{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:24Z","timestamp":1783965864869,"version":"3.55.0"},"reference-count":54,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105036","type":"journal-article","created":{"date-parts":[[2026,6,21]],"date-time":"2026-06-21T14:34:54Z","timestamp":1782052494000},"page":"105036","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Enhancing IT audit risk assessment: A comprehensive model using bow-tie and fuzzy Bayesian networks"],"prefix":"10.1016","volume":"170","author":[{"given":"HuaPing","family":"Wu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4158-0972","authenticated-orcid":false,"given":"Jidong","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ruijia","family":"Tian","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yi","family":"Ren","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"issue":"2","key":"10.1016\/j.cose.2026.105036_bib0001","doi-asserted-by":"crossref","first-page":"1","DOI":"10.2478\/jfap-2021-0006","article-title":"Identification of information system audit Quality factors","volume":"1","author":"Alagi\u0107","year":"2021","journal-title":"J. Forensic Account. Prof."},{"issue":"3","key":"10.1016\/j.cose.2026.105036_bib0002","doi-asserted-by":"crossref","DOI":"10.1371\/journal.pone.0247437","article-title":"How efficient are German life sciences? Econometric evidence from a latent class stochastic output distance model","volume":"16","author":"Angelova","year":"2021","journal-title":"PLoS. One"},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0003","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1007\/s44248-025-00081-z","article-title":"Theoretical and practical insights into digital technologies in internal auditing: a bibliometric analysis of trends and future directions (1980\u20132024)","volume":"3","author":"Baharom","year":"2025","journal-title":"Discov. Data"},{"issue":"3","key":"10.1016\/j.cose.2026.105036_bib0005","doi-asserted-by":"crossref","DOI":"10.1371\/journal.pone.0230122","article-title":"Technical assessment of small-scale wind power for residential use in Mexico: a Bayesian intelligence approach","volume":"15","author":"Borunda","year":"2020","journal-title":"PLoS. One"},{"key":"10.1016\/j.cose.2026.105036_bib0006","series-title":"Integrating Cybersecurity Into Internal Audit Through a Self-Assessment Tool Based On a Systematic Literature Review","first-page":"97","author":"Cernovschi","year":"2025"},{"key":"10.1016\/j.cose.2026.105036_bib0007","series-title":"IT Auditing: Using Controls to Protect Information Assets","author":"Coronado","year":"2014"},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0009","doi-asserted-by":"crossref","first-page":"6956","DOI":"10.1038\/s41598-024-57445-9","article-title":"An application of AHP and fuzzy entropy-TOPSIS methods to optimize upstream petroleum investment in representative African basins","volume":"14","author":"Cui","year":"2024","journal-title":"Sci. Rep."},{"issue":"11","key":"10.1016\/j.cose.2026.105036_bib0010","doi-asserted-by":"crossref","DOI":"10.1016\/j.heliyon.2018.e00984","article-title":"Improved quantum clustering analysis based on the weighted distance and its application","volume":"4","author":"Decheng","year":"2018","journal-title":"Heliyon."},{"issue":"8","key":"10.1016\/j.cose.2026.105036_bib0011","doi-asserted-by":"crossref","first-page":"854","DOI":"10.3103\/S0146411620080118","article-title":"A procedure for improving information system audit quality by enhancing cyberthreat simulation in practice","volume":"54","author":"Eremeev","year":"2020","journal-title":"Autom. Control Comput. Sci."},{"issue":"2","key":"10.1016\/j.cose.2026.105036_bib0012","doi-asserted-by":"crossref","first-page":"141","DOI":"10.2308\/JETA-2020-004","article-title":"Continuous auditing and risk-based audit planning\u2014An empirical analysis","volume":"17","author":"Eulerich","year":"2020","journal-title":"J. Emerg. Technol. Account."},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0013","first-page":"1","article-title":"Prognosis model of advanced non-small-cell lung cancer based on the Max-Min Hill-Climbing algorithm","volume":"2022","author":"Fu","year":"2022","journal-title":"Comput. Math. Methods Med."},{"key":"10.1016\/j.cose.2026.105036_bib0015","article-title":"Managing risk in information systems","author":"Gibson","year":"2020","journal-title":"Jones Bartlett Learn."