Data-driven GRC is the next logical step
Much of the use of data analysis for audit, risk, and compliance starts on a ad-hoc basis, such as one-off explorations or profiling of data in order to determine risk exposure, detect fraud and identify compliance issues around a specific business process. However, such techniques are resource-intensive and many organisations are looking for innovative ways to provide increased coverage and risk assurance under these resource constraints. The subsequent end goal is to use automated techniques to carry out similar procedures on an ongoing and sustained basis. This way, data analysis enables continuous risk assessment and automated operational risk management that can be used by various stakeholders including senior management, audit and risk committees, and even external regulatory and audit organisations.
By embracing big data and adopting data-driven GRC, auditors will be at the forefront of the continuous monitoring and auditing evolution. Many leading organisations have seen significant benefits of data-driven GRC approach. Auditors are no longer limited to sample sets of data, but they have access to all-inclusive data coverage. This will empower auditors to analyse the underlying and source data rather than just the summary data. Though this will change the way the traditional auditing functions work, it will also offer an opportunity to extend data coverage beyond structured data to include contemporary forms of unstructured data such as email, social media, end-user applications, texts and more, giving more comprehensive insight and improving risk management.
Integrating big data into existing auditing techniques comes with its own share of challenges. Most large organisations have different accounting, financial and operational systems and an array of other systems within the organisation. Incorporating big data in such complicated system environment will not only increase the complexity of the data extraction but also multiply the pool of data for each of the systems. There is also a limited pool of qualified resources to effectively manage this huge explosion of data.
Timeliness also plays a crucial role in the auditing process. Due to the sheer amount of fragmented layers involved in data mapping and extraction across multiple systems and data points, it can be a challenge to deal with data efficiently. Furthermore, as most organisations are new to the concept of big data and data-driven GRC, they may be reluctant to surrender data due to various privacy and confidentiality constraints. This leads to cumbersome approval processes thereby increasing the cost and time involved for auditors.
However, technology is constantly evolving to provide comprehensive solutions to the major big data issues faced by the organisations. If properly employed, that can act as a strategic tool to accomplishing auditing tasks and put auditors at the forefront of the company's GRC initiatives.
Sign up for CIO Asia eNewsletters.