Objective: To evaluate controls established to prevent or detect the presence of viruses on the LAN, or department's computers and determine whether such controls are effective.

1. Determine what procedures are in place to prevent or detect the presence of a virus on the LAN or departmental computers, and verify who is responsible for performing these procedures.

2. Through inquiry, observation, or examination of related documentation, verify that the procedures for preventing or detecting computer viruses are being followed.

3. If software is used to detect viruses, determine if the LAN administrator or computer resources specialist is responsible for checking the file servers periodically. If not, determine who is responsible.

4. Determine whether the organization has procedures for users to follow if a virus is detected or suspected on a computer, and verify through inquiry and observation that users are familiar with the procedures.

Risks: Due to the increased sharing of files, which occurs on a LAN, the risk of viruses occurring is greater on a LAN. The impact of a virus can be much greater on a LAN as well, because the virus can be spread to many users or connected computers very quickly.