Microcomputer Security: Audit Problems and Solutions

Citation
General Accounting Office, Microcomputer Security: Audit Problems and Solutions, 1 J. of Accounting and EDP 49 (Winter 1986).

Overview
This article discusses the resolution of security problems involving the use of microcomputers in business by: (I) identifying audit problems which arise; and (2) presenting management countermeasures. Microcomputer use carries risks in three major areas: (1) physical security of hardware; (2) physical security of data and software; and (3) data integrity.

Physical security of hardware involves common-sense methods to prevent theft or damage. Various methods in use to secure data and software include: (1) password protection; (2) data encryption/decryption; (3) copy protection; (4) audit trails; and (5) security controls on the microcomputer-mainframe link.

Maintaining current, accurate, and complete data requires: (1) standard hardware and software configuration within an organization; (2) data and program backup; (3) testing and documentation of computer models and user-written programs; and (4) use of current data only. Auditors should make use of available programming tools, such as cross-reference, tile recovery, disk explorations, sort/merge, and file dump. A partial list of hardware and software available for microcomputers is included.