Current issue
Archive
About the Journal
About
Editorial Office
Scientific Board
Abstract & Indexing
Contact
Reviewers list
Editorial Policies
Authorship & COI
Ethical principles
Crossmark
Principles of Transparent Checklist
Open access
Instruction for Authors
Guidelines for Authors
Manuscript Types
Manuscript structure
How to submit
SCIENCE ARTICLE
Machine learning and artificial intelligence techniques adopted for IT audit
1
Faculty of Economic Sciences and Management, Department of Enterprise Management, Nicolaus Copernicus University, Poland
Submission date: 2024-06-14
Final revision date: 2024-11-24
Acceptance date: 2025-02-03
Online publication date: 2025-03-19
Publication date: 2025-04-17
Corresponding author
Maciej Zastempowski
Faculty of Economic Sciences and Management, Department of Enterprise Management, Nicolaus Copernicus University, Gagarina 13A, 87-100, Toruń, Poland
Faculty of Economic Sciences and Management, Department of Enterprise Management, Nicolaus Copernicus University, Gagarina 13A, 87-100, Toruń, Poland
Management 2025;(1):65-87
KEYWORDS
JEL CLASSIFICATION CODES
C19
M10
M42
O33
TOPICS
ABSTRACT
Research background and purpose: The rapid advancement of artificial intelligence (AI) and machine learning (ML) is reshaping IT audit practices by
enhancing cybersecurity through improved risk management, technological integration, and data-driven strategies. Despite these advancements, there
is a lack of comprehensive frameworks that fully integrate AI and ML into IT auditing, particularly for addressing complex threats like Advanced Persistent
Threats (APTs). This study aims to explore these technologies’ potential to transform IT audits.
Design/methodology/approach: A Systematic Literature Review (SLR) was conducted, analyzing studies from Scopus and Web of Science to identify
trends and gaps in applying AI and ML in IT audits. Key areas of focus included risk management frameworks, cybersecurity methodologies, and emerging
AI-driven audit techniques.
Findings: The review underscores AI and ML’s pivotal roles in predictive analytics, anomaly detection, and real-time risk assessment. Frameworks
like Transfer, Accept, Reduce, Avoid (TARA) and methodologies such as the Experimental Framework for Detecting Cyber-Attacks (ECAD) illustrate
practical AI applications. The research also highlights the integration of blockchain, cloud computing, and game theory in enhancing cybersecurity
audits. Nonetheless, challenges such as data quality and ethical considerations remain significant.
Value added and limitations: This study contributes to IT auditing literature by providing a structured analysis of AI and ML applications, highlighting
emerging trends, and suggesting future research directions. Limitations include reliance on existing studies and the evolving nature of AI technologies.
Future work should focus on empirical validation of AI-driven audit models and developing standardized frameworks to ensure robustness and reliability
in IT audits.
REFERENCES (63)
1.
Ahmed, Y., Asyhari, A. T., & Rahman, MdA. (2021). A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats. Computers, Materials and Continua, 67(2), 2497–2513. https://doi.org/10.32604/cmc.2....
2.
AL-Aamri, A. S., Abdulghafor, R., Turaev, S., Al-Shaikhli, I., Zeki, A., & Talib, S. (2023). Machine Learning for APT Detection. Sustainability (Switzerland), 15(18). https://doi.org/10.3390/su1518....
3.
AL-Dosari, K., & Fetais, N. (2023). Risk-Management Framework and Information-Security Systems for Small and Medium Enterprises (SMEs): A Meta-Analysis Approach. Electronics (Switzerland), 12(17). https://doi.org/10.3390/electr....
4.
Ali, A., Al-rimy, B. A. S., Alsubaei, F. S., Almazroi, A. A., & Almazroi, A. A. (2023). HealthLock: Blockchain-Based Privacy Preservation Using Homomorphic Encryption in Internet of Things Healthcare Applications. Sensors, 23(15). https://doi.org/10.3390/s23156....
5.
