Computer security auditing constitutes an important part of any organization's security procedures. Because of the many inadequacies of currently used manual methods, thorough and timely auditing is often difficult to attain. Recent literature suggests that expert systems techniques can offer significant benefits when applied to security procedures such as risk analysis, security auditing and intrusion detection. This paper presents an example of a novel expert systems application, an Expert system for Security Auditing (AudES). Issues in development and use of the expert system that are unique to the application domain are discussed.