Advancing enterprise IT audit through cross-modal semantic alignment: Using image–text retrieval to improve evidence accuracy and risk detection

The use of IT in the financial and accounting processes is growing fast and this leads to an increase in the research and professional concerns about the risks, control and audit of Accounting Information Systems (AIS). In this context, the risk and control of AIS approach is a central component of processes for IT audit, financial audit and IT Governance. Recent studies in the literature on the concepts of risk, control and auditing of AIS outline two approaches: (1) a professional approach in which we can fit ISA, COBIT, IT Risk, COSO and SOX, and (2) a research oriented approach in which we emphasize research on continuous auditing and fraud using information technology. Starting from the limits of existing approaches, our study is aimed to developing and testing an Integrated Approach Model of Risk, Control and Auditing of AIS on three cycles of business processes: purchases cycle, sales cycle and cash cycle in order to improve the efficiency of IT Governance, as well as ensuring integrity, reality, accuracy and availability of financial statements.Keywords: Risk, Control, Audit, IT Governance, Accounting Information Systems1 IntroductionThe high level of using the information technology in financial and accounting processes in organizations [1] results in an increase in research and professional concerns about the risks, control and audit of Accounting Information Systems (AIS).The risks and vulnerabilities of Accounting Information Systems may lead to material misstatements in financial reporting. Most times these risks have negative impact on the integrity, accuracy, reality and availability of financial reports [2]; [3]; [4]. In this context, risk and AIS control approach is central to both financial and IT audit processes and IT governance processes within the organization.In this study, researching financial and IT audit process relations, and using the concepts of risk and control, we developed and applied an integrated approach model of risk, control and auditing of AIS. The purpose of this model is the integration approach of risk, control and AIS audit in the IT audit processes and financial audit processes in order to improve the efficiency of IT Governance, as well as ensuring integrity, reality, accuracy and availability of financial statements.The paper is structured in four parts. In the introduction we presented the current research regarding the integrated approach of risk, control and auditing in the IT auditor's perception, as well as the financial auditor's perception and we showed the need to develop a model. In the second part, we presented the research methodology. In the third part, we presented the model development and we discussed the findings of applying the model. Finally, we presented our conclusions regarding the research.2 Literature ReviewRecent studies in the literature on the concepts of risk, control and auditing of AIS outline two approaches: (1) a professional approach in which we can fit ISA, COBIT, IT Risk, COSO and SOX [5]; [6]; [7]; [8]; [9]; [10], and (2) a research oriented approach in which we emphasize research on continuous auditing and fraud using information technology [11]; [12]; [13].According to IFAC-ISA 315 financial auditors must understand and analyze AIS, which can affect financial reporting particularly on: significant transactions systems for financial statements; automatic or manual control pro- cedures through which transactions are recorded, stored and processed in the general ledger, and reported in the Financial Statements; the process of obtaining and presenting the financial reports from the AIS [5].Also in the professional approach of the risk management process and ensuring the control of AIS, we noticed the COBIT 5 framework [6]. According to ISACA, COBIT 5 is the only business framework for the governance and management of enterprise IT. Analyzing the objectives and the content of COBIT 5, we can say that starting with this version, ISACA has an integrated approach model of the risk, control and auditing of AIS. …

IT auditing and governance have fueled innovation and change in international trade compliance, yet our knowledge of this area is not complete. To deepen our knowledge, this current research utilized descriptive, bibliometric, and content analyses to explore 240 Web of Science articles. We examined recent publication trends as well as the intellectual topography of this research field. We developed a framework that integrates various concepts, separating IT governance and audit in global trade compliance into four principal components: legal compliance, ethical issues, monitoring, and incentives. These components were analyzed through two theoretical perspectives: governance and performance. This framework suggests some major avenues for future research while filling the existing gaps in how IT governance and audit influence global trade compliance.

Today, IT audit become one of the top two topics that discussed amongst internal auditor professionals and has grown to become an important issue for modern organizations. IT audit concepts have changed over time, although significant changes have been made in early 2000, toward modern IT audit. This paper examines current issues in IT audit. The motivation was to identify the current trends and issues in IT audit. This paper reviews the literature on IT audit that published during the period 2008-2017. The literature review identified 46 papers that presented an issue in IT audit practices. The study results suggest that the current issues in IT audit can be classified into 5 main issues, there are benefits of IT audit, IT audit guidance, IT audit object, IT audit process, and issue of IT auditor. This paper has presented how these issues emerged during the past 10 years, along with the development trends. This study results can be used by researchers to conduct further research in the field of modern IT audit. This paper also presents the research directions based on the 5 main issues.