Alsanad, A., & Altuwaijri, S. (2022). Advanced Persistent Threat Attack Detection using Clustering Algorithms. International Journal of Advanced Computer Science and Applications, 13(9), 640–649. https://doi.org/10.14569/IJACS....
6.
Appelbaum, D. (2017). Public Auditing, Analytics, and Big Data in the Modern Economy [Doctoral dissertation, The State University of New Jersey]. RUcore: Rutgers University Community Repository. https://doi.org/doi:10.7282/T3....
7.
Benzekri, A., Laborde, R., Oglaza, A., Rammal, D., & Barrere, F. (2019). Dynamic security management driven by situations: An exploratory analysis of logs for the identification of security situations. 2019 3rd Cyber Security in Networking Conference, CSNet 2019, 66–72. https://doi.org/10.1109/CSNet4....
8.
Brown, J., Saha, T., & Jha, N. K. (2022). GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security. IEEE Transactions on Emerging Topics in Computing, 10(3), 1331–1348. https://doi.org/10.1109/TETC.2....
9.
Buchanan, S., & Gibb, F. (2008). The information audit: Theory versus practice. International Journal of Information Management, 28(3), 150–160. https://doi.org/10.1016/j.ijin....
10.
Calderon, T. G., & Cheh, J. J. (2002). A roadmap for future neural networks research in auditing and risk assessment. International Journal of Accounting Information Systems, 3(4), 203–236. https://doi.org/10.1016/S1467-....
11.
Campazas-Vega, A., Crespo-Martínez, I. S., Guerrero-Higueras, Á. M., & Fernández-Llamas, C. (2020). Flow-data gathering using netflow sensors for fitting malicious-traffic detection models. Sensors (Switzerland), 20(24), 1–13. https://doi.org/10.3390/s20247....
12.
Chartered Professional Accountants of Canada. (n.d.). The Data-Driven Audit: How Automation and AI are Changing the Audit and the Role of the Auditor. Retrieved June, 04, 2024 from: https://www.cpacanada.ca/busin....
13.
Chen, Z., Liu, J., Shen, Y., Simsek, M., Kantarci, B., Mouftah, H. T., & Djukic, P. (2022). Machine Learning Enabled IoT Security: Open Issues and Challenges under Advanced Persistent Threats. ACM Computing Surveys, 55(5). https://doi.org/10.1145/353081....
14.
Cristea, M. A. (2021). Operational risk management in banking activity. IBIMA Business Review, 2021. https://doi.org/10.5171/2021.9....
15.
Falco, G., Shneiderman, B., Badger, J., Carrier, R., Dahbura, A., Danks, D., Eling, M., Goodloe, A., Gupta, J., Hart, C., Jirotka, M., Johnson, H., LaPointe, C., Llorens, A. J., Mackworth, A. K., Maple, C., Pálsson, S. E., Pasquale, F., Winfield, A., & Yeong, Z. K. (2021). Governing AI safety through independent audits. In Nature Machine Intelligence, 3(7). https://doi.org/10.1038/s42256...
16.
Falco, G., Viswanathan, A., Caldera, C., & Shrobe, H. (2018). A Master Attack Methodology for an AI-Based Automated Attack Planner for Smart Cities. IEEE Access, 6, 48360–48373. https://doi.org/10.1109/ACCESS....
17.
Fernandez Maimo, L., Perales Gomez, A. L., Garcia Clemente, F. J., Gil Perez, M., & Martinez Perez, G. (2018). A Self-Adaptive Deep Learning-Based System for Anomaly Detection in 5G Networks. IEEE Access, 6. https://doi.org/10.1109/ACCESS....
18.
Ghafir, I., Kyriakopoulos, K. G., Lambotharan, S., Aparicio-Navarro, F. J., Assadhan, B., Binsalleeh, H., & Diab, D. M. (2019). Hidden markov models and alert correlations for the prediction of advanced persistent threats. IEEE Access, 7. https://doi.org/10.1109/ACCESS....
19.
