Digital Audit · IT Industry Research Article · pp. 141–152

Peculiarities of Digital Audit in the IT Industry: Methodological and Practical Aspects

A study of how auditing transforms under digitalization — building a multidimensional taxonomy of Digital Audit for IT companies, defining its toolkit, and charting its prospects through artificial intelligence and blockchain.

Artem BasinPostgraduate (PhD), Dept. of AuditORCID 0009-0003-4579-3315 Olena PetrykDr. Sc. (Econ.), Professor · Head of Dept.ORCID 0000-0003-1881-9412 Yuliia SlobodianykDr. Sc. (Econ.), ProfessorORCID 0000-0002-5838-2342
Kyiv National Economic University · Vadym Hetman DOI: 10.32342/3041-2137-2026-2-65-10 UDC 657.6:004.7:330.341.1 JEL: D83, L86, M15, M45 CC BY 4.0
§ 01 Abstract

What this study sets out to show

This article examines the theoretical and practical aspects of Digital Audit in the IT industry, highlighting the transformation of auditing practices under digitalization. It demonstrates that enhancing audit efficiency through digitalization demands new approaches, tools, methods, and auditor upskilling. Multidimensional taxonomic models of Digital Audit and their specific implementation in IT companies are characterized. The Digital Audit toolkit is defined, considering IT industry functional characteristics, and its development prospects are substantiated through the integration of artificial intelligence and blockchain. Conclusions are drawn and strategic recommendations are proposed for IT industry auditors regarding Digital Audit implementation, considering Ukraine's integration into the European economic space.

The study's relevance stems from digital audit's role in optimizing business processes and ensuring investor confidence. AI integration is crucial for enhancing audit accuracy and timeliness, leading to Digital Audit, highly pertinent to the IT sector.

The implementation of advanced technologies (AI, cloud computing, blockchain, automation) not only accelerates audit but also redefines auditor skill requirements, demanding technological fluency and critical thinking. This introduces risks like data governance and algorithmic bias. The research emphasizes balancing human expertise and technology for effective oversight. Digital Audit in the IT industry is a multidimensional process covering technical, operational, and ethical aspects. Its strategic importance for sustainable IT company development and maintaining digital economy trust is significant. During wartime, digital audit aids in protecting critical infrastructure, identifying vulnerabilities, increasing transparency in government and defense IT projects, and ensuring international standard compliance. It is a vital mechanism for overseeing post-war recovery. Challenges include personnel shortages, lack of unified methodologies, high costs, and cyber risks. Continuous training and investment in advanced technologies are necessary for enhanced effectiveness.

§ 02 The Ukrainian IT sector

A resilient industry — even under prolonged conflict

Comprehensive digitalization, a strong human-capital base, and a well-developed system of specialist training have built a robust information technology industry in Ukraine — one that has kept functioning despite military conflict and mobilization pressures, providing export potential and driving digital transformation, resilience, and reconstruction.

0≈ profs
Professionals employed in the IT industry [8]
As of April 2025
$0bn
Revenue from export of IT products and services [16]
In 2024
0
Active sole proprietors under IT-related activity codes [8]
As of 24 February 2025
§ 03 Concept & foundations

From document verification to analysis of digital assets

In the context of digital transformation, auditing requires fundamentally new approaches — a shift from traditional document verification to the comprehensive analysis of digital assets and business processes. As one of the most dynamic, knowledge-intensive sectors, the IT industry needs a specialized methodological toolkit tailored to its specificities and to the transformational potential of emerging technologies.

a comprehensive review of your organization's digital assets and their performance in the context of business goals and profitability. It helps identify areas of success, gaps, quick wins, and areas that require improvement.
— Eamonn O'Raghallaigh, defining Digital Audit · Digital Strategy Consultants [9]

Epistemological base of Digital Audit

Digital Audit can be conceptualized as a complex system built on interconnections between sources of knowledge, evaluation tools, and the environment for implementing digital solutions. Its epistemology integrates four ways of understanding information processes.

