Share with your friends

Board's-eye View of Data and Analytics

Board's-eye View of Data and Analytics


Related content

Automation. Robotics. Cognitive computing. Artificial intelligence.

An explosion of data and major strides in analytics are challenging companies to reassess their policies, infrastructure, and capabilities around the use of technology, data and analytics (D&A), privacy, cybersecurity, and financial reporting in order to make better business decisions.

Given their oversight roles, how can boards and audit committees help ensure that the company is getting the appropriate insights while taking the necessary precautions to protect the company, its employees, customers, and others?

"The first thing boards need to ask is ‘how is the company itself organizing its data and who is responsible for it?’" said Roger O’Donnell, Global Head of Audit Data and Analytics for KPMG. "And, more broadly, the board needs to think about the company’s strategy and ensure that its policies for collecting and using data make sense in the context of the business. If something were to happen that was not intended, does the board understand the potential risk to the business and the brand?"

O’Donnell was joined in the discussion of D&A oversight on the March KPMG/NACD Quarterly Audit Committee Webcast by moderator Jose R. Rodriguez, Executive Director and Partner-in-Charge of the KPMG Audit Committee Institute.

According to the 2017 KPMG CEO survey, 71 percent of CEOs consider their company to be a "technology company," yet 49 percent have concerns about the integrity of the data on which they base decisions; and 61 percent are concerned about integrating artificial intelligence and machine learning into their business operations. These challenges—and the accelerating pace and complexity of data-driven technologies—highlight the critical role boards and audit committees have to play in helping to assess the risks and opportunities presented by the company’s use of data and analytics.

Data strategy

Boards and audit committees should have a holistic view of the company’s strategy around D&A— specifically what data is collected, how it is used, and who oversees that effort. Some companies employ a chief data officer, others have an aggregate data function with the office of the chief information officer, and, in many cases, the CFO’s office is becoming much more involved, said O’Donnell.

Among the key questions for directors to consider:

  • How is the data being collected and organized within the company and who is involved? Ultimately, who is responsible?
  • Can the data be trusted? How is the quality and integrity of the data assessed?
  • Does the company have a data ethics policy to protect the brand reputation and reduce legal risk?
  • Does the company have the right talent, skills, and resources required to implement/manage its D&A activities?
  • Has the company scoped out the near-term and longer-term opportunities for its use of D&A, including financial reporting and predictive analytics?

Data security and protection

O'Donnell says that this conversation for directors is two-fold: "There are security decisions related to your infrastructure choice—on-site hardware versus cloud, but there are also questions for boards to consider around what type of information and data is captured and how it is used." With regard to the strategy that the company has set forth, does the way the company is utilizing information, specifically customer data, align with customer understanding and privacy expectations? "This has to go right through the CEO's office to ensure that there's a strategy in place so that everyone understands what data is being collected, how it is being utilized, and who is receiving it," said O'Donnell.

"I think boards have a responsibility to ensure that they're protecting the business and the brand and to ensure that customers aren't going to feel that their privacy was violated or manipulated or their information was used in a manner for which it wasn't originally provided," said O'Donnell.

Internal audit's focus and resources

Digital advances in areas such as mobile and cloud computing, automation, and artificial intelligence are transforming the ways companies do business, creating demand for new and improved internal controls and risk management. At the same time, automation and advanced analytics are helping internal audit improve performance. Adoption of digital technologies also creates challenges for internal audit that audit committees may want to focus on. "What's the resource complement for internal audit, as well as others in the organization, to help support greater analysis of things like procurement decisions and T&E?" asks O'Donnell.

O'Donnell suggests looking at what the company can automate into an analysis platform—general ledger information, journal entries, customer data—and presenting that to internal audit to better focus their analysis.

External audit and financial reporting

Regarding the external audit and the development of smart audit platforms, O’Donnell says that greater use of data and analytics in the audit can enable more analysis of larger volumes of data, which can help the audit team to better assess anomalies, exceptions, and how to handle them. Other outcomes include earlier indicators of control risk, greater scenario analysis, stress testing, and customer trends as indicated in the figure on the next page.

