Many compliance practitioners often inquire how to set up a data analysis program and how to use it to help monitor for a compliance program. I draw from Joe Oringel, co-founder of Visual Risk IQ for the firm’s five-step process for any analytics project. The steps are: (1) Brainstorming, (2) Acquire and Map Data, (3) Write Queries, (4) Analyze and Report, and (5) Refine and Sustain.
Step 1 - Brainstorming
It all begins with Step 1, brainstorming. Any data analysis project in a compliance setting, or any business context, begins by picking the business questions to answer with data. So in an initial meeting, you could ask one or more of the following opening questions: What do we expect to find if we do a detailed review of this data? What policies should have been followed? What would a mistake or even fraud look like? The data to be reviewed could be expense reports, accounts payable invoices, or sales contracts. The key to successful brainstorming is to identify the questions you want to ask and answer, and then identify the digital data sources that can best answer these questions. This process should be iterative, with questions being refined based on the available sources of digital data.
Step 2 - Acquire and Map the Data
Acquiring and mapping data can be a technical step, but most modern software can create files that can be easily read by basic data analysis software, such as Microsoft Excel, as well as more advanced tools. Mapping data is simply identifying, naming, and categorizing the data fields (e.g. text, dates, numbers) so that the software tool can best interpret the data for analysis. Once the data is loaded into the analysis tool, control totals should be compared to source systems for completeness and accuracy. Oringel recommends comparing record counts, grand totals, and even selected balances for a sample of records to make sure that nothing was lost in translation into the data analysis tool.
Step 3 - Writing the Queries
While writing queries surely sounds technical, it can be quite simple. Sorting data from oldest to newest or biggest to smallest is often only a few clicks of the mouse. Once sorted by several different columns, business insights can be quick. Writing queries is simply writing the business questions you laid out in the brainstorming session, and using software in a way that makes it easy to understand the answers.
Step 4 - Analyze and Report Results
You should summarize the results of data analysis into visual form, for example by showing color, size, and location in a graph, so that the compliance practioner can understand what has happened, quickly see the data and conclude whether the picture supports a decision of whether the transaction was or was not compliant and if required, an action step becomes apparent.
Step 5 - Refine and Sustain
That brings us to Step 5, which Oringel identified as refine and sustain. Part of this step is about about fixing the root cause of any problem identified through data analysis. I certainly believe one of the key functions for any compliance practitioner, and one of the first things you should do, is to make sure any violations of your policies and procedures do not move to an illegal conduct stage.
Three Key Takeaways
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.