Abstract
Auditors and systems analysts are increasingly called upon to determine the impact of a disaster striking the computer system. Current risk analysis methods rely on some variation of expected value analysis. The expected value method suffers from serious drawbacks in this application because probabilities of disaster are difficult to estimate and the loss distributions are likely to be highly skewed. This article presents an improved methodology for dealing with EDP risk analysis and contingency planning. It is based on the concept of stochastic dominance and it provides a more accurate comparison of the various contingency plans by dealing with estimates of the entire loss distribution. This methodology also focuses on the differences between contingency plans, rather than on the cause of the disaster. The application of this methodology is illustrated for the case of a hypothetical medium-sized bank using aggregated data.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
