Tag: Data

Categories
Data Driven Compliance Innovation in Compliance

Daniel Villani on the Using the Right Data

Data Driven Compliance, hosted by Tom Fox, is a podcast featuring an in-depth conversation about the uses of data and data analytics in compliance programs. In this episode, host Tom Fox visits Daniel Villani from Villani Analytics. Daniel has an extensive 15-year background in technology, specifically working with medium to large businesses. They discuss Enterprise Resource Planning (ERP) and Enterprise Performance Management (EPM) software, vendor selection, audibility, and ESG reporting. Daniel emphasizes the importance of data utilization and integration, offering solutions and advice on the best solutions to stay competitive. Listeners can learn more from Daniel’s YouTube channel, Villani Analytics, and LinkedIn profile.

Key Highlights

·      ERP & EPM Explained

·      Data Privacy and Security in Financial Technology Solutions

·      Ensuring Data Accuracy and Quality Assurance Through Governance

·      The Importance of Documentation in Vendor Selection

·      Utilizing Data Analytics to Get Insights

·      Benefits of Implementing Environmental, Social, and Governance Programs

·      Building Data Streams: Connecting Siloed Data for Success

Notable Quotes

1.     ” I laugh because it sounds completely imaginative, but you’d be surprised how many organizations and some of the leading organizations and fortune 500 ones are relying on somebody’s word that their numbers are okay.”

2.     “I take the, you know, the full unbiased approach where I’m happy to recommend the system that I don’t implement just because I don’t do it for the money that comes out of it. I do it to make sure that you get the right solution for your business.”

3.     “It’s also equally important to ensure that you have the documentation around your governance in place.”

4.     “The companies that are going to bring it together in the most meaningful way are the ones that are going to better compete in their industry.”

 Resources

Daniel Villani on LinkedIn

Villani Analytics

Categories
Innovation in Compliance

The Data Confident Internal Auditor with Yusuf Moolla


 
Tom Fox welcomes Yusuf Moolla on this episode of the Innovation in Compliance Podcast. Yusuf is a Director at Risk Insights, co-cost of The Assurance Show Podcast, and co-author of The Data Confident Internal Auditor. He joins Tom to talk about how compliance professionals can utilize data analytics, data governance, and internal auditing.
 

 
Best Approaches To Data
The easiest way to approach data, Yusuf suggests, is to think about it as another form of evidence. “Over the years we’ve collected lots of manual documents as evidence…Data is just another piece of evidence,” he tells Tom. Data can be used by anybody, and it is very simple to do so. Currently, there has been an emergence of open-source tools to process data which has made it easier and cheaper for individuals. These open source tools have made it safer as well, as there are options to look into the source code for digital traps. Visualization is another approach to data that individuals can utilize. While relatively new, being able to visualize techniques both in terms of exploring and explaining data is becoming something that is gaining traction in the data analytics world. 
 
Internal Auditing Approaches
Yusuf explains to Tom that there are four main data approaches to consider when doing internal audits:

  • Data being used purely for reporting
  • The data-driven approach where the data does the talking
  • The process-focused approach
  • The hypothesis-focused approach

There are similarities between the process and hypothesis approaches. The process-focused approach has been the traditional way of doing audits. Over the years, however, it’s become less about how the process is done to achieve the intended result; it’s now about what the auditing result is. “So it’s not about looking at whether a process actually works the way that it’s been designed, it’s about looking at whether the process is working in the way in which it’s intended to be able to achieve its outcome,” Yusuf adds. 
 
Data Governance in Auditing
Making sure that data doesn’t fall into the wrong hands as an auditor is one of the main facets of data governance. It is a very basic and traditional approach, but over the years professionals have been implementing it in an overzealous way. This can hinder the ability to create value through data. Yusuf suggests a slight reverse approach where everyone has access to data unless there is a specific reason for them not to. “We want to keep a range of data elements secure, but others we want to open up,” Yusuf tells Tom. 
 
A Look Ahead
Tom asks Yusuf what the future of data analytics, data governance, and internal auditing will look like in the coming years. Yusuf explains that there will be a greater use of data science, and a greater use of data within internal audit without the need for data scientists and specialists. More practitioners will be getting into, and understanding IT, and more people will be using data for themselves. This will free the data scientists from the more mundane tasks, so they will have time to dedicate to the more advanced techniques. The same would apply for compliance as well. 
 
Resources
Yusuf Moolla | LinkedIn
Risk Insights
The Assurance Show
The Data Confident Internal Auditor
 

Categories
Innovation in Compliance

The Risks with Employee Data with Robert Meyers


 
Robert Meyers is the Channel Solutions Architect for One Identity, a software company that helps organizations establish an identity-centric security strategy. Tom Fox welcomes him to this week’s show to talk about compliance, data privacy, and employee data issues.
 

The Role of One Identity
“Most companies forget about employees, and this gets impacted by GDPR,” Robert says. His role at One Identity allows him to explain to companies where they can fit identity protections for employees. He also helps companies with their logging systems to prevent them from sending out sensitive information into their log store. Robert adds that he also works as a consultant for partners and helps with privileged access management.
Data Has a Life Cycle
“Data itself should have a life cycle,” Robert emphasizes. The concept of never deleting anything and keeping copies of everything is a bad idea. Data discipline and data management governance expects that you remove data at an appropriate time. Robert iterates that data privacy and data protection have to be integrated with operations because if it isn’t, it won’t be dealt with at all. In response to Tom’s question on who owns Compliance, Robert says that it has to be the Chief Operating Officer.
What’s Next
Tom asks Robert what businesses should expect to happen around data privacy between now and 2023. Robert says that there will be more risk assessment. Most breaches conducted within organizations are internal. He advocates for greater enforcement of laws and regulations as well as more legislation. 
 
