Big Data: A Coda

I'll be honest (and I don't think I'm telling you something you don't already know), I have a tendency to oversimplify things. But for all the promises and threats and worry and volume and words and unending discussions about big data, I am not sure I see this as a new risk. As with anything else involving technology there has been an exponential increase in the availability and use of data; meaning the volume of the risk has increased (meaning it slops that much further from yellow to green.) But it is still data.

That means that the risks related to big data still revolve around such things as how to analyze it, how to store it, and how to transfer it. New technologies? Yes. New  impact, likelihood, velocity, and persistence of risks? Yes. But new risks, per se? No.

All that to discuss one of the other dirty, little secrets of big data — nay, about all data. Again based on years of experience and discussions with auditors in various walks of life, profession, and industry, one of the biggest problems organizations and internal auditors face is trying to find out how to get their grubby, little mitts on all that lovely data. Even when there wasn't "Big" data, it was tough to even find the "small" data.

I have heard it from my auditors, I have heard it from other auditors, I have heard it from the people actually doing the work, and I have said it time and time again — "I know the data is out there, I know there is a database that contains it, but I can't find anyone who can access it."

And therein lies the greatest crime. Data, data everywhere, and not a drop to analyze.

Particularly for large, established organizations with a history of systems that stretch back to the days of abaci and papyrus, it is like Burton's search for the origins of the Nile as we try to determine which nooks and crannies (and experts) hold that valuable information. 

Alas, I hold no answer to this quandary. I have seen approaches that help and I have actually seen organizations take on the task of finding and recording these sources. But there is no panacea — no quick, easy solution.

But again, not a new risk, just a risk whose impact has become huge.

Posted on Mar 11, 2014 by Mike Jacka

Share This Article:    

  1. Mike, although there is no quick, easy solution to the problem, I found that having computer auditors with a programming background certainly helps. I've known data which would take 'weeks to obtain' (as stated by IT staff) come down to a few days once a computer auditor started asking a few questions and they know where to look for data. It's one of the reasons I only recruited programmers to be computer auditors (who then took the ISACA exams). You need a few 'poachers turned gamekeepers', to use an english expression

Leave a Reply