Everyone (OK, probably not everyone, but quite a lot of people nowadays, it is growing trend…) is talking about data analytics, Big Data, Data-Driven GRC, Process Mining or CCM (Continuous Controls Monitoring).

Sometimes we get asked about “What should be considered when starting a data analytic project”, “How do we do it?” or “What could possibly go wrong?”. This article will try and answer that and list some attention points that are important based on our experience.

To start with, we will look at five things you should know:

1. Know what you want to know (aka list analytic questions)
2. Know your systems (aka identify data sources)
3. Know your data (aka examine data structures)
4. Know your Analytic Tools (aka understand technical possibilities and limits)
5. Know your customers (aka think about who receives the results and what they will do with it)

Once finished explaining what you should know, we emphasize on two key elements you know for sure, but are so important that we need to mention them here again.

• There is a price tag to it (aka budget)
• You need someone who can do it (aka resources)

Aspect 1: Know what you want to know

Step one is easy: you first have to get an understanding of what you want to analyze.

This may depend on where you work and what your duties are, for example:

• Are you an Internal Auditor, looking for Fraud scenarios, for example where a vendor’s bank account was changed very often?
• Do you work in the Procurement department, and there is the need to check whether the invoiced amount matches the PO amount?
• Are you an IT team member who desperately needs to find out about duplicate vendor and customer master data and try to clean up the mess?
• Do you happen to be an accountant, looking for Cash Recovery options in your data, like Duplicate payments or Contract vs. Purchase Order scenarios? Or is there the need for you to have a complete process overview, starting from a customer’s sales order, over shipping and billing including the incoming customer payment?
• Probably you are head or member of the Compliance department and need to analyze aspects in context of your GRC tasks, like payments in critical countries, tax havens or monitoring business in Countries that have a (to be defined) critical CPI (Corruption Perception Index)?

 

The questions above indicate the top-down process of identifying analytic questions. By looking at your daily tasks and scope of duties a lot of questions already may pop up.

Now let us have a closer look at one the examples. We will take the last one, the payments to critical countries. It is a good idea to examine each topic as detailed as possible.

You could ask yourself, in what context payments usually do occur? A list of answers could look as follows:

• Payments can happen in context of partners. You could pay a vendor for goods or services that you ordered. Or you could pay out a credit note that you granted a customer (year-end bonus, returns, etc.).
• Payments can happen by bank transfer, you could send a check, or maybe there is a petty-cash account involved.
• The “critical countries” are to be defined. It could be countries where embargo regulations are in place, and/or it could be countries that are considered as tax havens, and/or it could be countries that have a problem with corruption according to the CPI index of Transparency International.

 

So based on the business process you examined, you probably want to analyze the following:

• “Identify payment transactions that have been done in context of partners like vendors, or customers, or even where an expense account is directly debited.
• Create a list of these transactions and identify the payee’s bank country for those payments.
• Match these detail transactions versus a list of countries that are seen as critical because they are on the embargo list, known as tax haven or having a Corruption Perception Index > x.”

 

If we recap what we just looked at, we did the following and went from a list of a general topic (Example “Compliance”) over the analytic questions (Example: “Payment to critical countries”) to the detail aspects of that question. The detail level almost implies the programming flowchart for that analytic: