AUDITING OF INFORMATION TECHNOLOGY INVESTMENTS IN THE DIGITAL ERA: FROM RISK IDENTIFICATION TO AN AUDIT FRAMEWORK ALIGNED WITH THE DIGITAL TRANSFORMATION ROADMAP

Abstract

In the context of digital transformation, Information Technology (IT) investment— encompassing both capital expenditure on assets and operating expenditure on digital services-plays an increasingly pivotal role in organizational governance and performance. The intangible nature of digital assets and the growing reliance on external providers render traditional audit methods, which primarily focus on procedural and documentary checks, increasingly inadequate. This study proposes an IT Investment Audit Framework based on the DIKW (Data–Information–Knowledge–Wisdom) model, designed to align audit activities with an organization’s level of digital maturity. Drawing on international governance standards (COBIT, ISO/IEC 27001, NIST) and the Vietnamese legal framework, the research focuses on two key objectives: (1) Identifying and classifying IT investment risks into three core categories (compliance and reliability of information; fairness and reasonableness; and investment decision effectiveness); and (2) Constructing a layered audit framework structured along the DIKW hierarchy and investment lifecycle. The findings advocate for a paradigm shift from a “procurement procedure checking” approach to a “value- and data-risk-oriented” auditing approach, leveraging IT systems as sources of digital evidence to enhance transparency, accountability, and the effectiveness of digital spending in Vietnam.