THIS THEORY OF COMPUTER FRAUD SHOWS THAT A COMPANY'S PROBABILITY OF BEING VICTIMIZED IS A FUNCTION OF THREE VARIABLES: THE DISHONESTY OF THE WOULD-BE PERPETRATOR, THE OPPORTUNITY THE COMPANY PROVIDES BY POSSESSING INADEQUATE CONTROLS, AND THE WOULD-BE PERPETRATOR'S UNDERLYING MOTIVE FOR COMMITTING FRAUD. MEASURES TO MINIMIZE THESE FACTORS ARE OUTLINED. COMPANIES CAN REDUCE THE AMOUNT OF DISHONESTY AMONG DIRECTORS, OFFICERS, AND PERSONNEL BY FORMULATING WRITTEN POLICIES, GUIDELINES, AND STANDARDS AND DEVELOPING WELL-DESIGNED PERSONNEL PRACTICES (PREEMPLOYMENT SCREENING, POLICIES ON THE NONUSE OR DISCLOSURE OF CONFIDENTIAL INFORMATION, VACATION AND JOB ROTATION POLICIES, CHANNELS FOR ADDRESSING GRIEVANCES, AND PERSONNEL REVIEW PROCEDURES) DIRECTED TOWARD MAINTAINING PERSONNEL INTEGRITY AND JOB SATISFACTION. ADMINISTRATIVE AND INTERNAL CONTROLS WHICH CAN REDUCE COMPANY RISK INCLUDE INPUT, OUTPUT, ADJUSTMENT AND ERROR CORRECTION CONTROLS DESIGNED INTO THE SYSTEM, MANAGEMENT REPORTING, AND DOCUMENTATION. SAFEGUARDS AND TECHNIQUES BEING DEVELOPED PARTICULARLY FOR COMPUTER SECURITY INCLUDE TERMINAL PHYSICAL SECURITY DEVICES AND USER IDENTIFICATION AND AUTHENTICATION FEATURES. THERE ARE THREE BASIC FORMS OF COMPUTER FRAUD: (1) INPUT TRANSACTION MANIPULATION, (2) UNAUTHORIZED PROGRAM MODIFICATION, AND (3) FILE ALTERATION AND SUBSTITUTION. COUNTERMEASURES FOR EACH OF THESE FORMS ARE DESCRIBED. LOSS RECOVERY THROUGH FRAUD INSURANCE AND FRAUD DETECTION AND INVESTIGATION ARE DISCUSSED; PRACTICAL WAYS TO PLAN INVESTIGATIONS, RECOGNIZE CLUES, USE COVERT INVESTIGATIVE METHODS, AND QUESTION SUSPECTS AND WITNESSES ARE PROVIDED. THE BOOK ALSO DESCRIBES FEDERAL CRIMINAL LAWS AND EVIDENCE RULES ON INVESTIGATING COMPUTER FRAUD. APPENDIXES CONTAIN SAMPLE CONTROL AND EVALUATION FORMS AND TABLES, SOURCES OF SOFTWARE AIDS AND A DISCUSSION OF THE ATTRIBUTES OF 15 SOFTWARE PACKAGES, A SAMPLE CONFESSION FORM, AND OTHER INVESTIGATIVE AIDS.