Data analytics when applied effectively has the power to detect and avoid risks in time to potentially save millions of dollars often spent on after-the-fact mitigation, remediation, investigation and litigation. The process efficiencies that it can bring to bear through automation and rationalization of hitherto manual processes leads to further cost benefits. Not to mention the transparency and insights that are available at your fingertips through a robust reporting and dashboarding framework.
But despite a thorough understanding of the benefits of analytics infused compliance programs and honest intent, the burning question from risk and compliance professionals is often—“where do we start?”.
Whether you are looking to create an immersive compliance analytics framework, effectively overhauling your existing processes or taking a measured, calibrated approach to inject analytics into your compliance program, a good place to start is to perform a holistic assessment of the data analytics maturity and chart out a roadmap for a more data-driven operation.
Here are some tips to successfully conduct the assessment and elevate your compliance program using data analytics:
1. Start with Your Existing Data Assets and Data Management Capability
Create an inventory of data assets available to you—internal & external, structured & unstructured, centralized & de-centralized. Include the ones you think are only marginally relevant to the compliance program—IT access logs, procurement data, background checks, employee surveys etc. You’d be surprised at the rich insights some of these sources might bring when combined with the more conventional compliance data.
Next, evaluate how many of these data sources are accessible to stakeholders. How many are currently being used to derive insights? Are they being combined using common attributes (such as employee ID) or used stand alone? Is there enough metadata (description of tables and fields) available to users for effective usage?
Finally, evaluate the data governance process to ensure the accuracy, access control and data security.
Addressing these factors will help identify glaring gaps e.g. data that is collected, but not fully leveraged, or not accessible to users. It will also provide a clear view of your current state (point of departure) and the desired state with regards to your data management capabilities (point of arrival).
2. Deep Dive Into Your Risk Assessment Process
List out the red flag tests and statistical analyses of risk being conducted by the organization. Do they cover all potential scenarios with respect to risk? Are there existing predictive models for risk scoring (or potential to implement)? How long does it take to refresh the risk scores with new data?
How are insights from such analyses consumed— slides, Excel reports, dashboards, alerts? Do they provide sufficient visibility to executive leadership? Do dashboards offer self service capabilities where risk analysts can identify and deep dive into insights and anomalies?
Evaluate the level of automation vs. manual effort from data capture to reporting. Look at the workflow management – reminders, alerts on significant matters or updates, approvals and task assignments. Also assess the data dissemination process—periodic reports.
This exercise will help you identify areas that could be made more efficient, accurate and actionable with minimal manual intervention.
3. Evaluate the Technology Stack
Work with your IT team to understand the current infrastructure that stores and processes compliance data and presents insights for users. Identify future tech needs that would be required to fulfil your data and process vision in steps 1 and 2. Resolve simpler asks such as data access, 3rd party data integration, software licensing first.
Discuss more strategic requirements such as cloud implementation, maintenance of compliance data marts, streaming data etc. and align on a roadmap. Do not hesitate to dig deeper into root causes of latency in the tech infrastructure. It is also important to future-proof your technological needs and ensure scalability. Make prudent build vs. buy decisions in collaboration with the IT team as a part of the roadmap.
4. Smoke Test Your Assessment with Key Use Cases
Identify 4-5 key use cases that represent the compliance program as a whole e.g. monitoring hotline data, tracking gift registry, T&E compliance etc.
Visually capture the end-to-end processes, marking out the data sources, tools, technologies, systems, key personnel, teams, reports, communications and timeframes. Do a current state evaluation of each use case with respect to data, process and technology and compare it with a desired state that can be realistically achieved.
Identify common pain points emerging from a detailed assessment of each use case to verify that your overall gap assessment is accurate, comprehensive and bridging the identified gaps will significantly improve the efficacy of each of the identified use cases. Adjust your gap assessment and future roadmap if required.
5. Talk to Experts and Gather Benchmarks
Consult industry and functional experts who have been there and done that. They could provide meaningful benchmarks and guidance that will help you with your analytics journey. Remember though, what worked for them might not work for your program as every organization has a unique set of attributes, challenges and goals, not to mention different appetite for data analytics.
Develop a roadmap that addresses your requirements, at a pace which is comfortable to your organization, is realistic and achievable in a reasonable timeframe.
For the new year and the years ahead, a well- executed data-driven risk assessment following these steps will help set your company up for continued improvement. It will help you uncover blind spots and identify opportunities to make the risk and compliance function more robust, efficient, and stay ahead of the data analytics curve.
This article originally appeared in Compliance Week.
