COMPUTERS PRESENT NUMEROUS OCCASIONS FOR FRAUD AND EMBEZZLEMENT THAN CAN BE PERPETRATED BY CHANGING DATA IN COMPUTER SYSTEMS. 'PEOPLE' ARE CREATED FICTITIOUSLY AND USED TO COLLECT INSURANCE PAYMENTS AND SOCIAL SECURITY. A COMPUTER'S OUTPUT CAN BE DISTORTED JUST AS EASILY AS THE INPUT: ONE COMPUTER OPERATOR SIMPLY ARRANGES TO REPEAT THE PUNCHING OF HIS OWN PAYCHECK. ALTHOUGH DIVISION OF DUTIES PREVENTS AN OPERATOR IN A WELL-RUN SHOP FROM WRITING PROGRAMS FOR HIS MACHINE, THAT OPERATOR CAN STILL PROGRAM ANOTHER MACHINE. MANY OPERATORS COULD EASILY WALK OUT WITH A BACKUP TAPE FOR A DISC MASTER FILE, COPY IT WITH A SLIGHT ALTERATION LEAVING THE CONTROLS INTACT, AT A SERVICE BUREAU, AND RETURN IT. A DELIBERATE MISTAKE WOULD REQUIRE THE DATA TO BE RECOVERED FROM THE BACKUP TAPE WITH THE UNAUTHORIZED CHANGE. OPERATORS ARE ALSO QUITE CAPABLE OF APPROPRIATING COMPUTER TIME FOR THEIR OWN ENTERTAINMENT. ONE EXAMPLE IS A TEAM THAT TAUGHT ITSELF ASSEMBLER LANGUAGE PROGRAMMING AND DEVELOPED A DRAUGHTS PLAYING PROGRAM. EVEN A NON EXPERT CAN SUCCESSFULLY EMBEZZLE FUNDS FROM A BANK; A CHIEF-TELLER EMBEZZLED $1,500,000 OVER 3 YEARS NOT BY ADJUSTING THE COMPUTER BUT BY USING HIS AUTHORITY TO CLAIM DATA-PROCESSING ERRORS. ALTHOUGH NO ENTIRELY SAFE COMPUTER SYSTEM EXISTS, THE RISK CAN BE IDENTIFIED, MEASURED, AND CONTROLLED BY LOSS AVOIDANCE, PREVENTION, REDUCTION, OR TRANSFER. THE PRACTICAL APPROACH BEGINS WITH A COMPUTER SECURITY AUDIT CONDUCTED BY A COMPETENT PROFESSIONAL. ONCE THE RISKS ARE PROPERLY IDENTIFIED, THE COMPANY MUST DECIDE WHETHER TO ACCEPT A RISK, INSURE AGAINST IT, OR TAKE MEASURES TO PROTECT AGAINST IT. (SAJ)