tech trends: compliance & auditing county/iia oc... · components of modern bi and analytics...

36
Tech Trends: Compliance & Auditing ISACA / ACFE / IIA Joint Fraud Conference March 23, 2017

Upload: others

Post on 24-Jul-2020

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Tech Trends: Compliance & AuditingISACA / ACFE / IIA Joint Fraud Conference

March 23, 2017

Page 2: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

2© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

About Us

Tabitha Gaustad DirectorKPMG Forensic

Yiwen FuManagerKPMG Forensic

Page 3: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

3© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Agenda

Where are we?

Where do we want to be?

How do we get there?

Page 4: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Where are we?

Page 5: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

5© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Where are we?

Most organizations are here today

• Pilots• Building

expertise• Ad hoc

approach

• Conceptual design• No structured

approach

• Structured, agile approach

• Data governance• Program

set up

• Integration with line departments

• Supply and demand processes

• Enriched data

• Decisions driven by data

• Embedded across most operations

• Rich data readily available

ExperimentalAwareness Cohesive Business Driven Embedded

Mat

urity

Level 1Level 2

Level 3

Level 4

Level 5

Page 6: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

6© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Technology as a Fraud Enabler

Created false or misleading

information in accounting

records

Abused permissible

access to organization’s

computer systems

Provided false or misleading information via email or other messaging platform

Obtained access to organization’s computer systems without permission

20%

8%

3%13%

24%

Other

Source: Global Profiles of the Fraudster, KPMG International, 2016

Page 7: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

7© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Data + Analytics: View from the CEO

• One out of ten CEOs actively distrusts their organization’s use of data and analytics. • Only a third have a high level of trust in the accuracy of their data and analytics.• One out of five have limited trust for nearly every aspect of the way their organization

uses data and analytics. • Life sciences and banking CEOs expressed the highest degree of distrust in their data,

while technology firms expressed the highest degree of confidence.

Investment Risk Efficiency

24% 50%PLAN TO INVEST IN D&A CAPABILITIES

USE D&A TO MANAGE RISK

USE D&A TO DRIVE COST EFFICIENCIES

of CEOs acknowledge they need to be better at data & analytics70%

46%

Source: U.S. CEO Outlook 2016, KPMG LLP

Page 8: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

8© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Data + Analytics: View from the CCO

47% use data analytics and other technology processes to conduct root cause and trending analysis

69%

leverage technology to support compliance

initiatives

Source: The Compliance Journey, Summary of KPMG’s CCO Survey Results, KPMG LLP, 2017.

Page 9: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

9© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Top Compliance Challenges

19% 16%31%32%

50% 39%50%55%

Ensuring accountability &

compliance responsibilities

Transforming compliance

effectiveness & sustainability

Improving data quality

Strengthening governance & culture

Managing surveillance,

reporting, data & controls

Managing cybersecurity & data

privacy

Reforming compliance reporting

Managing cross-border regulatory

change

Source: The Compliance Journey, Summary of KPMG’s CCO Survey Results, KPMG LLP, 2017.

Page 10: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

10© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

View from the CCO by industry

Source: The Compliance Journey, Summary of KPMG’s CCO Survey Results, KPMG LLP, 2017.

Page 11: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

11© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Building Trust in Analytics

60%of respondents say they are not very confident in their D&A insights.

Base: 2,165 data and analytics decision-makers Note: responses do not add to 100% due to rounding Source: KPMG Building Trust in Analytics, a commissioned study conducted by Forrester Consulting on behalf of KPMG, July 2016

Page 12: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Case Study: PowerPivot

Page 13: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Where do we want to be?

Page 14: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

14© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Tech Concepts + Trends

Data governance

Data democratization

Self-service analytics

Visualization

Dashboards

Guided analysis

Visual data discovery

Single source of truth

Unstructured data

Data lake

Data warehouse

Data store

Predictive analytics

Natural language processing

Machine learning

Cognitive

Artificial intelligence

Page 15: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

15© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Gartner: Smart Data DiscoverySmart data discovery leverages machine learning to prepare and cleanse data more intelligently, automatically generate the most important insights, and interpret charts via natural-language generation.

