Survey Says: Data Analysis is Driving Risk Management, Fraud Detection, and Compliance

2014-08-01

EY published their Global Forensic Data Analytics Survey 2014, entitled “Big risks require big data thinking.” It is a comprehensive and compelling report around the use of data analysis to help address some of the most significant risks facing organizations. For a number of you reading this blog, the report may seem to be preaching to the converted. In some ways it does not find anything fundamentally new compared to regular surveys and reports on the topic from the Big Four over the past five years or more. However, it does a particularly good job of setting data analysis in the context of a broad range of risk areas that are (or should be) of high concern to senior management and the board. It also highlights that specialized audit and risk data analysis technology is not just for internal auditors and is now very clearly of importance to those in a number of C-suite positions.

I am not sure of the reasoning behind the focus on the word “forensic” in the report title, which seems to be potentially limiting. The term tends to be used primarily in the context of investigating fraud and crime, a purpose for which data analysis is particularly effective. However, data analysis has a far broader role to play in the overall context of audit, risk and compliance. I do like the way the report uses the “big data” term. This has of course been a hot topic for the past few years or so, but is seldom used to refer to risk, fraud and compliance data analysis—even though this is where big data concepts have been applied in practice for several decades.

The EY report comprises 36 pages—relatively detailed for a Big Four publication—and is well worth a read. It breaks down its findings by both geography and industry, which are useful perspectives to provide. It uses the term forensic data analytics (FDA) to refer to data analysis for audit, risk assessment and compliance purposes.

Key Takeaways

Here are some of the key takeaways of the report: Data analytics usage

• The key risk areas in which FDA is used most extensively include:
• bribery and corruption
• employee fraud
• regulatory compliance
• financial statement fraud
• Data analysis is used for both structured data “e.g., general ledger or transaction data” and unstructured data“e.g., email communications or free-text fields in databases”
• Spreadsheet and generic database technologies are still used more extensively than specialized tools. However, those companies using more advanced technologies reported significantly higher benefits than those using spreadsheets or databases.
• Capabilities for “data visualization, statistical analysis and text mining concepts” are cited as being of particular additional benefit.
• Usage includes “integrating continuous monitoring tools, analyzing data in real or near-real time and enable rapid response to prevent suspicious or fraudulent transactions.”

Benefits, results, and ownership

• The top benefits of FDA usage include:
• the ability to “enhance our risk assessment process” (90%) and “detect potential misconduct that we couldn’t detect before” (89%)
• “better comparison of data for improved fraud risk decision making (82%)”
• “enhanced audit planning or investigative fieldwork (82%)”
• “earlier detection of misconduct (82%)”
• There is a surprisingly high identification of executive management (81%) and boards (68%) as primary users or beneficiaries of FDA. (I suspect this refers to desirable levels of usage or intended beneficiaries rather than actual.)
• Ownership of FDA programs tends to be spread out across organizations, though the greatest concentration of results are among: “corporate executive management with 32% of respondents or legal and compliance with 31% of respondents. In third place comes internal audit functions (22%).”

Challenges

The most significant challenges to implementing an FDA program include:

• “Getting the right tools or expertise”
• Lack of awareness among management of the benefits of FDA
• Cost was considered to be a low factor

Success factors

• I liked this one: “Technology counts: better tools result in better FDA results”
• Primary critical success factors for successful implementation of an FDA program include:
  1. “Focus on the low-hanging fruit: the priority of the initial project matters
  2. Integrate more advanced FDA technologies
  3. Communicate early and broadly
  4. Sustained FDA success relies on the use of experienced, knowledgeable end-users interpreting the results
  5. Enterprise-wide deployment takes time; don’t expect overnight adoption”

Big picture

In terms of how the typical roles of “big data” analysis are seen in an organization, I liked this quote that is included in the report:

“From a European perspective, what we are seeing from big data commentators is a continuous reference to the leveraging of large data volumes for the purposes of customer acquisition and retention. However, what this survey tells us is that the proactive detection of fraud and noncompliance through continuous monitoring and point solutions is very much on the C-suite agenda, and that the exploitation of big data for these purposes is going to be a huge opportunity for organizations to improve risk management.”
–Paul Walker, Forensic Technology & Discovery Services, FIDS UK
I think this is a useful report. If you find it a challenge to get leaders or others in your organization to understand why they should be making specialized analysis technology an integrated part of their risk management and compliance strategy, then I would suggest sharing this report widely.

>> Read “Big risks require big data thinking: Global Forensic Data Analytics Survey 2014”

(Source: ACL Blog)