Fraud Analysis Techniques Using ACL 

 

Not only does it provide a set of scripts of the must-do analysis in the field of fraud prevention, but it explains how to customize the scripts provided to fit specific needs and to develop new ones.

By David Coderre

Reviewed by Davide Vazzari, CISA, CIA, CCSA

  Order Book

Given the growing attention to fraud-related risks together with the necessity to perform analysis on massive databases, David Coderre, with his many years of experience in the field of computer-assisted audit technique (CAAT) instruments, proposed this manual to support the efforts to improve fraud prevention analysis through the use of data mining techniques with ACL.

The author intended to assist auditors who have to go through massive data analysis to detect possible fraud cases. Not only does it provide a set of scripts of the must-do analysis in the field of fraud prevention, but it explains how to customize the scripts provided to fit specific needs and to develop new ones.

The book is offered together with two CDs that, along with prewritten scripts, provide ACL’s manuals and a dataset available for practicing the techniques described in the book. The most important features of this product are the scripts that, once imported into ACL’s projects (the introductory chapter explains how), are ready to be used. The analyses range from the well-known ACL functions “Duplications” and “Gaps” to more structured analyses, such as ratio and cross-tabulate analyses—all customizable according to specific needs descending from the objectives of the assignments.

The aforementioned functions may be accessed in two different ways: through the main menu, which leads the user through a set of available analysis, or directly through the scripts of his/her interest. All the scripts are easily accessible through user-friendly interfaces that also provide the option to specify the name of the output file and restrict the analysis, through the usage of filters on records with specific features. Moreover, for the most proficient users, the book explains how to customize the scripts to answer to their own needs or create new scripts.

The guide is very clear and of immediate applicability. The idea to provide a set of scripts that translate ACL’s functions into a more user-friendly interface dialog box may be most useful to users with a basic knowledge of this tool. However, additional ACL manuals for more novice users are included in the CD. Fraud Analysis Techniques Using ACL also constitutes a practical reference for those who are already expert ACL users and are interested in mastering ACL’s scripts. The product makes it easy to understand how to customize and create new scripts.

It is important to note that some scripts included in the package perform analysis that adds little or no value for those who are already intermediate ACL users. In particular, duplication and gap analysis may be easily performed through ACL’s standard desktop. In some cases, the scripts are even counterproductive as they limit the real potential of the ordinary ACL desktop functions. For instance, the scripts that set a filter limit the enormous potential of this function. Notwithstanding, it is up to the user to decide whether to use these scripts or to perform the analysis through ordinary ACL functions, thus bypassing the problem.

Additionally, the prewritten scripts may be improved according to the user’s needs, and the book indicates the ways to do so by explaining the feature of scripting programming in ACL.

In conclusion, the product answers two different needs: introducing ACL to those auditors with little or no experience of wel-recognized best practices in the field of fraud prevention and, for users who already have meaningful experience in the field, the means to improve their abilities with ACL.

Editor’s Note

Fraud Analysis Techniques Using ACL is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit www.isaca.org/bookstore, e-mail [email protected] or telephone +1.847.660.5650.

Reviewed by Davide Vazzari, CISA, CIA, CCSA
an expert auditor at Eni, an integrated energy company active in about 70 countries. He has gained meaningful exposure to international projects in the oil and gas sector, particularly in countries of the Commonwealth of Independent States (CIS), and can speak four languages, among them Russian. He can be contacted at [email protected].