Analytics has rapidly evolved to become one of the most crucial parts of business. Data has become the heart of everything we do. And today, the rush is towards guaranteeing the safety of that data—because data will define a company’s existence and strategy towards profits.
According to a KPMG global survey called Guardians of Trust, which was conducted among professionals and business decision makers working in about 2,200 global information technology (IT) companies, it was found that only 35% had a high level of trust in their own organization’s analytics. About 92% of the respondents said they were concerned about the impact it would have on their company’s reputation. The fear of a dent in the reputation is also reflected in the stat that 62% of the respondents said that the blame for an autonomous vehicle accident would lie with the organization that created the software.
Indeed, trust still remains and will continue to remain a core factor in an organization’s success or failure. According to the 2017 KPMG Global CEO Outlook report, overall 61% CEOs globally ascertained that building greater trust among customers and external stakeholders is among their top three priorities. And the key to building that trust lies in the governance of analytics.
There are four crucial anchors that determine trust in analytics—quality, resilience, integrity and effectiveness. While an organization works to attain all of them, the biggest challenge lies in identifying the organizational responsibility of analytics. Most companies are unclear about who has the primary responsibility in ensuring the trustworthiness and accuracy of analytics in their organization. Although a vast majority of people in the Guardians of Trust survey said that trust lay with the technology function, in reality, it is the responsibility of the entire organization. What is needed is the creation of a defined group within an organization which governs this responsibility and ensures security.
Different people in the technology function—be it the chief digital officer (CDO), data scientists, developers and IT managers—are expected to take on the role of ensuring trustworthiness. However, as data in a company becomes more diverse—and as more firms accept horizontal organizational structures—the responsibility needs to be split.
The role of today’s CDOs does not just stop with ensuring quality and integrity of data, but goes beyond that to managing external relationships, creating opportunities for data monetization, improving the reliability of internal reporting and forecasting the organization’s analytics needs. Taking on greater responsibility for the overall governance of artificial intelligence (AI) and analytics becomes a mammoth task for them to even fathom. There is thus a need to find new ways of working that would balance expert technical oversight with the allocation of responsibility of data at various functional levels.
The first step towards establishing governance is to manage machines as effectively as people in the organization. Companies should aim at mitigating the risk associated with data and analytics while optimizing the value derived from data. It is also crucial to introduce new models of governance for machines while their ownership must be held firmly by the CEO and functional leaders. Additionally, the systems that have a risk of high-impact misbehaviour need to be constantly monitored and a code of conduct needs to be created for data scientists to align to this new paradigm.
The second step is to expand standards and controls from the purely technical realm into softer strategic, cultural and ethical domains. The need of the hour is to align, improve and adapt new IT systems and tools, while recognizing gaps and inconsistencies in areas of emerging risks such as AI, testing, data privacy and ethical standards.
Another thing to keep in mind is that existing governance frameworks should be adjusted to match the analytical capabilities the organization is moving towards. Additionally, new policies and procedures need to be created to follow risk oversight and know what is coming. Lastly, another line of defence needs to be created with independent assurance providers and internal auditors to identify problematic areas and validate controls.
As companies rapidly advance towards digitization and rely upon analytics for key strategic decisions, it becomes imperative to remove any laxity or weakness in the processes to ensure that data security is at a paramount level.
Mritunjay Kapur is partner and head of technology, media and telecom at KPMG in India. He also heads strategy and markets for the consulting firm in the country.