ABSTRACT: The auditing of results produced by computer-based Financial Information Systems requires that auditors be able to evaluate the internal controls of such systems. Because of the integrated nature of the components in current large systems, this has proven to be a quite formidable task. We propose the simplification of such evaluations through the incorporation, during the initial design of the system, of the sorts of basic control disciplines which are used in manual systems. Our approach involves the use of a powerful Authorization Mechanism control environment (based on computer science techniques for authorization and protection) to specify and enforce such control disciplines in a manner which is easily verifiable during the audit process.
Key words and phrases: system controls, auditing, computer system security, authorization