​​​​Big Data: A Coda

Comments Views

​I'll be honest (and I don't think I'm telling you something you don't already know), I have a tendency to oversimplify things. But for all the promises and threats and worry and volume and words and unending discussions about big data, I am not sure I see this as a new risk. As with anything else involving technology there has been an exponential increase in the availability and use of data; meaning the volume of the risk has increased (meaning it slops that much further from yellow to green.) But it is still data.

That means that the risks related to big data still revolve around such things as how to analyze it, how to store it, and how to transfer it. New technologies? Yes. New  impact, likelihood, velocity, and persistence of risks? Yes. But new risks, per se? No.

All that to discuss one of the other dirty, little secrets of big data — nay, about all data. Again based on years of experience and discussions with auditors in various walks of life, profession, and industry, one of the biggest problems organizations and internal auditors face is trying to find out how to get their grubby, little mitts on all that lovely data. Even when there wasn't "Big" data, it was tough to even find the "small" data.

I have heard it from my auditors, I have heard it from other auditors, I have heard it from the people actually doing the work, and I have said it time and time again — "I know the data is out there, I know there is a database that contains it, but I can't find anyone who can access it."

And therein lies the greatest crime. Data, data everywhere, and not a drop to analyze.

Particularly for large, established organizations with a history of systems that stretch back to the days of abaci and papyrus, it is like Burton's search for the origins of the Nile as we try to determine which nooks and crannies (and experts) hold that valuable information. 

Alas, I hold no answer to this quandary. I have seen approaches that help and I have actually seen organizations take on the task of finding and recording these sources. But there is no panacea — no quick, easy solution.

But again, not a new risk, just a risk whose impact has become huge.


​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
  • TeamMate_May2015
  • Ideagen_Pentana_May2015
  • IIA-GRC_May2015