data analytics in a digital world - auditware
TRANSCRIPT
▪ TSB – A new bank with a 200 year history
▪ Our shift of technology – From legacy to
digital
▪ Data risks and ethics in a digital enterprise
▪ Our analytics strategy for a digital enterprise
▪ Our data analytics experience and
examples
Agenda
Agenda
2
TSB: The New Bank with a 200 Year History
June 2014
TSB listed
on London
Stock
Exchange
30 June 2015
TSB joins
Spanish
Banking
Group
April 2018
TSB
launched
new digital
platform
3
Creating a Digital Workplace
This was NOT a digital workplace This is more like it
Old technology can hold you back
and create ‘legacy’ risks
New technology can be liberating
but is not risk free
5
Developing the Audit Function & Strategy
Develop
Organise
Implement
Growth Strategy
Branding Strategy
Market Strategy
Product Strategy
Operational Strategy
Internal drivers
External drivers
Define Plan Execute Evaluate Improve
• Agree Charter
• Agree scorecard
• Define structures
• Conduct risk
assessment
• Evaluate strategy
• Develop plan
• Prioritise work
• Execute plan
• Periodically
recalibrate
• Review audit
performance
• Re-evaluate
strategy & plan
• Continuously improve
• Adapt to emerging
requirements
Audit & Co-source
resources
Critical Strategic Requirements
Audit
infrastructure
Conduct risk
assessments
Understand key processes,
controls, hot spots & issues
Create Audit
Plan
Leverage
Executive
Views
2nd Line Risk
Views
Regulator
Expectations
External InsightsInternal Insights
Industry
trends
Audit Strategy
Audit
Committee
Expectations
6
Our Audit Capability
UNIVERSE METHODOLOGY
PEOPLE SYSTEMS & TOOLS
• 109 Entities
• 12 month rolling audit plan
• Updated every 6 months
• Principle based
• Eight Risk Audit strategies
• Annual self assessment &
report on internal controls
• 44 FTE plus co-source
• Blend of Skills and experience
• Comprehensive induction and
methodology training
• One audit tool
• Comprehensive tool kit
• Specialist data analytics tool
and evolving strategy
7
Our audit strategies
▪ Developed for key risks or topics with
stakeholder or regularly interest
▪ Include executive summary, background,
risk assessment & analysis
▪ Audit committee approval every 6 months
▪ Thematic findings on internal controls fed
into annual report
▪ We have a data analytics strategy focussed
on developing our capabilities
▪ Each risk strategy creates data analytics
needs and opportunities
Conduct Credit
Finance &
Treasury
Financial
Crime
IA
Function
IT
Supply
Chain
Models
Operations
Data
Analytics
8
New Risks & Opportunities for a Digital Enterprise
Traditional industries are challenged by the
new economy. By 2020 there will be:
▪ 12 billion mobile devices
▪ 2/3 of the world will be using social media
▪ 21 billion connected devices (The Internet Of
Things)
“Now every company is now a software company”
David Kirkpatrik, Forbes
“The worlds most valuable resource is no longer oil, but data”
the economist
Disrupt or Be Disrupted
The expectations of customers are
changing. Customers expect:
▪ Content to be relevant to me
▪ Systems to be available - always!
▪ Fast applications, intuitive and responsive
▪ Banking to be accessible: Wherever I am and
Whenever I need it
9
Data Ethics
Data ethics asks
difficult
questions
‘could we’ to ‘should we’
‘empower the individual to choose
or tell them what they need’
Tension between individual rights
and regulatory obligations
Trend towards greater consumer
protection
Do No
harm
Treat customers equally
and ethically
Protect
the
customer
Support the individual
right to choose
Companies need to embed data
and digital ethics controls into
the business and culture
10
Data Risks
▪ Perspective Bias
▪ Data collection without clear purpose
(more & more data)
▪ Transformation errors
▪ Products bias (just make it work)
▪ Inherent audit bias
− Fixation on first impressions
− Confirmation bias
− Overconfidence over assumptions
11
The journey continues
Our state of the art digital
platform creates
opportunities to:
▪ Enhance audit access to
data
▪ Develop our capabilities
▪ Develop more real time
auditing solutions
Data Sources
ETL
Data Warehouse
Business Intelligence
Being an early adopter brings opportunities and new risks
12
13
What do we want to achieve?
▪ The objective is to develop Data
Analytics as an efficient, predictive
mechanism, integral to the IA
Methodology.
▪ It is also to have Data Analytics
utilised across as many audits as
practical and to extend its usage into
areas such as the creation of the
audit plan and continuous auditing of
business activities to more quickly
identify changing risk.
Data Analytics Maturity Model
14
The chart below, provided by the IIA, shows the
link between the data analytics maturity path
and the internal audit team’s skillset.
Initial Steps
15
▪ Develop Data Analytics Strategy and
agree this with Leadership Team
▪ Analytics testing on 2018 audits
▪ Involvement in 2019 planning process
▪ Continue to build on this initial
momentum through…
and beyond
This Photo by Unknown Author is licensed
under CC BY
How do we get to where we want to be?
16
Update Methodology and Guidelines to
enable a consistent approach
Regular updates to CAO, LT and wider
audit team
Implement Data Analytics Operating
Model
Develop relationship with CDO and his
wider team
Obtain direct access to data
Utilise existing skillsets in IA,
including use of IDEA
Develop continuous auditing capabilities to feed into targeting and help automate risk assessments
Data visualisation tools
Continuous development
Methodology and Data Analytics Operating Model
17
▪ New methodology and requirement to
involve DA in planning for all audits and
record this in planning memo.
▪ Central Data Analytics team
complemented by Data Champions from
each of the Audits teams, with a regular
Audit Data Forum with the Champions and
Central team.
▪ The Data Champions provide insight into
the data needs of their team to help focus
initiatives.
Examples of Data Analytics: PEPs
18
▪ We have a regulatory requirement to identify and treatment
appropriately all customers who are deemed Politically Exposed
Persons.
▪ Designed a test using IDEA which allowed for the identification of
potential PEPs using external data.
▪ This had not been performed by the business.
▪ Business recognised the benefit
of performing this control and
have designed and implemented
their own version.
Examples of Data Analytics: Payroll
19
This Photo by Unknown Author is licensed under CC BY-SA
▪ The objective of this audit was to provide assurance that controls
are in place to pay the right people, the right amount, at the right
time.
▪ Extensive use of data analytics and IDEA allowed analysis across all
payments over six months.
▪ Outputs well received.
▪ Testing is repeatable.
▪ Ideal candidate for continuous auditing.
Future Priorities
20
▪ Continuous Auditing
▪ Visualisation techniques
▪ Feed into Risk Assessments
▪ Extending the use of Analytics