},{"issue":"4","key":"10.1016\/j.cose.2026.105036_bib0016","doi-asserted-by":"crossref","first-page":"906","DOI":"10.1108\/JEIM-07-2022-0228","article-title":"Information systems security resilience as a dynamic capability","volume":"36","author":"Goel","year":"2023","journal-title":"J. Enterp. Inf. Manag."},{"key":"10.1016\/j.cose.2026.105036_bib0018","doi-asserted-by":"crossref","DOI":"10.1016\/j.ssci.2021.105285","article-title":"A novel fuzzy dynamic bayesian network for dynamic risk assessment and uncertainty propagation quantification in an uncertainty environment","volume":"141","author":"Guo","year":"2021","journal-title":"Saf. Sci."},{"issue":"4","key":"10.1016\/j.cose.2026.105036_bib0019","doi-asserted-by":"crossref","first-page":"1028","DOI":"10.33394\/j-ps.v11i4.8871","article-title":"Systematic literature review on auditing information technology risk management using the COBIT framework","volume":"11","author":"Handayani","year":"2023","journal-title":"Prisma Sains: J. Pengkaj. Ilmu dan Pembelajaran Mat. dan IPA IKIP Mataram"},{"key":"10.1016\/j.cose.2026.105036_bib0021","doi-asserted-by":"crossref","DOI":"10.1016\/j.accinf.2021.100533","article-title":"The impact of the input level of information system audits on audit quality: korean evidence","volume":"43","author":"Huh","year":"2021","journal-title":"Int. J. Account. Inf. Syst."},{"key":"10.1016\/j.cose.2026.105036_bib0023","series-title":"ISO 31000:2018","year":"2018"},{"key":"10.1016\/j.cose.2026.105036_bib70","article-title":"COBIT 2019 framework: Governance and management objectives","year":"2019","journal-title":"ISACA"},{"issue":"8","key":"10.1016\/j.cose.2026.105036_bib0024","doi-asserted-by":"crossref","DOI":"10.1016\/j.heliyon.2021.e07835","article-title":"Risk assessment of fire, explosion, and release of toxic gas of Siri\u2013Assalouyeh sour gas pipeline using fuzzy analytical hierarchy process","volume":"7","author":"Jabbari","year":"2021","journal-title":"Heliyon."},{"issue":"3","key":"10.1016\/j.cose.2026.105036_bib0026","doi-asserted-by":"crossref","first-page":"1070","DOI":"10.1080\/00207543.2017.1370148","article-title":"Dynamic risk assessment of complex systems using FCM","volume":"56","author":"Jamshidi","year":"2018","journal-title":"Int. J. Prod. Res."},{"issue":"4","key":"10.1016\/j.cose.2026.105036_bib0027","doi-asserted-by":"crossref","DOI":"10.1098\/rsos.191566","article-title":"Comprehensive evaluation system for stability of multiple dams in a uranium tailings reservoir: based on the TOPSIS model and bow tie model","volume":"7","author":"Jiang","year":"2020","journal-title":"R. Soc. Open. Sci."},{"issue":"8","key":"10.1016\/j.cose.2026.105036_bib0028","doi-asserted-by":"crossref","DOI":"10.1371\/journal.pone.0022075","article-title":"A Bayesian method for evaluating and discovering disease loci associations","volume":"6","author":"Jiang","year":"2011","journal-title":"PLoS. One"},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0029","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1002\/ieam.4332","article-title":"Bayesian networks in environmental risk assessment: a review","volume":"17","author":"Kaikkonen","year":"2020","journal-title":"Integr Env. Assess Manag"},{"issue":"12","key":"10.1016\/j.cose.2026.105036_bib0030","doi-asserted-by":"crossref","first-page":"5716","DOI":"10.3390\/s23125716","article-title":"Environmental engineering applications of electronic nose systems based on MOX gas sensors","volume":"23","author":"Khorramifar","year":"2023","journal-title":"Sensors"},{"issue":"24","key":"10.1016\/j.cose.2026.105036_bib0031","doi-asserted-by":"crossref","first-page":"5031","DOI":"10.3390\/ijerph16245031","article-title":"A multi-criteria decision-making model for evaluating senior daycare center locations","volume":"16","author":"Lee","year":"2019","journal-title":"Int J Env. Res Public Health"},{"issue":"2","key":"10.1016\/j.cose.2026.105036_bib0032","first-page":"576","article-title":"Technology-based practical blockchain system audit maturity model","volume":"28","author":"Lee","year":"2021","journal-title":"Teh. Vjesn."