Ghanem, M. C., Chen, T. M., Ferrag, M. A., & Kettouche, M. E. (2023). ESASCF: Expertise Extraction, Generalization and Reply Framework for Optimized Automation of Network Security Compliance. IEEE Access, 11, 129840–129853. https://doi.org/10.1109/ACCESS....
20.
Haddadpajouh, H., Azmoodeh, A., Dehghantanha, A., & Parizi, R. M. (2020). MVFCC: A Multi- View Fuzzy Consensus Clustering Model for Malware Threat Attribution. IEEE Access, 8, 139188–139198. https://doi.org/10.1109/ACCESS....
21.
Hasan, A. R. (2022). Artificial Intelligence (AI) in Accounting & Auditing: A Literature Review. Open Journal of Business and Management, 10(01), 440–465. https://doi.org/10.4236/ojbm.2....
22.
Hasan, M. M., Islam, M. U., & Uddin, J. (2023). Advanced Persistent Threat Identification with Boosting and Explainable AI. SN Computer Science, 4(3). https://doi.org/10.1007/s42979....
23.
Ilca, L. F., Lucian, O. P., & Balan, T. C. (2023). Enhancing Cyber-Resilience for Small and Medium-Sized Organizations with Prescriptive Malware Analysis, Detection and Response. Sensors, 23(15). https://doi.org/10.3390/s23156....
24.
Irshad, E., & Basit Siddiqui, A. (2023). Cyber threat attribution using unstructured reports in cyber threat intelligence. Egyptian Informatics Journal, 24(1), 43–59. https://doi.org/10.1016/j.eij.....
25.
Javed, S. H., Ahmad, M. B., Asif, M., Akram, W., Mahmood, K., Das, A. K., & Shetty, S. (2023). APT Adversarial Defence Mechanism for Industrial IoT Enabled Cyber-Physical System. IEEE Access, 11, 74000–74020. https://doi.org/10.1109/ACCESS....
26.
Kedarya, T., & Elalouf, A. (2023). Risk Management Strategies for the Banking Sector to Cope with the Emerging Challenges. Foresight and STI Governance, 17(3), 68–76. https://doi.org/10.17323/2500-....
27.
Khalid, M. N. A., Al-Kadhimi, A. A., & Singh, M. M. (2023). Recent Developments in Game-Theory Approaches for the Detection and Defense against Advanced Persistent Threats (APTs): A Systematic Review. In Mathematics, 11(6). https://doi.org/10.3390/math11....
28.
Khalili, M. M., Naghizadeh, P., & Liu, M. (2018). Designing cyber insurance policies: The role of prescreening and security interdependence. IEEE Transactions on Information Forensics and Security, 13(9), 2226–2239. https://doi.org/10.1109/TIFS.2....
29.
Kim, C., Jang, M., Seo, S., Park, K., & Kang, P. (2021). Intrusion Detection Based on Sequential Information Preserving Log Embedding Methods and Anomaly Detection Algorithms. IEEE Access, 9, 58088–58101. https://doi.org/10.1109/ACCESS....
30.
Kim, H., Hwang, E., Kim, D., Cho, J. H., Moore, T. J., Nelson, F. F., & Lim, H. (2023). Time-Based Moving Target Defense Using Bayesian Attack Graph Analysis. IEEE Access. https://doi.org/10.1109/ACCESS....
31.
Kim, Y., Lee, I., Kwon, H., Lee, K., & Yoon, J. (2023). BAN: Predicting APT Attack Based on Bayesian Network With MITRE ATT&CK Framework. IEEE Access, 11, 91949–91968. https://doi.org/10.1109/ACCESS....
32.
Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. Keele University Technical Report TR/SE-0401. https://www.inf.ufsc.br/~aldo.....
33.
Kitchenham, B. (2007). Guidelines for performing systematic literature reviews in software engineering. Keele University and Durham University. https://www.elsevier.com/__dat....
34.
Kokina, J., & Davenport, T. H. (2017). The emergence of artificial intelligence: How automation is changing auditing. Journal of Emerging Technologies in Accounting, 14(1), 115–122. https://doi.org/10.2308/jeta-5....
35.
