tech trends: compliance & auditing county/iia oc... · components of modern bi and analytics...

Tech Trends: Compliance & AuditingISACA / ACFE / IIA Joint Fraud Conference

March 23, 2017

2© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

About Us

Tabitha Gaustad DirectorKPMG Forensic

Yiwen FuManagerKPMG Forensic


Agenda

Where are we?

Where do we want to be?

How do we get there?

Where are we?


Where are we?

Most organizations are here today

• Pilots• Building

expertise• Ad hoc

approach

• Conceptual design• No structured

approach

• Structured, agile approach

• Data governance• Program

set up

• Integration with line departments

• Supply and demand processes

• Enriched data

• Decisions driven by data

• Embedded across most operations

• Rich data readily available

ExperimentalAwareness Cohesive Business Driven Embedded

Mat

urity

Level 1Level 2

Level 3

Level 4

Level 5


Technology as a Fraud Enabler

Created false or misleading

information in accounting

records

Abused permissible

access to organization’s

computer systems

Provided false or misleading information via email or other messaging platform

Obtained access to organization’s computer systems without permission

20%

8%

3%13%

24%

Other

Source: Global Profiles of the Fraudster, KPMG International, 2016


Data + Analytics: View from the CEO

• One out of ten CEOs actively distrusts their organization’s use of data and analytics. • Only a third have a high level of trust in the accuracy of their data and analytics.• One out of five have limited trust for nearly every aspect of the way their organization

uses data and analytics. • Life sciences and banking CEOs expressed the highest degree of distrust in their data,

while technology firms expressed the highest degree of confidence.

Investment Risk Efficiency

24% 50%PLAN TO INVEST IN D&A CAPABILITIES

USE D&A TO MANAGE RISK

USE D&A TO DRIVE COST EFFICIENCIES

of CEOs acknowledge they need to be better at data & analytics70%

46%

Source: U.S. CEO Outlook 2016, KPMG LLP


Data + Analytics: View from the CCO

47% use data analytics and other technology processes to conduct root cause and trending analysis

69%

leverage technology to support compliance

initiatives

Source: The Compliance Journey, Summary of KPMG’s CCO Survey Results, KPMG LLP, 2017.


Top Compliance Challenges

19% 16%31%32%

50% 39%50%55%

Ensuring accountability &

compliance responsibilities

Transforming compliance

effectiveness & sustainability

Improving data quality

Strengthening governance & culture

Managing surveillance,

reporting, data & controls

Managing cybersecurity & data

privacy

Reforming compliance reporting

Managing cross-border regulatory

change



View from the CCO by industry



Building Trust in Analytics

60%of respondents say they are not very confident in their D&A insights.

Base: 2,165 data and analytics decision-makers Note: responses do not add to 100% due to rounding Source: KPMG Building Trust in Analytics, a commissioned study conducted by Forrester Consulting on behalf of KPMG, July 2016

Case Study: PowerPivot

Where do we want to be?


Tech Concepts + Trends

Data governance

Data democratization

Self-service analytics

Visualization

Dashboards

Guided analysis

Visual data discovery

Single source of truth

Unstructured data

Data lake

Data warehouse

Data store

Predictive analytics

Natural language processing

Machine learning

Cognitive

Artificial intelligence


Gartner: Smart Data DiscoverySmart data discovery leverages machine learning to prepare and cleanse data more intelligently, automatically generate the most important insights, and interpret charts via natural-language generation.

By 2020:• Smart, governed, Hadoop/Spark-, search- and visual-based data discovery capabilities

will converge into a single set of next-generation data discovery capabilities as components of modern BI and analytics platforms

• natural-language generation and artificial intelligence will be a standard feature of 90% of modern BI platforms

• 50% of analytic queries will be generated using search, natural-language processing or voice, or will be auto-generated

• organizations that offer users access to a curated catalog of internal and external data will realize twice the business value from analytics investments than those that do not

Through 2020, the number of citizen data scientists will grow five times faster than the number of data scientists.

Gartner, “Critical Capabilities for Business Intelligence and Analytics Platforms.” 2017


Digital Labor Spectrum

Data Governance

Sometimes teams would seek reports and they would be astounded by the numbers they saw because that wouldn’t quite make sense from their perspective. The biggest problem was data quality. In many of these operational systems people actually stuff data in without necessarily putting any kind of governance into what went in. Unless you put the governance in the processes that brought the data into the data warehouse, which is downstream from an analytical tool, there was no guarantee what you were seeing was correct.

Sanjay KrishnamurthiChief Architect, Microsoft Corporation

Case Study:Visual Data Discovery

How do we get there?

Journey vs. Destination

Data analytics is a rapidly changing technology tool. Maintaining optimum capability in this area requires ongoingstudy, training, and commitment.

Committee of Sponsoring Organizations of the TreadwayCommission (COSO) Fraud Risk Management Guide (September 2016) p 87.


How to think about data & analytics

STRATEGYVision

ExecutionGoals/Objectives

DATAAccess

SecurityGovernance

TECHNOLOGYPlatform

InteroperabilityORGANIZATIONPeopleProcessService Delivery

ANALYTICSAdvanced AnalyticsMetrics & Reporting Visualization


Strategy | Vision

• Aligning D&A with business goals delivers a higher return on investment

• Stakeholder buy-in is imperative for sustainability and driving value to the bottom line.