},{"issue":"12","key":"10.1016\/j.cose.2026.105036_bib0033","doi-asserted-by":"crossref","first-page":"1489","DOI":"10.3390\/mi12121489","article-title":"A review of the commercially available ECG detection and transmission systems\u2014The fuzzy logic approach in the prevention of sudden cardiac arrest","volume":"12","author":"Lewandowski","year":"2021","journal-title":"Micromachines. (Basel)"},{"issue":"2\u20133","key":"10.1016\/j.cose.2026.105036_bib71","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1111\/ijau.12306","article-title":"Impact of remote audit on audit quality, audit efficiency, and auditors\u2019 job satisfaction","volume":"27","author":"Li","year":"2023","journal-title":"International Journal of Auditing"},{"issue":"13","key":"10.1016\/j.cose.2026.105036_bib0035","doi-asserted-by":"crossref","first-page":"3726","DOI":"10.3390\/s20133726","article-title":"Movable platform-based topology detection for a geographic routing wireless sensor network","volume":"20","author":"Li","year":"2020","journal-title":"Sensors"},{"key":"10.1016\/j.cose.2026.105036_bib0036","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1016\/j.jbi.2017.02.004","article-title":"Use of ontology structure and bayesian models to aid the crowdsourcing of ICD-11 sanctioning rules","volume":"68","author":"Lou","year":"2017","journal-title":"J Biomed Inf."},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0038","first-page":"26","article-title":"Information technology auditing: a value-added IT governance partnership between IT management and audit","volume":"23","author":"Merhout","year":"2008","journal-title":"Commun. Assoc. Inf. Syst."},{"issue":"15","key":"10.1016\/j.cose.2026.105036_bib0040","doi-asserted-by":"crossref","first-page":"3267","DOI":"10.3390\/s19153267","article-title":"Crowdsourced traffic event detection and source reputation assessment using smart contracts","volume":"19","author":"Mihelj","year":"2019","journal-title":"Sensors"},{"key":"10.1016\/j.cose.2026.105036_bib0041","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ress.2015.02.006","article-title":"Bayesian belief networks for human reliability analysis: a review of applications and gaps","volume":"139","author":"Mkrtchyan","year":"2015","journal-title":"Reliab. eng. syst. saf."},{"issue":"3","key":"10.1016\/j.cose.2026.105036_bib0043","first-page":"1","article-title":"Audit risks in joint-stock companies and the application of international standards in their evaluation","volume":"10","author":"Nematovich","year":"2020","journal-title":"Int. J. Manag. IT Eng."},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0045","first-page":"67","article-title":"Internal auditors\u2019 perceptions of information technology-related risks: a comparison between general auditors and information technology auditors","volume":"37","author":"Nuijten","year":"2023","journal-title":"J. Inf. Syst."},{"issue":"7","key":"10.1016\/j.cose.2026.105036_bib0047","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/07366981.2024.2366482","article-title":"Mapping the intellectual structure and evolution of information technology and auditing: a bibliometric review","volume":"69","author":"Perez Calder\u00f3n","year":"2024","journal-title":"EDPACS"},{"key":"10.1016\/j.cose.2026.105036_bib0048","first-page":"1","article-title":"Process-mining-enabled audit of information systems: methodology and an application","volume":"111","author":"Pierluigi","year":"2018","journal-title":"Expert. Syst. Appl."},{"key":"10.1016\/j.cose.2026.105036_bib0049","series-title":"Enterprise Risk Management: Integrating with Strategy and Performance","first-page":"69","article-title":"Committee of Sponsoring Organizations of the Treadway Commission (COSO)","author":"PricewaterhouseCoopers","year":"2017"},{"issue":"5","key":"10.1016\/j.cose.2026.105036_bib0050","doi-asserted-by":"crossref","first-page":"360","DOI":"10.3390\/e26050360","article-title":"Elicitation of rank correlations with probabilities of concordance: method and application to building management","volume":"26","author":"Ramousse","year":"2024","journal-title":"Entropy"},{"issue":"10","key":"10.1016\/j.cose.2026.105036_bib0051","doi-asserted-by":"crossref","first-page":"3973","DOI":"10.1007\/s10115-020-01480-1","article-title":"A search space optimization method for fuzzy access control auditing","volume":"62","author":"Regateiro","year":"2020","journal-title":"Knowl. Inf. Syst."},{"issue":"3","key":"10.1016\/j.cose.2026.105036_bib0053","doi-asserted-by":"crossref","first-page":"799","DOI":"10.33395\/sinkron.v7i3.11476","article-title":"Information system audit using the COBIT and ITIL frameworks: a literature review","volume":"7","author":"Rusman","year":"2022","journal-title":"Sink.: J. dan Penelit. Tek. Inform."