The external auditor’s review of computer controls
The Foreign Corrupt Practices Act of 1977, coupled with growing demands for corporate accountability, have forced both auditors and computer administrators to evaluate computer based controls. Computer administrators can benefit from both a knowledge of an auditor's approaches to evaluating controls and his/her recommendations for control improvements. Here, a survey of the control evaluation practices and desirable control features identified by computer auditors is presented, along with recommendations to ease the burden of the auditor's review. The authors' suggestions should ease the tasks of internal control analysis and of preparation for possible public reports on an organization's system of internal control.