Audit Command Language
From Wikipedia, the free encyclopedia
This article may not be compliant with the content policies of Wikipedia. To be compliant, it must be written from a neutral point of view, must be attributable to reliable sources free of original research, and must be encyclopedic. |
|
Please see the relevant discussion on the talk page. |
Audit Command Language (ACL) is a global leader in data analytics technology or "Computer Aided Audit Tools and Techniques" (CAATTS), one of the fastest growing fields within the Audit Profession. CAATTS use computer technologies to assist auditors in performing comprehensive and efficient audits.
ACL is both the name of the company as well as its primary product. Recently the company has started referring to its primary product as "Data Analysis Technology," but the renaming of the software has not been embraced by long term users.
Contents |
[edit] ACL - the Company
Since 1987, according to annual surveys conducted by the Institute of Internal Auditors, audit professionals consistently recognized ACL as the market leader in computer-assisted audit technology. The company's clientele includes 70 percent of the Fortune 500 companies, over two-thirds of the Global 500, the Big Four public accounting firms in 130 countries and hundreds of national, state, and local governments.
ACL is a private company, but recent rumors speculate that it might be subject to a merger with a larger (unidentified) company. Other rumors speculate that because of its success ACL may go public.
[edit] ACL - the Product
ACL technology comprises powerful data analytics software provides assurance to organizations on its transactional data accuracy, completeness, and integrity. The techonology gives organizations a single point of view into enterprise data.
ACL's software can reach data from virtually most sources and systems, through a consistent user interface—whether housed in mainframes, servers, legacy systems, or PC networks. This is often a key factor for organizations with several, disparate systems. Since ACL can independently compare and analyze data from ERP, CRM, SCM, or other enterprise applications, its technology gives audit, financial, and controls professionals immediate insight into the transactional data underlying their business processes and financial reporting.
One of the traditional criticisms of the audit profession is that auditors perform minimal samples to reach conclusions. It is not uncommon for an auditor to sample less than a hundred transactions out of the millions of transactions performed by the business. When the auditor reaches a conclusion based upon the small sample, management questions the validity. They might ask, "How can the Auditor say that the control is efficient/inefficient based upon such a small sample?" The auditor will respond with statements about statistically valid samples and confidence levels.
Another traditional criticism of the audit profession is that auditors have difficulty testing specific risks. For example, a health insurance company has to adhere to certain state mandates. In a traditional audit department, performing random samples, it may be difficult for the audit department to test the various state mandates. Even if they have the capabilities to test them, they may not have the time or resources to test each scenario.
ACL is designed for auditors, not computer programmers, so the software has a strong Graphic User Interface (GUI) component. An auditor can sit down and in a matter of hours use ACL to effectively sort through millions of records. At the same time ACL is a high-level computer language. Advanced users can write complex scripts and Continuous Monitoring programs.
Auditors can sample entire populations of data. Rather than reporting to management on 2 errors identified in a sample of 30 cases, the auditor can specify the exact number of errors in the entire population of cases. Auditors may then quantify the exact dollar impact of these errors and management can correct the mistakes. Using ACL the auditors can also test multiple scenarios/specific risks.
[edit] ACL -- Sample ACL Script
Sample section of an ACL Script:
OPEN Original_Table
SET LOG TO Temp_Log
DISPLAY
SET LOG
IMPORT PRINT TO "New_Field_Names2" "New_Field_Names2.FIL" FROM "Temp_Log.LOG" SERVER 1 0 RECORD "Detail" 0 1 0 TEST 0 2 AT 1,1,1 0 "E" TEST 1 0 AT 1,1,0 0 "Log" TEST 1 0 AT 1,1,0 0 "Name" TEST 1 0 AT 1,1,0 7 "Switching" FIELD "full_record" C AT 1,1 SIZE 100,1 DEC 0 WID 88 PIC "" AS "" OPEN New_Field_Names
DEFINE FIELD field_name COMPUTED SUBSTR(SPLIT(full_record, " ", 1), 1, 33)
EXTRACT field_name TO "New_field_names3"
SORT ON field_name D TO "New_Field_Names"
DELETE FORMAT "New_Field_Names2" OK
DELETE "New_Field_Names2.FIL" OK
DELETE FORMAT "New_Field_Names3" OK
DELETE "New_Field_Names3.FIL" OK
DELETE Temp_Log.LOG OK
The above script will take an existing table and create a new table. The new table will take the field names and attributes of the original table, and convert them into rows. In other words:
Table "Original_table" has the following fields: Last_Name, First_Name, DOB, and Age.
The new table, "New_Field_Names" would have records with the following names: Last_Name, First_Name, DOB, and Age.
[edit] Applications
ACL can be used for data extraction, data analysis, fraud detection, and continuous monitoring.
[edit] Data Extraction
While ACL does allow the user to extract data directly from an ODBC compliant database, the basic ACL interface is not very user friendly. The company does have various add-ons that can be purchased that allows for easier GUI type connectivity to the company's databases.
[edit] Data Analysis
ACL is a powerful tool allowing auditors to perform numerous tests on large populations of data in a quick efficient manner. Auditors can write complex scripts that allows this review to be performed on a routine systematic manner or can perform ad hoc inquiries into the data. By using ACL auditors can improve the quality of their audits. Used during the planning phase of an audit, ACL will help direct the audit's focus. By identifying problems or data anomalies, the audit team can address those issues where the greatest risks reside. At the end of an audit, ACL can be utilized to quantify an identified problem. For example, in a health care audit, ACL was used to identify every case where a maternity claim was incorrectly denied as a pre-existing condition. It was then used to determine that in every case, a specific operator manually denied the claim incorrectly. Using ACL the Internal Audit Department was able to correct this and obtain additional training for the claims processor.
[edit] Fraud Detection
ACL can be used as a powerful tool to identify potential fraud cases. By programming in certain criteria, auditors and fraud investigators can identify situations that might indicate potential fraud. For example, ACL can quickly compare a list of vendor names and addresses to employee names and addresses.
[edit] Continuous Monitoring
Continuous Monitoring is one of the areas where the company has begun pushing its main product. One can set up ACL to perform certain tests on an ongoing basis independent of the mainframe computer. This allows for an independent monitoring of internal controls. For example, suppose an insurance company has software designed to prevent duplicate payments for the same service. This system works fine until one day the software is upgraded and the control is inadvertently turned off. Continuous monitoring would identify this problem immediately because it is an independent mechanism monitoring the controls effectiveness.
[edit] ACL Certified Data Analyst (ACDA)
ACL has introduced a professional designation called the ACL Certified Data Analyst (ACDA). This certification is offered in two levels the Intermediate and Advanced (although the advanced certification is not currently available.) The Certification process can be completed on one day and awards the ACDA certification. While this professional designation is not yet widely recognized, ACL users are starting to recognize the value of it.