The previous chapter provided a high-level description what Enterprise Governance of IT is about. However, having developed a high-level model for Enterprise Governance of IT does not imply that governance of enterprise IT is actually working in the organization. Conceiving the model for Enterprise Governance of IT is the first step, deploying it throughout all levels of the organization is the next challenging step. To achieve this, Enterprise Governance of IT can be deployed using a mixture of various structures, processes, and relational mechanisms. These practices will be discussed in this chapter, including an illustration how they were leveraged in the context of a large international airline company. Also, specific topics will be discussed such as the role of the board in enterprise governance of IT and the challenge of approaching enterprise governance of IT in an interorganizational context. Finally, a more theoretical view on enterprise governance of IT is discussed through the lens of the Viable Systems Model Theory.

In digital transformation, modernization IT risk universe plays a major role in planning an effective IT audit program. This paper describes a new requirement in IT audit practices and suggests an IT risk universe framework for the development of IT risk universe toward a more modern (digital transformation setting). This paper concludes with research prospects that can support and intensify research for modernizing IT risk universe in modern IT audit.

This concept paper examines the integration of Agile methodologies into IT audit processes to enhance effectiveness and efficiency. In today's dynamic and rapidly evolving technological landscape, traditional audit approaches often struggle to keep pace with the speed and complexity of IT environments. Agile methodologies, originating from software development, offer a flexible and iterative framework that can revolutionize IT audit practices. The paper begins by highlighting the limitations of traditional audit methodologies in addressing the challenges posed by modern IT systems. It then introduces Agile principles and practices, explaining how they can be adapted and applied within the context of IT audits. By embracing Agile, auditors can shift from rigid, linear audit processes to iterative, collaborative approaches that promote adaptability, responsiveness, and continuous improvement. Key components of Agile methodologies, such as sprints, stand-up meetings, and user stories, are explored in the context of IT audits, demonstrating how they can streamline audit planning, execution, and reporting. The paper also discusses the cultural shift required for successful Agile adoption within audit teams and organizations, emphasizing the importance of communication, collaboration, and a mindset focused on delivering value. Through case studies and real-world examples, the paper illustrates the tangible benefits of applying Agile methodologies to IT audits. These include increased audit coverage, faster identification of risks and issues, enhanced stakeholder engagement, and improved alignment with business objectives. Additionally, Agile practices enable auditors to adapt to changing priorities and emerging risks more effectively, ensuring audit activities remain relevant and impactful in dynamic environments. Despite its potential benefits, Agile adoption in IT audits presents challenges such as cultural resistance, skill gaps, and the need for organizational support and buy-in. The paper addresses these challenges and proposes strategies for overcoming them, including training and development initiatives, stakeholder engagement, and pilot projects. In conclusion, the paper advocates for the integration of Agile methodologies into IT audit practices as a means to enhance effectiveness, responsiveness, and value delivery. By embracing Agile principles and practices, auditors can better meet the demands of today's digital landscape, driving continuous improvement and innovation in audit processes. In this concept paper, I analyze how the adoption of Agile methodologies, particularly Scrum, can revolutionize IT audits. I explore how these methodologies improve collaboration, adaptability, and overall audit effectiveness, supported by practical examples and insights from my professional experience. Keywords: Enhancing, IT, Audit Effectiveness, Agile Methodologies, Conceptual Exploration.

Business performance, value and success are more and more depending on information technology governance and on the related IT risk management efficiency. To completely accomplish the main objectives of Auditing, internally or externally sourced, in this era, the introduction of an additional professional tool, the IT Audit, is being increasingly considered as an absolute and indispensable need.This paper aims to treat and emphasize, through comparison and analysis, the necessity and relevance of IT Audit, in both public and private enterprises. IT Audit, as a new important field and strong risk assessment tool of Auditing, drives to a higher level of efficiency and ensures that the enterprise system is getting the maximum business value / performance for itself and for all stakeholders too. Highlighting the evidenced advantages of an effective IT Audit through best practices, the paper’s purpose is to strongly motivate and encourage other organization as well to introduce the IT Audit in their org chart.

