COMPARISON OF INTERNATIONAL AUDIT STANDARDS FOR INFORMATION SECURITY WITH AUTOMATION PERSPECTIVES

This study presents a comparative analysis of three widely recognized audit-related international standards such as ISO 19011, ISO/IEC 27007, and ISA 200, aimed at identifying the most suitable methodological foundation for further research on the automation of audit management processes. The motivation for this work stems from the increasing complexity of audit activities in modern organizations and the growing need for structured, reproducible, and automatable audit procedures. A review of recent publications shows that comparative studies of audit standards remain limited, particularly in the context of information security and artificial intelligence, which underscores the relevance and originality of the present research. The evaluation methodology developed in this study incorporates a multi-criteria approach that considers academic visibility, general web presence, and the recency of each standard. Quantitative data from Google Scholar and Google Search were normalized using a dedicated formula to ensure comparability across different metrics. According to the calculated results, ISA 200 achieved the highest overall score due to its wide citation base and broad applicability across financial audit domains, while ISO/IEC 27007 received the lowest score because of its narrower scope and lower visibility. Despite ISA 200’s quantitative advantage, the qualitative assessment demonstrates that ISO 19011 provides the most structured, universal, and adaptable audit framework, built around a clearly defined PDCA lifecycle. This structure is particularly advantageous for audit automation, as it offers a systematic sequence of actions that can be formalized and later integrated into AI-driven decision-making systems. Therefore, ISO 19011 is identified as the most appropriate standard for guiding future research on automated audit methodologies and for developing intelligent tools capable of supporting audit planning, execution, and follow-up activities.