ISACA releases white paper on Big Data
ISACA has just released a new paper on Big Data that I like and recommend. (Full disclosure: I reviewed and provided feedback on a draft and I am quoted in the press release).
What I like the most is the title: “It May Be Riskier to Ignore Big Data Than Implement It”. It captures my belief that the value that can be obtained by the intelligent and creative use of analytics against the massive data sets that are available to every organization far outweighs both the cost of the effort and any associated risk.
Most organizations recognize that there is value, although in practice that value is usually limited by their ability to define the critical business questions that can be answered by the use of the wonderful new tools available today against Big Data.
They are also limited by their belief that they are constrained by inadequacies in their corporate systems.
My view is that almost any organization, no matter what size or type it is, not only can but should be taking advantage of the immense possibilities. Not to do so indicates that they lack both imagination and resolve.
Internal auditors, information security practitioners, risk professionals, and executives should be blinded to the great values and possibilities by the risks of moving forward.
Here are a few excerpts from the paper:
“New analytics tools and methods are expanding the possibilities for how enterprises can derive value from existing data within their organizations and from freely available external information sources, such as software as a service (SaaS), social media and commercial data sources. While traditional business intelligence has generally targeted “structured data” that can be easily parsed and analyzed, advances in analytics methods now allow examination of more varied data types.”
“Information security, audit and governance professionals should take a holistic approach and understand the business case of big data analytics and the potential technical risk when evaluating the use and deployment of big data analytics in their organizations.”
“For information security, audit and governance professionals, lack of clarity about the business case may stifle organizational success and lead to role and responsibility confusion.”
“By looking at how these analytics techniques are transforming enterprises in real-world scenarios, the value becomes apparent as enterprises start to realize dramatic gains in the efficiency, efficacy and performance of mission-critical business processes.”
“Understanding this business case can help security, audit and governance practitioners in two ways: It helps them to understand the motivation and rationale driving their business partners who want to apply big data analytics techniques within their enterprises, and it helps balance the risk equation so that technical risk and business risk are addressed. Specifically, while some new areas of technical risk may arise as a result of more voluminous and concentrated data, the business consequences of not adopting big data analytics may outweigh the technology risk.”
My friends and former colleagues at SAP have chimed in with an emphasis on the increased value when more sophisticated tools, especially ‘predictive analytics”, are used to mine and produce information from Big Data.
The SAP paper on this topic, “Predicting the future of Predictive Analytics” makes the point well. Here are some wise thoughts from James Fisher, an SAP executive, that focus on the risk of using analytics and Big Data without making sure that the information you are using to run the business is reliable:
“The opportunity of big data is huge, and the biggest analytical opportunity I see within that is the use of predictive analytics. The data shows companies favor taking advantage of the opportunities in front of then rather than minimizing risk. Technology is playing a role here and making predictive capabilities even easier to use, embedding them in business processes, automating model creation. SAP is of course in a position to deliver all this. The added question however to ask (and this is really my view) is that this does introduce an inherent risk that people don’t know what they are looking at and blinding follow what the data says…. When you read a weather forecast you immediately sanity check what it says by looking out the window, is everyone doing the same with data?”
You can read more from James on his blog.
My question to you is this:
Are you so risk averse when it comes to the use of analytics and Big Data that you are a barrier to the success of the organization?
Recent Posts on this Blog
- Is a new maturity model for GRC the right model? September 25, 2016
- The Wells Fargo “Staff Scam”: More questions and fewer answers September 16, 2016
- The astonishing Wells Fargo fraud September 10, 2016
- Leading an effective information security capability September 4, 2016
- Have your provided comments on the COSO ERM draft? August 31, 2016
- How to do your internal audit risk assessment August 27, 2016
- Do techies really understand cyber risk? August 20, 2016
- Continuing to learn about culture from Toyota August 13, 2016
- The danger of an arrogant board August 7, 2016
- The Board and Technology: Questions to ask the management team July 31, 2016
- IIA Insights on Internal Audit Effectiveness July 22, 2016
- Deloitte predicts change for Internal Audit July 20, 2016
- Risk and Opportunity Management July 2, 2016
- Risk reporting to the Board June 26, 2016
- We need to review and provide feedback on the COSO ERM Exposure Draft June 19, 2016
- Reconsidering the Board: Its Composition and Oversight of Management September 19, 2016
- Time for the Board to Take a Deep Dive Into Risk Management and Risks September 12, 2016
- Oversight of the External Auditor September 6, 2016
- Signs of a Failing Board August 29, 2016
- Contrasting Comments on Internal Audit From a CAE and a Consultant August 23, 2016
- Asking the Tough Questions About Internal Audit August 15, 2016
- When Risk Management Fails August 8, 2016
- An Internal Audit Ambition Model August 1, 2016
- Understanding and Assessing Governance Risk July 25, 2016
- Internal Audit, Risk Management, and Technology July 19, 2016