By 2020:• Smart, governed, Hadoop/Spark-, search- and visual-based data discovery capabilities

will converge into a single set of next-generation data discovery capabilities as components of modern BI and analytics platforms

• natural-language generation and artificial intelligence will be a standard feature of 90% of modern BI platforms

• 50% of analytic queries will be generated using search, natural-language processing or voice, or will be auto-generated

• organizations that offer users access to a curated catalog of internal and external data will realize twice the business value from analytics investments than those that do not

Through 2020, the number of citizen data scientists will grow five times faster than the number of data scientists.

Gartner, “Critical Capabilities for Business Intelligence and Analytics Platforms.” 2017

Page 16: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

16© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Digital Labor Spectrum

Page 17: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Data Governance

Sometimes teams would seek reports and they would be astounded by the numbers they saw because that wouldn’t quite make sense from their perspective. The biggest problem was data quality. In many of these operational systems people actually stuff data in without necessarily putting any kind of governance into what went in. Unless you put the governance in the processes that brought the data into the data warehouse, which is downstream from an analytical tool, there was no guarantee what you were seeing was correct.

Sanjay KrishnamurthiChief Architect, Microsoft Corporation

Page 18: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Case Study:Visual Data Discovery

Page 19: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

How do we get there?

Page 20: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Journey vs. Destination

Data analytics is a rapidly changing technology tool. Maintaining optimum capability in this area requires ongoingstudy, training, and commitment.

Committee of Sponsoring Organizations of the TreadwayCommission (COSO) Fraud Risk Management Guide (September 2016) p 87.

Page 21: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

21© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

How to think about data & analytics

STRATEGYVision

ExecutionGoals/Objectives

DATAAccess

SecurityGovernance

TECHNOLOGYPlatform

InteroperabilityORGANIZATIONPeopleProcessService Delivery

ANALYTICSAdvanced AnalyticsMetrics & Reporting Visualization

Page 22: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

22© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Strategy | Vision

• Aligning D&A with business goals delivers a higher return on investment

• Stakeholder buy-in is imperative for sustainability and driving value to the bottom line.

Do we have a clear strategy for aligning Data & Analytics with broader strategic goals?

Why does this matter?

What should I do about it?

• Engage stakeholders early and establish a defined communication program

• Use interviews and workshops to define objectives, including high priority use cases

• Establish a governance process to make decisions• Publish a D&A strategy and projects list

Page 23: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

23© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Strategy | Execution

• Lack of a well defined strategy promotes silos, shadow organizations and duplication in resources and technology

Do we execute data & analytics effectively?

Why does this matter?

What should I do about it?

• Determine a service delivery model for analytics and outline the processes that need to be established

• Use workshops to identify D&A use cases, including those that will be leveraged across multiple business units

• Clearly define funding [needs] for D&A projects and have defined use cases for how D&A will be used

Page 24: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

24© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Data

• Decisions are only as good as the data supporting them • Sourcing and use of data can create risks (e.g., privacy)• Sourcing data services can create risks (e.g., breaches)

Why does this matter?

What should I do about it?

• Identify / maintain high-quality internal & external data sources

• Ensure appropriate access to data; data access should be “fit for purpose”

• Enforce enterprise-grade security standards: control access to data via encryption, tokenization, access monitoring, etc.

• Establish data management processes to maintain integrity of data and establish a meaningful linkage to DA results

Does our data access balance discovery and innovation with security? Does our governance support data quality and minimize risk?

Page 25: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

25© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Technology | Platform

• Implementing hardware and software is expensive: technology + opportunity costs during implementation

• Not having tools you need to execute on desired analytics is as costly as buying tools you do not really need

Does my platform fit my current and future estimated needs? Will it scale if they continue to grow?

Why does this matter?

What should I do about it?

