The course comprehensively teaches the basics, methods and procedures of AI audits. Legal and normative requirements as well as technical audit criteria and the planning, implementation and evaluation of audits are covered in detail. You will learn how to assess AI-specific risks, select and use suitable audit methods and create well-founded audit reports with recommendations for action. In addition, the course addresses the topic of "compliance" - adherence to rules in companies - and explains how appropriate and effective precautions can be taken to ensure compliance, including with regard to liability issues.
-
Certificates: Certificate "AI auditor with TÜV Rheinland-certified qualification"
Certificate "Compliance Officer with TÜV Rheinland-certified qualification" -
Examination: Praxisbezogene Projektarbeiten mit Abschlusspräsentationen
KI-Auditor:in mit TÜV Rheinland geprüfter Qualifikation
Compliance Officer mit TÜV Rheinland geprüfter Qualifikation -
Teaching Times: Full-timeMonday to Friday from 8:30 a.m. to 3:35 p.m. (in weeks with public holidays from 8:30 a.m. to 5:10 p.m.)
-
Language of Instruction: German
-
Duration: 8 Weeks
Artificial intelligence: AI auditor with TÜV Rheinland-certified qualification
Fundamentals and framework conditions (approx. 4 days)
Classification and differentiation of various auditor roles
Tasks and responsibilities within AI audits
Differentiation from other roles (e.g. AI manager)
Audit principles according to ISO 19011 (objectivity, independence, transparency)
Normative basis: ISO/IEC 42001 - structure, requirements, evidence
EU AI Act - relevant provisions for auditors
National guidelines and industry-specific standards
PDCA cycle in the audit context
Audit types: system, process, product and compliance audits
Stage 1 and Stage 2 at a glance
Documentation requirements and verification
AI-specific risks as audit objects (bias, explainability, robustness, security, data quality)
Prompting in the audit context
Regulatory and technical test criteria (approx. 4 days)
AI-specific compliance requirements
Data protection (GDPR and industry-specific requirements)
Security of AI systems (cybersecurity, access control)
Quality requirements for training and test data
Model validation and verification
Explainability and transparency of AI decisions
Performance metrics (accuracy, precision, recall, robustness)
Ethical principles and fairness
Additional industry-specific standards (e.g. ISO 13485, ISO 26262, BaFin guidelines)
Audit planning and methodology (approx. 3 days)
Definition of audit objects and objectives
Creation of an audit plan (resources, schedule, roles, communication)
Creation of questionnaires and checklists
Risk and relevance assessment of audit points
Selection of suitable audit methods (questioning, document review, technical tests)
Specifics of risk and method assessment for agent-based AI systems
Definition of supporting documents and types of evidence
Audit implementation (approx. 3 days)
Document review (Stage 1) - Requirements for AI documentation
Interview techniques and conducting discussions during the audit
On-site audit (Stage 2) - Use of audit tools
Carrying out technical tests (black box, white box, stress tests)
Use of technical tools (audit software, log analysis, code review)
Collection, validation and structuring of audit documents
Evaluation and report (approx. 2 days)
Creation of an audit report using prompting
Risk-appropriate presentation of weak points
Suggested measures and follow-up strategies
Project work, certification preparation and certification exam "AI auditor with TÜV Rheinland certified qualification" (approx. 3 days)
Compliance Officer with TÜV Rheinland-certified qualification
Compliance basics (approx. 1 day)
Differentiation from ethics
Importance of corporate culture
Change management towards a practiced compliance culture
Historical background and international development
Challenges in the context of globalized markets, competitive advantage
Compliance culture (approx. 2 days)
Compliance culture as an elementary prerequisite for a CMS
Values and integrity management (tone from the top/tone at the top)
Leadership commitment and awareness building
DCGK - Corporate Governance vs. Compliance Management
Code of conduct and compliance policy as the "moral backbone" of a company
Code of Conduct - manifestations and benefits - obligation or "window dressing"?
