A Systematic Literature Review for New Technologies in IT Audit

Yıl 2023, Cilt: 7 Sayı: 2, 396 - 408, 29.12.2023

Nur Sena Tanrıverdi Nazım Taşkın

https://doi.org/10.26650/acin.1142281

Öz

Information technology (IT) audit focuses on auditing companies’ IT systems and processes. The systems companies use are getting more complicated and better integrated. This means more data also needs to be audited. An IT audit often requires performing repetitive manual tasks, which makes IT audits more labor-intensive and costly. Current technological advancements have immense potential for improving an IT audit’s performance, quality, and accuracy. Therefore, by leveraging advanced data processing and analysis technology, this workload can be lowered, allowing the auditing process to be performed effectively and efficiently with higher-quality outcomes. To achieve this objective, a systematic literature review (SLR) has been conducted to identify studies that use artificial intelligence (AI), machine learning (ML), predictive analytics, process mining, and natural language processing (NLP) techniques applied within IT auditing. Process mining is seen to have emerged as the most commonly used technique among the analyzed studies. The studies also reveal that combining techniques such as process mining and data mining, natural language processing, and machine learning enables effective and efficient audit processes by conducting continuous, automated, or online auditing work. The application of these new techniques in the examined studies are seen to generally provide solutions regarding the audit’s testing stage. Overall, the study reveals a limited number of academic studies to have examined how these techniques are implemented into IT audits.

Anahtar Kelimeler

information technology audit, application audit, IT process audit, emerging technologies, systematic literature review

Bilgi Teknolojileri Denetiminde Yeni Teknolojiler Üzerine Bir Sistematik Literatür Taraması

Öz

Bilgi teknolojisi (BT) denetimi, şirketlerin BT sistemlerini ve süreçlerini denetlemeye odaklanır. Bir şirkette kullanılan sistemler daha karmaşık ve entegre hale gelmektedir. Bu durum, denetlenmesi gereken verilerin artması ile sonuçlanır. BT denetimi genellikle manuel ve tekrarlanan görevlerin yapılmasını gerektirir, bu da BT denetimlerini daha emek yoğun ve maliyetli hale getirir. Mevcut teknolojik gelişmeler, BT denetim sürecinin performansını, kalitesini ve doğruluğunu iyileştirmek için büyük bir potansiyele sahiptir. Bu nedenle, gelişmiş veri işleme ve analiz teknolojisi kullanılarak bahsedilen iş yükü azaltılabilir ve denetim süreci daha kaliteli sonuçlarla etkin ve verimli bir şekilde gerçekleştirilebilir. Söz konusu amaca ulaşmak için, BT denetimi içinde uygulanan yapay zeka, makine öğrenimi, tahmine dayalı analitik, süreç madenciliği ve doğal dil işleme tekniklerini kullanan çalışmaları belirlemek için sistematik literatür taraması yapılmıştır. İncelenen çalışmalarda süreç madenciliğinin en çok kullanılan teknik olduğu görülmüştür. Çalışmalar ayrıca, süreç madenciliği ve veri madenciliği, doğal dil işleme ve makine öğrenimi gibi teknikleri birleştirmenin, sürekli, otomatik veya çevrimiçi denetim çalışması yürüterek etkin ve verimli denetim süreçlerine sahip olmayı mümkün kıldığını ortaya koydu. İncelenen çalışmalarda bu yeni tekniklerin uygulanması genellikle denetimin test aşamasına ilişkin çözümler sunmaktadır. Genel olarak çalışma, bu tekniklerin BT denetimlerine uygulanmasını inceleyen sınırlı sayıda akademik çalışma olduğunu ortaya koymaktadır.

Anahtar Kelimeler

Bilgi teknolojileri denetimi, bilgi teknolojileri genel kontrolleri, uygulama denetimi, BT süreç denetimi, gelişen teknolojiler, sistematik literatür taraması