Koroniotis, N., Moustafa, N., Schiliro, F., Gauravaram, P., & Janicke, H. (2020). A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports. IEEE Access, 8, 209802–209834. https://doi.org/10.1109/ACCESS....
36.
Koroniotis, N., Moustafa, N., & Sitnikova, E. (2019). Forensics and Deep Learning Mechanisms for Botnets in Internet of Things: A Survey of Challenges and Solutions. In IEEE Access, 7, 61764–61785. https://doi.org/10.1109/ACCESS....
37.
Kumar, G. (2020). An improved ensemble approach for effective intrusion detection. Journal of Supercomputing, 76(1), 275–291. https://doi.org/10.1007/s11227....
38.
Kure, H. I., Islam, S., & Mouratidis, H. (2022). An integrated cyber security risk management framework and risk predication for the critical infrastructure protection. Neural Computing and Applications, 34(18), 15241–15271. https://doi.org/10.1007/s00521....
39.
Lacombe, G., Feliot, D., Boespflug, E., & Potet, M. L. (2023). Combining static analysis and dynamic symbolic execution in a toolchain to detect fault injection vulnerabilities. Journal of Cryptographic Engineering, 14, 147–164. https://doi.org/10.1007/s13389....
40.
Li, C., Wang, Y., Miao, C., & Huang, C. (2020). Cross-site scripting guardian: A static XSS detector based on data stream input-output association mining. Applied Sciences (Switzerland), 10(14). https://doi.org/10.3390/app101....
41.
Lu, W. (2022). Cybersecurity Data Science: Concepts, Algorithms, and Applications. In I., Woungang, S.K. Dhurandher, (Eds.). 4th International Conference on Wireless, Intelligent and Distributed Environment for Communication. 94 (pp. 21-30). Springer, Cham. https://doi.org/10.1007/978-3-....
42.
McCarthy, J., Minsky, M. L., Rochester, N., & Shannon, C. E. (2006). A proposal for the Dartmouth summer research project on artificial intelligence. AI Magazine, 27(4), 12–14.
43.
Mironeanu, C., Archip, A., Amarandei, C. M., & Craus, M. (2021). Experimental cyber-attack detection framework. Electronics (Switzerland), 10(14). https://doi.org/10.3390/electr....
44.
Mirsky, Y., Demontis, A., Kotak, J., Shankar, R., Gelei, D., Yang, L., Zhang, X., Pintor, M., Lee, W., Elovici, Y., & Biggio, B. (2023). The Threat of Offensive AI to Organizations. In Computers and Security, 124, 103006. https://doi.org/10.1016/j.cose....
45.
Mladenic, Dunja., Lavrač, Nada., Bohanec, Marko., & Moyle, Steve. (2003). Data Mining and Decision Support Integration and Collaboration. Springer US. https://doi.org/10.1007/978-1-....
46.
Mosa, D. T., Shams, M. Y., Abohany, A. A., El-Kenawy, E.-S. M., & Thabet, M. (2023). Machine Learning Techniques for Detecting Phishing URL Attacks. Computers, Materials and Continua, 75(1), 1271–1290. https://doi.org/10.32604/cmc.2....
47.
Myneni, S., Jha, K., Sabur, A., Agrawal, G., Deng, Y., Chowdhary, A., & Huang, D. (2023). Unravelled — A semi-synthetic dataset for Advanced Persistent Threats. Computer Networks, 227, 109688. https://doi.org/10.1016/J.COMN....
48.
Neuschmied, H., Winter, M., Stojanović, B., Hofer-Schmitz, K., Božić, J., & Kleb, U. (2022). APT-Attack Detection Based on Multi-Stage Autoencoders. Applied Sciences (Switzerland), 12(13), 6816. https://doi.org/10.3390/app121....
49.
Omoteso, K. (2012). The application of artificial intelligence in auditing: Looking back to the future. In Expert Systems with Applications, 39(9), 8490-8495. https://doi.org/10.1016/j.eswa....
50.
