Reprinted from my post at the now defunct IT risk management blog at UBC Sauder School of Business.

I in BAIT 512 in the Sauder MBA program, I saw the references to ACL in the syllabus for data analysis in auditing. It mentions we have to go to the computer lab to use ACL because it is a (very expensive) commercially licensed product. Being the open source person I am, I thought to myself, “What a shame. I bet there is at least one open source package that does the same thing really well for free.” After all, the number of outstanding open source security and network auditing tools out there is enormous (Nmap, tcpdump, netcat, Wireshark and others spring to mind). Lo and behold, a query to Google instantly brought me to Picalo.

Picalo is a really well done Python GUI application for Mac, Linux, and Windows that does (as far as I can tell at this early stage) everything ACL and IDEA do and it includes some things those programs might not have such as a library of pre-written scripts for a variety of types of analysis, and a Python framework for writing your own scripts (rather than using some specialized language that only works with one application). Picalo is very well documented with lots of tutorials and information on the applications operation and internals. Developers can also download and use Picalo’s Python libraries as an engine for their own applications.

I downloaded the Python source for Picalo and ran it on my laptop (an Ubuntu Linux machine) and was able to get to work right away using sample data and the library of analysis scripts. Users of Mac and Windows will also be able to get ip and running quickly by using the available installation packages for those platforms.

It was easy to see how powerful a tool like this is for identifying fraud, inconsistencies, or anomalies in an organization’s records. There is a lot going on here with such a capable tool-set and one could probably spend a lot of time learning the ins and outs of it. I haven’t tried this yet but it appears you can even use Picalo as an interface to a running database and run queries against it. That said, Picalo makes finding errant payments to vendors, suspect withdrawals, information gaps, and the like much easier and efficient than they would be using a manual or spreadsheet-driven technique. If you have any interest in IT or financial auditing, I highly recommend taking it for a spin.

Mike

Links:
http://www.picalo.org/ – Main Picalo project page
http://www.picalo.org/download/IntroductoryManual.pdf – Picalo introductory manual
http://www.picalo.org/?page_id=7 – Download Page
http://en.wikipedia.org/wiki/Computer_Aided_Audit_Tools – a brief Wikipedia article on auditing tools
http://blog.bitengine.ca – my blog, contains other articles on auditing tools as well.