Categories
Innovation in Compliance

The Data Confident Internal Auditor with Yusuf Moolla


 
Tom Fox welcomes Yusuf Moolla on this episode of the Innovation in Compliance Podcast. Yusuf is a Director at Risk Insights, co-cost of The Assurance Show Podcast, and co-author of The Data Confident Internal Auditor. He joins Tom to talk about how compliance professionals can utilize data analytics, data governance, and internal auditing.
 

 
Best Approaches To Data
The easiest way to approach data, Yusuf suggests, is to think about it as another form of evidence. “Over the years we’ve collected lots of manual documents as evidence…Data is just another piece of evidence,” he tells Tom. Data can be used by anybody, and it is very simple to do so. Currently, there has been an emergence of open-source tools to process data which has made it easier and cheaper for individuals. These open source tools have made it safer as well, as there are options to look into the source code for digital traps. Visualization is another approach to data that individuals can utilize. While relatively new, being able to visualize techniques both in terms of exploring and explaining data is becoming something that is gaining traction in the data analytics world. 
 
Internal Auditing Approaches
Yusuf explains to Tom that there are four main data approaches to consider when doing internal audits:

  • Data being used purely for reporting
  • The data-driven approach where the data does the talking
  • The process-focused approach
  • The hypothesis-focused approach

There are similarities between the process and hypothesis approaches. The process-focused approach has been the traditional way of doing audits. Over the years, however, it’s become less about how the process is done to achieve the intended result; it’s now about what the auditing result is. “So it’s not about looking at whether a process actually works the way that it’s been designed, it’s about looking at whether the process is working in the way in which it’s intended to be able to achieve its outcome,” Yusuf adds. 
 
Data Governance in Auditing
Making sure that data doesn’t fall into the wrong hands as an auditor is one of the main facets of data governance. It is a very basic and traditional approach, but over the years professionals have been implementing it in an overzealous way. This can hinder the ability to create value through data. Yusuf suggests a slight reverse approach where everyone has access to data unless there is a specific reason for them not to. “We want to keep a range of data elements secure, but others we want to open up,” Yusuf tells Tom. 
 
A Look Ahead
Tom asks Yusuf what the future of data analytics, data governance, and internal auditing will look like in the coming years. Yusuf explains that there will be a greater use of data science, and a greater use of data within internal audit without the need for data scientists and specialists. More practitioners will be getting into, and understanding IT, and more people will be using data for themselves. This will free the data scientists from the more mundane tasks, so they will have time to dedicate to the more advanced techniques. The same would apply for compliance as well. 
 
Resources
Yusuf Moolla | LinkedIn
Risk Insights
The Assurance Show
The Data Confident Internal Auditor
 

Categories
Innovation in Compliance

Leveraging Communications as an Asset with Robert Cruz

 
Robert Cruz is the Vice President of Information Governance at Smarsh and is Tom Fox’s guest on this episode of the Innovation in Compliance Podcast. Tom and Robert talk about information and data governance, communications data strategies, and how Smarsh helps its customers mitigate risks through its platforms.  
 

 
New Communication and Risk
In the hybrid work environment employees use new communication sources such as Whatsapp, Discord, and Slack to converse daily. This poses a risk that compliance professionals are now challenged to govern since each of these technologies is different. Firms have to update their systems for this purpose and this is where Smarsh comes in. “Our communications intelligence strategy and platform helps customers bring [communication data] into a central point of control, so they can not only identify the risk but also that they can leverage this information as an asset of their business,” Robert tells Tom. These new communication sources are simply ways for companies to engage, and if leaders can engage on their clients’ terms, it can allow them to expand their markets. 
 
A Level of Complexity
Workers have started to return to the office. Tom asks Robert to share how this has impacted the hybrid work environment, and if it has added any complexity for the compliance individual. The biggest challenge for compliance is that controls need to work consistently regardless of where an individual is. “You need to be securing an individual, not securing the particular location that individual is located in,” Robert says. Compliance professionals need to make sure that they don’t have blind spots, and that their controls work regardless of technology. This has also created more areas for which compliance professionals have to be accountable. 
 
What’s Next
Communications data strategies in the coming years are not going to be heterogeneous. Robert stresses that when data is heterogeneous, it makes it difficult for people to understand. What is going to happen in the future is an acceleration in public cloud adoption and the adoption of artificial intelligence solutions. “The use of the machine to help individuals get through the volume and variety of information… are definitely on trend lines and will just become even more prominent and common across not just large enterprises but into medium size and even smaller firms in the near future,” Robert remarks to Tom.
 
Resources
Robert Cruz | LinkedIn 
Smarsh
 

Categories
Innovation in Compliance

An Evangelist for Document Governance with Jen Snyder


 
Jen Snyder is the chief evangelist at GovQA, a technology company providing compliance software for governments. Tom Fox welcomes her to this week’s show as they discuss the compliance challenges facing governments, and how her company’s software is helping combat those challenges.

Government Challenges
Tom asks Jen to explain why management of government requirements is so critical and difficult. “In the government industry, everything you’re doing is being done with government money, so everyone has the right to understand what’s being done with that money,” she remarks. She adds that many of the challenges the government faces are because the private sector is ahead in terms of documentation: while the private sector’s documents and records are digitized, the government’s are still on paper. The pandemic has mandated a remote workforce, but adapting to a new normal is not familiar to government culture, Jen remarks.
Data Governance
With data governance, there is both the tactical solution and the strategic solution. Tom asks Jen to elaborate on how GovQA helps companies in these areas. “What we do as a company is we look and follow each state’s legislative rulings on how they need to manage data,” she says. GovQA always follows the process of CEO departments and governor offices’ data governance policies. Jen expresses that with the changes of the pandemic, and the civil unrest within the US, states are now re-evaluating their policies, and with that comes new data areas that need new governance.
Being Compliant
Jen talks about the software GovQA has in assisting companies with legal holds. She iterates that the software allows the organization to build an audit trail and then stores it within specific software, so it can be accessed when necessary. Customers can feel confident that their data is protected: the company follows federal standards and guidelines and even goes further to bring in a third-party auditor. Rigid adherence to compliance standards is part of GovQA’s workplace culture, Jen emphasizes.
Resources
GovQA
Jen Snyder on LinkedIn