Data were gathered through either 45 site visits or a mail survey of 1,500 various industry groups and government agencies in Canada, the United States, Europe, and Japan. Computer information systems are presented in six phases: transaction origination, data processing transaction entry, data communication controls, computer processing, data storage and retrieval, and output processing. Each phase is further subdivided into control areas and the control types used in the organizations visited. The controls are representative of the types of controls currently implemented in data processing operations. The report discusses the state-of-the-art of data processing auditing and the importance of the audit function and outlines a comprehensive role for internal audit in the data processing environment. It describes specific controls for computer-based information systems. Controls are presented for each of the six control phases listed above. It then describes general controls applicable to the computer service center and application systems development. Internal auditors or data processing management can use controls to review the general controls in their computer service centers and systems development procedures. They are representative of computer-based information systems in large organizations and involve accounts receivable control, order entry control, inventory management control, and point of sale control. Tabular data, charts, and a glossary are included, and the research methodology is appended. For additional reports in this series, see NCJ 73524-25. (Author abstract modified)