A study of how auditing transforms under digitalization — building a multidimensional taxonomy of Digital Audit for IT companies, defining its toolkit, and charting its prospects through artificial intelligence and blockchain.
This article examines the theoretical and practical aspects of Digital Audit in the IT industry, highlighting the transformation of auditing practices under digitalization. It demonstrates that enhancing audit efficiency through digitalization demands new approaches, tools, methods, and auditor upskilling. Multidimensional taxonomic models of Digital Audit and their specific implementation in IT companies are characterized. The Digital Audit toolkit is defined, considering IT industry functional characteristics, and its development prospects are substantiated through the integration of artificial intelligence and blockchain. Conclusions are drawn and strategic recommendations are proposed for IT industry auditors regarding Digital Audit implementation, considering Ukraine's integration into the European economic space.
The study's relevance stems from digital audit's role in optimizing business processes and ensuring investor confidence. AI integration is crucial for enhancing audit accuracy and timeliness, leading to Digital Audit, highly pertinent to the IT sector.
The implementation of advanced technologies (AI, cloud computing, blockchain, automation) not only accelerates audit but also redefines auditor skill requirements, demanding technological fluency and critical thinking. This introduces risks like data governance and algorithmic bias. The research emphasizes balancing human expertise and technology for effective oversight. Digital Audit in the IT industry is a multidimensional process covering technical, operational, and ethical aspects. Its strategic importance for sustainable IT company development and maintaining digital economy trust is significant. During wartime, digital audit aids in protecting critical infrastructure, identifying vulnerabilities, increasing transparency in government and defense IT projects, and ensuring international standard compliance. It is a vital mechanism for overseeing post-war recovery. Challenges include personnel shortages, lack of unified methodologies, high costs, and cyber risks. Continuous training and investment in advanced technologies are necessary for enhanced effectiveness.
Comprehensive digitalization, a strong human-capital base, and a well-developed system of specialist training have built a robust information technology industry in Ukraine — one that has kept functioning despite military conflict and mobilization pressures, providing export potential and driving digital transformation, resilience, and reconstruction.
In the context of digital transformation, auditing requires fundamentally new approaches — a shift from traditional document verification to the comprehensive analysis of digital assets and business processes. As one of the most dynamic, knowledge-intensive sectors, the IT industry needs a specialized methodological toolkit tailored to its specificities and to the transformational potential of emerging technologies.
Digital Audit can be conceptualized as a complex system built on interconnections between sources of knowledge, evaluation tools, and the environment for implementing digital solutions. Its epistemology integrates four ways of understanding information processes.
Relies on data from digital systems — logs, metrics, and configurations.
Applies standards (e.g. ISO 27001, NIST) and logical reasoning for assessing risks and compliance.
Acknowledges the uniqueness of each IT system and its operational context.
Values knowledge by its capacity to solve problems — enhancing cybersecurity or optimizing resource usage.
Methods of understanding and analyzing information processes — integrating interdisciplinary knowledge with analytical technologies.
Cognitive mapping of information processes, risk-scenario modeling, and forecasting the impacts of digital changes using historical data and trend analysis.
Detection of hidden information risks such as code vulnerabilities; AI-driven predictive analytics that not only respond to incidents but proactively prevent them.
In IT, Digital Audit transcends traditional financial-reporting analysis, integrating three dimensions aimed at ensuring the reliability, security, and ethical integrity of digital systems.
Systematic analysis of infrastructure — software, databases, cloud services, APIs, and digital platforms — for performance, scalability, and interoperability, plus source-code auditing for quality and security.
A shift from document-based auditing to dynamic, transaction-based approaches that facilitate real-time monitoring and proactive risk management across business processes.
Evaluation of AI systems for bias, fairness, transparency, and social risk — following guidelines such as IEEE Ethically Aligned Design and the EU AI Act.
The multidimensional framework encompasses technological, process, legal, ethical, and economic dimensions of digital systems. This typology classifies the major audit areas and links each to its objectives, methods, and regulatory frameworks.
Ten dimensions of the Table 1 taxonomy — hover a segment to read its aim.
Structural map only: each segment represents one dimension of the taxonomy and is shown at equal weight. No relative magnitudes are implied — the article presents these dimensions as a qualitative classification.
Assessment of IT infrastructure — software, cloud services, APIs, databases.
Evaluation of code quality and security.
AI systems for bias, transparency, ethical compliance.
Security analysis within CI/CD pipelines.
Evaluation of cybersecurity and incident readiness.
Verification of legal compliance in IT operations.
Compliance with IP, licenses, and patents.
Evaluation of IT project and portfolio performance.
Quantitative analysis of IT solution cost-effectiveness.
