In fact, the most recent update to Department of Justice guidelines regarding the effectiveness of corporate compliance programs encourages prosecutors to review whether compliance and control personnel have sufficient access, direct or indirect, to relevant data to allow for timely monitoring of the compliance program.
These questions indicate the DOJ expects a company to make compliance-related data readily available to the chief compliance officer and compliance function and to remedy any “impediments … that limit access to relevant sources of data.”
Since compliance and internal audit functions are increasingly doing more with less, here’s some practical guidance on the importance of accessing data directly, how to best leverage data analytics by connecting disparate data sources, and how data analytics can add efficiency and effectiveness at this crucial time.
Data sources and direct data access
Remote testing is the new norm, and it provides a good indication of how we can expect internal audit teams to work in the foreseeable future. Collecting, assimilating and analyzing critical datasets to carry out compliance and/or internal audit procedures is essential.
For example, some data fields might be used to identify high-risk transactions, with the results providing a valuable subset of information. The internal audit team could use this information to determine the most appropriate audit procedure to reach a conclusion.
Not all data sources are created equal. Data quality is the most important part of data analytics. Data analytics ― and, specifically, direct access and data querying ― is a key component that second- and third-line defense personnel should consider to meet their objectives.
We have seen companies rely on local business units to provide information from data sources, which are available to them for purposes of performing their daily tasks. Far too often, however, a system’s front-end users are not fully aware of the complexity of the data tables that might only be properly accessible through back-end queries.