ACL Desktop Gone in 5 Years?

Rumors have it that ACL will no longer be available on the desktop (laptop, or other local machine) in 5 years.

That is, according to an ACL user who attended the 2018 ACL Connections conference.

Continue reading →

Advertisement

The Analytic Staircase for Auditors

Building a successful audit analytics program is like climbing a staircase.

The staircase is a set of steps that consist of several items having increasing levels of maturity.

The staircase steps not only help you build your program, but enable you to measure that maturity.

As you view the staircase graphic, mentally insert the word “analytics” before each step.

Continue reading →

No Metrics, Little Analytics

If your department doesn’t track metrics on your analytics, you are probably not doing analytics or you are making little progress in analytics.

In either case, its obvious that analytics isn’t very important to your management.

Which is one of the points I made in my post, 10 Signs Mgmt Doesn’t Really Support Analytics.

So far, I have encountered very few audit departments that track meaningful metrics about their analytics.

Counting the number of projects that include analytics isn’t enough.

Continue reading →

Will Robotics (RPA) Replace ACL?

In my last post, I described Why Internal Auditors Should Care about Robotic Process Automation.

In this post, I’ll explore whether RPA can replace analytic packages like ACL, IDEA, R, and Power BI.

That might seem like a strange question, but a few managers and a VP have asked me just that recently. Here’s how I’ve answered it.

Continue reading →

PSPad: Great Text File Audit Tool

PSPad is a great text editor and search tool, so by default, it’s a great audit tool, and it’s free. It can also handle a million lines of text–literally. Are you interested yet? It is also a great file diff/compare tool I’ve ever seen.

PSPad works with text files, such as those ending in TXT or CSV, or any text-based file (like an ini file). It works with DOC files too.

I’ll explain how to do the following with PSPad:

• Search a file (find all lines containing X)
• List all occurrences/matches of a search term
• Export a list of occurrences
• Compare 2 documents (diff)
• Download & install PSPad

Continue reading →

Always Attack the Lone Reed

In nature, predators watch for young, weak, or isolated animals. So do attackers. So should you.

When scoping a security assessment or audit, always keep an eye out for the lone reed. In other words, take special note of the one item (process, account, device, etc.) that has the same function as others in its category or class, but is a bit different. That item often has weaknesses the others don’t have.

Continue reading →

My Favorite Windows Software

In Top 100 Network Security Tools and Easy Windows Scanner, I described a few Windows tools that every auditor or security analyst should know or know about. In this post, I highlight some of my other favorite Windows tools (both security and general utility software). ALL OF THEM ARE FREE.

12/26/14 Update: These are STILL my favorite programs. The only one I don’t use anymore is CutePDF Writer,  which I replaced with the FREE Sumntra PDF  Foxit Reader (I no longer recommend FOXit). But if you only want a PDF printer, CutePDF is still a great solution.

I also added 2 new tools: PSPad and File Splitter (see my links at the bottom).

Continue reading →

Teach Yourself ACL

You can teach yourself how to use Audit Command Language (ACL), the data analytics software from www.highbond.com. ACL is used by internal auditors and others to:

Continue reading →

Write Safe and Secure Applications

The lead security study group (group 17) from the International Telecommunication Union provides a paper containing general suggestions for writing secure applications. In the paper, each item is hyperlinked to additional information.

Continue reading →