ELECTRONIC DATA PROCESSING HAS INTRODUCED NEW TECHNIQUES AND PROCEDURES, BUT THE FOUNDATION AND OBJECTIVES OF INTERNAL CONTROL, REMAIN THE SAME. THE SPECIAL CONSIDERATION SHOULD BE FOR ADDITIONS TO AND VARIATIONS FROM THE BASIC STRUCTURE. ONE PRIMARY RULE OF INTERNAL CONTROL WHICH IS APPLICABLE TO BOTH MANUAL AND COMPUTER SYSTEMS IS THE SEGREGATION OF FUNCTIONS. THIS PREVENTS A SINGLE INDIVIDUAL FROM ACCESSING ENOUGH AREAS OF DATA PROCESSING TO ACCOMPLISH SERIOUS THEFT OR ABUSE. ROTATION OF ASSIGNMENTS CAN ALSO PROVIDE CHECKS UPON ABUSE OF PARTICULAR FUNCTIONS IN THE SYSTEM. IN AN ONLINE SYSTEM, A LOG OF INCOMING MESSAGES CAN BE WRITTEN IN MEMORY, ON MAGNETIC TAPE, AND ON DISC. ITS PERMANENCE AND AVAILABILITY FOR PRINTOUT IS THEN A MATTER OF CHOICE, AND ITS FORM CAN PROVIDE DETAILED COVERAGE OF A SOURCE-PRINTED AUDIT TRAIL WHEN AND IF IT IS REQUIRED. INCOMING MESSAGES SHOULD ALSO BE GIVEN IDENTIFICATION AND VALIDATION CHECKS. THE COMPUTER CAN BE INSTRUCTED TO RECORD THE REJECTED MESSAGES AND THE TIME OF REJECTION. COMPUTERS CAN BE PROGRAMMED TO EXERT CONTROL OVER ADMINISTRATIVE PROCEDURES, SUCH AS NOTIFICATION OF FAILURE TO TAKE SPECIFIC ACTION WITHIN A SPECIFIED TIME PERIOD. THE EXTENT OF INTERNAL CONTROL MUST BE JUDGED BY COMPARING THE RISK PROBABILITY AND POTENTIAL LOSSES WITH THE COST OF PROVIDING THE INTERNAL CONTROLS NECESSARY TO SIGNIFICANTLY REDUCE THE RISK FACTOR. ACCESS CONTROLS IN A COMPUTER SYSTEM VERIFY THE IDENTIFICATION AND AUTHORIZATION OF THE POTENTIAL USER. ACCESS CONTROL CAN BE STRUCTURED INTO FIVE LEVELS: (1) SYSTEM, (2) PROGRAMS, (3) FILES, (4) RECORDS WITHIN THE FILES, AND (5) DATA ITEMS OR FIELDS WITHIN THE RECORDS. EACH LEVEL IS ASSOCIATED WITH A SOFTWARE SYSTEM THAT CONTROLS THAT LEVEL. INTEGRITY MANAGEMENT INVOLVES ENSURING THE CHARACTER AND QUALIFICATIONS OF PERSONNEL PERFORMING VARIOUS FUNCTIONS. WHILE IT IS DIFFICULT TO ASSURE, SUCCESS CAN PROVIDE THE MOST EFFECTIVE CONTROL. (RCB)