• Consider conducting and inventory and assessment of current technology available in your organization

• Link technology to business requirements to ensure the right toolsets are available

• Implement training for standard tools across the organization

Page 26: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

26© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Technology | Interoperability

• Duplication of projects and data will become common if siloed leaders are not connected and exposed to the work of other groups

• Technology duplication increases costs and decreases the use of data consistently

Are value and insights getting across organizational silos?

Why does this matter?

What should I do about it?

• Establish a consistent set of D&A tools and shared license agreements across the organization

• Consider an IT group responsible for an integrated enterprise analytics platform

• Provide access to commonly used datasets• Focus IT resources on the management of the platform

and ensuring data flows easily - to increase business time spent on analytics

Page 27: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

27© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Organization | People

• Attracting analytical talent is critical, but retaining and motivating them requires special attention

• Not all organizations have ready access to corporate IT or centralized data analysis functions

What capabilities do we need? How do we find and organize our D&A talent?

Why does this matter?

What should I do about it?

• Consider an inventory and assessment of analytics skills and build

• Define the key skill sets required and chart a career path for existing data specialists

• Acquire the right talent for D&A initiatives• Develop training programs so all resources have an

opportunity to improve their D&A skills

Page 28: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

28© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Organization | Process

• Harnessing the efficiencies and effectiveness of data analysis requires changes to the way people execute and document their work

Do our processes empower and encourage the use and adoption of analytics?

Why does this matter?

What should I do about it?

• Define processes in collaboration with stakeholders to obtain early buy-in they are appropriate and reasonable

• Identify user champions who can be early adopters and resources for others

• Train users and downstream parties• Ensure processes are designed to capitalize on the reuse

of models, sharing of lessons learned and other important knowledge sharing opportunities

Page 29: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

29© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Analytics

• A consistent approach to producing and leveraging advanced analytics drives better decisions

Why does this matter?

What should I do about it?

• Ensure there is a good foundation of understanding for the data to be used, basic metrics and KPIs

• Consult stakeholders to understand organizational issues and opportunities

• Examine and prioritize the use cases that will have the biggest impact on the organization, as well as, those that can realize “quick wins”

• Create a QA program to verify critical models and insights. Communicate the value generated from these models beyond stakeholders

How do I extract value from my data? How do I make sure my data is used to address real business issues?

Page 30: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

“In general, it is helpful to take an iterativeapproach to the use of proactive anti-fraud data analytics procedures to ensure that the tests are designed and tested carefully and then continuously monitored and improved.”

Committee of Sponsoring Organizations of the Treadway Commission (COSO) Fraud Risk Management Guide (September 2016) p 49.

Design, test and refine

Page 31: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Common Challenges

Page 32: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

32© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Capability + confidence

Base: 2,165 data and analytics decision-makers Source: KPMG Building Trust in Analytics, a commissioned study conducted by Forrester Consulting on behalf of KPMG, July 2016

Page 33: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

33© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Bridging the Trust Gap

Page 34: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

34© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Early Adopter Insights

“A key take-away for us was ensuring we had the proper resources.”- VP data and analytics at global life sciences

company

“The biggest challenge is probably input quality. Finding information is quite difficult at times. There’s so much of it out there and getting access to it isn’t as straightforward as it should be. And when we do get access to it, sometimes it has missing data or incomplete data that means we can’t use it without having to spend a long time cleaning it first.”

- Analytics leader at a large US bank

“You have no choice but to use data to drive insights. In large organizations that operate across multiple locations serving different customers, you have to rely on data to make better decisions. There is no other way. With so many different variables, you cannot rely on your gut instinct anymore.”

- Analytics and IT director at a U.S. healthcareprovider

Source: KPMG Building Trust in Analytics, a commissioned study conducted by Forrester Consulting on behalf of KPMG, July 2016

Page 35: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

Tabitha Gaustad+1 408 [email protected]

Yiwen Fu+1 415 [email protected]

Contact Us

Page 36: Tech Trends: Compliance & Auditing County/IIA OC... · components of modern BI and analytics platforms • natural-language generation and artificial intelligence will be a standard

© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

The KPMG name and logo are registered trademarks or trademarks of KPMG International.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

kpmg.com/socialmedia