Do we have a clear strategy for aligning Data & Analytics with broader strategic goals?

Why does this matter?

What should I do about it?

• Engage stakeholders early and establish a defined communication program

• Use interviews and workshops to define objectives, including high priority use cases

• Establish a governance process to make decisions• Publish a D&A strategy and projects list


Strategy | Execution

• Lack of a well defined strategy promotes silos, shadow organizations and duplication in resources and technology

Do we execute data & analytics effectively?



• Determine a service delivery model for analytics and outline the processes that need to be established

• Use workshops to identify D&A use cases, including those that will be leveraged across multiple business units

• Clearly define funding [needs] for D&A projects and have defined use cases for how D&A will be used


Data

• Decisions are only as good as the data supporting them • Sourcing and use of data can create risks (e.g., privacy)• Sourcing data services can create risks (e.g., breaches)



• Identify / maintain high-quality internal & external data sources

• Ensure appropriate access to data; data access should be “fit for purpose”

• Enforce enterprise-grade security standards: control access to data via encryption, tokenization, access monitoring, etc.

• Establish data management processes to maintain integrity of data and establish a meaningful linkage to DA results

Does our data access balance discovery and innovation with security? Does our governance support data quality and minimize risk?


Technology | Platform

• Implementing hardware and software is expensive: technology + opportunity costs during implementation

• Not having tools you need to execute on desired analytics is as costly as buying tools you do not really need

Does my platform fit my current and future estimated needs? Will it scale if they continue to grow?



• Consider conducting and inventory and assessment of current technology available in your organization

• Link technology to business requirements to ensure the right toolsets are available

• Implement training for standard tools across the organization


Technology | Interoperability

• Duplication of projects and data will become common if siloed leaders are not connected and exposed to the work of other groups

• Technology duplication increases costs and decreases the use of data consistently

Are value and insights getting across organizational silos?



• Establish a consistent set of D&A tools and shared license agreements across the organization

• Consider an IT group responsible for an integrated enterprise analytics platform

• Provide access to commonly used datasets• Focus IT resources on the management of the platform

and ensuring data flows easily - to increase business time spent on analytics


Organization | People

• Attracting analytical talent is critical, but retaining and motivating them requires special attention

• Not all organizations have ready access to corporate IT or centralized data analysis functions

What capabilities do we need? How do we find and organize our D&A talent?



• Consider an inventory and assessment of analytics skills and build

• Define the key skill sets required and chart a career path for existing data specialists

• Acquire the right talent for D&A initiatives• Develop training programs so all resources have an

opportunity to improve their D&A skills


Organization | Process

• Harnessing the efficiencies and effectiveness of data analysis requires changes to the way people execute and document their work

Do our processes empower and encourage the use and adoption of analytics?



• Define processes in collaboration with stakeholders to obtain early buy-in they are appropriate and reasonable

• Identify user champions who can be early adopters and resources for others

• Train users and downstream parties• Ensure processes are designed to capitalize on the reuse

of models, sharing of lessons learned and other important knowledge sharing opportunities


Analytics

• A consistent approach to producing and leveraging advanced analytics drives better decisions



• Ensure there is a good foundation of understanding for the data to be used, basic metrics and KPIs

• Consult stakeholders to understand organizational issues and opportunities

• Examine and prioritize the use cases that will have the biggest impact on the organization, as well as, those that can realize “quick wins”

• Create a QA program to verify critical models and insights. Communicate the value generated from these models beyond stakeholders

How do I extract value from my data? How do I make sure my data is used to address real business issues?

“In general, it is helpful to take an iterativeapproach to the use of proactive anti-fraud data analytics procedures to ensure that the tests are designed and tested carefully and then continuously monitored and improved.”

Committee of Sponsoring Organizations of the Treadway Commission (COSO) Fraud Risk Management Guide (September 2016) p 49.

Design, test and refine

Common Challenges


Capability + confidence

Base: 2,165 data and analytics decision-makers Source: KPMG Building Trust in Analytics, a commissioned study conducted by Forrester Consulting on behalf of KPMG, July 2016


Bridging the Trust Gap


Early Adopter Insights

“A key take-away for us was ensuring we had the proper resources.”- VP data and analytics at global life sciences

company

“The biggest challenge is probably input quality. Finding information is quite difficult at times. There’s so much of it out there and getting access to it isn’t as straightforward as it should be. And when we do get access to it, sometimes it has missing data or incomplete data that means we can’t use it without having to spend a long time cleaning it first.”

- Analytics leader at a large US bank

“You have no choice but to use data to drive insights. In large organizations that operate across multiple locations serving different customers, you have to rely on data to make better decisions. There is no other way. With so many different variables, you cannot rely on your gut instinct anymore.”

- Analytics and IT director at a U.S. healthcareprovider

Source: KPMG Building Trust in Analytics, a commissioned study conducted by Forrester Consulting on behalf of KPMG, July 2016

Tabitha Gaustad+1 408 [email protected]

Yiwen Fu+1 415 [email protected]

Contact Us

mailto:[email protected]

mailto:[email protected]

© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

The KPMG name and logo are registered trademarks or trademarks of KPMG International.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

kpmg.com/socialmedia

tech trends: compliance & auditing county/iia oc... · components of modern bi and analytics...

Documents