By Tai Thanh Vo
Accompanying the rapid advancement in technology is the growth of Big Data, a buzzword in today?s increasingly complex processes of governance, risk and compliance (GRC) that blurs the lines between various functions within organizations.
Big Data primarily includes traditional business sources of structured data, such as the millions of daily transactional records from retail, financial, manufacturing, or transportation/logistics industries.
Now, there is also non-traditional or unstructured data that come from sources such as social media, end-user applications, human responses, or physical sensory recordings.
The deluge of data seems intimidating and the timely integration of analytics into the audit process continues to be a challenge for auditors.
However, with a forward-looking vision and the implementation of the data-driven technology, internal auditors will not only be able to mitigate risks associated with Big Data, but turn it into their benefit by embracing Big Data to support effective continuous monitoring and auditing processes.
Many of the aspects of Big Data provide great opportunities for transforming the way that audit, risk, and compliance professionals perform their work.
The challenging business environment, interrupted by control lapses, fraud incidents and regulatory fines, has also led to a constant uncertainty among organizations and board members who are seeking assurance from the three lines of defense to improve risk awareness, risk governance and compliance within the organization.
Big Data processes not new for audit and compliance teams
The huge volume, variety and velocity at which data is becoming available has presented additional challenges such as how to obtain, secure, store and analyze the data on a more frequent and continuous basis.
Ensuring timely and accurate information to key stakeholders against the backdrop of these extraordinary volumes of data is becoming increasingly critical considering the costs and company?s resources involved.
As such, Big Data combined with data analytics and data-driven GRC hold the key to fundamentally changing the way companies operate and manage risk and compliance processes. Surrounded by a huge pool of data, companies often fail to find or utilize the information they need.
Effective business processes require timely access to relevant and accurate data which, in turn, relies on the data quality and how it is being maintained and secured across the enterprise architecture. Data availability and integrity have become one of the biggest concerns for many organizations.
In fact, many of the fundamental techniques and concepts underlying Big Data processes have much in common with those that leading audit and compliance teams have been applying for years.
Typically, the use of data analysis to support the audit process involves looking into entire populations of data from a variety of databases. Now, auditors are interested in new and innovative sources of internally and externally-generated data to widen and deepen the search for risk, fraud and compliance issues.
Data-driven GRC is the next logical step
Much of the use of data analysis for audit, risk, and compliance starts on an ad-hoc basis, such as one-off explorations or profiling of data in order to determine risk exposure, detect fraud and identify compliance issues around a specific business process.
However, such techniques are resource-intensive and many organizations are looking for innovative ways to provide increased coverage and risk assurance under these resource constraints. The subsequent end goal is to use automated techniques to carry out similar procedures on an ongoing and sustained basis.
This way, data analysis enables continuous risk assessment and automated operational risk management that can be used by various stakeholders including senior management, audit and risk committees, and even external regulatory and audit organizations.
By embracing Big Data and adopting data-driven GRC, auditors will be at the forefront of the continuous monitoring and auditing evolution. Many leading organizations have seen significant benefits of data-driven GRC approach.
Auditors are no longer limited to sample sets of data, but they have access to all-inclusive data coverage. This will empower auditors to analyze the underlying and source data rather than just the summary data.
Though this will change the way the traditional auditing functions work, it will also offer an opportunity to extend data coverage beyond structured data to include contemporary forms of unstructured data such as email, social media, end-user applications, texts and more, giving more comprehensive insight and improving risk management.
Integrating Big Data into existing auditing techniques comes with its own share of challenges. Most large organizations have different accounting, financial and operational systems and an array of other systems within the organization.
Incorporating Big Data in such complicated system environment will not only increase the complexity of the data extraction but also multiply the pool of data for each of the systems. There is also a limited pool of qualified resources to effectively manage this huge explosion of data.
Timeliness also plays a crucial role in the auditing process. Due to the sheer amount of fragmented layers involved in data mapping and extraction across multiple systems and data points, it can be a challenge to deal with data efficiently.
Furthermore, as most organizations are new to the concept of Big Data and data-driven GRC, they may be reluctant to surrender data due to various privacy and confidentiality constraints. This leads to cumbersome approval processes thereby increasing the cost and time involved for auditors.
However, technology is constantly evolving to provide comprehensive solutions to the major Big Data issues faced by the organizations. If properly employed, that can act as a strategic tool to accomplishing auditing tasks and put auditors at the forefront of the company?s GRC initiatives.
Transforming the future
While Big Data is a very powerful tool, it also comes with a lot of responsibilities. With time and the right deployment, it is only going to gain more relevance as more businesses increase their ability to apply analysis techniques to obtain new forms of insights and understanding to drive business decisions that add to the company?s strategic value.
Organizations can prepare themselves to incorporate Big Data into their GRC processes by considering the following questions:
? How are my company?s audit, compliance and risk management functions utilizing Big Data to meet business objectives and to provide risk assurance to key stakeholders?
? Does the organization have an understanding of its structured and unstructured data sources and repositories, internally and externally?
? Has the organization incorporated and integrated Big Data into its continuous monitoring to provide stakeholders with timely information on various aspects of the business?
? Does the company has an enterprise risk strategy for the Big Data?
? Does the organization have the right talent to manage such complex systems?
The author is the practice manager for professional services at ACL Asia