Rabzelj, M., Bohak, C., Juznic, L. S., Kos, A., & Sedlar, U. (2023). Cyberattack Graph Modeling for Visual Analytics. IEEE Access, 11, 86910-86944. https://doi.org/10.1109/ACCESS....
51.
Ramamoorti, S., Bailey Jr, A. D., & Traver, R. O. (1999). Risk assessment in internal auditing: a neural network approach. International Journal of Intelligent Systems in Accounting, Finance & Management, 8(3), 159–180. https://doi.org/10.1002/(SICI)...
52.
Rosenberg, I., Sicard, G., & David, E. (2018). End-to-end deep neural networks and transfer learning for automatic analysis of nation-state malware. Entropy, 20(5), 390. https://doi.org/10.3390/e20050....
53.
Saini, N., Bhat Kasaragod, V., Prakasha, K., & Das, A. K. (2023). A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection. Concurrency and Computation: Practice and Experience, 35(28), e7865. https://doi.org/10.1002/cpe.78....
54.
Saleem, D., Sundararajan, A., Sanghvi, A., Rivera, J., Sarwat, A. I., & Kroposki, B. (2020). A Multidimensional Holistic Framework for the Security of Distributed Energy and Control Systems. IEEE Systems Journal, 14(1), 17–27. https://doi.org/10.1109/JSYST.....
55.
Sarhan, I., & Spruit, M. (2021). Open-CyKG: An Open Cyber Threat Intelligence Knowledge Graph. Knowledge-Based Systems, 233, 107524. https://doi.org/10.1016/j.knos....
56.
Sarker, I. H. (2021). Machine Learning: Algorithms, Real-World Applications and Research Directions. SN Computer Science, 2(3), 160. https://doi.org/10.1007/s42979....
57.
Thach, N. N., Hanh, H. T., Huy, D. T. N., Gwoździewicz, S., Nga, L. T. V., Huong, L. T. T., & Nam, V. Q. (2021). Technology quality management of the industry 4.0 and cybersecurity risk management on current banking activities in emerging markets - the case in Vietnam. International Journal for Quality Research, 15(3), 845–856. https://doi.org/10.24874/IJQR1....
58.
Tranfield, D., Denyer, D., & Smart, P. (2003). Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. In British Journal of Management, 14(3), 207-222.. https://doi.org/10.1111/1467-8....
59.
Wan, Z., Cho, J.-H., Zhu, M., Anwar, A. H., Kamhoua, C. A., & Singh, M. P. (2023). Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception. IEEE Transactions on Network and Service Management, 20(3), 3816–3830. https://doi.org/10.1109/TNSM.2....
60.
Xiao, L., Xu, D., Mandayam, N. B., & Poor, H. V. (2018). Attacker-Centric View of a Detection Game against Advanced Persistent Threats. IEEE Transactions on Mobile Computing, 17(11), 2512-2523. https://doi.org/10.1109/TMC.20....
61.
Yang, F., Han, Y., Ding, Y., Tan, Q., & Xu, Z. (2022). A flexible approach for cyber threat hunting based on kernel audit records. Cybersecurity, 5, 11. https://doi.org/10.1186/s42400....
62.
Zhen, Z., & Gao, J. (2023). Chinese Cyber Threat Intelligence Named Entity Recognition via Ro-BERTa-wwm-RDCNN-CRF. Computers, Materials and Continua, 77(1), 299–321. https://doi.org/10.32604/cmc.2....
63.
Zipperle, M., Gottwalt, F., Chang, E., & Dillon, T. (2022). Provenance-based Intrusion Detection Systems: A Survey. ACM Computing Surveys, 55(7), 1-36.. https://doi.org/10.1145/353960....
| eISSN: | 2299-193X |
| ISSN: | 1429-9321 (1997-2019) |
We process personal data collected when visiting the website. The function of obtaining information about users and their behavior is carried out by voluntarily entered information in forms and saving cookies in end devices. Data, including cookies, are used to provide services, improve the user experience and to analyze the traffic in accordance with the Privacy policy. Data are also collected and processed by Google Analytics tool (more).
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