01 · Empirical

Data-based

Relies on data from digital systems — logs, metrics, and configurations.

02 · Rationalist

Standard-based

Applies standards (e.g. ISO 27001, NIST) and logical reasoning for assessing risks and compliance.

03 · Constructivist

Contextual

Acknowledges the uniqueness of each IT system and its operational context.

04 · Pragmatic

Problem-solving

Values knowledge by its capacity to solve problems — enhancing cybersecurity or optimizing resource usage.

A system of knowledge, methods, and diagnostics

Layer I

Epistemological foundations

Methods of understanding and analyzing information processes — integrating interdisciplinary knowledge with analytical technologies.

Layer II

Verification & validation

Cognitive mapping of information processes, risk-scenario modeling, and forecasting the impacts of digital changes using historical data and trend analysis.

Layer III

Analytical diagnostics

Detection of hidden information risks such as code vulnerabilities; AI-driven predictive analytics that not only respond to incidents but proactively prevent them.

Three dimensions in the IT industry

In IT, Digital Audit transcends traditional financial-reporting analysis, integrating three dimensions aimed at ensuring the reliability, security, and ethical integrity of digital systems.

◇ Technical

Systematic analysis of infrastructure — software, databases, cloud services, APIs, and digital platforms — for performance, scalability, and interoperability, plus source-code auditing for quality and security.

◇ Operational

A shift from document-based auditing to dynamic, transaction-based approaches that facilitate real-time monitoring and proactive risk management across business processes.

◇ Ethical

Evaluation of AI systems for bias, fairness, transparency, and social risk — following guidelines such as IEEE Ethically Aligned Design and the EU AI Act.

§ 04 The taxonomy · Table 1

Ten dimensions of Digital Audit in the IT industry

The multidimensional framework encompasses technological, process, legal, ethical, and economic dimensions of digital systems. This typology classifies the major audit areas and links each to its objectives, methods, and regulatory frameworks.

Framework at a glance

Ten dimensions of the Table 1 taxonomy — hover a segment to read its aim.

Structural map only: each segment represents one dimension of the taxonomy and is shown at equal weight. No relative magnitudes are implied — the article presents these dimensions as a qualitative classification.

01

Technological Audit

Assessment of IT infrastructure — software, cloud services, APIs, databases.

Performance, security, scalability
02

Source Code Audit

Evaluation of code quality and security.

Detect vulnerabilities, software stability
03

AI Ethics Audit

AI systems for bias, transparency, ethical compliance.

Mitigate ethical risks, trust in AI
04

DevSecOps Process Audit

Security analysis within CI/CD pipelines.

Embed security across all stages
05

Cybersecurity & Incident Audit

Evaluation of cybersecurity and incident readiness.

Resilience to attacks, rapid recovery
06

Regulatory Compliance Audit

Verification of legal compliance in IT operations.

Legal compliance, reduced risk
07

IP & Intangible Assets Audit

Compliance with IP, licenses, and patents.

Asset protection, dispute mitigation
08

Project & Portfolio Management Audit

Evaluation of IT project and portfolio performance.

Increase ROI and efficiency
09

Econometric Audit

Quantitative analysis of IT solution cost-effectiveness.

Forecasting, investment justification
10

UX & User Interaction Audit

Usability, accessibility, and interface safety.

