Risk Oversight

Big Risks, Big Data – And Big Decisions for the Board

As regulatory scrutiny and shareholder activism continue to increase, boards of directors have felt increased pressure to improve their company’s ability to respond to corporate fraud and abuse, as well as to identify it sooner and more often. Ernst and Young (“EY”) recently published an article discussing the use of data analytics as a risk management tool for boards of directors and senior management.

EY’s Global Forensic Data Analytics Survey 2016, shows that among the 665 mid- to large-size companies that responded to the survey, companies were most concerned with internal fraud, the risk of bribery and corruption of senior management, and cyber breaches by both outsiders and insiders. Moreover, 74% of C-suite respondents agreed that they needed to do more to improve anti-fraud procedures in their respective companies and recognize that simply relying on company policies and procedures is not enough. Boards are developing a more progressive and comprehensive approach to anti-fraud controls and are increasingly open to leveraging big data to make their organizations more secure. Distinguishing between “structured” (e.g. general ledger or transaction data) and “unstructured” (e.g. email, voice or text) data, the EY article acknowledges that many companies already utilize structured data in analyzing risk, but “unstructured data is often overlooked in traditional risk and internal control processes.” In response to the increased concern and regulatory scrutiny with respect to cyber fraud, many companies have begun turning to forensic data analytics (“FDA”), which are able to analyze both structured and unstructured data to catch and prevent fraud.

Emails, social medial, videos, voicemails and text messages can provide corporate boards and investigators with vital information related to fraud and abuse that may go unnoticed utilizing only traditional structured forms of data. For instance, the EY article notes that text messages can provide compliance teams with valuable information about a specific event as well as about company culture and corrupt intent. The major benefit to utilizing big data is that the search for relevant information can be greatly expanded. Depending on an individual company’s needs, the use of big data can span from searching employee emails for keywords or specific sensitive information to searching international sanctions databases and adverse media databases related to potential clients or vendors. Therefore, it is important, that boards ensure big data is being used to their advantage and in ways most useful to their particular company and industry.

The EY article concludes by challenging boards to consider the following questions:

  • Beyond compliance policies, training and education, what is the internal audit or compliance department doing to test the effectiveness of the controls in place?
  • Does the board receive periodic updates from internal audit or the compliance department on the results of these tests?
  • Has management communicated to the board whether the monitoring activities conducted are relying on simple rules-based tests derived from traditional internal audit procedures or from multiple data sources, data visualization, text mining and targeted anti-fraud, anti-corruption and cyber-specific tests?

Bearing in mind that systematic change often takes time and that data privacy considerations must also be taken into account, EY maintains that cyber security threats of fraud and abuse are simply too important to ignore.

To read the full article, click here.