If you think data is a big deal now, it’s only getting bigger — fast. The amount of data created over the next three years will exceed that created in the past 30 years, market intelligence firm International Data Corp. (IDC) reports. According to IDC’s Global DataSphere forecast, the global datasphere will grow from 33 Zettabytes (ZB) in 2018 to 175 ZB in 2025.
That’s a lot of data! IDC explains it this way: “If you were able to store the entire global datasphere on DVDs, then you would have a stack of DVDs that could … circle Earth 222 times.”
Underlying this growing amount of data are the ethical considerations related to how it is collected, used, and stored. According to a recent KPMG survey, New Imperative for Corporate Data Responsibility, 97% of consumers say data privacy is important, with 54% saying they don’t trust companies to use personal data ethically.
It is increasingly important for organizations to look holistically at their data use practices — and internal audit can play a significant role. “Internal auditors function as the final line of defense in effective data governance strategy,” according to The IIA’s Global Knowledge Brief, Data Ethics: Where Does Internal Audit Fit? They have the ability to assess the effectiveness of data protection policies throughout their engagements and can use their understanding of data ethics best practices to help revise or create policies. According to The IIA’s OnRisk 2020 report, internal auditors also should:
- Be aware of industry-specific regulations and any data privacy requirements.
- Research emerging and evolving risks regarding data, as applicable.
- Consult with subject matter experts when necessary.
In “Data Governance in Demand,” authors Andrew Struthers-Kennedy and Gregg Wishna add that “internal audit should embrace the concept that every audit it conducts essentially is a data audit.” Their article is one of a package of articles in this issue that considers accelerated use of data at the organization and internal audit levels.
The accelerated use of data has accelerated the discussion of data ethics. As internal auditors get up to speed on how data is transforming organizations, they also should take this opportunity to incorporate control activities related to data protection and ethics into all of their risk assessments and engagements.
On a final note, I’m excited to welcome Anthony Pugliese to The IIA. As Lauressa Nelson writes in “Learning, Growth, and Inclusion,” The Institute’s new president and CEO “is enthusiastic about the potential for a more vibrant, innovative, and future-ready internal audit profession — and IIA.” Learn more about Anthony and his plans beginning on page 50.