How to use BI to clear a path through the GRC minefield

Good BI cuts risk and produces value

By Gavin Morrison, MD of Cubic Blue, a Knowledge Integration Dynamics company


Governance, risk and compliance standards and practices were established to safeguard against excessive risk-taking by financial services organisations with depositors’ funds, yet in the financial crisis of 2007-2008 they failed to live up to expectations.

That ushered in round two, a new and additional set of governance, risk and compliance standards. Now you’re expected to live up to them yet they are far more stringent than before and place a nearly onerous burden on your IT systems. Executives, who may know very little about IT, are subject to severe penalties if the terms of good governance, risk and compliance policies, standards and practices are not met. So how can you be sure your organisation is top of the pops?

Data Minefields are best avoided
Even slow moving minefields are best avoided.

Image Credit: Christopher Michel

A swarm of jargon will barrage you as you investigate possible solutions from the now ubiquitous big data, to metadata, warehousing, mapping, re-engineering, data architecture, governance, framework, and more.

Essentially, though, what you need to do is know who deals with your data, when, how, why, where it goes, who sees it, what they do with it, and check that against policies of what’s acceptable and what’s not.

The SNAFU

The problem today is enterprise systems are experiencing a revolution of sorts. Data is collected, managed, stored, retrieved and deleted almost anywhere across the digital landscape. It is no longer confined to your basement in IT systems over which you have complete control. It is also collected very quickly, in some instances, must be used very quickly, and destroyed with equal speed.

It makes the environment difficult to control because there can be many systems in many different places working rapidly with many different people.

In large businesses your problem gets worse. Many people interact with the data but they may not all perfectly understand the corporate strategy nor the implications of governance, risk and compliance. They may also not know who is accountable and responsible or who to turn to for help.

You need an IT private investigator

What you need is a technology sleuth, an IT private investigator or PI, to snoop through the systems and find out what’s happening, who’s doing what, where, with what data and when.

  1. You need to manage the network and the applications it serves to your users so that you can see who is accessing what and when.
  2. Then you need to automate the compliance controls through policies that direct people as to what they can and cannot do.
  3. Automated systems protect the data and information from erroneous use as well as unscrupulous activities by those inside and outside your organisation.
  4. Embedding compliance and control activities in business processes ensures adherence throughout your organisation.
  5. Effective monitoring closes the loop.

It is absolutely crucial to know that technology alone will not take care of the governance, risk and compliance needs of your business. There must be effective strategy coupled to potent execution. It needs to be proactive and systemic. And that requires upfront planning, particularly in light of the broadened scope of IT systems and data to the web and the cloud.

Determine the killer risks

Your organisation will face greater risks in specific parts, services, customer segments, markets and products. Those are where you expend your greatest effort and exact most stringent control and reporting. They also form the ground zero starting point where you can iteratively roll out your governance, risk and compliance programme that mitigates your greatest exposure.

3 ways BI helps you

Business intelligence or BI will help you:

  1. Document and test controls
  2. Find the risk categories and monitor them
  3. Develop and communicate policies for training and change

Those steps relate to business activities such as checking to ensure budgets are approved, vendors are approved, contracts are qualified, reporting is accurate, whether or not service providers are achieving service level agreements, check absenteeism rates, average ages of employees, frequency of performance reviews and many more.

Effective risk management employs business intelligence to map governance, risk and compliance activities and systems to value, aligns the behaviour of your organisation’s people to creating value, builds a profile of performance versus controls, and monitors, predicts and reduces risk by improving performance.

Why you need an information architecture framework

Big data has irrevocably changed the game and you need to be in it

By Mervyn Mooi, director at Knowledge Integration Dynamics


What are the business benefits?

An information architecture framework requires proper upfront and sustained planning of how data and information systems will work together to support the business strategy. With the advent of big data and the digital economy IT systems (and how it integrates) information architecture becomes more complex. Architectures generally have a three to five-year relevance lifecycle, so it is important to continually revise and refine the information architecture to support the business and enable leading-edge capabilities that cater and scale to all types of data and information and render resource economy.

There are many business benefits you can expect from an organised architecture (there may be more based on your business):

  1. Data/information quality and single consistent views of business entities (e.g. customer)
  2. Common data models and processes
  3. Leaner operational resources and increased efficiencies
  4. Reduced risk and overall costs

The above benefits translate into other benefits, such as:

  1. Narrower customer and market segmentation
  2. Even better decision making (through more sophisticated analytics)
  3. More valuable business insights as deduced from quality data/information
  4. Product and service development
  5. Consumer dialogues
  6. New revenue streams
  7. Tailored services and products

Why is it even necessary?

Big data has changed the rules that govern data. Data used to be placed in databases on dedicated servers and shared over networks in a rather regimented time-controlled manner. Big data however is dynamic – it is sourced from and propagated to many different server locations (or clusters of servers) across the globe, at a rate and scale that is difficult to comprehend.

