COMPUTER FRAUD, WHICH INVOLVES ILLEGAL USE OF A COMPUTER TO GAIN INFORMATION OR ASSETS, IS A MINOR PROBLEM COMPARED TO THE FREQUENCY AND CONSEQUENCES OF COMPUTER PROCESSING ERRORS AND OPERATIONAL ACCIDENTS. PROCESSING ERRORS ARE CAUSED BY POOR CONTROL OVER COMPUTER INFORMATION OR INCORRECT COMPUTER PROCESSING OF INFORMATION. OPERATIONAL ACCIDENTS INCLUDE HUMAN ERROR, MECHANICAL FAILURE, AND MORE EXTENSIVE ACCIDENTS SUCH AS FIRE OR FLOOD. THE PROPER DESIGN AND IMPLEMENTATION OF CONTROLS CAN REDUCE THE RISKS OF PROCESSING ERRORS AND OPERATIONAL ACCIDENTS. CONTROLS MAY BE LOGICAL (FUNCTIONAL AND INDEPENDENT OF THE TECHNICAL ASPECTS OF THE COMPUTER) OR TECHNICAL (PECULIAR TO THE TECHNOLOGY OF ELECTRONIC DIGITAL COMPUTERS), VERTICAL (FOLLOWING THE VERTICAL LINES OF AUTHORITY IN THE ORGANIZATION) OR HORIZONTAL (TRANSMISSION BETWEEN EQUAL LEVELS OF THE ORGANIZATION). WITH A COMPUTER SYSTEM, GREATER EMPHASIS MUST BE GIVEN TO HORIZONTAL CONTROLS THAN WAS TRUE WITH MANUAL SYSTEMS. THE INTERDEPENDENCE OF COMPUTER OPERATIONS IN ALL DEPARTMENTS REQUIRES THAT CONTROLS BE DEVELOPED AS A PLANNED SYSTEM FOR ALL DEPARTMENTS. CONTROLS CAN ALSO BE CATEGORIZED AS PREVENTIVE (KEEP AN EVENT FROM HAPPENING), DETECTIVE (DISCOVER DESTRUCTIVE EVENTS THAT HAVE ALREADY HAPPENED), OR CORRECTIVE (REMEDY ERRORS AND ACCIDENTS THAT HAVE OCCURRED). CONTROLS SHOULD BE COST-EFFECTIVE, IN THAT NO CONTROL SHOULD COST MORE THAN THE POTENTIAL ERRORS IT IS ESTABLISHED TO PREVENT, DETECT, OR CORRECT. AN APPROACH TO ORGANIZING THE AUDIT OF COMPUTER CONTROLS WHICH HAS BEEN USED SUCCESSFULLY IN MANY COMPUTER AUDITS IS DESCRIBED. IN ADDITION, THE FORMAL OBJECTIVE OF THE AUDIT IS DISCUSSED, AND THE ROLES OF THE INTERNAL AND EXTERNAL AUDITORS ARE ADDRESSED. THE USER MANAGER IS INDICATED TO BE THE LOGICAL PERSON RESPONSIBLE FOR CONTROLS OF THE COMPUTER SYSTEM. (RCB)