Resources
OneIdentity.com
Robert Meyers | Twitter, LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Innovation: Day 9-the Competitive Advantage of Data

The DOJ and SEC have both made it clear that they expect companies to be more robust in their use of data analytics in compliance programs. This means using data to not only detect and prevent illegal conduct but also in the remediation prong of any best practices compliance program as well through continuous improvement. In 2019, former Deputy Assistant Attorney General Matthew Miner said in a speech that the DOJ will inquire whether compliance departments have access to internal data that could help them identify misconduct and whether compliance officers make adequate use of data analytics in their reviews of companies under investigation. Since at least 2016 in the FCPA enforcement action involving Key Energy Services, Inc., the SEC has been communicating to compliance professionals of the need for increased use of data and data analytics in any compliance program.
The bottom line is that it is not if but when you begin to incorporate corporate information into your compliance program to make your compliance program more efficient and your business process run more effectively. My suggestion is that you begin now to identify the data you have access to and the data to which you currently do not have access. Find a way to bridge that gap.

Three key takeaways:

  1. DOJ pronouncements mandate CCO availability to and use of data.
  2. Data can be an actionable solution across geographic and business lines.
  3. Use data as a business strategy.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

The Compliance Advantage of Data


The Department Of Justice and Securities and Exchange Commission have both made it clear that they expect companies to be more robust in their use of data analytics in compliance programs. This means using data to not only detect and prevent illegal conduct but also in the remediation prong of any best practices compliance program as well through continuous improvement. Former Deputy Assistant Attorney General Matthew Miner said in a speech that the DOJ will inquire whether compliance departments have access to internal data that could help them identify misconduct and whether compliance officers make adequate use of data analytics in their reviews of companies under investigation. Since at least 2016 in the Foreign Corrupt Practices Act (FCPA) enforcement action involving Key Energy Services, Inc., the SEC has been communicating to compliance professionals of the need for increased use of data and data analytics in any compliance program.
The new DOJ Antitrust Division released its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Guidance), was the clearest regarding this mandate when it stated, “Does the company use any type of screen, communications monitoring tool, or statistical testing designed to identify potential antitrust violations?” For the anti-corruption compliance professional, this means you need to incorporate a statistical analysis into your ongoing monitoring to see if there are any anomalies which could be indications of FCPA violations.
The bottom line is that it is not if but when you begin to incorporate corporate information into your compliance program to make your compliance program more efficient and your business process run more effectively. My suggestion is that you begin now to identify the data you have access to and the data to which you currently do not have access. Find a way to bridge that gap.
Three key takeaways:

  1. What advantages can data bring to your compliance regime?
  2. Both the DOJ and SEC have said companies need to be using data in their compliance programs.
  3. Data will make your compliance program more effective, your business process more efficient and your company more profitable.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Innovation in Compliance

Data as Fuel with Christian Perez-Font


Christian Perez Font is the founder of Thinkeen Legal, a law firm that uniquely incorporates data analytics, compliance and law. He began his career as a corporate attorney and in 2008 joined Baxter International, a multinational healthcare company, as in-house counsel. When he joined Baxter, his work was 10% compliance-related and 90% business-related, but by the time he left 5 years later, he was doing 65% compliance work. The key to becoming a better compliance professional, he proposes, is to become a better business person. He and host Tom Fox discuss the importance of data in compliance and in business.
Listen to the Episode:

Data as Fuel
When people think about Data Analytics they imagine some form of AI that’s going to automatically pinpoint problems. Christian says that the truth is that Data Analytics has to be at the core of compliance: data is the fuel that powers the compliance engine. It’s the data that will tell you how you should be communicating compliance policies and doing training so that you can achieve your business goals. Most of the data that is used for compliance purposes is already there from the business side; you just need to understand how to aggregate it, how to look for it and how to plug it in. You have to understand your industry and your company goals before you start collecting that data.
How Thinkeen Uses Data 
Tom asks how Thinkeen Legal uses its data proficiency in mergers and acquisitions, transactional work and compliance. Christian shares how his company used its data expertise to advise clients in cross border transactions. Because we know where the touchpoints are, he says, we’re able to incorporate them into the due diligence process and ask the right questions and get the right information. They can identify areas of risk which helps their clients decide whether to proceed with an acquisition. Christian finds that general counsels are becoming savvier about compliance and they appreciate that his firm gives them advice and support.
The Future of Data and Compliance
The intersection of law, data and compliance will continue to evolve, Christian predicts. He is happy that the importance of Data Analytics is being acknowledged. If you don’t have the right data, you won’t get the right information, without which you can’t make the best business decisions. In addition, a big part of what we do with data is benchmarking, Christian says. The more information that we can share in the industry, the better.
Resources
ThinkeenLegal.com
Thinkeen Legal on Twitter | Instagram
Christian Perez Font on LinkedIn