After reviewing internal auditing systems at selected Federal agencies, GAO determined that internal auditing of automatic data processing systems and controls has been inadequate. Moreover, responses by auditors to the challenge of computer auditing have been uneven. Examples are given of effective internal audit work in the following four major areas of audit interest in automatic data processing--systems design and development, equipment acquisition, specific applications, and installation management. More work is needed by both Federal managers and internal auditors to ensure that audits adequately cover the four major areas and that computer-based information systems are better controlled. Specifically, the head of each Federal agency should require internal audit organizations to (1) study the effect of automatic data processing on agency operations, expenditures, and program accomplishments; (2) determine the extent to which computer activities need to be audited; (3) determine whether enough audit resources are available; (4) develop and carry out audits that will provide enough coverage to determine the effective use of resources; and (5) periodically review the audit coverage and adjust resource allocations accordingly. Agency responses, the names of audit groups contacted, and a list of sources for developing automatic data processing audit capability are appended. (Author abstract modified)