Improve UX, minimize risk
Table 1 — Key aspects of Digital Audit in the IT industry · compiled by the authors
AspectDescriptionKey objectivesMethods & toolsRegulatory frameworks & standards
Technological AuditAssessment of IT infrastructure (software, cloud services, APIs, databases)Ensure performance, security, scalabilityStatic and dynamic analysis, monitoring, testingISO/IEC 27001, NIST, OpenAPI, GDPR
Source Code AuditEvaluation of code quality and securityDetect vulnerabilities, ensure software stabilitySAST (SonarQube), DAST (Burp Suite), manual code reviewOWASP Top 10, SEI CERT
AI Ethics AuditEvaluation of AI systems for bias, transparency, and ethical complianceMitigate ethical risks, foster trust in AIData analysis, SHAP, LIME, model auditingIEEE Ethically Aligned Design, EU AI Act
DevSecOps Process AuditSecurity analysis within CI/CD pipelinesEmbed security across all development stagesJenkins, GitLab CI/CD, automated testingOWASP DevSecOps, NIST SP 800-53
Cybersecurity & Incident AuditEvaluation of cybersecurity and incident readinessResilience to attacks, rapid recoveryPenetration testing, SIEM (Splunk, QRadar)ISO/IEC 27035, MITRE ATT&CK
Regulatory Compliance AuditVerification of legal compliance in IT operationsLegal compliance, reduced regulatory risksPolicy analysis, compliance auditGDPR, NIS2, Ukrainian Law “On Information Protection”
IP & Intangible Assets AuditAssessment of compliance with IP, licenses, and patentsAsset protection, dispute risk mitigationLicense audit, contract/legal reviewWIPO, TRIPS, Ukrainian Law “On Copyright and Related Rights”
Project & Portfolio Management AuditEvaluation of IT project and portfolio performanceIncrease ROI and efficiencyPM audit, KPI analysis (Jira, Trello)PMBOK, PRINCE2, ISO 21500
Econometric AuditQuantitative analysis of IT solution cost-effectivenessForecasting costs/revenues, investment justificationStatistics, regression (R, Python, Excel)COBIT, ITIL, ISO/IEC 38500
UX & User Interaction AuditUsability, accessibility, and interface safety evaluationImprove user experience, minimize interaction risksUX testing, WCAG audit, A/B testingWCAG 2.1, ISO 9241-210, GDPR
§ 05 Strategic & wartime role

From a control mechanism to a tool of survival and recovery

In Ukraine, military, economic, and integration-related factors transform auditing from a control mechanism into a key tool for protection, resource optimization, and strategic development of the IT industry. Following cyberattacks on state platforms such as Diia, Digital Audit has been instrumental in identifying vulnerabilities and developing mitigation strategies, while fostering transparency in public and defense-related IT projects and ensuring alignment with EU standards such as the NIS2 Directive.

Application

Taxation

Enhances financial discipline and reduces shadow operations through electronic invoicing, automated tax-control systems, and blockchain integration into state platforms. Automated reporting detects anomalous transactions in real time — particularly in the cloud-services (SaaS) segment.

Application

Public procurement

Functions as a preventive mechanism against corruption risks by analyzing tender documentation on transparent procurement platforms — improving budget-resource allocation and strengthening public trust in public finance.

Application

Post-war recovery

An indispensable mechanism for overseeing reconstruction programs — auditing recovery systems and the logistics IT used to distribute international humanitarian and financial aid, identifying inefficiencies and reallocating funds to areas of critical need.

EU integration

Implementing the NIS2 Directive is a vital step toward Ukraine's integration into the EU Digital Single Market — one of the key milestones on the path to EU accession. Consequently, Digital Audit is no longer a formality but becomes a tool for the survival and development of the IT sector amid war and post-war recovery.

§ 06 Challenges & limitations

The barriers that must be overcome

Implementation of Digital Audit in Ukraine is accompanied by significant challenges that require a systematic approach to overcome — beginning with the shortage of qualified personnel and the changing competency profile of auditors.

The competency gap

Graduate skills vs. the digitally-transformed accounting profession

0%competencies covered

As early as 2017, the skills of university graduates covered only 45% of the competencies required for the digitally-transformed accounting profession [23]. The ACCA has since recognized digital literacy as a core competency for professional accountants.

!

Personnel shortage & shifting competencies

A lack of qualified specialists and a rapidly changing competency profile for auditors.

!

