skip navigation

PUBLICATIONS

Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

 

NCJ Number: 67607 Find in a Library
Title: INTERNAL CONTROL IS NOT OPTIONAL
Journal: MANAGEMENT ACCOUNTING  Volume:57  Issue:2  Dated:(AUGUST 1975)  Pages:49-51
Author(s): G W DEVLIN
Date Published: 1975
Page Count: 3
Format: Article
Language: English
Country: United States of America
Annotation: INTERNAL CONTROL PROCEDURES FOR COMPUTER SYSTEMS ARE DESCRIBED.
Abstract: ELECTRONIC DATA PROCESSING HAS INTRODUCED NEW TECHNIQUES AND PROCEDURES, BUT THE FOUNDATION AND OBJECTIVES OF INTERNAL CONTROL, REMAIN THE SAME. THE SPECIAL CONSIDERATION SHOULD BE FOR ADDITIONS TO AND VARIATIONS FROM THE BASIC STRUCTURE. ONE PRIMARY RULE OF INTERNAL CONTROL WHICH IS APPLICABLE TO BOTH MANUAL AND COMPUTER SYSTEMS IS THE SEGREGATION OF FUNCTIONS. THIS PREVENTS A SINGLE INDIVIDUAL FROM ACCESSING ENOUGH AREAS OF DATA PROCESSING TO ACCOMPLISH SERIOUS THEFT OR ABUSE. ROTATION OF ASSIGNMENTS CAN ALSO PROVIDE CHECKS UPON ABUSE OF PARTICULAR FUNCTIONS IN THE SYSTEM. IN AN ONLINE SYSTEM, A LOG OF INCOMING MESSAGES CAN BE WRITTEN IN MEMORY, ON MAGNETIC TAPE, AND ON DISC. ITS PERMANENCE AND AVAILABILITY FOR PRINTOUT IS THEN A MATTER OF CHOICE, AND ITS FORM CAN PROVIDE DETAILED COVERAGE OF A SOURCE-PRINTED AUDIT TRAIL WHEN AND IF IT IS REQUIRED. INCOMING MESSAGES SHOULD ALSO BE GIVEN IDENTIFICATION AND VALIDATION CHECKS. THE COMPUTER CAN BE INSTRUCTED TO RECORD THE REJECTED MESSAGES AND THE TIME OF REJECTION. COMPUTERS CAN BE PROGRAMMED TO EXERT CONTROL OVER ADMINISTRATIVE PROCEDURES, SUCH AS NOTIFICATION OF FAILURE TO TAKE SPECIFIC ACTION WITHIN A SPECIFIED TIME PERIOD. THE EXTENT OF INTERNAL CONTROL MUST BE JUDGED BY COMPARING THE RISK PROBABILITY AND POTENTIAL LOSSES WITH THE COST OF PROVIDING THE INTERNAL CONTROLS NECESSARY TO SIGNIFICANTLY REDUCE THE RISK FACTOR. ACCESS CONTROLS IN A COMPUTER SYSTEM VERIFY THE IDENTIFICATION AND AUTHORIZATION OF THE POTENTIAL USER. ACCESS CONTROL CAN BE STRUCTURED INTO FIVE LEVELS: (1) SYSTEM, (2) PROGRAMS, (3) FILES, (4) RECORDS WITHIN THE FILES, AND (5) DATA ITEMS OR FIELDS WITHIN THE RECORDS. EACH LEVEL IS ASSOCIATED WITH A SOFTWARE SYSTEM THAT CONTROLS THAT LEVEL. INTEGRITY MANAGEMENT INVOLVES ENSURING THE CHARACTER AND QUALIFICATIONS OF PERSONNEL PERFORMING VARIOUS FUNCTIONS. WHILE IT IS DIFFICULT TO ASSURE, SUCCESS CAN PROVIDE THE MOST EFFECTIVE CONTROL. (RCB)
Index Term(s): Computer related crime; Crime specific countermeasures
To cite this abstract, use the following link:
http://www.ncjrs.gov/App/publications/abstract.aspx?ID=67607

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.