Latest Products

How to leverage big data

Thursday 4 January 2018

* Click here to download PDF version of this article.

* This article was originally published in the Final Quarterly Edition of the GRC Professional for 2017. Click here to get your member copy. 

People must overcome their fear of data or risk being left behind.

Despite the rise of technology, there are still challenges when organisations are looking for the best way to leverage data. Much of this has do with the fact that data analytics is relatively new. It also has to do with the ambiguity of the phrase ‘big data’.

In early October, GRC Professional interviewed Allana Rigby, Regional Lead of Data Analytics at Control Risks. Rigby spoke about the benefit of leveraging big data and combining it with ‘thick data’ (termed ‘intelligence’ at Control Risks)—namely, the human interpretation of smaller sets of data and the insights it provides.

Key for Rigby is that data helps organisations make better decisions. Ultimately, big data is just data, and data it is critical for organisations.

“Data is the only way you can actually look into your company,” Rigby explained. “It’s the DNA of your company; it tells you what’s happening and how it’s happening.”

“Thick data is even more important than big data. You can’t do meaningful analysis without big data and thick data. At the beginning, I think a lot of compliance and risk functions tried to do analysis with just big data and it failed.”

How much data do you need?
Rigby points out that a lot of emphasis falls on trying to collect big data; however, what is not being discussed is that this big data is only part of the solution. If all a company does is plug in ‘big data’, they will not find the solutions for which they are looking because often, that kind of data fails to provide any true insights.

Companies must overcome their inherent fear of data because it is what can do is provide a complete and unbiased view of the company. And, while there is always bias with humans, data will show plainly what is happening.

On the flip side, is it always better to have more data? How much data is enough?
According to Rigby, the power of data lies not in its volume but in its ability to be collated and combined with thick data or intelligence.

The misunderstanding of big data
“I think one of the reasons people don’t understand how they can use data analytics is that there are all these different technologies and terminologies. Everybody talks in jargon and technical speak. But really, they are not saying anything concise because there are so many uses for data analytics that if you start being precise about one thing, you exclude another area,” Rigby explained.

Big data in itself just means lots of data. The challenge for many organisations is looking behind the media hype to see what works and what is actually effective.

Compliance & risk
Many of the initial fraud detection programs that were initially released failed, says Rigby, or at least were not as effective as they could have been. Instead, what is required is the adding of thick data—that is, human interpretation and insights. That really makes a difference to the results, which can then be put to effective use.

“Now, we have predictive analytics which works because we have the ability to combine thick data with big data,” Rigby said.

She emphasised, however, that you can’t just go into a company and plug in an analytics platform.

 “You don’t always need all of that data,” she said. “It’s better to think about what answers you want and then work backwards.”

The initial fraud detection programs that went out were just data programs. To a limited extent, those programs did work but they failed to provide the overall outcomes people expected.

Predicting the future and pre-crime
With ‘thick data’ or intelligence, data can fuel predictive analytics. This helps GRC professionals detect potential issues and thus mitigate these with improvements to the organisation’s broader GRC framework.

“Unfortunately, detecting what has happened doesn’t really help anyone because it has already happened,” Rigby said. “The reason why we began detecting things as standard is because, five years ago, we didn’t have the capability to predict that things were going to happen. But it is now possible to watch an event unfurl within the data.”

Rigby argued the proactive approach costs nothing, and said that for internal audits, the context is changing.

Five years ago, discovering a $10 million fraud would have been applauded by the board. Now, due to changing expectations, they are more likely to demand: ‘Why did you let this happen?’
“I think the compliance functions we see today will be different in a few years’ time. They will be more proactive. There will be no need for anyone to be reactive anymore.”

The benefits of being reactive at present is that companies are more likely to be preventative next time to prevent further fraud.

Getting the buy-In
One of the biggest challenges for getting buy-in for an effective, proactive, data analytics programs is the fear of data. For risk and compliance, this means getting buy-in from the business, since there is little reason as to why the internal audit or the compliance function should know where the data is.

This means reaching out to the IT function and getting the buy-in from there.
The other challenge, according to Rigby, is the fact that the use of data analytics as a preventative measure is still a novice idea.

But is there any risk to bringing together all the data?
Opening Pandora’s Box is always a risk. But exposing systemic issues that need to be tackled is as much a positive—one that can be a great driver of constructive change.