Increase compliance by listening to the story your corporate data is telling you
03 October 2018
In our last insurance blog we discussed why data engineers could be the catalyst your business needs. In this one we venture into the area of analytics performed by data engineers, business analysts and auditors in the internal audit and compliance functions.
Data analytics concepts pre-date computers. In fact, we could say that even Sherlock Holmes was quite well known for using deductive reasoning to make determinations from data-related evidence. In the current business world, the best evidence that we have as to whether something took place or not is most often derived from a digital footprint. Modern data analytics is a process of inspecting, cleansing, transforming, and modelling data with the goals of highlighting useful information and supporting our decision making. The notion of time is a key component, helping answer questions about either the past, the present or even the future. Incorporating time into analytics focuses these efforts so you can build repeatable patterns into the questions that should be asked and answered, so data analytics is answering a question with data.
“Data! Data! Data!” he cried impatiently. “I can’t make bricks without clay.”
Sherlock Holmes - The Adventure of the Copper Beeches
Data analytics allows auditors, whether internal or external, to re-compute or model the recording of data transactions. Because of this, they can have greater confidence than if they had tested using sampling – which may miss critical anomalies. By analysing every asset and related data transaction, an audit team is able to test the entire population and be much more confident in the results.
Corporate data often contains insightful stories about control effectiveness, risk management, ethical behaviour, organisational performance and financial stability. Uncovering these stories and using data to tell them in a way that means something to human decision makers will differentiate the assurance providers of the future. Digitalisation enables decentralised controls in organisations, questioning in many cases the traditional methods adopted to manage risk, and viably leading to new assurance models for the digital age.
Data analytics can empower proactive and ongoing compliance efforts. Rather than only finding out about compliance issues by doing periodic testing, risk-based internal audit activities or through regulatory embargos, a company can uncover potential problems in real time and proactively, before they come to regulators’ attention. This would provide time to allow the business to take steps to remediate the issue, understand why it happened and work to avoid it in future.
Building a data analytics mandate within the compliance function can drive efficiency and effectiveness and is essential for any company. Two priorities are to:
- increase the control and design assessment of the compliance operations to meet increasing expectations of business stakeholders; and
- ensure risks are well managed across the company by defining limits for risk exposures, implementing strong controls and using technology-driven monitoring.
The use of monitoring as an alerting task is a logical next step for compliance teams. The transition from using data analytics as a way to perform historical analysis to using it to alert through continual or continuous monitoring should be the next approach as it is an emerging best practice. Continual or continuous monitoring establishes these alerts and suggests that it is time to take action based on an event that has only just occurred.
The next frontier for data analytics is a move from alerting to predictive analytics, which is using data analytics to forecast what’s likely to happen in the future. This allows firms to transcend from answering questions about what has happened in the past or what is currently happening to what we can expect to happen in the future. While predictive analytics is common in some industries and processes, it is substantially less practiced from an audit or compliance perspective. This is where the power comes. By moving to almost a prescriptive action – that is, being able to deliver a risk management solution to that potential situation – because you were able to predict, or have an insight, the situation before it even happened.