No unified methodologies

The absence of unified digital-audit methodologies complicates adaptation to heterogeneous IT systems.

!

Technical & financial cost

Significant cost of integrating new technological solutions with existing infrastructures.

!

Escalating cyber risk under martial law

Heightened risk to critical infrastructure demands stricter security of audit procedures and data protection.

!

Financial constraints & resistance to innovation

Shifting priorities toward operational needs, plus organizational resistance from limited awareness or bureaucratic inertia.

◆ Benefits for IT companies

  • Automation of procedures reduces audit duration and costs.
  • AI and Big Data improve analytical accuracy, mitigating undetected errors or fraud.
  • Integrated systems enable real-time processing of large data volumes, keeping findings relevant.
  • Continuous auditing, supported by persistent monitoring, improves the quality and timeliness of assessments.

◆ Limitations

  • High upfront investment in technologies such as AI or integrated platforms.
  • Integrating new tools with legacy systems requires specialized expertise.
  • Auditing large data volumes increases privacy risks amid wartime cyber threats.
  • Rapid technological change necessitates continuous, resource-straining upgrades.
  • Lack of historical data makes long-term effectiveness hard to evaluate.
§ 07 Enhancing effectiveness

A roadmap toward European alignment

To enhance the effectiveness of Digital Audit in the IT industry, both technological and methodological approaches must account for the dynamic nature of the digital environment — and, in the context of Ukraine's European-integration ambitions, align the sector with European standards.

Step 01 · Technology

Integrated analytics & AI/ML

Systems that consolidate data from logs, audit trails, and security metrics give a holistic view. Big Data platforms and visualization tools such as Tableau or Power BI enable real-time anomaly detection, while investment in AI and ML automates routine tasks and predicts risks such as anomalies in cloud spending or code.

Step 02 · People

Continuous auditor training

Certifications, knowledge exchange, and targeted workshops keep pace with technological advancement; internal expert groups focused on specific technologies — such as cloud environments or AI systems — strengthen team competencies.

Step 03 · Method

Flexible methodological frameworks

Frameworks that combine traditional standards such as ISO 27001 with risk-based innovative methods allow customization to the unique characteristics of each IT system.

Step 04 · European integration

ECSF, CISA, GDPR & WCAG 2.1

ENISA stresses that candidate countries align training with the European Cybersecurity Skills Framework (ECSF). National programs should enable graduates to earn internationally recognized certifications such as CISA (ISACA), supporting ISO 27001 and GDPR compliance. Implementing GDPR and accessibility standards such as WCAG 2.1 will require audits of data-processing procedures and digital-service functionality — enhancing trust and attracting foreign investment.

§ 08 Conclusion

A critically important — and evolving — instrument

Digital Audit is a critically important tool in the IT industry, ensuring business stability, security, and efficiency amid ongoing digital transformation. It integrates innovative technologies such as cloud computing, artificial intelligence (AI), machine learning (ML), and blockchain, which enhance the accuracy and quality of audit procedures — enabling IT companies to obtain reliable insights into financial and operational processes. This contributes to the optimization of business workflows, increased competitiveness, and sustainable development in a dynamic digital environment.

However, the implementation of digital audit presents several challenges, including the need for significant investment, data-security assurance, the complexity of integrating new technologies, and the rapid pace of technological advancement. Overcoming these barriers requires continuous auditor training, the application of flexible methodologies, a systemic approach, and close cooperation between auditing firms and the IT industry.

The future of digital audit in the IT sector is closely tied to the continued evolution of technologies that enable continuous monitoring, predictive analytics, and automation. These advances will strengthen its role as an indispensable component of risk management and strategic development, supporting compliance with modern standards and enhancing the global competitiveness of companies in the digital economy.

Digital auditIT industryCybersecurityArtificial intelligenceBlockchainDevOpsCloud infrastructureRegulatory complianceData governanceSustainable development
§ 09 References

Reference list

The complete list of works cited in the study.

