One if the biggest mistakes I see when visiting
client companies, is their underestimation of how well their compliance
data system can be audited.
It's understandable.
When you build a transaction system, your goal is to run the business.
When you build a data warehouse, your goal is to analyze the business.
But when does it become your goal to audit your business practices?
Usually, auditing business practices and data systems become an executive
afterthought. It is in response to some regulation like HIPPA, PCI,
or Sarbanes-Oxley ( SOX ). Or, it is when you have received notice that
a big contract is being audited by an agency like the General Services
Administration (GSA).
In all cases, when you are under-prepared for an audit it will cost
you time, money and effort. Find out now if your data system proves
your innocence and uncover some data audit-proofing tips for total compliance
Does Your Data System Defend You from the Auditor’s
Point of View?
Some auditors want to see you survive an audit. But let's face it.
Some auditors are out to get you.
Crusaders trying to prove a point at your expense sometimes spawn
audits. So auditors are anticipating that there are bad business practices
in place. They feel that it’s their job to uncover your bad
business practices and expose you. In their eyes you are guilty until
proven innocent.
To defend yourself proactively, you have to approach it from the
auditor's point of view. Just doing the right thing is not enough.
You have to be able to prove that you're doing the right thing. Approaching
it from the right frame is essential.
Is Your Compliance Data System Built with the Goal of
Surviving an Audit?
They way most people attempt to leverage their data systems these
days is all wrong.
Here’s why…
When data systems were introduced, they were never built to serve
the intentions of an auditor.
The key is not to attempt to leverage these systems
at all. The key is to build a compliance data system
with the goal of surviving an audit. This is taking business intelligence
up a level to audit intelligence.
A compliance data system gets it's requirements from legislation,
standards, past audit findings, and yes ... auditors. Your goal here
is not to twist and turn your existing systems. That would be the
equivalent of trying to do your strategic reporting out of your transactional
system.
Do You Use An Ordinary, Normal Data Warehouse for Compliance?
Compliance data systems are much more robust than normal data warehouses.
Like data warehouses, they will organize data from disparate systems
into one central location. And, they will apply transformations as
necessary.
However, metadata is taken very seriously. There is a clear explanation
for everything that's in the data system. Audit trails are important
from the original requirement to each data point. Response times are
usually optimized for ad-hoc querying, so that auditors don't waste
time waiting for the database.
Is Your Data System in Real Time?
Real time systems can take you up another level to prove your innocence.
The business intelligence buzzword around this technology today is
Operational Business Intelligence. These can be great for early warning
systems.
As with all new technology though, be careful of the hype. As a result
of this new buzz, vendors are preaching the Holy Grail again. The
time tested best approach for your data system efforts is to form
a good team of professionals, and build it in house.
Is Your Data System Cross Functional?
Audit proofing is not a Finance function, or an IT function. It is
a cross-functional activity. To get the job done, you will need a
good team of auditors, process analysts, subject matter experts, techies
and a good coach or project manager.
Most compliance efforts are best practices enforced. So, you will
find stakeholders in other departments that will benefit from your
total compliance efforts. For example, I recently built a GSA compliance
data warehouse for a large company that was funded by their sales
department. The VP of Sales was very interested in getting clarity
on how discounts were being used. This was a great side benefit for
the primary requirement of proving that the government was getting
the best discounts.
Leveraging your business intelligence infrastructure to build a compliance
data system is an intelligent way to audit-proof your company for total
compliance. Start today by writing a project charter for your most important
compliance exposure. This two to three day effort will end up saving
you huge amounts of time and money.
