Book Review—Fraud Analysis Techniques Using ACL 

Download Article

Given the growing attention to fraud-related risks together with the necessity to perform analysis on massive databases, David Coderre, with his many years of experience in the field of computer-assisted audit technique (CAAT) instruments, proposed this manual to support the efforts to improve fraud prevention analysis through the use of data mining techniques with ACL.

The author intended to assist auditors who have to go through massive data analysis to detect possible fraud cases. Not only does it provide a set of scripts of the must-do analysis in the field of fraud prevention, but it explains how to customize the scripts provided to fit specific needs and to develop new ones.

The book is offered together with two CDs that, along with prewritten scripts, provide ACL’s manuals and a dataset available for practicing the techniques described in the book. The most important features of this product are the scripts that, once imported into ACL’s projects (the introductory chapter explains how), are ready to be used. The analyses range from the well-known ACL functions “Duplications” and “Gaps” to more structured analyses, such as ratio and cross-tabulate analyses—all customizable according to specific needs descending from the objectives of the assignments.

The aforementioned functions may be accessed in two different ways: through the main menu, which leads the user through a set of available analysis, or directly through the scripts of his/her interest. All the scripts are easily accessible through user-friendly interfaces that also provide the option to specify the name of the output file and restrict the analysis, through the usage of filters on records with specific features. Moreover, for the most proficient users, the book explains how to customize the scripts to answer to their own needs or create new scripts.

The guide is very clear and of immediate applicability. The idea to provide a set of scripts that translate ACL’s functions into a more user-friendly interface dialog box may be most useful to users with a basic knowledge of this tool. However, additional ACL manuals for more novice users are included in the CD. Fraud Analysis Techniques Using ACL also constitutes a practical reference for those who are already expert ACL users and are interested in mastering ACL’s scripts. The product makes it easy to understand how to customize and create new scripts.

It is important to note that some scripts included in the package perform analysis that adds little or no value for those who are already intermediate ACL users. In particular, duplication and gap analysis may be easily performed through ACL’s standard desktop. In some cases, the scripts are even counterproductive as they limit the real potential of the ordinary ACL desktop functions. For instance, the scripts that set a filter limit the enormous potential of this function. Notwithstanding, it is up to the user to decide whether to use these scripts or to perform the analysis through ordinary ACL functions, thus bypassing the problem.

Additionally, the prewritten scripts may be improved according to the user’s needs, and the book indicates the ways to do so by explaining the feature of scripting programming in ACL.

In conclusion, the product answers two different needs: introducing ACL to those auditors with little or no experience of wel-recognized best practices in the field of fraud prevention and, for users who already have meaningful experience in the field, the means to improve their abilities with ACL.

Editor’s Note

Fraud Analysis Techniques Using ACL is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit, e-mail or telephone +1.847.660.5650.

Reviewed by Davide Vazzari, CISA, CIA, CCSA
an expert auditor at Eni, an integrated energy company active in about 70 countries. He has gained meaningful exposure to international projects in the oil and gas sector, particularly in countries of the Commonwealth of Independent States (CIS), and can speak four languages, among them Russian. He can be contacted at

Enjoying this article? To read the most current ISACA® Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2010 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.