In recent years, IT governance has been a subject of discussion among academics and practitioners. The concern has been on the need to implement governance mechanisms and ensure the right balance of these mechanisms. However, the audit of IT governance mechanisms has received very little attention. This paper aims to analyse the overall impact of IT governance audits on the maturity and coherence of governance mechanisms. Guided by the configurational theory, the researchers argue that when governance mechanisms operate coherently and are regularly audited, there will be improvement in IT governance and the performance of financial institutions. In this study, seven financial services companies in Ghana were reviewed, and their IT governance maturity was assessed after seven months of auditing with a COBIT 5‐driven IT audit framework. Two surveys were conducted, one before and one after the auditing. The findings of the study confirm the claim that regular auditing improves IT governance maturity and coherence. Several governance mechanisms within the case organizations improved to one higher level of maturity on the Capability Maturity Model. This improvement was after seven months of auditing. Regular auditing also improved IT roles and responsibilities, empowered IT personnel and improved the IT budgetary control and architecture of the entities. This study has implications for practice. It emphasizes the importance of independent regular IT auditing and the need to ensure coherence among IT governance mechanisms if effective IT governance is to be achieved in financial institutions.

COBIT has been known as the best practice standard in IT Governance, both in management or evaluated of the IT utilization. The role of IT Audit framework to evaluate the benefits of Information Technology in an enterprise either its gain benefits or fail in order to achieved the business objective. In Indonesia, most organization has been implemented the IT as their main support of process business, and deliberately conduct the evaluation of the implementation used some IT Audit framework such as ITIL, TOGAF, COBIT and other Government rule. Those frameworks have been known as an IT governance framework, most of organizations are choosing COBIT and ITIL due to the internal control issues. Therefore, this research will be focus on COBIT 5 utilization as an IT audit frameworks, a comparison also will be done between the COBIT 5 and ITIL. The comprehensive parameters in COBIT 5 which provides 5 category process in two domain, management and control will be the variables of prioritizing process among them for each object. This paper will analyze the use of those parameters for some selected organization and prioritize them using the Analytical Hierarchy Process (AHP) methodology that will lead to create a new model of IT Audit frameworks based on the user requirement and opinion. the analyzing process the implementation of COBIT 5 framework in some organizations, and priorities the preferred attributes of COBIT 5 that very likely and suitable to the culture and needs of user in Indonesia using AHP Methodology, and create the best qualified model of IT Audit that fit with the requirements of the organizations especially for Indonesia organizations and companies.

Purpose: In order to better understand how IT governance COBIT5 (planning and organization (PO), acquisition and implementation (AI), support and delivery (SD), monitoring and evaluation (ME), guidance and control (GC), and audit risks interact in Jordanian businesses, this study will examine the moderating role of audit quality. Design/methodology/approach: This study uses a mixed method combining quantitative and qualitative method. Primary data: IT governance and audit risk with questionnaires distributed to 528 workers from each of the 176 Jordanian companies. The three employees served as a representative sample from the finance, internal audit, and IT departments. Secondary data: Using SPSS software, the data was analyzed to determine the audit quality using the financial statements of Jordanian businesses listed on the Amman Stock Exchange for the year 2020. Results and conclusion: The results of this study have shown that the COBIT5 framework is an important accountability mechanism for motivating expected behavior in the workplace when it comes to technology use. Audit risk is directly affected by the IT governance structure. Practical implications: This study is important for companies in Jordan, by presenting an integrated framework in this study that combines IT governance, audit risks and audit quality. This study was expected to facilitate the companies' efforts by ensuring a sufficient degree of confidence in the applied accounting system and improving the information security within the system to maintain the organizations and audit quality at the same time. Originality/value: This study adds to the body of knowledge on IT governance, audit risk, and audit quality that has concentrated on developing nations, particularly Jordan.

The purpose of this paper is to explain that the evolving digital transformation will automatically affect the role of IT audit. In the era of digital transformation, IT audit will become increasingly involved to ensure that IT implementation does not create unacceptable risks to the business. That way, the IT audit should have gained a favourable position as many companies are transforming the business as it is today. This research methodology use a qualitative approach by emphasizing the data analysis. The result of this research can contribute to the field of modern IT audit by presenting practical guidance for determining the role of IT audit in the era of digital transformation.

