ACL (Audit Command Language)

ACL (audit command language) is a CAAT (computer-assisted audit technique); this software reads a variety of formats such as test, delimited, and Excel files and enables the auditor to analyze and report the data. Similar to many data forensic investigation tools, ACL is designed as a file interrogation tool to help facilitate the processing of large amounts of data and minimizing the results to situation-specific parameters. ACL also identifies balances that can be maximum, minimum, or negative, performs statistical sampling, locates inaccuracies or duplicates, verifies a file’s structure and format, inputs various raw data files, and increases testing coverage and efficiency. ACL has a wide range of uses, from view customization options, extensive data input methods, data filtering tools, and its ability to analyze data quickly and efficiently; all of these make ACL attractive for auditors (Otero, 2019).

ACL is an effective method of processing a large amount of information and allows auditors to process data quickly, perform analysis, identify trends, and obtain a broader view of the subject. Auditors can use CAAT’s to be able to select items of interest for a more focused search of a wide range of data stores. CAAT’s can also produce reports that home in on relevant data, allowing viewers to receive automated compilations of the audit’s material (Otero, 2019). For instance, in an extensive financial audit of an organization’s transactions of a specific item, a simple search for that item’s SKU or other identifying code would allow the auditor to bypass manually searching each transaction for that item, saving both time and money.

ACL can automatically calculate and select the sample size from a population, whether using judgmental or statistical sampling. Using technology in an audit, performing and presenting data analysis is quite simple and beneficial with mediums and methods such as computerized graphs, histograms, modeling, and comparative analysis. As images allow for a quick and effective manner to showcase an audit’s material, CAAT’s offer a unique improvement over the complicated and time-consuming manual data entry in the past. CAAT’s also enable auditors to effortlessly analyze and compare files, validate calculations, prepare confirmation letters, and analyze the aging of transaction files. An ACL script has the benefit of being executed in both the current and past periods at once, whereas with manual auditing, this would have to be done separately and use more resources. Also, ACL allows for reduced manual procedures, allowing for greatly benefited process and system understanding of IT’s rather sophisticated environments (Otero, 2019).

Per Otero’s book, Information Technology Environment and I.T. Audit, there are five total steps for planning an ACL data analysis project; these are acquiring the data, accessing the data, verifying the integrity of the data, analyzing and testing the data, and finally, reporting the findings (Otero, 2019). As with any IT-related project, data is essential to the entire process, which is reflected in the first step in the ACL planning process; this is essentially determining the project’s scope, researching what data needs to be audited, where to get it from, and who needs to be involved. Next, the second step is merely accessing the data; this can be accomplished by discussing the data stores with IT staff, programmers, or managers and getting rights to view protected data stores.

After all relevant data is both located and accessed, verifying the integrity of the data is the next step in the ACL planning process; this is often accomplished with automated scans of the size, structure, format, and type of data in reference to the previous step’s results (cross-checking). Next, in step four, the real magic happens. All data relevant to the audit will be analyzed and tested using ACL to evaluate and transform a large amount of data into easy-to-comprehend results based on the parameters the auditor created. Finally, in step five, the completed data will be transformed into a readable format, often in the form of graphs, reports, a copy of the ACL program, and its logs and file layouts (Otero, 2019).

With the current state of technology, auditors have fantastic and sophisticated tools to help them succeed in their auditing tasks. As organizations continue to depend on the Internet and new data storage methods such as Cloud storage, once lengthy tasks such as manually searching through a company’s financial records for a specific item can now be accomplished within a few seconds. CAAT’s such as ACL ensure the methods of quickly and efficiently gathering, testing, verifying, analyzing, and presenting data is just as modern as the systems being audited, allowing those in the field to not only meet their goals but expand to higher achievements in ensuring the validity of an organization’s data, processes, and systems.


Otero, A. R. (2019). Information Technology Environment and I.T. Audit. In Tools and Techniques Used in Auditing IT (Fifth ed., pp. 97-128). Boca Raton, Florida: CRS Press.

Categories: Software

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s