Compliance and business intelligence (BI) initiatives are designed to standardize the delivery of business information, yet both are afflicted by a lack of semantic consistency they are designed to solve. So how do you successfully define these different types of initiatives and ensure they effectively work together to achieve the same goal within your organization?
Different sides of the same coin
In my opinion, BI is the flip side of compliance. And as a result, BI professionals have a heck of a lot to contribute to compliance efforts inside their organizations.
In other words, both industries have the same goals, but different approaches for getting there. Both desire to deliver accurate, valid information to decision makers. However, the BI industry offers a carrot, the compliance industry a stick! Organizations that have heeded the call of BI already have the expertise, if not the processes and tools, for complying with new, informationcentric regulations.
Role of BI professionals in compliance
It would be wise for organizations embarking on compliance initiatives to leverage the work of BI professionals. One way to do this is to extend an existing data warehouse or data warehousing architecture to deliver financial reports. Well-designed BI environments already have the infrastructure, tools, processes and checks to collect, validate, integrate and populate financial information into database management systems designed to support financial analysis and reporting. This infrastructure is invaluable and can help organizations accelerate their progress toward meeting Sarbanes-Oxley and other requirements.
If your organization does not have an existing data warehousing environment or one that does not lend itself to delivering financial reports for some reason, then you should consider recruiting BI professionals onto your compliance team. BI professionals have struggled to standardize semantics, definitions and rules, and to deliver consistent information to business users. Getting metadata right is the key to minimizing a large portion of risk addressed by new regulations.
BI professionals also have mastered a major weakness in most compliance initiatives to date: the lack of automation. Lee Ditmar of Deloitte Touche LLP estimates that 85% of compliance controls are manually tested and compiled for reporting purposes. Until organizations automate the testing and reporting of controls, they will spend an inordinate amount of time and money adhering to regulations. The lack of automation means they will fail to minimize risk since they won't recognize problems until it's too late to do anything about them.
Some slight differences
Despite the similarity of their missions, the BI and compliance industries differ slightly in approach. BI professionals who are making the journey into compliance land should make note of these differences:
- Compliance focuses on how to minimize risk, while BI focuses on how to maximize gain (i.e., reduce costs or increase revenues.)
- The compliance industry provides frameworks (such as COSO, named for the Committee of Sponsoring Organizations of the Treadway Commission, and CobiT, or Control Objectives and related Information) for the things that should be measured. The BI industry provides no such frameworks although it can be argued that most industries and business functions largely measure the same things in the same way.
- Regulations require organizations to measure compliance with established policies or face penalties, whereas there are no laws requiring organizations to measure business performance or productivity.
- External users (i.e., auditors) measure performance toward achieving compliance objectives, whereas internal users measure performance toward achieving goals defined within BI metrics.
- A majority of compliance metrics are manually counted or assembled, whereas most BI metrics are automatically populated with data.
- Compliance metrics are counts of binary states -- the event was "in" compliance or "not" in compliance (i.e. number of noncompliant passwords in use) -- whereas there is much greater diversity among BI metrics.
- The most important aspect of a compliance metric is the target or "risk threshold," whereas many BI metrics don't have targets. (Those that do are often called key performance indicators.)
If you believe, as I do, that compliance is the flip side of BI, then the best approach to managing information assets is to implement a BI program to improve organization efficiency and effectiveness or hire BI professionals to work on your compliance project. When you put BI first, compliance comes along for the ride.
Wayne Eckerson is director of research at The Data Warehousing Institute, a provider of in-depth, high-quality training and education in the data warehousing and business intelligence fields. He can be reached at [email protected].