Computer-Related Crimes in Federal Programs
FGMSD-76-27: Published: Apr 27, 1976. Publicly Released: Apr 27, 1976.
- Full Report:
Computer systems have added a new dimension for potential crime, and computer-related crimes in federal programs are cause for growing concern.
In its analysis of the existence of computer-related crime in federal programs, GAO found that information on computer-related crimes is difficult to obtain because the crimes frequently are not classified as such by investigative agencies. Most of the crimes have been committed by persons who possess limited technical knowledge of computers; they are usually users of automatic data processing systems rather than programmers, operators, or analysts. Additionally, GAO found that management controls over the systems involved in crime were inadequate. One way for managers to insure that systems are properly controlled is to use internal audit staffs effectively; auditors can identify control weaknesses that may result in criminal activity.
Recommendation for Executive Action
Comments: Please call 202/512-6100 for additional information.
Recommendation: The heads of the Departments of Defense; the Army; the Air Force; the Navy; Agriculture; the Treasury; the Interior; Health, Education, and Welfare; and the Veterans Administration should take steps to insure that systems in their organizations and those supporting programs they fund have: (1) an organizational plan that segregates the duties of individuals to minimize their opportunity for misuse or misappropriation of the entity's resources; (2) a system of authorization and recordkeeping procedures adequate enough to provide effective accounting control over assets, liabilities, revenues, and expenses; (3) an established system of practices to be followed for each duty and function of the organizational element; and (4) an effective system of internal review. This includes an internal audit staff that has training adequate to review and evaluate computer-based system controls and that does such reviews both when systems are being designed and after they have become operational.