While data and analytics (D&A) has permeated the audit process, most financial services organizations are struggling to integrate these new approaches into their internal control / systems environments. Given the heightened financial services regulation, and growing risk of regulatory fines or actions, we believe financial services organizations should push harder to realize the benefits of enhanced audit data tools.
For financial services organizations, vast new regulation demands robust financial assurance processes and massive amounts of data across a wide range of operational areas. The new standards for bank, insurance and investment management data quantity and quality require a model of assurance that is moving from 90-95 percent confidence levels to something much higher. Not surprisingly, many financial services executives are now looking for better quality financial assurance, to better manage risks and to achieve a level of competitive advantage.
Internal auditors already know the power of data analytics and the introduction of modern D&A tools and approaches takes the audit process to the next level.
At the same time, the potential sources of data available for external audit have evolved dramatically. Today, huge pools of external data are being aggregated and companies are able to access it, providing auditors with an unprecedented ability for financial benchmarking of internal data against external sources. Simply put, banking, investment management and insurance executives are now more likely to find out about issues in their controls and data from their internal auditor rather than from the regulators.
Despite the value of a data-led internal audit, our experience suggests that few have yet to fully adopt a data-driven internal or external audit process.
In the insurance sector, the absence of industry wide standards, the need to maintain data records over a long time period (greater than 50 years) and decades of inorganic growth have led to disparate systems and data silos that make it difficult to achieve a single view of the data. In the investment management sector, a history of underinvestment into infrastructure is inhibiting the value of new tools and data pools. In the banking sector, the need to meet capital requirements is siphoning investment away from new projects.
Meanwhile, internal audit departments will probably tell you that they are already running as fast as they can just to keep up with current regulatory requirements and they lack resources to adopt new approaches.
Since the biggest challenge facing financial services organizations today is likely the quality of data rather than project fatigue, infrastructure or availability of capital, we often recommend that our clients start by examining their data controls, governance and strategy. Often, organizations realize that the information required is inconsistent, fragmented and siloed and that data controls and governance must be fixed.
We also recommend that clients examine their data 'culture' and capabilities, since new D&A tools and techniques require a different skill set than traditional internal audit and it will take time to develop or recruit the right technical talent and management to become more data-driven.
Many of these barriers are now starting to fall away, since new tools and approaches mean that data can now be 'plucked' from the appropriate system and data integration can be performed – in near real-time – to provide reliable and valuable insights.
Also, new visualization technologies are taking some of the complexity out of the data. A number of organizations (including KPMG) now offer executives the ability to view all of their data in a fully-immersive visualization space, to see their data from virtually every angle, unlocking new perspectives and inspiring new strategies.
New tools and technologies for process mining are rapidly emerging that enable companies to improve their process and save costs. Both Fintech start- ups and traditional service providers are investing in new ideas and solutions. KPMG Capital, for example, has made a number of investments into D&A companies with solutions that promise to improve not only our audit services, but also provide our clients with more clarity on their risk profile.
Given the potential regulatory fines, the financial implications of poor controls and the competitive value that can be harnessed from new, data-driven audit approaches, we firmly believe that financial services executives should make audit data a priority within their D&A strategy.
Those able to adopt these new approaches to financial assurance – and embed them into the organization as part of their data transformation – should achieve significant competitive advantage and avoid the vicious cycle of regulatory scrutiny, fines and reputational damage.