Abstract: | Auditors are being challenged to make better use of data analytics to identify and assess emerging areas of risk. Traditional methods are not timely and too labor intensive. Business risk changes rapidly and auditors need to implement a continuous assessment process that will allow them to adjust audit plans as risks change. Since this requires access to, and the analysis of, information residing in enterprise resource planning and other information systems, IT auditors are often called on to provide the technical advice and assistance. Therefore, it is important for IT auditors to understand how quantitative indicators of risk can be employed to address this problem. |