Is Your Company Too Risk Averse About Big Data?

Norman Marks, CRMA, CPA, was a chief audit executive and chief risk officer at major global corporations for more than 20 years. The views expressed in this blog are his personal views and may not represent those of The IIA.


It is easy for governance, risk, and audit practitioners to worry about privacy and other risks to the extent that they become a negative influence on their company. Their fear can inhibit an organization from seizing the opportunities presented by what is called “Big Data.”

It is true that having custody of so much information about employees, customers, potential customers, and partners — including personal information — is a responsibility that must not be taken lightly.

It is also true that misuse of that information can result in breaches of laws, regulations, and the expectations of society. The reputation risk can be significant. No organization wants to headline the news for their misuse — or failure to protect — confidential information. Just look at Google’s troubles.

But there is enormous potential to drive revenues, improve customer relationships and satisfaction, and minimize cost.

A study earlier this year had an eye-catching and perhaps over-the-top title: "Big Data" Can Save Money and Lives Say Government IT Officials. It claimed that:

  • 87 percent of federal IT officials and 75 percent of state IT officials say Big Data can have real and immediate impacts on how governments operate.
  • 83 percent of federal IT officials say Big Data solutions can help government cut the federal budget by at least 10 percent, or $380 billion.
  • The use of real-time Big Data solutions will save a significant number of lives each year. For example, medical researchers can aggregate information about healthcare outcomes to reveal patterns that lead to more effective treatments and detection of outbreaks.
  • Police departments are currently using Big Data technology to develop predictive models about when and where crimes are likely to occur, helping dramatically reduce the overall crime rate in specific locations.

This sounds like pie in the sky: appealing but a mirage.

However, McKinsey (a major business consulting firm) agrees with the study. In a 2011 report (which I highly recommend), they said:

We are on the cusp of a tremendous wave of innovation, productivity, and growth, as well as new modes of competition and value capture — all driven by big data as consumers, companies, and economic sectors exploit its potential.

McKinsey’s estimates of the potential eerily mirror those from this year’s study:

  • A reduction in US healthcare costs of $300 billion per year.
  • Annual savings in European public sector administration of €250 billion.
  • The opportunity for retail organizations to improve their net margins by up to 60%.
  • Manufacturing product development cost savings of up to 50% and up to 7% reductions in the need for working capital.

Stories are starting to appear about how big data (strictly, the analytics of big data) is driving step change in firms’ performance. Here is one story about how a legal firm used it, a McKinsey presentation of 16 "use cases", an article about use cases in healthcare, and an IBM web page with links to multiple articles explaining the value organizations are obtaining from big data analytics.

So this is not all hype — it has significant potential, although you would probably join me in being skeptical about some of the claims.

Is your organization exploring the potential? Are business leaders, including risk and assurance practitioners, doing enough and seeing the potential for risk monitoring as well as margin enhancement?

I welcome your views and commentary.

Posted on Sep 17, 2013 by Norman Marks

Share This Article:    

  1. Big data can provide many benefits, as outlined above. But it is no different from 'small data' in that it is of no use unless it is used make decisions. In other words, you need to know the decisions you wish to make in order to decide the information you need. That's where understanding risks comes in, because many decisions are internal controls. Looking at the above four McKinsey estimates. The first addresses the risk of excessive health costs; the second, the risk of excessive administration costs; the third, the risk of profit loss; the fourth, the risk of high manufacturing costs. So, understand your risks and you understand your data requirements, big or small.
  1.  Excellent obserrvation, David. To get the answers to drive quality decisions, you need to know what question to ask.

Leave a Reply