ABSTRACT
Local area networks (LANs) enable users to efficiently share information while allowing them to maintain individual control of processing. Auditing PC LANs begins with an understanding of the standards and practices established by management and with the risk inherent in the applications running on the LANs. PC LAN processing controls should be based on standards developed by user and data center management. Standards should be developed in data security, systems development, program change control, problem management, and disaster recovery planning. The data center manager must work with the EDP auditor to develop a picture of the audit environment, including understanding the business functions and information flows and storage. PC LAN controls should be implemented on the basis of the risk inherent in the application. Risk should be assessed in information confidentiality, loss of data and software, and processing integrity.
