A Sneaky Way to Analyze IT Controls

When auditors need to identify and understand IT controls, they search the company intranet, review policies, look for Github repositories, review inventories, schedule meetings, and analyze IT asset data.

I stumbled on a better way to get insight into the IT controls in my company, and I didn’t have to email anyone, do any research, or frankly, anything outright. The IT controls came after me.

Fortunately, the IT controls were blind to the fact that I am an IT auditor. To them, I was just an ordinary bloke. But that didn’t last long (more on that later).

It Began a Few Years Back

It all started a couple years ago when I was building the infrastructure required to support our data analytic efforts in internal audit.

Continue reading →

Advertisements

Before You Analyze Data

Before you start analyzing data, you need to 1) know you have the right data, and 2) understand the data and the process that produced it.

This post assumes, of course, that you already accomplished some of the hardest tasks already: figuring out what data you need, where to get it, and actually getting the data. Good luck with that. :)

This post is part of the Excel: Basic Data Analytic series.

Continue reading →

How to Profile Data

Before you analyze data, you should profile it.

Otherwise, your analysis may not be too broad, too narrow, or you may miss some important insights or errors.

This post is part of the Excel: Basic Data Analytic series.

Data profiling is developing a profile of your data, just as facial profiles of a person, taken from various angles, helps you size up a person’s nose, identify whether his chin is sagging, and how far apart the person’s eyes are.

Continue reading →

Is ACL Analytics Dying?

I fear that ACL Analytics is dying, and has been as long as I’ve been ranting about it.

Making Laurie Schultz their CEO helped, but I don’t think it has been enough.

NOTE: I wrote this well over a month ago, long before I posted the ACL Officially Changes Name & Spots post; I just got sidetracked and forgot about this post. I stumbled across it today in my Drafts folder. I decided to publish it ‘posthumously’ (so to speak) to show 1) how much I’m agonizing over ACL’s direction, 2) how I’ve always felt about ACL’s software, and 3) provide some balance to my previous post.

Continue reading →

ACL Officially Changes Name & Spots

It’s official: ACL is changing its name AND its spots.

I’ve claimed several times that ACL has left its first love (analytics) and doesn’t put enough work into their flagship product, ACL Analytics.

Correction: their FORMER flagship product.

At least they are publicly admitting it finally–they NO LONGER are an ANALYTICS company!

Continue reading →

ACL Desktop Gone in 5 Years?

Rumors have it that ACL will no longer be available on the desktop (laptop, or other local machine) in 5 years.

That is, according to an ACL user who attended the 2018 ACL Connections conference.

Continue reading →

Quote of the Weak – Clean Data Manually

If you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually.

Let me share a recent experience with you….

A young IT auditor texted me at work and asked for some Active Directory user account data that I capture automatically every week, using some scheduled ACL scripts.

If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here.

Continue reading →