Combining hazard models with SIR (Susceptible-Infected-Removed) epidemic modeling provides a means of calculating the optimal information systems audit strategy. Treating audit as a sequential test allows for the introduction of censoring techniques that enable the estimation of benefits from divergent audit strategies. This process can be used to gauge the economic benefits of these strategies in the selection of an optimal audit process designed to maximize the detection of compromised or malware infected hosts.