Review core Risk and AI (RAI) governance, model-risk, explainability, data-quality, monitoring, and responsible-AI distinctions before Finance Prep practice.
Use this Risk and AI (RAI) cheat sheet as a compact review before you open the free 80-question diagnostic or the live Finance Prep practice bank. It is built for risk candidates who need to reason through AI governance, model controls, data risk, monitoring, and responsible-use scenarios.
| Item | Review Note |
|---|---|
| Credential | Risk and AI (RAI) |
| Provider | Global Association of Risk Professionals (GARP) |
| Scope on this page | AI concepts, tools, risks, responsible AI, data governance, and AI model governance. |
| Official source check | Verify current requirements and topic wording on the GARP Risk and AI page before exam day. |
| Last reviewed | May 24, 2026 |
| Topic Area | What to Know | Common Trap |
|---|---|---|
| AI concepts | Supervised, unsupervised, reinforcement, generative, predictive, and classification use cases. | Treating all AI as generative AI or assuming model accuracy equals control quality. |
| AI tools and techniques | Model selection, feature engineering, prompts, embeddings, validation, explainability methods, and monitoring tools. | Choosing a tool because it sounds advanced instead of matching it to the risk decision. |
| Risks and risk factors | Model risk, data risk, bias, privacy, operational risk, cyber risk, third-party risk, and misuse. | Focusing only on model performance while ignoring governance, data, and human-use controls. |
| Responsible and ethical AI | Fairness, transparency, accountability, privacy, human oversight, and customer-impact review. | Treating responsible AI as a slogan rather than a set of reviewable controls. |
| Data and model governance | Ownership, inventory, approved use, validation, drift monitoring, change control, and documentation. | Deploying or modifying models without a clear owner, review trail, and monitoring plan. |
| Distinction | How to Think About It |
|---|---|
| Model risk vs data risk | Model risk comes from design, assumptions, limitations, or use. Data risk comes from quality, bias, lineage, privacy, completeness, or representativeness. |
| Accuracy vs explainability | Accuracy measures performance. Explainability supports challenge, accountability, compliance, and user trust. |
| Validation vs monitoring | Validation tests whether the model is fit before or after material change. Monitoring checks whether it remains fit during use. |
| Bias vs unfair outcome | Bias is a source or pattern in data/model behaviour. An unfair outcome is the decision impact that may require governance response. |
| Generative AI vs predictive AI | Generative AI creates content. Predictive AI estimates likelihoods, classifications, or values. The risk controls overlap but are not identical. |
| Human-in-the-loop vs human-on-the-loop | Human-in-the-loop means active review before an output is used. Human-on-the-loop means oversight, monitoring, and intervention after automated operation. |
| Model inventory vs model documentation | Inventory says what exists and where it is used. Documentation explains purpose, design, assumptions, limitations, validation, controls, and owners. |
| Drift vs bad initial fit | Drift is deterioration after deployment because data, behaviour, or context changes. Bad fit means the model was not appropriate from the start. |
| Vendor risk vs internal model risk | Vendor tools still need due diligence, contractual controls, testing, monitoring, and accountable internal ownership. |
| Control failure vs model failure | A model can perform as designed while controls fail through weak review, unauthorized use, poor escalation, or missing documentation. |
Use this flow when a RAI question asks how to respond to a model, tool, or AI use-case concern. The strongest answer usually clarifies the use case, identifies the risk owner, checks evidence, and picks a control that can be monitored.
flowchart TD
A["AI use case"] --> B["Purpose and owner"]
B --> C["Data and model evidence"]
C --> D["Risk and impact assessment"]
D --> E{"Control gap?"}
E -->|"No"| F["Monitor and document"]
E -->|"Yes"| G["Validate, restrict, remediate, or escalate"]
G --> H["Update governance record"]
F --> H
| Trap | Better Exam Habit |
|---|---|
| Choosing the newest AI tool | Match the tool to the decision, data, impact, and control environment. |
| Treating AI risk as only technical | Include legal, privacy, conduct, reputational, operational, third-party, and governance risk. |
| Assuming humans always reduce risk | Human review only helps when reviewers understand the model limits and have authority to challenge output. |
| Ignoring model-use boundaries | A model approved for one purpose may be inappropriate for another population, product, or decision. |
| Confusing monitoring with validation | Monitoring detects performance over time. Validation challenges design, assumptions, data, outputs, and controls. |
| Overlooking data lineage | Unknown data sources, transformations, or labels can undermine validation and accountability. |
| Accepting black-box output without controls | Explainability, challenge, compensating controls, and use restrictions may be needed for high-impact decisions. |
| Treating governance as paperwork | Governance matters because it assigns ownership, evidence, oversight, escalation, and accountability. |
Use the free GARP RAI diagnostic first if you want a mixed timed set. Then use topic pages based on your miss pattern:
If your score is below 70%, drill one topic at a time and write the risk rule behind each miss. If you are scoring 70-79%, alternate topic drills with mixed timed sets. If you can repeat timed attempts above 75% with unseen questions, avoid overtraining and shift toward exam-day readiness.
Open the GARP Risk and AI (RAI) Practice Test page for live Finance Prep practice, public sample questions, the free diagnostic, topic drills, timed mocks, explanations, and progress tracking across web and mobile.