COMPARISON OF INTERNATIONAL AUDIT STANDARDS FOR INFORMATION SECURITY WITH AUTOMATION PERSPECTIVES

Authors

DOI:

https://doi.org/10.28925/2663-4023.2025.31.1046

Keywords:

audit, cybersecurity, artificial intelligence, standard, iso 19011, comparison, information security

Abstract

This study presents a comparative analysis of three widely recognized audit-related international standards such as ISO 19011, ISO/IEC 27007, and ISA 200, aimed at identifying the most suitable methodological foundation for further research on the automation of audit management processes. The motivation for this work stems from the increasing complexity of audit activities in modern organizations and the growing need for structured, reproducible, and automatable audit procedures. A review of recent publications shows that comparative studies of audit standards remain limited, particularly in the context of information security and artificial intelligence, which underscores the relevance and originality of the present research. The evaluation methodology developed in this study incorporates a multi-criteria approach that considers academic visibility, general web presence, and the recency of each standard. Quantitative data from Google Scholar and Google Search were normalized using a dedicated formula to ensure comparability across different metrics. According to the calculated results, ISA 200 achieved the highest overall score due to its wide citation base and broad applicability across financial audit domains, while ISO/IEC 27007 received the lowest score because of its narrower scope and lower visibility. Despite ISA 200’s quantitative advantage, the qualitative assessment demonstrates that ISO 19011 provides the most structured, universal, and adaptable audit framework, built around a clearly defined PDCA lifecycle. This structure is particularly advantageous for audit automation, as it offers a systematic sequence of actions that can be formalized and later integrated into AI-driven decision-making systems. Therefore, ISO 19011 is identified as the most appropriate standard for guiding future research on automated audit methodologies and for developing intelligent tools capable of supporting audit planning, execution, and follow-up activities.

Downloads

Download data is not yet available.

References

Ionescu, L. (2014). THE ROLE OF GOVERNMENT AUDITING IN CURBING CORRUPTION. Economics, Management, and Financial Markets, 9, 122-127.

Riahi-Belkaoui, A. (2004). Are You Being Fooled? Audit Quality and Quality of Government. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.485764

‌[3] ABBAS, Z., & BENAOUIDA, N. (2022). Internal auditing as one of the most important internal mechanisms for embodying the principles of Corporate Governance. Advanced Research in Economics and Business Strategy Journal, 3(1), 5–36. https://doi.org/10.52919/arebus.v3i1.23

‌[4] Lozano, G., & Carina, L. (2014). La importancia de las auditorías internas y externas dentro de las organizaciones.

Verkhovna Rada of Ukraine, On the Audit of Financial Statements and Auditing Activities, Law of Ukraine No. 2258-VIII, 2017. URL: https://zakon.rada.gov.ua/laws/show/2258-19#Text

Toliupa, S., V., Politanskyi, L., F., Politanskyi, R., L., & Lesinskyi, V., V. Information Security Management: Textbook, Yuriy Fedkovych Chernivtsi National University, Chernivtsi, Ukraine, 2021, 540 p.

Chalyi, O., & Stopochkina, I. (2024). INFORMATION RETRIEVAL AND DEANONYMIZATION IN THE TASKS OF EARLY DETECTION OF POTENTIAL ATTACKS ON CRITICAL INFRASTRUCTURE. Cybersecurity Education Science Technique, 2(26), 305–322. https://doi.org/10.28925/2663-4023.2024.26.694

‌[8] Suduc, A., Bîzoi, M., Filip, F.G., & Academy-INCE, R. (2010). Audit for Information Systems Security. Informatică economică, 14, 43-48.

Kozhakhmet, K.T., Bortsova, G.K., Inoue, A., & Atymtayeva, L.B. (2012). Expert System for Security Audit Using Fuzzy Logic. Midwest Artificial Intelligence and Cognitive Science Conference.

Chalyi, O. (2025). Assessing Wi-Fi Security Protocols: A Study of Dictionary Attack Performance. Baltic Journal of Modern Computing, 13(3). https://doi.org/10.22364/bjmc.2025.13.3.03

‌[11] Lo, E. C., & Marchand, M. (n.d.). Security audit: a case study [information systems]. Canadian Conference on Electrical and Computer Engineering 2004 (IEEE Cat. No.04CH37513). https://doi.org/10.1109/ccece.2004.1344989

‌[12] Chalyi, O. (2024). An Evaluation of General-Purpose AI Chatbots: A Comprehensive Comparative Analysis. Infoscience Trends. 1(1), 52–66. https://doi.org/10.61186/ist.202401.01.07

Rosário, T., Pereira, R., & da Silva, M. M. (2012, September 1). Formalization of the IT Audit Management Process. IEEE Xplore. https://doi.org/10.1109/EDOCW.2012.11

‌[14] Lubenchenko, O. E., Shulha, S. V., & Korinko, M. D. (2022). New Standards of Quality Management in Audit. The Risk-Based Approach. Statistics of Ukraine, 96(1), 117–126. https://doi.org/10.31767/su.1(96)2022.01.11

‌[15] Assaf Arief, & Ayub, H. (2016). Information technology audit for management evaluation using COBIT and IT security (Case study on Dishubkominfo of North Maluku Provincial Government, Indonesia). https://doi.org/10.1109/icitacee.2016.7892477

‌[16] Griffiths, P. (2012). Information Audit: Towards common standards and methodology. Business Information Review, 29(1), 39–51. https://doi.org/10.1177/0266382112436791

Zakaria, K., N., Othman, H., S., &Zainal, A. (2019). Review of Cybersecurity Audit Management and Execution Approaches. https://doi.org/10.1109/icriis48246.2019.9073641

‌[18] Chalyi, O., Driaunys, K., & Rudžionis, V. (2025). Assessing Browser Security: A Detailed Study Based on CVE Metrics. Future Internet, 17(3), 104–104. https://doi.org/10.3390/fi17030104

‌[19] Reuben-Owoh, B., & Haig, E. (2025). A Systematic Review of Voluntary Cybersecurity Standards and Frameworks. International Journal of Information Security, 24(5). https://doi.org/10.1007/s10207-025-01121-0

‌[20] Chalyi, O., & Kolomytsev, M. (2023). Comparison of Tools for Web-Application Brute Forcing. Theoretical and Applied Cybersecurity, 4(1). https://doi.org/10.20535/tacs.2664-29132022.1.274117

International Organization for Standardization. (2018). ISO 19011:2018 — Guidelines for auditing management systems. ISO.

International Organization for Standardization & International Electrotechnical Commission. (2020). ISO/IEC 27007:2020 — Guidelines for information security management systems auditing. ISO.

International Auditing and Assurance Standards Board. (2009). ISA 200: Overall objectives of the independent auditor and the conduct of an audit in accordance with International Standards on Auditing. IFAC.

Downloads


Abstract views: 0

Published

2025-12-16

How to Cite

Chalyi, O., & Toliupa, S. (2025). COMPARISON OF INTERNATIONAL AUDIT STANDARDS FOR INFORMATION SECURITY WITH AUTOMATION PERSPECTIVES . Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(31), 579–588. https://doi.org/10.28925/2663-4023.2025.31.1046

Issue

Vol. 3 No. 31 (2025): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2025 Олексій Чалий, Сергій Толюпа

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Most read articles by the same author(s)