"From an audit perspective, we can move from limited samples to a place of complete analysis and looking at 100 percent of transactions," said O’Donnell. "I use the word ‘analysis’ as opposed to ‘audit’ because I think the combination of D&A and auditor determinations is going to give the company indications and information that management can react to." These technologies don’t eliminate the need for people. There can still be false positives and false negatives because the number of anomalies in a larger data pool will, by definition, be bigger."

"Putting together structured and unstructured data, having the expertise to unpack the information, and then having the right skill sets to look at how information comes together to drive analytics and business decisions all depend on whether the right questions are being asked," said O’Donnell. With greater insight, the company’s view on revenue, valuation, and even credit decisions can become more predictive. How might the company gain insight and better communicate information on adjusted non-GAAP earnings and nonfinancial metrics, the value of intangible assets, and key performance indicators? How can the company use D&A to fine-tune projections?

Real-life decisions

From shirts with biometric capabilities to engines that are capturing data, companies are gathering more information to help them make better decisions, for everything from vehicle maintenance schedules to personal health and well-being. Banks can monitor customer spending patterns and user locations to decide whether to deny credit card transactions to help prevent fraud. IBM Watson is helping medical providers analyze cancer treatment cure rates based on patient data in order to suggest more effective, personalized courses of treatment. This type of information flow and related action can add value in the supply chain, to investment decisions, and even in financial reporting.

Looking forward, in which areas would the auditor’s use of technology/data and analytics provide the greatest value and insights to investors:

Looking forward, in which areas would the auditor’s use of technology/data and analytics provide the greatest value and insights to investors:

Of 658 audit committee members, other directors and C-level executives surveyed during the Webcast on March 22, 2018. Percentages may not equal 100 due to rounding.

A holistic view

As board members think through the challenges that exist with the advancement of D&A, it's also important to view the opportunities and the long-term benefits, said O'Donnell. "Does the company have the right workforce with the right skillsets to manage through these changes? Has the board ensured the right level of governance and oversight to serve the company as it implements new systems and processes and also to help protect the data that the company captures and the information it derives?"

In your view, what are the greatest challenges to integrating data and analytics into the audit?

In your view, what are the greatest challenges to integrating data and analytics into the audit?

Of 658 audit committee members, other directors and C-level executives surveyed during the Webcast on March 22, 2018.

For the full replay and other highlights, visit

Opportunity presented by data and technology


Opportunity presented by data and technology

Key questions for boards to ask regarding D&A:

  • Are current and future business challenges being effectively aligned with the right data and technology solutions?
  • Has management assessed the data infrastructure and the data available to drive the digital strategy? Who is accountable for data decisions and the associated risks?
  • Has management assessed the ability of the IT infrastructure to support these advanced technologies?
  • What is the current workforce’s skill set? Where does it need to be?
  • Has an appropriate governance structure been put in place, including the board and its committees, to manage such innovation and change?

Critical issues for audit committees:

  • Understand how finance, internal audit, operations, controllership, the external auditor, and others within the organization expect to use advanced data and analytics in the next several years. It has to be a coordinated effort.
  • Understand how management will oversee and govern this transformation in relation to costs, quality, talent, controls, key performance indicators, etc. What resources, technologies, and skills will be required? What controls are in place? What is internal audit’s role?
  • How will data be secured and protected? Is the company managing/using the data in a way that aligns with customer expectations? Are the policies and processes around that clearly articulated and understood, both internally and externally?

About the KPMG Board Leadership Center

The KPMG Board Leadership Center champions outstanding governance to help drive long-term corporate value and enhance investor confidence. Through an array of programs and perspectives—including KPMG's Audit Committee Institute, the WomenCorporateDirectors Foundation, and more—the Center engages with directors and business leaders to help articulate their challenges and promote continuous improvement of public- and private-company governance. Drawing on insights from KPMG professionals and governance experts worldwide, the Center delivers practical thought leadership—on risk and strategy, talent and technology, globalization and compliance, financial reporting and audit quality, and more—all through a board lens. Learn more at

Contact us

Audit Committee Institute

Part of the Board Leadership Center, KPMG's Audit Committee Institute focuses on oversight of financial reporting and audit quality and other issues of interest to audit committee members, including risk oversight, internal controls, and compliance. Learn more at

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Connect with us


Want to do business with KPMG?


loading image Request for proposal