"The auditor’s technical competence, ... the least justifiable reason, ... is often the primary factor in determining whether to audit around, through, or with the computer." The authors’ incidental observation is precisely the reason that the publication of their text may someday be considered a milestone in data processing. Increasingly, the world’s wealth is computer-described. Auditors’ now-lamentable ability to report on how EDP systems do and should help management control that wealth must be enhanced if we are to acquire the confidence that will expedite the exploitation of computers. The present text is a significant contribution to that end. :PThis work is exactly what its authors claim it to be:V-a textbook professors can use to teach auditing to college seniors. It meets every standard: :2L(1) :IAccuracy:V-while a few quibbles are cited below, the book was obviously written with extraordinary care. (2) :IComprehensiveness:V-Unlike other books, it gives carefull special attention to service bureau, database, small, and other distinct types of systems. (3) :ISuitability:V-Every element of the book, including excellent pedagogic aids such as case studies, questions, problems, and topics for discussion, fits neatly into its cohesive structure. (4) :IRelevance:V-while some redundancy has crept in, the book is admirably "tight," with no gaudy photograghs or other useless baubles. :PParticularly welcome among the authors’ recommendations is "Separation through through division of knowledge." Their exposition should help put a well-deserved end to the speculation that clever (application or system?) programmers are modifying both applications and robust systems programs to steal millions and erase all traces of their misdeeds. There seems to be no credible report of such a case and there probably never will be. :PA few of the authors’ infrequent regrettable lapses merit mention. They refer a number of times to resource-oriented passwords. These are probably net detractors from security more often than not. References to SUPERZAP are unduly admonitory [1]. Without appropriate authorization, no one can use it to modify either the Volume Table of Contents (VTOC) or any program [2]. No mention is made of how subschemata ("views") [3] can be used to control access to fields of records in databases [4], or of the threat that concurrent updating poses to databases. On a smaller scale, the implication that end-of-record indicators, instead of length indicators, must be used if records have variable lengths [5] is surprising. :PAlso surprising is the scant attention paid to what may be EDP auditing’s greatest problem:V-the algorithmic reduction of the voluminous data logged by large modern systems to proportions that mere humans (auditors) can usefully process. :PThere is a small but excellent bibliography, but there are few ties between points in the text and their sources or sources for further information. The Table of Contents occupies 13 pages and is a veritable syllabus in itself. The Index is only marginally adequate. The publishers served the authors well in almost every way, even if editors did let a few of the usual misusages ("to interface," "utilize," comprised of") slip in:V-and one italicized question mark can generously be characterized as "exotic."