Organisations with effective data analytics can make stronger business decisions by learning what is working and what is not, what they are doing well, and where they need improvement, according to a new whitepaper by Information Systems Audit and Control Association (ISACA).
In-depth: How to create a clear project plan.
“Data analytics is more than just a single project,” says Anthony Noble, vice-president of IT audit at Viacom, a member of ISACA’s whitepaper development team.
“Effective data analytics helps enterprises identify what works well, to determine areas for improvement and recognise problems before they become out of control.”
In addition to helping assurance professionals establish value by pointing out potential cost savings and operational improvements, Noble says leveraging data analytics can provide other significant benefits such as greater insight into privacy and security issues; improved assurance over the quality of data; and increased staff productivity.
The whitepaper, titled Data Analytics — A Practical Approach suggests that an effective data analytics plan should focus on the end result and include steps such as: Perform ad hoc analysis in support of targeted risk areas; leverage data analytics within many projects for greater insight; move to repeatable analyses performed periodically on high-risk activities; and define the measures of success along the way.
“The results of data analytics can be useful in identifying areas of risk, fraud, errors and misuse, improving business efficiencies, verifying process effectiveness and even influencing business decisions,” Noble says.
Unfortunately, for decades surveys have consistently revealed that most business software projects fail to meet business objectives. They either take too long, cost too much, or focus on the wrong problems. According to the whitepaper, before investing more in data analytics, IT decision-makers need to follow five key rules.
Do simple process development first, using existing software
This step is the one most routinely skipped and leads to failed projects, the paper states. Do not buy a data analytics (DA) software package and expect to do a first-rate analysis with it straight out of the box. Develop some clear scenarios for waste or fraud at the enterprise and then work with existing reporting tools (or even spreadsheets) to determine how to find duplicates and flag unusual items. Work to understand these problems prior to selecting and investing in additional software.
Automate data extraction and automation
In many projects, up to 70 per cent of the time allotted to the entire project can be spent getting the data into a usable format and understanding how the data relates to the business process. Often, the scope of the project is determined not by the questions that need to be asked, but by the scope of the data that has been successfully imported into the reporting tool. Ensure the results sought will matter to senior management. Map out the data needed and plan on eventually using automated data extraction routines wherever possible. Invest in the right software and once findings are available, report success to stakeholders frequently and confirm a mandate to do more.
Reduce false positives
No matter how sophisticated individual tests may be for identifying duplicates and the like, they can often produce hundreds or thousands of ‘red flag’ items which, in turn, can include false positives.
“Yet, most projects limit sampling to a small number of items, such as from 30 to 50,” the paper states.
“With those odds, the project may turn up no more than one actual overpayment or error. Such a low return on investment (ROI) can be improved by combining multiple red flags into an overall score and pursuing only the highest-scoring transactions or vendors, and focusing on vendors with especially high ratios of red flags to dollars or red flags to transactions.”
Prioritise by likelihood of recovery
Apart from meeting compliance requirements, enterprises should reconsider the focus of their DA efforts. Interestingly, ISACA’s whitepaper says that the priority should not necessarily be the largest expense area, the one least frequently reviewed, or the one suspected of having the most instances of fraud associated with it. Instead, ISACA maintains, it should be the one that will quickly yield a positive return. The problem area may be travel spending, freight, overstated revenues or inconsistencies in the general ledger.
“Unless the enterprise is already doing regular accounts payable recovery reviews, there is typically money that can be saved if DA is applied,” it states.
“This money can be used to fund future software developments. The goal is to get an easy win early so as to create a positive attitude from the start and help make funds available for more costly and risky software development later.”
Refine and document the testing process over several cycles
Once the pilot DA project has produced a successful outcome, repeat it at an appropriate interval. If the first DA project involved a specialist, it should be repeated internally using the same agreed procedures before making large investments in software.
Follow CIO Australia on Twitter: @CIO_Australia