A CPA’s role in ensuring trust in your data-sharing ecosystem
This article is part of our Mastering Data series. The series examines the digitization underway in Canada’s economy, why it’s important, the data governance issues it creates, and how to address them. It also looks at the role you can play as a CPA in guiding your organization through the transition.
Read this article to learn:
- the need for CPAs to close the trust deficit in data sharing
- key elements of successful digital transformation
- the growing use of cloud-based systems
- how CPAs can transition to the role of data controller
Maintaining trust in data is one of the biggest challenges faced by organizations keen to embrace digital transformation. Systems and approaches are evolving quickly but no standards or detailed guidance exist yet to maintain appropriate controls on data sharing ecosystems. This has created a trust gap – and an opportunity for CPAs. Professional accountants are recognized experts in designing and managing controls that bring clarity and transparency to financial data. CPAs’ technical training, proven competencies in managing controls, and knowledge of traditional value chains can be transferred to data value chains to create and maintain much-needed trust.
Managing a growing trust deficit
The need for trust exists across the data value chain. If you work upstream, where data is generated and collected, allowing data to be shared and reused by others outside of your span of control requires a great deal of trust. And if you work downstream in data science, trusting that the data you receive is accurate, complete, and up to date is paramount for success. As the number of use cases and applications grow in size and in scope, trust needs to be distributed among a larger number of business units, data-collection intermediaries and data scientists/engineers.
Foundational elements for digital transformation
A well-functioning data-sharing ecosystem, based on solid data governance rules, is essential to support your organization’s digital transformation. This requires a number of critical foundational elements to be developed to support a successful digital journey. These include:
- a corporate data policy
- a digitization strategy and budget
- a hybrid team composed of subject matter experts, relevant data experts and IT
Increased reliance on cloud-based platforms
A few years ago, organizations generally initiated their digital transformation journeys with the help of consultants to find suitable datasets and experiment in-house with AI. Managing data access was relatively straightforward as data was generally housed in local servers. But one year into the COVID-19 pandemic, it became clear that organizations have been forced to adopt hybrid approaches. Many needed support to expand memory, help a high volume of users, update machine learning models to reflect the new normal and sustain their workforce online. The rate of adoption is such that leading research and consulting firm Gartner predicts that public cloud services will be essential for 90 per cent of data and analytics innovation by 2022.
There are clear advantages for organizations to use cloud-based platforms. Many of the required tools, software and hardware needed for data preparation, model training and deployment are included in subscription costs. With training models, you only pay for what you need in terms of CPU computing time. A growing number of organizations recognize that global machine learning platforms are also better equipped than legacy systems to deal with other issues such as cybersecurity, IT modernization and data access.
Data science and machine learning tools/framework used by early adopters
And organizations are not putting all of their data in one basket. Most report using more than one service provider as they broaden the deployment of AI and machine learning tools to various business functions. Customers want to remain independent and avoid locking in with one vendor as they leverage major cloud providers. Proprietary software is used to bridge datasets, cloud applications and applications managed by specialized third parties as well as private data centres.
Organizations are expected to design, implement and monitor data sharing and access policies to manage data access. According to Tarik Dwiek, director of Technology Alliances at Snowflake (a data science and AI firm), organizations want secure and governed access to data. “Now that the cloud is opening up the ability to manage data at scale, customers see both the opportunity and the critical need to enable data governance at scale.”
For organizations getting more sophisticated at using AI and machine learning, the trend is to democratize data use. This requires allowing a larger number of analysts and subject matter experts to access data. New services offerings are being introduced to manage data through “data lake” architecture. A data lake is a repository where raw data can be stored without preparation. Client organizations can store and use business operations data on data lakes while allowing analytics work to be performed live, without having to copy, label or annotate data.
Data sharing is also occurring between organizations. Data sharing protocols and protection requirements also need to cover suppliers and vendors. As such, terms and conditions of existing contracts need to be updated to reflect data policies, procedures and protocols. Issues such as data ownership, IP and copyright, data residency requirements, and adherence to relevant privacy and ethics rules must be addressed.
CPAs should manage new data sharing controls
Given these hybrid scenarios involving multiple providers, data sources, models and outputs, managing data access and reporting on compliance has become paramount. There is a need for a credible accountability framework. In the context of digital transformation, a data controller is required to take on stewardship of data shared for the purpose of data reuse and to enhance the value of data through its protection, curation and appropriate usage.
Traditionally, controllers protect resources and ensure that only people with the appropriate access rights (need and permission) are authorized to use the resources. They ensure that the financial resources of the organization are protected, that related laws are adhered to and that activities undertaken by the organization are strategically aligned.
A data controller’s stewardship role extends beyond financial resources. It applies to all data resources and will overlap the financial controller’s role to some extent. It is a natural evolution for professional accountants to broaden their traditional financial stewardship roles to include all data slated for data sharing and reuse. But stewardship does not mean ownership. Stewardship is an enabling function to ensure that the data owners within the organization protect, curate, share and use the data according to external (laws, regulations, etc.) and internal (policy) constraints.
Embracing digital strategies also brings significant legal and ethical challenges. Not all uses of technology align with the values of different societies with respect to fairness, security, privacy, understandability and transparency. As stated in the International Code of Ethics for Professional Accountants (the Code), taking into account their position and seniority in the organization, professional accountants are expected to encourage and promote an ethics-based culture in the organization – and as such are well-positioned to help organizations in a data controller role.
The key element of this role is to protect the data. The first layer of data protection is to ensure that only authorized individuals have access to the data. Another layer is to ensure that the origin of the data can be demonstrated. Stewardship also means ensuring that data is used for its intended purpose.
An enhanced role for professional accountants is to ensure that jurisdictional boundaries are respected through appropriate monitoring of data usage. An equally important role is to certify that the data being used or sold is fit-for-purpose in that the lineage and provenance of the data can be proven.
With appropriate governance mechanisms, an organization can ensure that it delivers on its responsibilities to all stakeholders and abides to the fundamental principle of fairness.
Looking forward
The need for and importance of trust has grown significantly in an increasingly digitized world. When it comes to financial reports, oversight and controls, CPAs represent the gold standard of trust. As a profession, CPAs are poised to lead the conversation on trust across data value chains – from data collection, sharing and access to trust in AI and machine learning tools. By monitoring, verifying, auditing, and reporting, along with auditing compliance to best practices on data sharing, access and reuse activities taking place in multiple locations and formats, CPAs can help demonstrate that new systems are operating as intended.