---

Executive management has urged national governments and industrial and commercial organizations to assign top priority to uphold information quality and maintain systems security. In response, protective mechanisms abound. Yet calls for new, innovative countermeasures never stop because no sooner a new method is released than it is rendered impotent by the ever cunning and lurking predators. The intelligent Risk-analytic Audit method that integrates Risk Management, Expert System, and Auditing, is a new preventive measure. The book is about this new method, and how it is conceptualized, developed and tested. It should appeal to the scholars as well as the practicing professionals in the information security management sector including internal and external auditors, as words from the academic circle and practitioners corner: the concept can form the basis for formalizing an auditor s thinking process when planning the scope of a computer centre audit , and we are looking for a tool that will help us to plan our audits and assess our risks, and from my information, it seems the iRA model will facilitate this need have testified.

---

DBA, MBA, BA, FBCS, FIMA, FHKIE, FHKCS. Formerly, Head, Dept of Computer Studies (Lingnan University, HK); currently, special lecturer in Computer Ethics & Computer Audit (HK Polytechnic University), Hon Research Associate in Information Security & Cryptography (HK University), Hon Assoicate, Business School (HK Baptist University), etc.

---