Is the answer to MEGA DATA METADATA?

Accountancy SA,  Oct 2005  by Barnard, Charl

• E-mail
• Print
• Link

Compliance is a perpetual process, with ongoing audits; and the wheel has only just started to spin. This article aims to show how data integration and metadata can be your compliance enablers going forward.

The regulatory environment is becoming increasingly complex, and requirements from businesses in this sphere are mounting. The ECT Act impacts document, records and content management, detailing what companies should be doing. The Financial Intelligence Centre Act (PICA) requires accountable organisations to demonstrate what they know, including information such as clients' full names and identity numbers.

Aimed at preventing fraud, this impacts the technology systems that underpin the business because they need to be able to capture, store and retrieve this information, and manage it, in most cases, for the duration of the client's life or the organisation's existence.

Further regulation comes in the form of the Financial Advisory and Intermediary Services (FAIS) Act, which lays down requirements for qualification and certification of people providing these services, and provides redress for clients who have suffered from poor advice. Basel Il requires banks to address operational, credit and market risks and retain a specified amount of capital to cover these.

Basel Il has exposed the enormity of the task banks face in trying to gain a single view of the customer, the ECT Act and FICA have highlighted the need for effective document, content and records retention, storage, retrieval and management, while FAIS requires organisations, in terms of technology, to be able to track and record conversations and documents exchanged with clients.

Companies therefore need to continually monitor and keep on top of the ongoing changes to the controls and governance processes now in place. And their ability to track these changes will hinge on how well they can harness, manage and leverage comprehensive data about their data - that is, metadata.

Metadata is key to ongoing compliance

Metadata is a critical component of data integration, data movement and data synchronisation. It encapsulates a given piece of data's lineage, meaning and purpose: where it's been over time, what if anything has changed, and when and why. When applied to compliance, this is a powerful capability. Metadata is about confidence in the data, systems and processes behind the numbers.

Companies need granular controls and processes defined in such a way that they can certify their systems. For example, if changes need to be made to the rules governing the approval of purchase orders, you'll want to validate the rules changes, modify all necessary documentation, change the test plan you're using to validate your compliance, and then go through the appropriate remediation phases. In order to find, flag and fix exceptions, you have to find a way to tie your business processes to your controls to your remediation steps - right down to the individual data elements and the validation of the rules. Metadata can give you the power to do this.

When you gather granular metadata elements, you can leverage them to link business processes to:

* The controls and rules used to regulate them;

* The tests you're using to validate those controls;

* The remediation you're doing to fix any problems; and

* The final audit process.

That's because metadata can accurately, and inescapably, describe all the details relating to business process changes as you proceed quarter to quarter. Metadata should be captured from all systems and applications - even spreadsheets - and consolidated into a central repository for leveraging via visualisation tools.

Establish centres of integration excellence

An increasing number of companies are launching centres of integration excellence to promote unified data integration standards, processes and practices and the continual leveraging of metadata knowledge across numerous integration projects. These centres can play an important role in implementing compliance management architecture and ensuring the success of compliance initiatives.

Be inclusive - automatically

Metadata should be captured automatically from all pertinent systems and applications - even spreadsheets - and consolidated into a central repository. There it can be tracked at the line item level and leveraged via visualisation tools.

It is important to be inclusive because metadata resides in a multitude of places, from transaction and ERP systems to department databases and spreadsheets. In fact, spreadsheets are where many of the final calculations affecting financial reporting take place. It is imperative to keep those calculations and their history from being overwritten and lost. Hence you have to automatically capture what's going on in the spreadsheet, or any other end-user tool, so you can validate not just the inputs, but also the calculations and outputs.

It is equally important to be automatic in collecting the metadata because there is no way you can stitch it together by hand across all its residing places - and along all the different data streams that have to come together to deliver a single number for compliance reporting.