Evaluating How Cybersecurity Threat Intelligence Enhances AI-Driven Risk Assessment in Internal Auditing

Authors

  • Muhammad Rashid Mahmood
  • Dr. Shahid Naseem
  • Khan Imdad Ullah

Abstract

The increasing adoption of artificial intelligence (AI) in internal auditing has transformed risk assessment practices, enabling continuous monitoring, predictive analytics, and data-driven audit planning. However, the effectiveness of AI-driven risk assessment in cyber-relevant domains remains uneven, often producing misleading signals or false confidence when applied without sufficient contextual understanding of the external threat environment. This study examines how cybersecurity threat intelligence (CTI) enhances the effectiveness of AI-driven risk assessment in internal auditing. Grounded in Information Processing Theory, the study develops a theory-driven conceptual framework explaining how CTI and AI function as complementary capabilities that jointly reduce environmental uncertainty. AI-driven analytics expand information processing capacity, while CTI enhances information richness by providing external context, interpretive meaning, and anticipatory insight into evolving cyber threats. The framework specifies direct effects of CTI on audit risk assessment effectiveness, mediating mechanisms of contextual enrichment and signal-to-noise improvement, moderating effects of AI integration maturity and governance, and dynamic feedback effects over time. The framework is analytically applied across varying levels of CTI maturity, demonstrating non-linear threshold effects in which meaningful improvements in audit risk assessment effectiveness emerge only when intelligence quality, integration, and governance reach sufficient maturity. The analysis further identifies key failure modes, including intelligence noise amplification, automation bias, and feedback-loop path dependence, and proposes concrete governance and control mechanisms to mitigate these risks. This study contributes to the literature by extending Information Processing Theory to internal audit risk assessment under cyber uncertainty, introducing cybersecurity threat intelligence as a foundational antecedent to AI-driven audit analytics, and providing a structured roadmap for responsible adoption. For practice, the findings underscore that the value of AI in internal auditing depends not only on algorithmic sophistication but on the quality, relevance, and governance of the intelligence that informs it.

Keywords:    Cybersecurity threat intelligence; AI-driven risk assessment; Internal auditing; Audit analytics; Cyber risk governance; Information Processing Theory; Artificial intelligence governance; Continuous auditing

Downloads

Published

2026-01-22

How to Cite

Muhammad Rashid Mahmood, Dr. Shahid Naseem, & Khan Imdad Ullah. (2026). Evaluating How Cybersecurity Threat Intelligence Enhances AI-Driven Risk Assessment in Internal Auditing. Policy Journal of Social Science Review, 4(1), 134–158. Retrieved from https://policyjssr.com/index.php/PJSSR/article/view/718

Issue

Vol. 4 No. 1 (2026): Policy Journal of Social Science Review

Section

Articles