 — Emerging trends and future directions in AI GRC

Explores how emerging technologies, evolving regulations, and organizational priorities are redefining AI GRC. Reviews trends such as generative and adaptive AI, regulatory convergence, ethical integration into corporate strategy, and advanced monitoring and auditing tools. Examines how these developments transform compliance and governance structures while emphasizing agility, sustainability, and continual improvement. Includes scenario-based analysis of emerging risks, innovation opportunities, and strategies for building future-ready, standards-aligned AI governance programs.

Glossary

Defines key terms, acronyms, and concepts used throughout the course to ensure consistency and clarity in understanding AI governance, risk management, and compliance terminology.