COMPUTER FRAUD SCHEMES INVOLVE ENORMOUS AMOUNTS OF MONEY, AND THE PERPETRATORS ARE OFTEN CAUGHT ONLY BY ACCIDENT. SEVERAL ASPECTS OF A COMPUTERIZED SYSTEM CONTRIBUTE TO ITS VULNERABILITY TO EMBEZZLEMENT: ONE PROGRAMMER HANDLES NUMEROUS ACCOUNTS, RECORDS ARE INVISIBLE AND MANY DETAILS NEVER APPEAR ON A PRINTOUT, AND SYSTEM CONTROLS ARE STORED IN THE COMPUTER WHERE THEY CAN BE MANIPULATED BY A SKILLED PROGRAMMER. MANY EXECUTIVES LACK AN UNDERSTANDING OF COMPUTERS AND THEIR POTENTIAL FOR FRAUD AND THUS NEGLECT SECURITY. AN ORGANIZATION CAN IMPROVE COMPUTER SECURITY BY LIMITING ACCESS TO COMPUTER ROOM AND RESTRICTING ACCESS TO THE COMPUTER ITSELF. PASSWORD SYSTEMS WHICH PERMIT USERS TO 'LOG ON' TO THE COMPUTER DO NOT PROVIDE COMPLETE SECURITY, ALTHOUGH PROCEDURAL REFINEMENTS HAVE REDUCED THEIR WEAKNESSES. OTHER ACCESS CONTROL METHODS INCLUDE MAGNETICALLY ENCODED CARDS AND MATCHING OF SIGNATURES, VOICEPRINTS, AND HAND GEOMETRY. BUILTIN CONTROLS OVER THE VALIDITY OF DATA FIELDS CAN ALSO BE ESTABLISHED. USING THIS APPROACH, THE COMPUTER CAN BE PROGRAMMED TO PRINT AN EXCEPTION NOTICE FOR ANY WORK HOURS THAT EXCEEDED A SET LIMIT. A FORMULA IS PROVIDED TO DETERMINE THESE LIMITS, TAKING INTO ACCOUNT INDIVIDUAL FACTORS ABOUT EMPLOYEES. SINCE A FEW KEY EMPLOYEES AND SOME EXPENSIVE MACHINERY REPLACE MANY ACCOUNTING CLERKS, FIRMS MUST CAREFULLY SELECT INDIVIDUALS FOR COMPUTER POSITIONS. COMPANIES SHOULD ALSO SEPARATE PROGRAMMING AND OPERATING DUTIES AND ROTATE ASSIGNMENTS. TECHNIQUES FOR AUDITING COMPUTERIZED INFORMATION SYSTEMS HAVE IMPROVED AND INCLUDE CHECKLISTS SUCH AS SAFE, THE SECURITY AUDIT AND FIELD EVALUATION FOR COMPUTER FACILITIES AND INFORMATION SYSTEMS. FOOTNOTES ARE PROVIDED. (MJM)