The respondents represented major companies, building societies, financial and banking institutions, insurance companies, government agencies, and other public sector organizations. Nearly all of them considered the possibility of computer fraud when examining new and existing systems at the design, testing, implementation, and post-implementation levels. More attention was paid by internal auditors to the possibility of fraud when specific reviews were in progress than at the amendment stage. Respondents rated passwords, segregation of duties, and physical security as the most important controls to preventing computer fraud. The most frequently used techniques for detecting computer fraud were listed as installation review, input/output reconciliations, and interrogation software. Training of computer auditors was seen by respondents to be a perennial problem; on-the-job experience was rated as the best training method. The respondants judged minicomputers and electronic funds transfer systems as the most risky in terms of potential fraud. False computer input and unauthorized access were thought to be the most likely methods of committing computer fraud.