Kaynakça

• Alexiou, S. (2019). Trends, challenges and strategies for effective audit in a rapidly changing landscape. ISACA Journal, 6. Retrieved from https://www.isaca.org/resources/isaca-journal/issues/2019/volume-6/trends-challenges-and-strategies-for-effective-audit-in-a-rapidly-changing-landscape google scholar
• Barta, G. (2018). The increasing role ofIT auditors in financial audit: risks and intelligent answers. Business, Management and Education, 16(1), 81-93. https://doi.org/10.3846/bme.2018.2142 google scholar
• Carlin, A., & Gallegos, F. (2007). IT audit: A critical business process. Computer, 40(7), 87-89. https://doi.org/10.1109/MC.2007.246 google scholar
• Caron, F., Vanthienen, J., & Baesens, B. (2013). Comprehensive rule-based compliance checking and risk management with process mining. Decision Support Systems, 54(3), 1357-1369. https://doi.org/10.1016/j.dss.2012.12.012 google scholar
• Chen, F. H., Hsu, M. F., & Hu, K. H. (2021). Enterprise’s internal control for knowledge discovery in a big data environment by an integrated hybrid model. Information Technology and Management, 23, 213-231. https://doi.org/10.1007/s10799-021-00342-8 google scholar
• Dzuranin, A. C., & Mâlâescu, I. (2016). The current state and future direction of IT audit: challenges and opportunities. Journal of Information Systems, 30(1), 7-20. https://doi.org/10.2308/isys-51315 google scholar
• Flores, I. G., & Riquenes, J. R. (2020). Audit 2.0, a perspective for its execution in the business environment using process mining techniques. Vivat Academia, 23(150), 47-57. http://doi.org/10.15178/va.2020.150.47-57 google scholar
• Hult, G. T. M., Reimann, M., & Schilke, O. (2009). Worldwide faculty perceptions of marketing journals: rankings, trends, comparisons, and segmentations. Global Edge Business Review, 3(3), 1-23. google scholar
• ISACA (2019a). Future of IT Audit Report. Schaumburg, USA. google scholar
• ISACA (2019b). CISA Review Manual. 27th Edition. Schaumburg, USA. google scholar
• ISACA, & Protiviti Inc. (2019). 2019 IT Audit Benchmarking Study. Today’s toughest challenges in IT audit: Tech Partnerships, Talent, Transformation. google scholar
• ISACA. (n.d). History [Web page]. Retrieved from https://www.isaca.org/why-isaca/about-us/history google scholar
• Jans, M., & Hosseinpour, M. (2019). How active learning and process mining can act as continuous auditing catalyst. International Journal of Accounting Information Systems, 32, 44-58. https://doi.org/10.1016/j.accinf.2018.11.002 google scholar
• Kitchenham, B., Brereton, O. P., Budgen, D., Turner, M., Bailey, J., & Linkman, S. (2009). Systematic literature reviews in software engineering - A systematic literature review. Information and Software Technology, 51 (1), 7-15. https://doi.Org/10.1016/j.infsof.2008.09.009 google scholar
• Khan, R., Adi, E., & Hussain, O. (2021). AI-based audit of fuzzy front end innovation using ISO56002. Managerial Auditing Journal, 36(4), 564-590. https://doi.org/10.1108/MAJ-03-2020-2588 google scholar
• Krieger, F., Drews, P., & Velte, P. (2021). Explaining the (non-) adoption of advanced data analytics in auditing: A process theory. International Journal of Accounting Information Systems, 41, 100511. https://doi.org/10.1016/j.accinf.2021.100511 google scholar
• Kuna, H. D., Garaa-Martinez, R., & Villatoro, F. R. (2014). Outlier detection in audit logs for application systems. Information Systems, 44, 22-33. http://dx.doi.org/10.1016/j.is.2014.03.001 google scholar
• Manhanga, L. (2020). Data analytics in information systems (IS) auditing: An examination of the cost-effectiveness of the use of data analytics in information systems auditing (Doctoral dissertation). Available from ProQuest Dissertations and Theses database. (UMI No. 27997995) google scholar
• Mendez, H. (2020). Innovation in the IT audit process: the IT semantic audit models audit segments using semantic graphs. ISACA Journal, 1. google scholar
• Retrieved from https://www.isaca.org/resources/isaca-journal/issues/2020/volume-1/innovation-in-the-it-audit-process google scholar
• Rozinat, A., & Van der Aalst, W. M. (2008). Conformance checking of processes based on monitoring real behavior. Information Systems, 33(1), 64-95. https://doi.org/10.1016/j.is.2007.07.001 google scholar
• Schumann, G., & Gomez, J. M. (2021). Natural languageprocessing in internal auditing - a structuredliteraturereview. AMCIS2021 Proceedings. https://aisel.aisnet.org/amcis2021/sig_acctinfosystem_asys/sig_acctinfosystem_asys/1 google scholar
• Tranfield, D., Denyer, D., & Smart, P. (2003). Towards a methodology for developing evidence-informed management knowledge by means of systematic review. British Journal of Management, 14(3), 207-222. https://doi.org/10.1111/1467-8551.00375 google scholar
• Yesmin, T., & Carter, M. W. (2020). Evaluation framework for automatic privacy auditing tools for hospital data breach detections: A case study. International Journal ofMedical Informatics, 138, 104123. https://doi.org/10.1016Zj.ymedinf.2020.104123 google scholar
• Zerbino, P., Aloini, D., Dulmin, R., & Mininno, V. (2018). Process-mining-enabled audit of information systems: Methodology and an application. Expert Systems with Applications, 110, 80-92. https://doi.org/10.1016/j.eswa.2018.05.030 google scholar