5 signs your organization needs a data audit now

Wayne Gniewkowski
11/17/2022
5 signs your organization needs a data audit now

Financial services companies fall into two categories: Those that perform internal audits of their data and those that need to do so right now.

At many banks and financial services companies, data usage is growing faster than the internal audit function can respond. Before internal auditors can build a strategy to incorporate data into the internal audit plan, data-based processes have taken deep root in diverse areas of the business.

Many organizations develop a level of comfort with this disconnect – but they shouldn’t. In a financial services industry that is becoming more interconnected, technology-driven, and data-reliant every day, no organization can afford to leave data out of its internal audit universe in 2023.

Based on work with leading financial services companies and an analysis of trends within data and bank internal audit, here are five signs an organization needs to include data in its internal audit strategy as soon as possible.

Get the comprehensive internal audit support you need, including an internal audit of data.

1. Your organization relies on data to make key business decisions

1. Your organization relies on data to make key business decisions - Do you have confidence in the accuracy and security of your data?

If leaders at an organization use insights from data to influence strategic decision-making, then the organization has a responsibility to examine that data and the infrastructure surrounding it. If an organization has never performed a data audit, then how can it have confidence in the accuracy and security of its data? How can it be sure that decision-makers are receiving the right data and applying it consistently and strategically?

Building data into an organization’s strategy and then not performing an internal audit of that data is like installing instruments in an airplane dashboard but not making sure those instruments display accurate numbers. If data is important enough to build into the organizational strategy for growth and evolution, then it’s important enough to warrant space in its internal audit universe.

And if an organization isn’t applying data to inform critical decisions, why isn’t it? With a data-driven approach, an organization can use customer data insights to redesign and transform core systems and business models. Data analytics reporting and dashboards can offer indispensable insights and essential context for the various goal-setting processes, strategic choices, and evaluations of performance that can shape the organization’s future.

2. Your organization hasn’t performed a data assessment

2. Your organization hasn’t performed a data assessment

Among data problems that banking organizations encounter, “not enough data” rarely makes the list. Most financial services companies have more data than they know what to do with – and they’re swimming in it.

A detailed and comprehensive data assessment creates a lifeline that can give leaders orientation, context, and confidence. With an accurate picture of the organization’s data usage and governance, leaders can optimize processes that involve data, identify data challenges and issues, and devise solutions.

Any data assessment should at minimum address key questions such as:

  • What data sources and types of data do we rely on?
  • Where do our data assets reside?
  • Who accesses and uses data?
  • What data protection measures have we taken?
  • What is our data being used for?
  • How do we assess data quality to make sure our data is complete and accurate?
  • Who is responsible for taking ownership of data and championing its use within the organization?
  • Are there areas of data management we could automate to reduce human error and increase efficiency?

3. Your company is growing

3. Your company is growing - As a financial services company's asset size goes up, so does regulatory scrutiny.

There’s no exact asset size marker that will trigger regulatory concern over data management or turn a data internal audit into an emergency need. But in general, as a financial services company’s asset size goes up, so does regulatory scrutiny – and an organization’s data is no exception.

Leading organizations at every asset size are incorporating data security, quality, and governance into their internal audit approaches. Many forward-thinking banks of asset sizes $1 billion and lower take a proactive approach and build data into their internal audits in a meaningful, structured way.

These organizations recognize that since a data internal audit will become a necessity before long, it’s better to build an approach now so they can address data governance on their own terms and at a sustainable pace.

4. Your business model or extended enterprise is getting more complex.

Asset size and complexity don’t always go hand in hand. Even smaller banks and financial services companies can accumulate data sets that encompass millions or billions of records and data points. If a bank’s data accumulation and usage ramps up fast, it can trigger related risks and regulatory scrutiny that aren’t present for other banks of similar asset size.

Various factors can indicate that a bank or financial services company is more complex from a data standpoint and might have a more urgent need for a data internal audit. Examples include:

  • A decentralized structure
  • A unique, novel, or complex business model
  • Presence across diverse geographic markets, especially on an international level
  • Integration of market trading activities
  • Significant amounts of fee income from activities such as trust services, mortgage originations and servicing, fund management, brokerage fees, or insurance commissions
  • Innovation-based strategic initiatives such as a data analytics program or a digital transformation of core banking platforms and services
  • An extensive network of relationships with technology vendors
  • Fintech partnerships
  • A planned or pending merger or acquisition

5. You currently have no schedule or strategy for internal data audits

5. You currently have no schedule or strategy for internal data audits -  When will you execute a data audit? If not now, what are you waiting for?

It’s one thing to not have a built-out internal audit methodology and set of workflows for data governance, but it’s another to have no plan or road map in place to eventually reach that goal. If an organization has no agenda to prioritize data in the internal audit universe, then its stakeholders should ask: Why not? When will we do it? And if not now, what are we waiting for?

Sometimes, an internal audit of the company’s data doesn’t move forward because of limited resources. If that’s the case, internal audit leaders should ask: Could we reallocate time or people that we’re currently devoting to low-risk areas?

From a risk management perspective, data is a high-risk area that’s likely becoming more entrenched every day. It’s increasingly difficult to make the case that an internal audit plan is complete or even adequate when it doesn’t address the organization’s data governance, security, and quality.

Ultimately, organizations that take a proactive approach and plan for the inevitable necessity of a data internal audit can set themselves up for a smooth process that strengthens regulatory compliance and prevents last-minute panic. And those organizations that decline to act now will likely have to execute a data audit soon – whether they’re ready or not.

Even if an internal audit team is committed to making data a part of its internal audit strategy, the right expertise can be hard to find. Trying to track down data specialists who also understand your business and bring deep internal audit knowledge can feel like looking for unicorns.

Not sure where or when to start? We’re here to help.

If you need to build data into your internal audit plan but don’t know where, when, or how to begin, let’s talk. We’re already working with leading financial services companies to identify data risks, develop controls, and codify internal audit processes that deliver clarity and confidence.
Wayne-Gniewkowski-225
Wayne Gniewkowski
Principal, Financial Services Consulting