The data and information are primarily in the public domain and your company doesn’t own it all. Some cannot be placed in traditional databases or data warehouses because it includes different types of unstructured data. It requires specialised database and file systems e.g. NoSQL and Hadoop. The data may sometimes be placed in a cloud system because it may be cost effective to do so, it may offer functionality your own systems don’t offer, or it may only be required for a short period of time.

Graphical view of a shed load of data
The graphical representation of data chaos cascading out of the corporate store

Image Credit: Duncan Hill

The upshot is: data of different types, will be sourced from many different locations, worked with in many different analytics tools, and fed through to many different end points.

The information architecture must specifically manage data security and information privacy to also comply with governance processes and standards. Security outside of your organisation’s domain (off-premise) remains a challenge.

The data environment has changed

The new data environment, which includes hardware and software – plus the policies that govern processes, will probably use more open source software and commodity hardware. Commodity and open source mean cheaper to buy but there are other costs to consider such as the people who can use the software tools and maintain the hardware. The challenge is to trust open source to deliver against standards-based requirements, that you can support the software for business sustainability, and that it still requires on-board expertise to implement and maintain.

What’s new?

Many tools people used to work with data in the past no longer work. What can you do about it?

  • Database and data software vendors are extending the capabilities of their tools. New tools or new functionality means teaching existing employees new skills, which requires time and money, or finding new people who can use the new tools.
  • Some companies (companies that use data tools) are adding to their traditional data tools themselves so that the tools become capable. It saves them retraining employees and means they can continue to capitalise on existing skills and experience. One way this is being done is to write a SQL abstraction (or virtual) application and data layer on top of the environment.
  • Others are creating dashboards specially coded to shield their users from having to know R (a programming language) used for statistical analyses or the SQL language.

It’s clear that there’s no one way to deal with this because every environment is different based on the investments companies like yours have made in skilled data people, software and hardware.

The future is in the framework

However you and your company choose to deal with this shifting landscape, you’ll need a proper framework to deal with the complexity of data sources, tools, hardware, and end users. Slapping something together on the fly will result in much future heartache and a whopping great bill to match.

But, no matter your chosen solution, the fact remains that companies are beginning to get the benefits of big data so you can’t afford to ignore it. Yet, with what is a relatively immature field, you need to give yourself every opportunity at success. A proper information architecture framework is just the ticket.

Data is the new economic resource to drive revenue growth

Invest appropriately to extract the value big data promises

By Mervyn Mooi, director at Knowledge Integration Dynamics


Bill Gates said: “If I had just $1 I’d spend it on PR.” He understands the value of getting the right message to the right people at the right time. Data, as the newest economic resource, will help you figure out what that message must be, who must hear, read and view it, when is the best time to put it in front of them, and what they think of it when you do.

According to Joseph Kennedy, president of Kennedy Research, in an article hosted here by the Committee for Economic Development (CED), a non-profit US organisation:

“Big Data is best understood as an untapped resource that technology finally allows us to exploit. For instance, data on weather, insects, and crop plantings has always existed. But it is now possible to cost-effectively collect those data and use them in an informed manner. We can keep a record of every plant’s history, including sprayings and rainfall. When we drive a combine over the field, equipment can identify every plant as either crop or weed and selectively apply herbicide to just the weeds.”

And he adds: “Ways big data can transform industry:

  • Producing new goods and services, such as the Nest home thermometer or mass customised shoes;
  • Optimising business processes;
  • More-targeted marketing that injects customer feedback into product design;
  • Better organisational management; and
  • Faster innovation through a shorter research and development cycle.”

The Latvian Presidency of the Council of The European Union presented a paper called: Big Data and Cloud Computing – Resources for a Digital Economy in March 2015 (read the full paper here). In it they said, amongst other things, “…empirical studies suggest a positive impact from the use of data and analytics of around 5% to 10% on productivity growth depending on a number of enabling and complementary factors.”

It adds: “However, in order to develop a thriving data-driven economy successfully, the EU will have to address a number of challenges that will determine its ability to maintain and advance its global competitiveness:

  • General access to high-speed Internet and free flow of data;
  • Data ownership, enforcement of copyright and incentives for data sharing;
  • Availability and security of tools/computing devices for data analytics;
  • Lack of skills in data analytics; and
  • Broader funding possibilities.

The bottom line is that big data enriches, confirms and or complements the presentations and insights you might be gaining.

The above-mentioned knowledge is valuable information that you can use in your own business. Firstly, targeted use of big data can lead to more revenues. Secondly, you must invest, appropriately, to extract that value.

Bitcoin - the ultimate cyber currency
Bitcoin is the ultimate fiscal data.

Image credit: Steve Jurvetson

We have been helping some of South Africa’s biggest financial and telecommunications companies, industries rife with data opportunities, extract value from their data for over a decade now. The opportunities and possibilities of big data excite me like never before because they are unprecedented in our industry.

You can use the data to figure out what products or services your customers want, how to change existing products or services to meet their requirements, and when and how to offer products and services to customers. Feel free to ask me about your own environment and how you can extract business value.