Do you feel competitors have better insights?
Reliance on analytics has skyrocketed over the last decade with the rapid advancement of cloud-based platforms and tools. The amount and sources of data have also increased significantly with the digitization of business processes and the increased affordability of internet-connected sensors and digital twins (i.e., elaborate computer-aided simulations of physical infrastructure, often used for testing and analysis).
Analytics can add immeasurable value to internal audits by providing decision support, helping to monitor critical performance measures and targets, revealing potential fraud risks, and much more. Data-driven insights can also drive entire business models by helping to forecast consumer demand, target ads, streamline logistics and supply chains, and optimize costs throughout the value chain.
And where there are significant opportunities, there is also considerable risk. Two opposing forces that organizations need to balance are the risks of moving too slowly or too quickly in advancing analytics capabilities. Failing to prioritize analytics will result in slower growth relative to competitors and a sharp decline in market share over the near to medium term. On the other hand, the race for better insights can lead organizations to skip critical steps in resourcing, governance, and strategy. Gaining the wrong insights from data can be even more detrimental than not having any insights.
Analytics are table stakes in 2023. However, data integrity and confidence in the quality of analytic-driven insight must be the guiding forces behind its ongoing maturity. Priority one should be to add analytic expertise at the board and operational levels — including internal audit. Next should be to assess the quality of existing data and existing policies and practices to ensure data quality. Third should be to create (or re-assess) the organization’s strategy for maturing the analytics program and securing executive buy-in on that roadmap.
Related risks
- Internal audit (IA) becomes redundant as business outpaces it in the use of analytics and technology
- Business assumes IA only looks backward and does not embrace innovation. IA is no longer invited to the table
- The business is losing market share to the competition
- The failure rate of innovation is higher than your peer set
- The business does not have early warning indicators of issues or negative trends
Key questions to ask
- When was the last time you tested the integrity of your data? Has anything changed that might have impacted the integrity of your data?
- Do you have a material reliance on data from third parties (I.e., ESG metrics)? Are you confident this data has integrity?
- Are you confident in the accuracy of the output of your data analytics? Especially the analytics used for material insight and decision making.
- Are you losing market share or seeing an increase in complaints because you do not have the same quality of information and insight as your competitors?
Red Flags
- Lack of data integrity
- Ambiguous findings
- Missing value proposition
- Lack of technical or industry experience
- Data analytics are too simple or too complex
- Lack of audit committee buy-in
Internal Audit Project Opportunities
- Data Quality Audit
- This audit assesses the quality, completeness, and accuracy of data used for analytics. It verifies if data sources are reliable and whether data is properly collected, stored, and processed.
- Data Governance Audit
- This audit evaluates the organization's data management practices, policies, and procedures to ensure that data is handled securely, ethically, and in compliance with relevant regulations.
- Data Privacy Audit
- This audit assesses the organization's adherence to data privacy laws and regulations. It ensures that personal and sensitive data is handled appropriately and proper consent mechanisms are in place.
- Data Security Audit
- This audit examines the organization's data security measures, including access controls, encryption, and vulnerability assessments, to protect data from unauthorized access and cyber threats.
- Data Analytics Process Audit
- This audit reviews the end-to-end data analytics process, including data collection, preprocessing, analysis, and reporting. It ensures that the analytical methods and models are accurate, reliable, and aligned with the organization's objectives.
- Model Validation Audit
- For organizations using predictive models and algorithms for decision-making, a model validation audit verifies the accuracy and reliability of these models and checks if they are producing valid and actionable results.
- Data Retention and Deletion Audit
- This audit assesses the organization's data retention policies to ensure compliance with data retention regulations and evaluates the proper deletion of data when it is no longer needed.
- Data Access Audit
- This audit examines the access controls and permissions granted to users who interact with data analytics tools and systems. It ensures that access is granted based on the principle of least privilege.
- Vendor Management Audit
- For organizations relying on third-party data analytics vendors, this audit evaluates the vendor's data handling practices, security measures, and compliance with contractual agreements.
- Compliance Audit
- This broader audit assesses the organization's compliance with relevant laws, regulations, and internal policies related to data analytics, including data protection, consumer rights, and industry-specific guidelines.
- Data Visualization Audit
- This audit focuses on the accuracy and clarity of data visualizations and reports, ensuring that they present insights in an understandable and unbiased manner.
- Data Ethics Audit
- An audit of data ethics evaluates the organization's practices related to the ethical use of data, including transparency, fairness, and the avoidance of bias in data analytics.