},{"key":"10.1016\/j.cose.2026.105036_bib0054","article-title":"Pathways to developing information technology-enabled capabilities in born-digital new ventures","volume":"68","author":"Sadreddin","year":"2023","journal-title":"Int. J. Inf. Manage"},{"issue":"4","key":"10.1016\/j.cose.2026.105036_bib0056","doi-asserted-by":"crossref","first-page":"431","DOI":"10.1057\/jors.2011.7","article-title":"A bayesian network structure for operational risk modeling in structured finance operations","volume":"63","author":"Sanford","year":"2012","journal-title":"J. Oper. Res. Soc."},{"key":"10.1016\/j.cose.2026.105036_bib0058","series-title":"IFIP International Information Security Conference","first-page":"259","article-title":"Problem analysis of traditional IT-security risk assessment methods\u2013an experience report from the insurance and auditing domain","author":"Taubenberger","year":"2011"},{"key":"10.1016\/j.cose.2026.105036_bib0059","series-title":"Public Auditing of Log Integrity For Shared Cloud Storage Systems Via Blockchain","author":"Tian","year":"2023"},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0060","first-page":"152","article-title":"Bayesian probabilistic models for corporate context, with an application to internal audit activities","volume":"8","author":"Toraldo","year":"2022","journal-title":"Commun. Stat.: Case Stud. Data Anal. Appl."},{"issue":"5","key":"10.1016\/j.cose.2026.105036_bib0061","doi-asserted-by":"crossref","first-page":"1261","DOI":"10.5194\/hess-26-1261-2022","article-title":"Probabilistic modeling of the inherent field-level pesticide pollution risk in a small drinking water catchment using spatial Bayesian belief networks","volume":"26","author":"Troldborg","year":"2022","journal-title":"Hydrol. Earth Syst. Sci."},{"issue":"1","key":"10.1016\/j.cose.2026.105036_bib0062","first-page":"45","article-title":"Two decades of information security audit research: a meta-analysis review of methods and techniques in information security auditing","volume":"1","author":"Victory","year":"2024","journal-title":"Proc. Int. Semin. Community Econ. Bus. Entrep. (ISCEBE)"},{"key":"10.1016\/j.cose.2026.105036_bib0063","doi-asserted-by":"crossref","first-page":"214","DOI":"10.1016\/j.ins.2021.12.079","article-title":"A three-way decision approach with risk strategies in hesitant fuzzy decision information systems","volume":"588","author":"Wang","year":"2022","journal-title":"Inf Sci (Ny)"},{"key":"10.1016\/j.cose.2026.105036_bib0064","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2019.101659","article-title":"A Bayesian network approach for cybersecurity risk assessment, implementing and extending the FAIR model","volume":"89","author":"Wang","year":"2020","journal-title":"Comput. Secur."},{"issue":"3","key":"10.1016\/j.cose.2026.105036_bib0065","doi-asserted-by":"crossref","first-page":"415","DOI":"10.1080\/0960085X.2024.2311137","article-title":"Impact of strategic capabilities on digital transformation success and firm performance: theory and empirical evidence","volume":"34","author":"Weritz","year":"2025","journal-title":"Eur. J. Inf. Syst."},{"issue":"11","key":"10.1016\/j.cose.2026.105036_bib0066","doi-asserted-by":"crossref","first-page":"3790","DOI":"10.3390\/ijerph17113790","article-title":"Statistical analysis and prediction of fatal accidents in the metallurgical industry in China","volume":"17","author":"Xu","year":"2020","journal-title":"Int J Env. Res Public Health"},{"issue":"7","key":"10.1016\/j.cose.2026.105036_bib0067","doi-asserted-by":"crossref","DOI":"10.1098\/rsos.180212","article-title":"Safety assessment of petrochemical enterprise using the cloud model, PHA\u2013LOPA, and the bow-tie model","volume":"5","author":"Xu","year":"2018","journal-title":"R. Soc. Open. Sci."},{"key":"10.1016\/j.cose.2026.105036_bib0069","doi-asserted-by":"crossref","DOI":"10.7717\/peerj-cs.1317","article-title":"BDMCA: a big data management system for Chinese auditing","volume":"9","author":"Zhou","year":"2023","journal-title":"PeerJ Comput. Sci."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002129?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002129?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:12:36Z","timestamp":1783962756000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826002129"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":54,"alternative-id":["S0167404826002129"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105036","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Enhancing IT audit risk assessment: A comprehensive model using bow-tie and fuzzy Bayesian networks","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105036","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"105036"}}