Data Analytics in a Digital World

Ian Kirton and Stuart Faulkner

TSB

▪ TSB – A new bank with a 200 year history

▪ Our shift of technology – From legacy to

digital

▪ Data risks and ethics in a digital enterprise

▪ Our analytics strategy for a digital enterprise

▪ Our data analytics experience and

examples

Agenda

Agenda

2

TSB: The New Bank with a 200 Year History

June 2014

TSB listed

on London

Stock

Exchange

30 June 2015

TSB joins

Spanish

Banking

Group

April 2018

TSB

launched

new digital

platform

3

Technology is changing the pace of life!

4

Creating a Digital Workplace

This was NOT a digital workplace This is more like it

Old technology can hold you back

and create ‘legacy’ risks

New technology can be liberating

but is not risk free

5

Developing the Audit Function & Strategy

Develop

Organise

Implement

Growth Strategy

Branding Strategy

Market Strategy

Product Strategy

Operational Strategy

Internal drivers

External drivers

Define Plan Execute Evaluate Improve

• Agree Charter

• Agree scorecard

• Define structures

• Conduct risk

assessment

• Evaluate strategy

• Develop plan

• Prioritise work

• Execute plan

• Periodically

recalibrate

• Review audit

performance

• Re-evaluate

strategy & plan

• Continuously improve

• Adapt to emerging

requirements

Audit & Co-source

resources

Critical Strategic Requirements

Audit

infrastructure

Conduct risk

assessments

Understand key processes,

controls, hot spots & issues

Create Audit

Plan

Leverage

Executive

Views

2nd Line Risk

Views

Regulator

Expectations

External InsightsInternal Insights

Industry

trends

Audit Strategy

Audit

Committee

Expectations

6

Our Audit Capability

UNIVERSE METHODOLOGY

PEOPLE SYSTEMS & TOOLS

• 109 Entities

• 12 month rolling audit plan

• Updated every 6 months

• Principle based

• Eight Risk Audit strategies

• Annual self assessment &

report on internal controls

• 44 FTE plus co-source

• Blend of Skills and experience

• Comprehensive induction and

methodology training

• One audit tool

• Comprehensive tool kit

• Specialist data analytics tool

and evolving strategy

7

Our audit strategies

▪ Developed for key risks or topics with

stakeholder or regularly interest

▪ Include executive summary, background,

risk assessment & analysis

▪ Audit committee approval every 6 months

▪ Thematic findings on internal controls fed

into annual report

▪ We have a data analytics strategy focussed

on developing our capabilities

▪ Each risk strategy creates data analytics

needs and opportunities

Conduct Credit

Finance &

Treasury

Financial

Crime

IA

Function

IT

Supply

Chain

Models

Operations

Data

Analytics

8

New Risks & Opportunities for a Digital Enterprise

Traditional industries are challenged by the

new economy. By 2020 there will be:

▪ 12 billion mobile devices

▪ 2/3 of the world will be using social media

▪ 21 billion connected devices (The Internet Of

Things)

“Now every company is now a software company”

David Kirkpatrik, Forbes

“The worlds most valuable resource is no longer oil, but data”

the economist

Disrupt or Be Disrupted

The expectations of customers are

changing. Customers expect:

▪ Content to be relevant to me

▪ Systems to be available - always!

▪ Fast applications, intuitive and responsive

▪ Banking to be accessible: Wherever I am and

Whenever I need it

9

Data Ethics

Data ethics asks

difficult

questions

‘could we’ to ‘should we’

‘empower the individual to choose

or tell them what they need’

Tension between individual rights

and regulatory obligations

Trend towards greater consumer

protection

Do No

harm

Treat customers equally

and ethically

Protect

the

customer

Support the individual

right to choose

Companies need to embed data

and digital ethics controls into

the business and culture

10

Data Risks

▪ Perspective Bias

▪ Data collection without clear purpose

(more & more data)

▪ Transformation errors

▪ Products bias (just make it work)

▪ Inherent audit bias

− Fixation on first impressions

− Confirmation bias

− Overconfidence over assumptions

11

The journey continues

Our state of the art digital

platform creates

opportunities to:

▪ Enhance audit access to

data

▪ Develop our capabilities

▪ Develop more real time

auditing solutions

Data Sources

ETL

Data Warehouse

Business Intelligence

Being an early adopter brings opportunities and new risks

12

13

What do we want to achieve?

▪ The objective is to develop Data

Analytics as an efficient, predictive

mechanism, integral to the IA

Methodology.

▪ It is also to have Data Analytics

utilised across as many audits as

practical and to extend its usage into

areas such as the creation of the

audit plan and continuous auditing of

business activities to more quickly

identify changing risk.

Data Analytics Maturity Model

14

The chart below, provided by the IIA, shows the

link between the data analytics maturity path

and the internal audit team’s skillset.

Initial Steps

15

▪ Develop Data Analytics Strategy and

agree this with Leadership Team

▪ Analytics testing on 2018 audits

▪ Involvement in 2019 planning process

▪ Continue to build on this initial

momentum through…

and beyond

This Photo by Unknown Author is licensed

under CC BY

How do we get to where we want to be?

16

Update Methodology and Guidelines to

enable a consistent approach

Regular updates to CAO, LT and wider

audit team

Implement Data Analytics Operating

Model

Develop relationship with CDO and his

wider team

Obtain direct access to data

Utilise existing skillsets in IA,

including use of IDEA

Develop continuous auditing capabilities to feed into targeting and help automate risk assessments

Data visualisation tools

Continuous development

Methodology and Data Analytics Operating Model

17

▪ New methodology and requirement to

involve DA in planning for all audits and

record this in planning memo.

▪ Central Data Analytics team

complemented by Data Champions from

each of the Audits teams, with a regular

Audit Data Forum with the Champions and

Central team.

▪ The Data Champions provide insight into

the data needs of their team to help focus

initiatives.

Examples of Data Analytics: PEPs

18

▪ We have a regulatory requirement to identify and treatment

appropriately all customers who are deemed Politically Exposed

Persons.

▪ Designed a test using IDEA which allowed for the identification of

potential PEPs using external data.

▪ This had not been performed by the business.

▪ Business recognised the benefit

of performing this control and

have designed and implemented

their own version.

Examples of Data Analytics: Payroll

19

This Photo by Unknown Author is licensed under CC BY-SA

▪ The objective of this audit was to provide assurance that controls

are in place to pay the right people, the right amount, at the right

time.

▪ Extensive use of data analytics and IDEA allowed analysis across all

payments over six months.

▪ Outputs well received.

▪ Testing is repeatable.

▪ Ideal candidate for continuous auditing.

Future Priorities

20

▪ Continuous Auditing

▪ Visualisation techniques

▪ Feed into Risk Assessments

▪ Extending the use of Analytics

Questions?