New from the Lab·The Compass — an open moral reasoning standard for AI, tested across frontier modelsExplore →
Production AI Institute · PSF v1.1 open standard
AI Right-To-KnowAI Data Use IndexCheck My AI ToolsPolicy Change WatchAgent ReadinessPublic BenchmarkContact
AIMA · AI Management Associate

Study Guide: AI Management Associate

This guide covers all domains tested in the AIMA examination. Designed for managers, product leads, and decision-makers deploying AI in organisations — no coding required. Scenarios test management judgement, governance knowledge, and responsible AI practice.

Take the free exam →Train with AI Coach →All certifications

Exam at a glance

Questions
15 drawn from the question bank
Pass mark
11 correct (73%)
Time limit
45 minutes
Attempt policy
Up to 3 attempts in any 24-hour period
Fee
Free
Credential
Digital certificate + registry listing

Domain 1: AI Governance & Policy

~25% of exam

Key Concepts

  • A responsible AI policy on a website is a statement of intent — not an operational posture
  • Governance requires documented processes, risk registers, and accountability owners
  • AI use cases must be reviewed for risk reclassification at least annually
  • EU AI Act: high-risk systems require conformity assessment before deployment
  • The organisation deploying AI (the user) is responsible for the conformity assessment, not the provider
  • Disclaimers do not remove regulatory liability in regulated domains
  • Bias concerns require an investigation process — not dismissal
Scenario:

Your head of AI says “we have a responsible AI policy on the website.” This tells you the organisation has a public statement, but nothing about operational posture — whether there are actual review processes, accountability structures, risk registers, or staff training. A policy document is the beginning of governance, not the end.

Domain 2: Risk Management

~20% of exam

Key Concepts

  • AI risk register categories: model risk, data risk, operational risk, regulatory risk, reputational risk, financial/cost risk
  • A 300% cost increase month-over-month is primarily a financial/operational risk
  • Vendor lock-in (vendor raises prices 200% after 18 months) is a resilience failure
  • AI systems in performance reviews require bias impact assessment before deployment
  • Governance checkpoint before moving from pilot to production is non-negotiable
  • Risk reclassification is needed whenever scope, data, or users change
Scenario:

Before deploying an AI system for performance reviews, you must have: a documented risk assessment, a bias evaluation, a data governance policy covering employee data, clear accountability for the system’s decisions, and a process for employees to contest AI-influenced outcomes.

Domain 3: Vendor Evaluation & Due Diligence

~20% of exam

Key Concepts

  • 'Unbiased and fair' claims require third-party audit evidence before you accept them
  • GDPR adequacy: EU customer data flowing to non-adequate countries requires SCCs or BCRs
  • Minimum due diligence: SOC 2, data processing agreement, sub-processor list, retention/deletion policies
  • Single-vendor dependency is a resilience risk — require contractual data portability
  • Security review before deployment is a governance requirement, not optional overhead
  • Vendor incident: your GDPR breach notification obligations begin when you become aware
Scenario:

Provider A is 40% cheaper but is headquartered in a country without GDPR adequacy status. EU customer data would pass through their servers. What is required: either an approved transfer mechanism (Standard Contractual Clauses or Binding Corporate Rules), or you cannot use Provider A for EU data.

Domain 4: AI Team Structure & Roles

~15% of exam

Key Concepts

  • Most commonly missing role: AI operations owner
  • Technical staff working with AI should hold AIDA or equivalent
  • 12 developers with AI exposure: all 12 should be certified, not just the leads
  • Monitoring and observability roles are essential, not overhead
  • AI accountability must be assigned to a named individual, not a team
  • Staged rollout requires someone responsible for production readiness sign-off

Domain 5: Compliance, Liability & Incident Response

~20% of exam

Key Concepts

  • AI advice in regulated domains creates liability regardless of disclaimer wording
  • Liability factors: was the advice acted upon, was it presented as authoritative, was a disclaimer visible
  • GDPR 72-hour notification clock: starts when the controller becomes aware, not when the breach occurred
  • A vendor data breach triggers your notification obligations — you are the data controller
  • Explainability requirements apply to any system making decisions about individuals in scope
  • Incident response needs a documented playbook before an incident occurs
Scenario:

Your AI tool gives wrong financial advice to a customer. Adding a disclaimer that it is “not a regulated adviser” does not resolve the regulatory issue if the advice was presented in a way that a reasonable person would act on. The disclaimer reduces — but does not eliminate — liability. Regulatory bodies assess the overall user experience, not just the fine print.

Ready to sit the exam?

Free, 15 questions, 45 minutes. Recommended: complete AIDA first if you haven’t already.

Take the AIMA exam — it’s free →AIDA study guide first