Sarcouncil Journal of Engineering and Computer Sciences

Abstract: Port operations in the United States have grown into highly digitalized environments, where sophisticated information systems are leveraged to support logistics, security, and regulatory compliance. As these digital infrastructures become increasingly critical to operational and national security, the integrity and value of IT audit procedures have similarly increased in significance. In this vein, this study examines U.S. port operations, evaluating their adequacy, uncovering prevailing challenges, and assessing their alignment with compliance mandates issued by governing bodies, such as the Maritime Transportation Security Act (MTSA) and the Customs-Trade Partnership Against Terrorism (C-TPAT). The study also discovers the major gaps, and areas of IT audit in different port facilities through an extensive review of IT audit frameworks and case studies. The study finds that although most ports have implemented basic cybersecurity measures and compliance checks, a lack of in-depth skills in auditing for risk assessment, testing third-party systems, and incident response preparedness has left ports vulnerable. A significant reliance on self-reported compliance without objective third-party verification was also noted. These deficiencies reflect weaknesses that could be exploited, posing national security risks and disrupting operations. The findings provide insights about the urgent need for a standardized, risk-based IT audit model tailored specifically for port environments, integrating continuous monitoring, independent validation, and enhanced incident response auditing. Addressing these issues is essential to continue to protect U.S. ports as critical infrastructure within the global supply chain.