Implementation of a Code of Conduct: Employment law perspective and co-determination obligations
LkSG - Supply Chain Due Diligence Act
Artificial intelligence (AI) in the work process
Presentation of specific AI technologies
and possible applications in the professional environment
Compliance risk (approx. 2 days)
Risk perception and risk psychology
Strategic risk management and enterprise risk management
Risk management as a mandatory management task §§91 and 93 AktG
Compliance risk - terminology and analysis
Compliance risk identification - top-down and bottom-up methods
Compliance risk management - procedures and instruments
Antitrust compliance (approx. 1 day)
European antitrust law under the TFEU and German antitrust law under the GWB
From the "independence postulate" to the "impact principle"
Antitrust law risks - restriction of competition by object or effect
Corruption prevention (approx. 1 day)
Corruption of public officials vs. private corruption
Relationship management, social adequacy and zero tolerance - problem outline
5-step plan
Money laundering prevention (approx. 1 day)
From the catalog of predicate offenses to the all-crime approach
Causal chain, FATF, EU directives, GWG
Obligations under the GWG and the fulfillment of due diligence and reporting obligations
Export control (approx. 1 day)
Principle of free foreign trade and associated restrictions
Basic questions of export compliance, possible legal consequences and sanctions to be observed
Internal Export Compliance Program
Compliance Organization (approx. 2 days)
Compliance as an interface task in the external and internal relationship of a company
Stakeholder analysis and the importance of the concept of corporate social responsibility
Importance of the supervisory board in particular for compliance management
Compliance documentation: functions, security measures and documentation content
Whistleblower systems (approx. 1 day)
Origins, criteria, benefits, international legal framework (SOX, Dodd-Frank-Act, UKBA, Sapin II)
GeschGehG - betrayal of secrets and whistleblowing, justification solutions §§ 138, 34 StGB, criminal law risks for whistleblowers
Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019
Whistleblower Protection Act (HinSchG)
Practical relevance for companies and actual effectiveness with regard to effective whistleblower protection
Options for setting up a whistleblower system and their advantages and disadvantages
Compliance Officer (approx. 2 days)
Classification of the compliance structure, understanding of roles
CMS and Compliance Board as instruments for reducing information asymmetries and establishing effective compliance structures
Tasks and personality profile
BAFIN's MaComp as orientation for the employment contract and job description of a CO
Civil and criminal liability risks of a CO - position of guarantor according to Section 13 StGB
Reflections on standing and positioning in the future
Compliance control (approx. 1 day)
Standards ISO 37301 and IDW PS 980
Implementation and audit of a CMS - incentive model according to BGH case law
Management and organizational specifications as well as necessary measures for the implementation of a CMS
High-level structure and PDCA cycle as defining characteristics of ISO 37301
Adequacy assessment and effectiveness control, internal and external audits, certification of a CMS
Reactions to compliance violations (approx. 2 days)
Internal investigation: right or duty?
VerSanG - driver for compliance?
Conducting an internal investigation - essentials: decision-making authority, urgent measures, emergency plan, data protection, employment law, co-determination obligations, employee surveys
Sanctions and liability
Amnesty programs, termination as a last resort, alternatives: Release, reassignment, transfer, recourse claims
Liability of the management board of the AG, business judgment rule and reversal of the burden of proof
Liability GmbH - managing directors, role of D&O insurance and criminal liability insurance in cases of non-compliance
Crisis communication: principles and strategies
Project work, certification preparation and certification exam "Compliance Officer with TÜV Rheinland certified qualification" (approx. 3 days)
Changes are possible, the course content is updated regularly.
After the course, you will be able to plan AI audits in accordance with standards, coordinate them across departments and successfully integrate them into existing management and audit processes. You will have the skills to systematically assess AI-specific risks, apply suitable audit methods and prepare audit reports in a practical manner, as well as derive improvement measures to ensure the long-term conformity and security of AI systems.
You will also be prepared for your duties as a compliance officer. You know the basics of company law and can thus minimize liability risks. You will also be familiar with the requirements of a compliance management system.
The course is aimed at auditors as well as specialists and managers from quality management, compliance, IT security, data protection, risk management and AI governance who want to audit AI systems and AI management systems or prepare for certification in accordance with ISO/IEC 42001.
The growing importance of artificial intelligence and its use in companies across all industries is driving an increasing demand for AI audits, which are used to review the AI systems used in order to minimize risks and guarantee compliance with applicable standards. As an AI auditor, you will find a wide range of jobs across all industries.
With compliance knowledge, you have additional knowledge that is relevant for employers, especially in the insurance and service industries, but also in public administrations, associations, organizations and corporations.
You prove your newly acquired knowledge with a TÜV Rheinland-certified qualification.
Didactic concept
Your lecturers are highly qualified both professionally and didactically and will teach you from the first to the last day (no self-study system).
You will learn in effective small groups. The courses usually consist of 6 to 25 participants. The general lessons are supplemented by numerous practical exercises in all course modules. The practice phase is an important part of the course, as it is during this time that you process what you have just learned and gain confidence and routine in its application. The final section of the course involves a project, a case study or a final exam.
Virtual classroom alfaview®
Lessons take place using modern alfaview® video technology - either from the comfort of your own home or at our premises at Bildungszentrum. The entire course can see each other face-to-face via alfaview®, communicate with each other in lip-sync voice quality and work on joint projects. Of course, you can also see and talk to your connected trainers live at any time and you will be taught by your lecturers in real time for the entire duration of the course. The lessons are not e-learning, but real live face-to-face lessons via video technology.
The courses at alfatraining are funded by Agentur für Arbeit and are certified in accordance with the AZAV approval regulation. When submitting a Bildungsgutscheinor Aktivierungs- und Vermittlungsgutschein, the entire course costs are usually covered by your funding body.
Funding is also possible via Europäischen Sozialfonds (ESF), Deutsche Rentenversicherung (DRV) or regional funding programs. As a regular soldier, you have the option of attending further training courses via Berufsförderungsdienst (BFD). Companies can also have their employees qualified via funding from Agentur für Arbeit (Qualifizierungschancengesetz).