EXCLUSIVE – Cloud adoption in government and using data analytics to improve internal audit processes
More than 20 delegates represented by various government agencies of the Philippines, gathered for OpenGov’s Breakfast Insight session, “Mitigating risks to ensure reputational integrity with integrated analytics” on October 17, 2017, held at the Dusit Thani Manila. Mr. Mohit Sagar, Managing Director and Editor-in-Chief of OpenGov Asia, kick started the breakfast insight session, followed by an introduction by Mr. Steve Thurley, Managing Director of ACL. International case study
Invited international speaker, Ms. Naaimah Ahmad Radzi (above photo), Director, Office of Internal Audit, International Islamic University Malaysia (IIUM) gave a case study of how technology is adopted and used in IIUM’s governance, risk and compliance processes. One of the challenges that Ms. Radzi faced was that despite budget cuts and various constraints, she and her colleagues are expected to do real-time audits. Traditionally, random samples are used in auditing methodologies but now stakeholders such as the Ministry of Education and Malaysia National Audit Department were asking IIUM to look into real-time audits. Therefore, adopting technologies such as data analytics can help the IIUM audit team to do this. The board of directors at IIUM also want to be able to see the overall picture of audit and not simply reply on random samples, to be able to quantify the impact of technology.
According to Ms. Radzi, using data analytics tools such as those by ACL allows her to see the whole spectrum of transactions and measure the risks, as well as identifying the mitigating action plans. The annual budget from the central agency has been cut by about 30%-40% and the department has to generate their own internal income to finance the overheads.
With 5 offices under her at IIUM to oversee 90 call centres at the 5 campuses, Ms. Radzi explained that the only way to handle them effectively is to use data analytics and audit management systems.
For IIUM, technology is part of the Group Internal Audit’s transformation action plan, and it is incorporated into the university’s corporate strategy plan. One of the plan’s strategic objectives is to help IIUM achieve financial sustainability and this will be done through cost savings and increase in revenue generation via the use of data analytics.
Another strategic objective is to strengthen quality services delivery and good governing framework – one of the ways to do this to establish a paperless audit management software with embedded risk assessment, data analytics and continuous auditing. Through the use of data analytics, the top 5 risks in procurement that were common to all public universities were identified. IIUM spends about average RM74 million on procurement annually so it is not enough to just study random samples – one needs to study the entire spectrum of transactions and identify certain risks that can be mitigated.
Data analytics also revealed that 95% of the transactions involved direct purchases and only 5% involved quotations and tender, so now the audit scope will shift towards monitoring direct purchases. In addition, unauthorised changes to the vendor master file and expensive ‘dummy quotations’ were identified through the use of data analytics. Roundtable sessions with Chief Audit Executives of 20 public universities were also organised to discuss on topics such as how to prevent fraud and improve current audit methodologies.
IIUM has been using data analytics for their audit processes since 2009 and they hope to be the catalyst in the implementation of data analytics and audit management systems to other public universities – the aim is to have 100% utilisation of data analytics by all public universities by 2020.
The Local Perspective
Dr. Dennis Reyes (above photo), ARTA Technology Modernization Architect & Chief Economist, Department of Finance (DOF), Philippines, explained what the government is doing in terms of data analytics and particularly on the issue of cloud. In the region, the Philippines started a lot of programmes but it currently is second to last to actually get on board to the ASEAN single gateway. Dr. Reyes said that it was a mindset issue and not a technology one – when the cloud first policy was put together, it was not about the technology availability issue but it was more about the behavioural issue: how to prevent the unnecessary procurement of equipment that cannot be reutilised?
The problem that the government has with the private sector partners is that government ended up not being able to leverage the data, so it’s important for the government to own the data. In the age of disruption, government has to rethink their own functions, resources and even partners in the private sector. The foundation is being built towards being a fully transparent government by 2040.
The roadmap of the government’s digital transformation journey is not about which vendor is pitching the best, it’s about framing the mindset in order to define exactly which direction to go. Not matter what is said about best practices, the government would still have to carve its own way. The DOF is spearheading initiatives adopting cloud native systems to create secure and sustainable programmes, facilitate paperless foreign trade and ease of doing businesses.
Dr. Reyes is involved in the formation of the Philippines e-government interoperability framework, and it is looking at standards on the infrastructure side. It is not trying to impose a type of technology – in order for interoperability to happen, these are the standards that need to be met by the service providers. The government common platform is basically a technical rendition of data and information interoperability standards – the Philippine eGovernment Interoperability Framework (PeGIF) 2.0. It started with health, transport and now it is expanded to multi-sector domains so that there’s clear governance in what standards need to be brought in.
Polling and discussion
One of the biggest data challenges in the organisations represented by the delegates at the session was that data is still manually aggregated, followed the increasing effort to manage data. Ms. Radzi gave the example of being able to ‘sell’ the benefits of data analytics to higher management in order to encourage buy-in and adoption. On the benefits of cloud benefitting their respective organisations, more than 90% of the delegates agreed that the adoption of cloud would reduce their cost of infrastructure ownership and increase the scalability and reliability of IT operations and services.
In terms of the primary concerns on the use of cloud, 52% of the delegates felt that they were still not confident with the current internal security practice. 29% expressed that they were not informed enough on what cloud is. One of the reoccurring topics that emerged from the discussion was the issue of responsibility towards the data – whose responsibility is it when the data is put onto the cloud? On the topic of digitalisation and automation of processes, a delegate explained that many tend to be scared because they view systems and automation as challenging their jobs and roles, and being replaced by technology. Digitalisation is not about that but being able to translate data into a more cohesive and effective way of communication both within and between government organisations and agencies, as well as meet added expectations from the management.