The proliferation of heterogeneous enterprise data across multimodal sources such as system logs, audit reports, transactional records, and security images has created significant challenges in ensuring information consistency, integrity, and interpretability within IT governance frameworks. This study proposes an advanced deep learning (DL)-based architecture for intelligent audit analytics that performs seamless fusion of multimodal data through cross-modal representation learning. The framework employs supervised contrastive learning and feature alignment techniques to project heterogeneous modalities into a unified latent subspace, enabling improved correlation discovery, anomaly localization, and compliance verification. Experimental evaluations conducted on benchmark and synthetic audit datasets demonstrate superior performance in multimodal clustering, classification, and anomaly detection tasks compared to conventional unimodal and hybrid baselines. The results indicate that the proposed approach enhances the transparency, traceability, and resilience of IT audit systems, offering a scalable foundation for next-generation governance and risk management infrastructures.

Despite the fact that IT governance is a function of the business, CIOs or subsets of the IT organization (I include IT audit here, even though they likely function outside of IT) are almost always leading whatever semblance of IT governance you will find in enterprises today. There are a number of reasons why IT sponsors and fosters advances in IT governance. In some cases it is in response to IT audit influence and pressure on IT to close audit issues. It is sometimes forced on IT by regulatory, legal, or security requirements. It is occasionally associated with the need for IT to make better technology investment decisions. One CIO told me it was associated with the need to tame the fire hose of business needs his organization faced, along with the seemingly chronic and rising dissatisfaction with what and how much his IT department delivered. He turned to IT governance to better serve “them.”

Purpose This study aims to investigate how the internal audit function helps boost an organisation’s cybersecurity quality. The authors focus on the key roles played by the chief audit executive (CAE) competencies in terms of their IT expertise, qualifications and tenure, their interaction with the audit committee (AC), the organisation’s IT governance structure and the role of internal audit (IA) in overseeing cybersecurity. Design/methodology/approach Data were collected via a survey questionnaire distributed to internal auditors and audit committee members in UK-listed companies, supplemented by relevant archival data where appropriate. Findings Panel regression findings, validated across both CEAs and AC members, reveal that CAE IT expertise, private CAE-AC meetings and robust IT governance significantly improve cybersecurity quality. Crucially, each additional year of IT audit expertise increases perceived cybersecurity quality by approximately 0.30 units, confirming the high value of deep IT audit expertise. Additionally, IA’s role in policy review, regulatory compliance and risk assessment strengthens cyber resilience. Practical implications The findings carry important practical implications for organisations, regulators and society. Strengthening IT competencies within internal audit, fostering private dialogue between CAEs and audit committees and embedding cybersecurity into corporate governance frameworks can significantly improve resilience. Beyond organisational benefits, enhanced cybersecurity audit quality supports consumer protection, safeguards privacy and reinforces public trust in digital infrastructures such as health care, banking and government services, aligning with global standards like the General Data Protection Regulation (GDPR) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Originality/value The study makes an original contribution to the literature by examining how synergies among the CAE’s IT competencies, interaction with the audit committee, IT governance and internal audit functions shape the quality of cybersecurity audits.

This essay argues that when the distinction between IT governance and IT management becomes too ambiguous, enterprise executives may conflate the two terms, deeming their participation in IT governance activities unnecessary. This essay posits a core set of executive-level IT governance activities in which business executives should participate. These core activities include: establishment of the enterprise IT management structure, creation of the strategic IT vision and development and execution of the enterprise’s IT investment priorities. The enterprise IT vision becomes the primary means for documenting high-level IT governance decisions required to facilitate the creation of an IT strategy that is truly aligned with the enterprise strategy. The guidance contained in the strategic IT vision establishes the parameters for formulating the far more detailed policies, standards that in turn inform the development of IT initiatives and the ongoing delivery of existing IT services. IT investment priorities and resulting investment decisions serve as the primary control mechanism to ensure that IT initiatives are consistent with the enterprise’s strategic IT principles. This essay conceptualizes IT governance as an emergent and ongoing process requiring the cycling back and forth between IT governance activities.