Making IT Audit more Effective and Relevant – part #2

The next area that will need to be address by CAEs is ensuring that risk-based audit plans are relevant and that selected audits provide maximum value to senior management.  Today’s business environment changes rapidly to adjust to market conditions, evolving legislation and economic forces; and the risk-based audit plan must keep pace with this rapid change if it is to properly identify and assess emerging risks that can impact the…

September 10, 2018

Making IT Audit more effective and relevant – part #1

Are you an IT auditor who takes comfort in your specialized knowledge and feels secure in assessing general and application controls – but does no more?  Then you need to wake-up to today’s business environment and step out of your comfort zone.  You also will probably need to pull the general auditor away from the safety of pure compliance audits.  The notion of the integrated auditor was usually applied to…

September 2, 2018

ACL Scripts Part #5 – Validating User Input

If you have been trying to build scripts following my previous posts, then you are ready to make your scripts a little more robust; particularly if your scripts will be used by other people.  There are always issues when you prompt the user for input such as: did they actual provide any input; and is the input the right type and correct format.  Since the proper running of the script…

July 13, 2018

ACL Scripts Part #4

In my previous discussion about variables, I neglected to mention ACL system-generated variables.  These are more evident now, and can easily be seen by using the Variables tab in the Overview/Navigation window.  The most common use of ACL system-generated variables are those created by the STATISTICS commands: MAX1, MIN1, HIGH1, LOW1, AVERAGE1, RANGE1, TOTAL1, COUNT1 and ABS1. These, and other variables, are created by the execution of ACL commands and…

July 5, 2018

ACL Scripts Part #3

Scripts are a powerful way of improving consistency and speed when processing the same commands over and over again.  But they can also be used to provide relatively novice users with the ability to run more complex analysis. By now you may be ready to develop more interactive scripts that you can give to other users.  This usually requires prompting the user for input; validating the input; and acting upon…

June 29, 2018

ACL Scripts Part #2

I hope that, after having read, and tried, the approaches to developing ACL scripts in the Part #1 post, you are anxious to learn more.  Certainly, the Part #1 suggestions will allow you to build simple scripts to re-run analysis, but there is more to scripting: more power, flexibility and control.  In particular, you may want to control the ACL environment to allow the scripts to run without, for example,…

June 22, 2018

ACL Scripts

Many new ACL users overestimate the difficultly in developing simple ACL scripts.  I would agree with you if we were talking about IDEA scripts which require some knowledge of Visual Basic.  But, in my opinion a simple, ACL script which only performs commands that you have previously executed and want to execute again, is simple to create. Assumption: you have performed an analysis and want to save it in a…

June 15, 2018

Fraud Analytics – Knowing what data you need

It is hard to perform analytics if you don’t know what data to get.  Here are two simple approaches I developed that will help you. The American Certified Fraud Examiners (ACFE) Report to the Nations 2018 states that proactive data analytics can reduce losses by 52% and the duration of frauds by 58%.  And still many organizations do not use analytics to prevent or detect fraud.  The question is…

May 31, 2018

Sentiment Analysis – Made easy?

Not being an expert in pretty much anything has never stopped me from taking ideas from others and adapting them to my needs.  Typically, this has meant transferring a theoretical analytic to a specific – practical – use.  In this case, I wanted to look at the use of sentiment analysis for fraud risk assessment. As many of you may already know, I use a software package called ACL.   I…

April 16, 2018

Got Analytics – Now What?

What could be worse than not having an analytics capability? Having an analytics capability, but not being sure what to do with it!  This means that you have invested in developing analytics to access your business systems, but now are unsure about: Which analytics do I run? How often should I run them? What do the results mean? How do I verify the results? How do I deal with false…

April 7, 2018