THE GUIDE IS DESIGNED FOR BANK EXAMINERS WHO EVALUATE AUDIT EFFECTIVENESS, FOR AUDITORS WHO EVALUATE COMPUTER SYSTEMS AND NETWORK SECURITY, AND FOR EDP MANAGERS. THE GUIDE IS ORGANIZED AROUND 20 OCCUPATIONS CHOSEN BECAUSE THEY INVOLVE SKILLS, KNOWLEDGE, AND ACCESS RELEVANT TO THE SECURITY OF COMPUTER SERVICES AND ASSETS FOUND IN EDP AND EFT. FOUR CLASSES OF VULNERABILITIES (PHYSICAL, TRANSACTIONAL, PROGRAMMING, AND ELECTRONIC), 17 TYPES OF AUDIT TOOLS AND TECHNIQUES FOR DETECTION, AND 8 CLASSES OF CONTROLS FOR DETECTION AND PREVENTION ARE IDENTIFIED. FOR EACH OCCUPATION, THE FOLLOWING INFORMATION IS PRESENTED: JOB FUNCTIONS; PROBABLE EFT EMPLOYERS; SECURITY-RELEVANT SKILLS, AND WORK AREA ACCESS; VULNERABILITIES OF AN EDP SYSTEM TO ACCIDENTAL OR INTENTIONAL ACTS BY A PERSON IN THE OCCUPATION; AUDIT TOOLS AND TECHNIQUES AND EDP CONTROLS THAT CAN REDUCE THE VULNERABILITIES; AND RELATED ISSUES AND PROBLEMS. OTHER SECTIONS OF THE GUIDE DESCRIBE THE EDP AND EFT ENVIRONMENT, GENERAL REMEDIES THAT APPLY TO EDP AND EFT PERSONNEL, CLASSIFICATION OF VULNERABILITIES, AND AUDIT TOOLS AND CONTROLS. CHARTS AND DIAGRAMS ARE PROVIDED. (AUTHOR ABSTRACT MODIFIED--LKM)