Usability, accessibility, and interface safety.
| Aspect | Description | Key objectives | Methods & tools | Regulatory frameworks & standards |
|---|---|---|---|---|
| Technological Audit | Assessment of IT infrastructure (software, cloud services, APIs, databases) | Ensure performance, security, scalability | Static and dynamic analysis, monitoring, testing | ISO/IEC 27001, NIST, OpenAPI, GDPR |
| Source Code Audit | Evaluation of code quality and security | Detect vulnerabilities, ensure software stability | SAST (SonarQube), DAST (Burp Suite), manual code review | OWASP Top 10, SEI CERT |
| AI Ethics Audit | Evaluation of AI systems for bias, transparency, and ethical compliance | Mitigate ethical risks, foster trust in AI | Data analysis, SHAP, LIME, model auditing | IEEE Ethically Aligned Design, EU AI Act |
| DevSecOps Process Audit | Security analysis within CI/CD pipelines | Embed security across all development stages | Jenkins, GitLab CI/CD, automated testing | OWASP DevSecOps, NIST SP 800-53 |
| Cybersecurity & Incident Audit | Evaluation of cybersecurity and incident readiness | Resilience to attacks, rapid recovery | Penetration testing, SIEM (Splunk, QRadar) | ISO/IEC 27035, MITRE ATT&CK |
| Regulatory Compliance Audit | Verification of legal compliance in IT operations | Legal compliance, reduced regulatory risks | Policy analysis, compliance audit | GDPR, NIS2, Ukrainian Law “On Information Protection” |
| IP & Intangible Assets Audit | Assessment of compliance with IP, licenses, and patents | Asset protection, dispute risk mitigation | License audit, contract/legal review | WIPO, TRIPS, Ukrainian Law “On Copyright and Related Rights” |
| Project & Portfolio Management Audit | Evaluation of IT project and portfolio performance | Increase ROI and efficiency | PM audit, KPI analysis (Jira, Trello) | PMBOK, PRINCE2, ISO 21500 |
| Econometric Audit | Quantitative analysis of IT solution cost-effectiveness | Forecasting costs/revenues, investment justification | Statistics, regression (R, Python, Excel) | COBIT, ITIL, ISO/IEC 38500 |
| UX & User Interaction Audit | Usability, accessibility, and interface safety evaluation | Improve user experience, minimize interaction risks | UX testing, WCAG audit, A/B testing | WCAG 2.1, ISO 9241-210, GDPR |
In Ukraine, military, economic, and integration-related factors transform auditing from a control mechanism into a key tool for protection, resource optimization, and strategic development of the IT industry. Following cyberattacks on state platforms such as Diia, Digital Audit has been instrumental in identifying vulnerabilities and developing mitigation strategies, while fostering transparency in public and defense-related IT projects and ensuring alignment with EU standards such as the NIS2 Directive.
Enhances financial discipline and reduces shadow operations through electronic invoicing, automated tax-control systems, and blockchain integration into state platforms. Automated reporting detects anomalous transactions in real time — particularly in the cloud-services (SaaS) segment.
Functions as a preventive mechanism against corruption risks by analyzing tender documentation on transparent procurement platforms — improving budget-resource allocation and strengthening public trust in public finance.
An indispensable mechanism for overseeing reconstruction programs — auditing recovery systems and the logistics IT used to distribute international humanitarian and financial aid, identifying inefficiencies and reallocating funds to areas of critical need.
Implementing the NIS2 Directive is a vital step toward Ukraine's integration into the EU Digital Single Market — one of the key milestones on the path to EU accession. Consequently, Digital Audit is no longer a formality but becomes a tool for the survival and development of the IT sector amid war and post-war recovery.
Implementation of Digital Audit in Ukraine is accompanied by significant challenges that require a systematic approach to overcome — beginning with the shortage of qualified personnel and the changing competency profile of auditors.
Graduate skills vs. the digitally-transformed accounting profession
As early as 2017, the skills of university graduates covered only 45% of the competencies required for the digitally-transformed accounting profession [23]. The ACCA has since recognized digital literacy as a core competency for professional accountants.
To enhance the effectiveness of Digital Audit in the IT industry, both technological and methodological approaches must account for the dynamic nature of the digital environment — and, in the context of Ukraine's European-integration ambitions, align the sector with European standards.
Systems that consolidate data from logs, audit trails, and security metrics give a holistic view. Big Data platforms and visualization tools such as Tableau or Power BI enable real-time anomaly detection, while investment in AI and ML automates routine tasks and predicts risks such as anomalies in cloud spending or code.
Certifications, knowledge exchange, and targeted workshops keep pace with technological advancement; internal expert groups focused on specific technologies — such as cloud environments or AI systems — strengthen team competencies.
Frameworks that combine traditional standards such as ISO 27001 with risk-based innovative methods allow customization to the unique characteristics of each IT system.
ENISA stresses that candidate countries align training with the European Cybersecurity Skills Framework (ECSF). National programs should enable graduates to earn internationally recognized certifications such as CISA (ISACA), supporting ISO 27001 and GDPR compliance. Implementing GDPR and accessibility standards such as WCAG 2.1 will require audits of data-processing procedures and digital-service functionality — enhancing trust and attracting foreign investment.
Digital Audit is a critically important tool in the IT industry, ensuring business stability, security, and efficiency amid ongoing digital transformation. It integrates innovative technologies such as cloud computing, artificial intelligence (AI), machine learning (ML), and blockchain, which enhance the accuracy and quality of audit procedures — enabling IT companies to obtain reliable insights into financial and operational processes. This contributes to the optimization of business workflows, increased competitiveness, and sustainable development in a dynamic digital environment.
However, the implementation of digital audit presents several challenges, including the need for significant investment, data-security assurance, the complexity of integrating new technologies, and the rapid pace of technological advancement. Overcoming these barriers requires continuous auditor training, the application of flexible methodologies, a systemic approach, and close cooperation between auditing firms and the IT industry.
The future of digital audit in the IT sector is closely tied to the continued evolution of technologies that enable continuous monitoring, predictive analytics, and automation. These advances will strengthen its role as an indispensable component of risk management and strategic development, supporting compliance with modern standards and enhancing the global competitiveness of companies in the digital economy.
The complete list of works cited in the study.