Big Data Management Policy for Indian Audit and Accounts Department
I Introduction
This document states the Indian Audit & Account Department’s policy and intent for dealing with big data.
In today’s world data is a valuable asset. In the course of performing its accounting, entitlement and auditing functions, the Indian Audit & Accounts Department (Department) creates, gathers and analyses a large volume of data and therefore a robust Big Data Management framework is essential.
As governments and other organizations transition into digital environment, they generate, process and store voluminous data. Also, useful and relevant data in disparate forms are incessantly produced by various agencies and entities, such as Census data, NSSO data, Economic survey, industry/domain specific data etc. When collated, they provide the contextual framework and valuable insight into the functioning of an audited organization.
II Big Data
Big Data refers to extremely large, complex data sets that exceed the traditional processing capabilities of the IT infrastructure due to their size, format diversity and speed of generation. It is collated from all imaginable sources and leverages information as the vital asset. It includes:
- Structured and unstructured data
- Internal and external data
- Formal and informal communication
There are three dimensions of big data which are to be considered while designing a management framework for big data:
1. Distinguishing features
a. Volume - quantity, the amount of data
b. Variety – formats, the data types, data from various sources
c. Velocity – speed, the speed of data going in and out
d. Veracity – quality of data
2. Processes
a. capture- obtaining data in various forms
b. curate -synthesizing data for use and reuse
c. store -preservation
d. search -exploration
e. share–distribution and access
f. transfer– move
3. Results - visualization and analysis
III Opportunities
Capacity and infrastructure limitations have thus far restricted the reach of auditors in the big data environment. The advent of big data marks a paradigm shift, which by design envisages synthesizing and integrating relevant data from various sources and in various formats to transform data into actionable information. This aims to enhance the efficiency and effectiveness of audits.
The opportunities for the Department arise from the following three factors:
1. Technology explosion: Cost effective tools, technology platforms and solutions are now available to handle and analyse big data.
2. Transformational impact for Audit: Big data analytics enhances risk assessment by discovering red flags, outliers, abnormal behavior and by providing deeper insights. It facilitates predictive analysis and use of advanced statistics for transformation of data into actionable information. It thus, contributes to greater level of assurance in audits.
3. Aid to governance: It enables the Comptroller and Auditor General to aid governance by providing insights to the executive for evidence based decision making.
IV The Policy Framework
In order to build on the above mentioned opportunities, this policy framework addresses the following issues:
1. Identification of data sources
2. Establishing Data Management Protocols
3. Digital auditing, Data analytics and Visualization strategy
4. Infrastructure, capacity building and change management
1. Identification of data sources
Identification of the various sources of data available and accessible to the Department is the corner stone of the data management framework. Data can be categorized as:
1.1 Internal Data sources - Data created/maintained by the Department
Data under this category provides a greater flexibility for usage and comprises the following:
a. Combined Finance and Revenue Accounts
b. Voucher Level Computerization database
c. GPF and Pension data in A&E offices
d. Data generated through Audit process
e. Any other data available in the Department
1.2 External Data sources
a. Audited entities’ data sources - This data is available with the Department in its professional capacity and its usage involves sensitivities as mentioned in the next section. Such data comprises the following:
i. Financial and non-financial data of audited entities
ii. Programme specific data including beneficiary databases
iii. Other data pertaining to audited entities
b. Third party data sources - This comprises data, which are available in the public domain such as:
Data published by Government and statutory authorities like
Census data
NSSO data
Data published by the various Ministries/Departments
Data available in data.gov.in
Reports of various commissions
Other Reports and data pertaining to Union Government /States
Other data available in public domain
Surveys and information published by NGOs
Industry specific information published by, CII, FICCI/NASSCOM etc.
Sector specific information published by various organizations
Social media etc.
2. Establishing Data Management Protocols
2.1 The Data Management protocols have to ensure that data satisfies the following characteristics.
a. Authenticity - Data is created through the process it claims
b. Integrity - Data is complete, accurate and trustworthy.
c. Relevance - Data is appropriate and relevant for the identified purpose.
d. Usability - Data is readily accessible in a convenient manner.
e. Security - Data is secure and accessible only to authorised parties.
The data management protocols would also address:
data access arrangements including agreements with external sources
data sensitivities associated with access and usage of various sources of data
criteria for assessing veracity of data involving an assessment of strengths and weaknesses of various sources and their application at various stages of audit (risk assessment, sample selection, benchmarking, reporting).
privacy and confidentiality issues covering procedures of aggregation and anonymisation
compliance with legislative and regulatory requirements.
2.2 These protocols will be prepared by the Nodal Authority to be created within International Centre for Information Systems and Audit.
3. Digital Auditing, Data analytics and Visualization strategy
Nodal Authority will develop guidelines for Digital Auditing, Data Analytics and Visualisation.
3.1 Digital Auditing
Digital auditing refers to the improved audit process that supports advanced continuous monitoring and continuous auditing.
Digital auditing involves a shift from analysis of a sample of transactions to a review of 100% of the transactions. With automated frequent analysis of data, audit could perform control and risk assessments real time or near real time. Data could be analyzed for detecting anomalies at the transaction level, indicators of control deficiencies and emerging risks. This approach emphasizes on audit techniques designed to focus on high risk areas thereby enhancing efficiency.
3.2 Data Analytics and Visualization
Data Analytics refers to the process of integration and synthesis of the varied forms of data to:
- provide deep insights
- discover patterns (correlation and causation)
- throw up abnormal behavior, red flags and outliers that are otherwise hidden
- predict and plan audits
- support audit analysis
Data visualization and big data analytics are the value added exploratory functions that enable discovery of relationships between variables and broader trends of risk. Data Analytics leverages the evidence based approach and is deployed at the audit planning stage for a macro level analysis of almost the entire range of data, rather than on a small representative sample. It requires knowing what data is needed to answer questions, where to find it and having the analytic tools to capitalize on that knowledge. It is through these platforms that real value is realized from big data.
4. Infrastructure, capacity building and change management
4.1 The Nodal Authority at International Centre for Information Systems and Audit will be responsible for creation of necessary infrastructure and drawing up of secure protocols for creation of data warehouse, accessing and use of data. A detailed action plan with resource requirements and milestones encompassing the following will be prepared by the Nodal Authority:
a) Investing in technology
b) Selecting the right analytical tools
c) Facilitation for Data Analytics and visualisation
d) Sharing experiences and learnings from data usage
Necessary augmentation of resources – human, financial and infrastructural will be provided to International Centre for Information Systems and Audit for the nodal authority to implement the policy.
4.2 Training wing at headquarters would be responsible for identifying and training key officials as data authors and/ or data administrators. It will also ensure training of all audit personnel in data analytics.
4.3 Information Systems wing at headquarters will be responsible for technology upgradation required at International Centre for Information Systems and Audit and all other field offices for implementation of this policy framework.
4.4 Professional Practices Group (PPG) at headquarters will be responsible for periodical review of this framework, dissemination of best practices and exploring avenues for academic cooperation with expert external agencies in this area.
5. Monitoring
A monitoring group will be set up at Headquarters for overseeing the implementation of this policy framework. The group will review the progress of work of the nodal authority vis-à-vis the action plan prepared by it.
|
