Project Summary

The purpose of this project is to develop a platform for managing specific risk assessment activities and IT security controls (measures), key activities that take place within IT audit projects. The platform will be pre-populated with lists of risks and controls, by controls meaning technical and operational measures that reduce risks, offering auditors the possibility to access predefined audit checklists, including the ability to customize their own risk lists and controls for compliance with specific audit requirements and relevant
IT security standards. IT Audit tool will be used by auditors, who can provide access to clients for uploading their own audit records and real time viewing of the status of assessed risks and controls tested by auditors during the IT audit project. The main capabilities associated with the platform include lists of predefined controls and risks, the possibility of customizing them according to needs, efficient management of audit evidence in a secure online environment, the ability to automatically generate audit reports, facilitating collaboration in real time between the members of the audit team and the responsible persons appointed by the audited organizations, the possibility of managing multiple audit projects, support the innovative character of the platform.

Project Team Members

• 5 members from Omega Trust SRL
• 4 members from the National University of Science and Technology POLITEHNICA Bucharest

Updated List of Publications Resulting from the Project

In Phase I, the results were disseminated internally within the mixed team (POLITEHNICA Bucharest & Omega Trust), being used to define functional specifications and prepare the technical development stages.
Public dissemination activities include the following publications:

Dinu, A. From Chaos to Security: A Comparative Study of Lorenz and Rössler Systems in Cryptography. Cryptography 2025, 9, 58. https://doi.org/10.3390/cryptography9030058, Q2 article (pending WOS)

Dinu, A. (2025). The influence of AI-assisted tools on engineering project outcomes. Revista Românească pentru Educaţie Multidimensională, 17(3), 313–328. https://doi.org/10.18662/rrem/17.3/1024, WOS publication (pending WOS)

Dinu, A.; Frunzete, M. Image Encryption Using Chaotic Maps: Development, Application, and Analysis. Mathematics 2025, 13, 2588. https://doi.org/10.3390/math13162588, WOS:001558087100001, Q1 publication

The listed publications were carried out in related fields and contribute to the scientific visibility of the team in the area of information security and complex systems analysis.

Planned Stages

Stage 1 – Analysis of similar systems on the market, risk and control methodologies, conceptual design and components, intermediate specifications

1.1 Research report on similar systems available on the market and components that can be integrated into the platform
1.2 Research report on risk and control methodologies to be implemented within the system
1.3 Research report on conceptual design and targeted components
1.4 Research report containing functional and non-functional specifications for the system (50% progress)

Stage 2 – Final system specifications, application development, application validated and tested in a relevant environment

1.4 Research report containing functional and non-functional specifications for the system (final version)
1.5 Research report containing testing scenarios to be followed during the testing phase
1.6 One article published in a Q1 or Q2 indexed journal in an international impact database; 3 participations in national and international conferences (ISI indexed), both physical and online; 1 article published in a national journal with significant impact on the ICT market

2.1 Application developed and ready for testing
2.2 Testing report
2.3 Application validated in a relevant environment
2.4 One article published in a Q1 or Q2 indexed journal in an international impact database; 3 participations in national and international conferences (ISI indexed), both physical and online; 1 article published in a national journal with significant impact on the ICT market; 1 workshop or conference organized by the Coordinator for dissemination of platform results

Updated List of Main Results Achieved

STAGE 1 – Analysis of similar systems on the market, risk and control methodologies, conceptual design and components, intermediate specifications

Activity 1.1

The project team carried out activities for analyzing similar systems available on the market and identifying relevant components that can be integrated into the future IT Audit Tool platform. The activity covers a research period conducted between February 5 and March 7, 2025 and details the evaluation of 20 audit, compliance and risk management solutions. The analysis focused on critical functionalities from an IT audit and security perspective, platform workflows, supported standards, and the level of adaptation to international and national regulations.

The evaluation of market systems highlights that most solutions are oriented towards compliance management or general operational audits, and less towards a specific and optimized workflow for IT auditors. The research included both established platforms as well as open-source solutions and specialized alternatives.

We identified common limitations of existing products, such as limited coverage of EU standards and legislation, lack of extensive mappings, generic and difficult-to-adapt reports, and the fact that many solutions are designed for compliance managers rather than auditors who require fast, flexible, and analysis-oriented tools. Additionally, none of the analyzed platforms provide full integration of NIS2, DORA, national legislation, or other local regulatory requirements.

Based on the conclusions of the analysis, strategic directions were identified for the development of the IT Audit Tool, aiming to create a modern, flexible, and easy-to-use solution for auditors. The platform will integrate essential functionalities for compliance assessment, facilitate access to relevant information, and support workflows through intuitive tools focused on efficiency and accuracy. The proposed approach aims to consolidate within a single solution all elements necessary for a professional audit process adapted to current market requirements.

Activity 1.2

Within this activity, the project team analyzed and selected the methodologies necessary for the assessment of risks and controls that will form the foundation of the future IT Audit Tool system. The research was conducted between March and July 2025 and aimed to establish a coherent framework aligned with current practices in information security and IT audit.

The approach included studying the main relevant standards and regulations at international and European level, as well as recognized industry best practices. The analysis of these references enabled the definition of a unified approach for identifying, assessing, and treating risks, ensuring that the resulting methodology can be consistently applied across different organizational contexts.

The report highlights the importance of using a clear methodology to ensure a structured and objective audit process, as well as the role of a well-organized risk register in continuously monitoring vulnerabilities and implemented measures. This framework supports a platform designed to assist auditors in prioritizing actions, reducing operational risks, and demonstrating compliance with applicable requirements.

Through its conclusions, the activity contributes to the foundation of a modern system aligned with current security requirements, providing the main directions for integrating risk and control methodologies into the IT Audit Tool architecture.

Activity 1.3

Within this activity, the project team developed the conceptual design of the future IT Audit Tool platform, defining the general structure, proposed architecture, and core components of the system. The research, conducted between July and November 2025, aimed to outline a modern, flexible, and adaptable solution capable of supporting complex IT audit and compliance management processes.

The proposed delivery model for the platform was defined, including cloud-based and client infrastructure deployment options, along with general principles guiding modular development. The main categories of users and their interaction with the system were also defined to ensure a coherent and efficiency-oriented user experience.

Major functional areas of the platform were established, such as project management, standards and documentation library, collaboration workspace within each audit, and mechanisms for organizing information. These elements form the conceptual foundation for developing an integrated tool capable of supporting both auditors and evaluated organizations.

By establishing these directions, the activity provides a structured vision of how the platform will be organized and used, preparing the ground for subsequent phases of technical development and implementation.

Activity 1.4

Within this activity, the project team defined the functional and non-functional specifications required for the development of the IT Audit Tool platform. The actions carried out between November and December 2025 represent an intermediate stage (50% progress) and establish the core requirements that will guide the system’s architecture and behavior in the subsequent implementation phases.

The activity outlines how the platform will manage data, workflows, user interaction, and integration with other systems, ensuring a coherent vision of essential functionalities. It also defines general operating rules, access criteria, and notification mechanisms, with a focus on supporting audit and risk management processes.

On the non-functional side, critical requirements were identified regarding performance, security, availability, scalability, and reliability of the platform. These elements are essential for the safe and efficient operation of a solution intended for organizations managing large volumes of information and complex activities.

By defining these specifications, the activity contributes to establishing a clear framework for further system development, minimizing implementation risks and providing a strategic direction for building a robust platform aligned with current industry requirements.

Updated List of Cognitive and Socio-Economic Impact

At this moment, no information is available.