[1]Al Shanti, N., Mariani, L., & Signori, S. (2024). The engagement in fraudulent behavior – social aspects. Università degli studi di Bergamo. 121 p.
[2]Alles, M. G. (2015). Drivers of the use and facilitators and obstacles of the evolution of Big Data by the audit profession. Accounting Horizons, 29(2), 439–449.
[3]Alpay, M. F., & Usul, H. (2024). From traditional auditing to information technology auditing: A paradigm shift in practices. European Journal of Digital Economy Research, 5(1), 3–9.
[4]Arens, A. A., Elder, R. J., & Beasley, M. S. (2020). Auditing and assurance services: An integrated approach (17th ed.). Boston: Pearson. 912 p.
[5]Astakhova, M. M. (2007). Use of computer information systems in auditing reserves and provisions of an enterprise. Naukovi pratsi Kirovohradskoho natsionalnoho tekhnichnoho universytetu. Ekonomichni nauky, (12, Part 1), 319–324. (in Ukrainian).
[6]Ben Ahmed, D. (2026). The Impact of Artificial Intelligence on Accounting Information and Earnings Management: Bibliometric Analysis. Journal of Risk and Financial Management, 19(1), 90.
[7]Deloitte. (2022). 2021 Audit Transparency Report. Deloitte UK.
[8]DOU. (2025, April). How many IT specialists are in Ukraine: A record number of closed IT sole proprietors in a year. dou.ua (in Ukrainian).
[9]Eamonn O'Raghallaigh. What is a digital audit and why is it important? Digital Strategy Consultants.
[10]ENISA. (2023). Cybersecurity skills framework for EU candidate countries. Athens: European Union Agency for Cybersecurity.
[11]Kokina, J., Pachamanova, D., & Corbett, A. (2017). The role of data and analytics in the audit profession. Journal of Emerging Technologies in Accounting, 14(1), 115–122.
[12]Korol, S. Ya. (2020). Digital technologies in accounting and auditing. Derzhava ta rehiony. Seriia: Ekonomika ta pidpryiemnytstvo, 1, 170–176. (in Ukrainian).
[13]Kriukova, I. O. (2022). Development of digital audit. In Stratehichni priorytety rozvytku bukhhalterskoho obliku, audytu ta opodatkuvannia v umovakh hlobalizatsii (pp. 43–45). Sumy: SNAU. (in Ukrainian).
[14]Lois, P., Drogalas, G., Karagiorgos, A., & Tsikalakis, K. (2020). Internal audits in the digital era: Opportunities, risks and challenges. EuroMed Journal of Business, 15(2), 205–217.
[15]Manita, R., Elommal, N., Baudier, P., & Hikkerova, L. (2020). The digital transformation of external audit and its impact on corporate governance. Technological Forecasting and Social Change, 150, 119751.
[16]National Bank of Ukraine. External sector statistics. bank.gov.ua
[17]Nezhyva, M., & Miniailo, V. (2020). Digitalization of audit in the conditions of the COVID-19. Herald of Kyiv National University of Trade and Economics, 131, 123–134.
[18]Pinto, A. R. O. (2024). A framework for leveraging IT audit using artificial intelligence.
[19]Power, M. (1997). The audit society: Rituals of verification. Oxford: Oxford University Press. 200 p.
[20]PwC. (2021). Transparency Report 2021. PwC UK.
[21]Tjeng, P. S., & Nopianti, R. (2020). The audit investigation and accounting forensic in detecting fraud in digital environment. International Journal of Accounting and Taxation, 8(1), 44–54.
[22]Us, R. L. (2022). IT audit as a tool for ensuring effective enterprise management. Ekonomichnyi visnyk, 1, 139–147. (in Ukrainian).
[23]Zhyvets, A. N. (2017). Trends in the development of professional competencies of a small business accountant in the 21st century. Aktualni problemy ekonomiky, 6(192), 204–213. (in Ukrainian).