BASIC INTERNAL CONTROLS THAT REDUCE OPPORTUNITIES FOR COMPUTER FRAUD INCLUDE PHYSICAL SECURITY, DIVISION OF DUTIES, GOOD SUPERVISION, AND CONSCIENTIOUS MANAGEMENT. WHILE ALMOST ANY COMPUTER PROFESSIONAL CAN MANIPULATE A SYSTEM, IT REQUIRES CLEVERNESS AND BUSINESS KNOWLEDGE TO FIGURE OUT HOW TO GAIN ACCESS TO THE MONEY. COLLUSION IS ALSO IMPORTANT, PARTICULARLY THE FAILURE OF OTHER EMPLOYEES TO CHALLENGE UNUSUAL ACTIVITIES OF FELLOW WORKERS OR SUPERVISORS. TYPES OF CRIME RANGE FROM THEFT OF COMPUTER TIME TO STEALING DATA. THE COMPUTER CAN ALSO BE USED TO CREATE FALSE OR MISLEADING DATA, SUCH AS ALTERED CREDIT BUREAU RECORDS. A KNOWLEDGEABLE PROGRAMMER CAN CHANGE CODES FOR HIS BENEFIT, BUT NORMAL ACCOUNTING AND SYSTEM CONTROLS MAKE IT DIFFICULT TO OBTAIN SIGNIFICANT AMOUNTS OF FUNDS WITHOUT DETECTION. DATA PROCESSING PERSONNEL CAN ALSO EXTRACT BRIBES AND KICKBACKS FROM SUPPLIERS. THE MANAGEMENT INFORMATION SYSTEM MANAGER IS IN AN EXCELLENT POSITION TO EXPLOIT THE COMPUTER IF HE IS DIRECTLY INVOLVED IN THE DAILY OPERATION OF THE COMPUTER CENTER. A SYSTEMS ANALYST DOES NOT PARTICIPATE IN ROUTINE COMPUTER OPERATIONS, BUT DOES KNOW HOW TO MAKE KEY PROGRAM CHANGES. OVERALL, THE BIGGEST THREAT FROM APPLICATIONS PROGRAMMERS IS THAT THEY WILL USE SMALL INCREMENTS OF COMPUTER TIME TO DEVELOP THEIR OWN BUSINESSES. BECUASE OF DETAILED KNOWLEDGE OF COMPUTER SYSTEMS, THE SOFTWARE PROGRAMMER OCCUPIES A POTENTIALLY DANGEROUS POSITION. ALSO IN RISK POSITIONS ARE DATA LIBRARIANS WHO COULD SELL RECORDS OR SUPPLIES, OPERATIONS MANAGERS, WHO COULD COVERUP UNAUTHORIZED PROCESSING, AND COMPUTER OPERATORS WHO ARE OFTEN UNSUPERVISED AND HAVE OPPORTUNITIES TO STEAL DATA. THE AUDITING PROFESSION IS CONCERNED ABOUT THE FRAUD POTENTIAL OF ELECTRONIC FUNDS TRANSFER. (MJM)