SAS NO. 3 INDICATES THAT INTERNAL CONTROLS IN THE DATA PROCESSING INSTALLATION SHOULD BE EVALUATED WHEN COMPUTERS ARE USED IN PROCESSING A SIGNIFICANT NUMBER OF ACCOUNTING APPLICIATIONS. SAS NO. 3 FURTHER POINTS OUT THAT AUDITING EXAMINATION SHOULD BE PERFORMED BY PERSONS WITH ADEQUATE TECHNICAL TRAINING AS AUDITORS. HOWEVER, MANY COMPANIES ARE DOING TODAY'S COMPUTER AUDIT WORK WITH YESTERDAY'S AUDITORING EXPERTISE IN TERMS OF EXPERIENCE AND EDUCATION. AS THE INTERNAL CONTROL EVALUATION BECOMES MORE COMPLEX, THE POTENTIAL ERROR RATE AND FRAUDULENT ACTIVITY MAY WIDEN IF THERE ARE NO ADEQUATE CONTROLS. THE NUMBER OF TRANSACTIONS PROCESSED DAILY COULD BE SO VOLUMINOUS THAT A CENTER UNDERGOING UNDETECTED PENETRATION OF ERRORS IN PROCESSING COULD BE SO SEVERELY AFFECTED THAT THE GOING CONCERN CONCEPT FOR THAT COMPANY COULD BECOME INVALID PRIOR TO AN INDEPTH AUDIT. THEREFORE, CONTINOUS SYSTEM INTEGRITY REVIEWS ARE NECESSARY. IN ADDITION, UNAUTHORIZED TRANSACTIONS, NOT COVERED BY SAS NO. 3, CAN SERIOUSLY IMPAIR THE OPERATIONAL INTEGRITY OF THE SYSTEM. THE FINANCIAL STATEMENTS, DEPENDING ON THE SYSTEM, MAY NOT REFLECT THE TRUE STATE OF AFFAIRS OF THE COMPANY. COMPETITION WITHIN AN INDUSTRY COMBINED WITH PRECEDENTS OF LENIENT ATTITUDES TOWARD WHITE COLLAR CRIME AND THE AVAILABLE TECHNOLOGY MAKES SUCH APPROACHES MORE ATTRACTIVE AND LIMITED IN RISK. TWO TABLES ARE PRESENTED: A TABLE OF PENETRATION METHODS, RECOVERY MEASURES IF PENETRATED, PREVENTIVE SECURITY MEASURES, AND COST ELEMENTS OF IMPLEMENTING THE SECURITY MEASURES; A TABLE OF POINTS TO CONSIDER AND QUESTIONS TO ANSWER TO DEVELOP PROPER EXPOSURE VALUES OR PROBABILITIES OF PENETRATION. FOOTNOTES ACCOMPANY THE TEXT. (WJR)