Journal of Information System and Technology Auditing

Journal of Information System and Technology Auditing

A Framework for Applying Text Mining and Artificial Intelligence in IT Governance Auditing

Document Type : Review

Authors
Neda Abdolvand 1
Maedeh Norouzi 2
1 Associate Professor, Department of Management, Faculty of Social Sciences and Economics, Alzahra University, Tehran, Iran
2 MSc Business Management, Department of Management, Faculty of Social Sciences and Economics, Alzahra University, Tehran, Iran
10.22034/jista.2026.544803.1061
Abstract
The rapid advancement of information technology (IT) and the growing complexity of organizational data have significantly transformed the field of IT governance and auditing. Traditional auditing approaches often struggle to cope with the volume, variety, and velocity of digital information, resulting in challenges for transparency, risk assessment, and value creation. This paper presents a conceptual study that integrates theories of Resource Dependence (RDT) and Legitimacy to propose a multi-layered framework for IT audit governance supported by artificial intelligence (AI) and machine learning (ML) techniques. The proposed model incorporates eight layers, including infrastructure, data, preprocessing, application, AI/ML analytics, reporting, governance, and a cross-cutting security layer, highlighting how advanced analytical tools can enhance transparency, strengthen stakeholder trust, and support sustainable value creation. By synthesizing existing literature and extending theoretical insights, this study not only offers a comprehensive conceptual framework but also outlines directions for future empirical research and practical applications in IT audit governance.
Keywords
Audit Transparency
IT Governance
IT Audit
Text Mining
Resource Dependence Theory
Legitimacy Theory

Subjects

Alles, M. G., Kogan, A., & Vasarhelyi, M. A. (2008). Putting continuous auditing theory into practice: Lessons from two pilot implementations. Journal of Information Systems, 22(2), 195–214.
Alreemy, Z., Chang, V., Walters, R., & Wills, G. (2016). Critical success factors (CSFs) for information technology governance (ITG). International Journal of Information Management, 36(6), 907–916. https://doi.org/10.1016/j.ijinfomgt.2016.05.017
Brown, A. E., & Grant, G. G. (2005). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15, Article 38.
Boskou, G., Kirkos, E., & Spathis, C. (2018). Assessing Internal Audit with Text Mining. Journal of Information & Knowledge Management, 17(02), 1850020. https://doi.org/10.1142/S021964921850020X
Feldman, R., & Sanger, J. (2007). The Text Mining Handbook: Advanced Approaches in Analyzing Unstructured Data. Cambridge University Press.
Hanisch, M., Goldsby, C. M., Fabian, N. E., & Oehmichen, J. (2023). Digital governance: A conceptual framework and research agenda. Journal of Business Research, 162, 113777. https://doi.org/10.1016/j.jbusres.2023.113777
IAASB. (2015). ISA 701: Communicating Key Audit Matters in the Independent Auditor’s Report. International Auditing and Assurance Standards Board.
IFAC (International Federation of Accountants). (2016). 2016-2017 IAASB Handbook Volume 1 (Vol. 1). https://www.ifac.org/_flysystem/azure-private/publications/files/2016-2017-IAASB-Handbook-Volume-1.pdf
ISACA. (2019). COBIT 2019 Framework: Governance and Management Objectives. ISACA.
IT Governance Ltd. (2024). IT Governance: definition & explanation. Retrieved January 5, 2024, from https://www.itgovernance.co.uk/
Janvrin, D. J., Lowe, D. J., & Bierstaker, J. L. (2012). Auditor acceptance of computer-assisted audit techniques: A literature review and research framework. Journal of Information Systems, 26(1), 67–103.
Joshi, A., Benitez, J., Huygh, T., Ruiz, L., & De Haes, S. (2022). Impact of IT governance process capability on business performance: Theory and empirical evidence. Decision Support Systems, 153, 113668. https://doi.org/10.1016/j.dss.2021.113668
Küster, S., Steindl, T., & Goettsche, M. (2023). The Informational Content of Key Audit Matters: Evidence from Using Artificial Intelligence in Textual Analysis. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4464713
Maroun, W., & Duboisée de Ricquebourg, A. (2023). How auditors identify and report key audit matters - An organizational routines perspective. The British Accounting Review, 101263. https://doi.org/10.1016/j.bar.2023.101263
Mohammadi, E., & Karami, A. (2022). Exploring research trends in big data across disciplines: A text mining analysis. Journal of Information Science, 48(1), 44–56. https://doi.org/10.1177/0165551520932855   
Pfeffer, J., & Salancik, G. R. (1978). The External Control of Organizations: A Resource Dependence Perspective. Harper & Row.
Power, M. (1997). The Audit Society: Rituals of Verification. Oxford University Press.
Russell, S. J., & Norvig, P. (2020). Artificial Intelligence: A Modern Approach (4th ed.). Pearson.
Sirois, L.-P., Bédard, J., & Bera, P. (2018). The informational value of key audit matters in the auditor’s report: Evidence from an international setting. Auditing: A Journal of Practice & Theory, 37(1), 122–146.
Stoel, M. D., & Muhanna, W. A. (2011). IT internal control weaknesses and firm performance: An organizational liability lens. International Journal of Accounting Information Systems, 12(4), 280–304. https://doi.org/10.1016/j.accinf.2011.06.001
Suchman, M. C. (1995). Managing legitimacy: Strategic and institutional approaches. Academy of Management Review, 20(3), 571–610.
Vasarhelyi, M. A., & Halper, F. B. (1991). The continuous audit of online systems. Auditing: A Journal of Practice & Theory, 10(1), 110-125.
Weill, P., & Ross, J. W. (2004). IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press.
Wilkin, C. L., & Chenhall, R. H. (2010). A Review of IT Governance: A Taxonomy to Inform Accounting Information Systems. Journal of Information Systems, 24(2), 107–146. https://doi.org/10.2308/jis.2010.24.2.107
Zhang, C. (Abigail), Cho, S., & Vasarhelyi, M. (2022). Explainable Artificial Intelligence (XAI) in auditing. International Journal of Accounting Information Systems, 46, 100572. https://doi.org/10.1016/j.accinf.2022.100572
Journal of Information System and Technology Auditing
Volume 1, Issue 2 - Serial Number 2
September 2026
Pages 39-56

  • Receive Date 02 November 2025
  • Revise Date 27 December 2025
  • Accept Date 23 February 2026
  • Publish Date 23 September 2025