Submitted:
01 July 2026
Posted:
02 July 2026
You are already at the latest version
Abstract
Keywords:
1. Introduction
2. Materials and Methods
2.1. Formal Modeling of Audit Requirements as Executable Control Rules
2.2. Classification Model of Audit Evidence Types and Their Computational Counterparts
2.3. Conversion Matrix from Audit Assertions to System Functional Modules
2.4. Trusted Software Architecture Driven by Control Mapping
2.5. Control Point Extraction and Rule Orchestration Based on Event Replay
2.6. Evidence Lifecycle Management and Indexed Storage Mechanism
2.7. Control Effectiveness Verification Protocol for Release Testing
3. Results and Discussion
3.1. Business Process Modeling and Audit Scenario Construction
3.2. Implementation of Audit-to-Architecture Mapping Services
3.3. Comparative Analysis of System Performance and Remediation Costs
4. Conclusions
References
- Henriques J, Caldeira F, Cruz T, et al. A survey on forensics and compliance auditing for critical infrastructure protection[J]. IEEE Access, 2024, 12: 2409-2444. [CrossRef]
- Al-Zamil Z S, Appelbaum D A, Nehmer R A. IoT as audit evidence: A reasonable assurance framework[J]. Journal of Emerging Technologies in Accounting, 2024, 21(2): 35-51. [CrossRef]
- Seidenstein T, Marten K U, Donaldson G, et al. Innovation in audit and assurance: A global study of disruptive technologies[J]. Journal of Emerging Technologies in Accounting, 2024, 21(1): 129-146. [CrossRef]
- Foehr T L, Reichelt V, Marten K U, et al. A framework for the structured implementation of process mining for audit tasks[J]. International Journal of Accounting Information Systems, 2025, 56: 100727. [CrossRef]
- Otoom S. Risk auditing for Digital Twins in cyber-physical systems: A systematic review[J]. Journal of Cyber Security and Risk Auditing, 2025, 2025(1): 22-35.
- Biškupić I O, Balković M, Bencarić I. An Evidence-Based Architecture for Trustworthy Asset Discovery in Cybersecurity-Critical IT Environments[J]. Journal of Cybersecurity and Privacy, 2026, 6(2): 67. [CrossRef]
- Al-Zamil Z S, Appelbaum D A, Nehmer R A. IoT as audit evidence: A reasonable assurance framework[J]. Journal of Emerging Technologies in Accounting, 2024, 21(2): 35-51. [CrossRef]
- Kacianka S, Pretschner A. Designing accountable systems[C]//Proceedings of the 2021 ACM conference on fairness, accountability, and transparency. 2021: 424-437.
- Brelih A, Klinc R. Building digital trust in CDE-based BIM workflows: Key strategies[J]. Journal of Information Technology in Construction, 2025, 30. [CrossRef]
- Foehr T L, Reichelt V, Marten K U, et al. A framework for the structured implementation of process mining for audit tasks[J]. International Journal of Accounting Information Systems, 2025, 56: 100727. [CrossRef]





| Audit Assertion | Control Decomposition Items | System Functional Module | Key Parameter Configuration | Output Evidence Object |
| Integrity | Version Locking, Change Validation, Digest Comparison | Version Management Service, Data Validation Service | Version number v, digest algorithm SHA-256S, change window Δt=1 s | Version Snapshot, Difference Record, Digest Value |
| Authorization | Identity Authentication, Role Exclusion, Least Privilege Determination | Identity Authentication Service, Role-Based Access Control Service | Token Time-to-Live (TTL) = 900 s, Role Conflict Set (Rc), Permission Granularity g = API Level | Login records, authorization decision logs |
| Traceability | Global identifier generation, call chain merging, node tracing | Workflow Engine, Trace Service, Log Service | Trace ID, node ID (nid), time precision (milliseconds) | State transition records, call chain records |
| Non-repudiation | Digital signatures, trusted timestamps, dual-person confirmation | Signature service, timestamp service, approval service | Signature algorithm: Ed25519; timestamp deviation ≤ 10 ms; number of verifiers: k=2 | Signature credentials, time proofs, approval records |
| Metrics | Pre-embedded | Post-fix corrections |
| Control Coverage /% | 93.6 | 74.8 |
| Evidence Completeness Rate/% | 95.1 | 69.7 |
| Number of interface modifications | 7 | 24 |
| Number of data structure patches | 3 | 16 |
| Number of modules requiring rework | 4 | 11 |
| Number of regression test cases | 58 | 143 |
| Batches of historical data backfill | 0 | 9 |
| Remediation Hours/h | 86 | 247 |
| Average audit query response time (ms) | 182 | 436 |
| Anomaly path closure rate /% | 92.4 | 68.9 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2026 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).