U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

VULNERABILITY OF COMPUTER AUDITING - TECHNICAL REPORT

NCJ Number
57838
Author(s)
B P LIENTZ; I R WEISS
Date Published
1977
Length
6 pages
Annotation
FUCUSING ON THE STATEMENT ON AUDITING STANDARDS (SAS) NO. 3 OF THE AMERICAN INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS, THIS STUDY EXAMINES THE PROBLEMS ASSOCIATED WITH COMPUTER AUDITING.
Abstract
SAS NO. 3 INDICATES THAT INTERNAL CONTROLS IN THE DATA PROCESSING INSTALLATION SHOULD BE EVALUATED WHEN COMPUTERS ARE USED IN PROCESSING A SIGNIFICANT NUMBER OF ACCOUNTING APPLICIATIONS. SAS NO. 3 FURTHER POINTS OUT THAT AUDITING EXAMINATION SHOULD BE PERFORMED BY PERSONS WITH ADEQUATE TECHNICAL TRAINING AS AUDITORS. HOWEVER, MANY COMPANIES ARE DOING TODAY'S COMPUTER AUDIT WORK WITH YESTERDAY'S AUDITORING EXPERTISE IN TERMS OF EXPERIENCE AND EDUCATION. AS THE INTERNAL CONTROL EVALUATION BECOMES MORE COMPLEX, THE POTENTIAL ERROR RATE AND FRAUDULENT ACTIVITY MAY WIDEN IF THERE ARE NO ADEQUATE CONTROLS. THE NUMBER OF TRANSACTIONS PROCESSED DAILY COULD BE SO VOLUMINOUS THAT A CENTER UNDERGOING UNDETECTED PENETRATION OF ERRORS IN PROCESSING COULD BE SO SEVERELY AFFECTED THAT THE GOING CONCERN CONCEPT FOR THAT COMPANY COULD BECOME INVALID PRIOR TO AN INDEPTH AUDIT. THEREFORE, CONTINOUS SYSTEM INTEGRITY REVIEWS ARE NECESSARY. IN ADDITION, UNAUTHORIZED TRANSACTIONS, NOT COVERED BY SAS NO. 3, CAN SERIOUSLY IMPAIR THE OPERATIONAL INTEGRITY OF THE SYSTEM. THE FINANCIAL STATEMENTS, DEPENDING ON THE SYSTEM, MAY NOT REFLECT THE TRUE STATE OF AFFAIRS OF THE COMPANY. COMPETITION WITHIN AN INDUSTRY COMBINED WITH PRECEDENTS OF LENIENT ATTITUDES TOWARD WHITE COLLAR CRIME AND THE AVAILABLE TECHNOLOGY MAKES SUCH APPROACHES MORE ATTRACTIVE AND LIMITED IN RISK. TWO TABLES ARE PRESENTED: A TABLE OF PENETRATION METHODS, RECOVERY MEASURES IF PENETRATED, PREVENTIVE SECURITY MEASURES, AND COST ELEMENTS OF IMPLEMENTING THE SECURITY MEASURES; A TABLE OF POINTS TO CONSIDER AND QUESTIONS TO ANSWER TO DEVELOP PROPER EXPOSURE VALUES OR PROBABILITIES OF PENETRATION. FOOTNOTES ACCOMPANY THE TEXT. (WJR)