THREE PHASES OF SOFTWARE SECURITY AND AUDITABILITY ARE SCRUTINIZED: (1) PREPROCESSING CONSIDERATIONS, (2) PROCESSING CONSIDERATIONS, AND (3) POSTPROCESSING CONSIDERATIONS. DISCUSSION CENTERS ON THE PROCESSING FUNCTION AND ESPECIALLY ON ITS OPERATING SYSTEMS AND DATABASE MANAGEMENT SYSTEMS. AN INTENSIVE SEARCH OF RELEVANT LITERATURE DRAWS INFORMATION FROM THE LITERATURE ASSOCIATED WITH THE ACCOUNTING PROFESSION AND THE COMPUTER SCIENCE DISCIPLINE. A NUMBER OF CASE STUDIES ARE USED TO DISCUSS THE ACTUAL ELECTRONIC DATA PROCESSING (EDP) AUDITING PROCEDURES UTILIZED BY MOST ACCOUNTING FIRMS. THROUGH DISCUSSIONS WITH PERSONNEL OF ACCOUNTING FIRMS AS WELL AS ONSITE VISITS THE STRENGTHS AND WEAKNESSES OF AUDITING PROCEDURES ARE EVALUATED. A CONCEPTUAL MODEL IS DEVELOPED DESCRIBING A 'SYSTEMS APPROACH' TO AUDITING. THE PROCEDURES CURRENTLY AVAILABLE TO THE EDP AUDITOR ARE REVIEWED, AND BACKGROUND INFORMATION REGARDING OPERATING SYSTEMS AND DATABASE MANAGEMENT SYSTEMS ARE PROVIDED. FINALLY, RECOMMENDATIONS INCLUDE THE SUGGESTION THAT OPERATING SYSTEMS AND DATABASE MANAGEMENT SYSTEMS BE 'HARDWIRED' (BECOME PERMANENTLY PROGRAMMED, INTEGRATED CIRCUITS) SO THAT THE PROGRAMMER CANNOT MODIFY SUCH SYSTEMS. TABULAR DATA, A FLOW CHART, AND A BIBLIOGRAPHY ARE INCLUDED. (WJR)