By Noratip Dhanasarnsilp
Special to The Nation
“We have already implemented ERP and we have data, but we don’t know how to use it.” This is the message being heard over and over in Deloitte’s consulting sessions with clients.
In 2021, businesses in Thailand are fully aware they need to transform digitally. Around 40 per cent have completed their transformation to some degree, 50 per cent are in progress and 10 per cent are planning their transformation. One benefit of digital transformation is the wealth of data being collected, categorised and stored. Information such as customer profiles, customer interaction with the business’s services, internal processes and suppliers can be very useful for gaining competitive advantage, improving our processes and reducing operating costs. However, data are useless if they are not properly analysed – a problem that could be trapping value worth millions within transaction systems.
Businesses might be surprised to learn that the ability to unlock these trapped millions lies within your risk management and internal audit teams. Although both of these departments may have a good understanding of business processes and what can go wrong, their potential is often limited by a lack of digital data and/or tools to handle that data. Deloitte’s Risk Advisory team has heard this complaint many times over the past two years and our response is: “Empower your second and third line of defence.” The approach to empowerment consists of the following two stages:
1. Automate to reduce time spent on routine work
Research shows that we spend 67 per cent of working hours with computers but only 26 per cent applying our expertise. Risk management and internal audit teams (RM & IA) spend significant amounts of time requesting, collecting and preparing data, leaving them with only a small window to do their work. We suggest organisations adopt Robotic Process Automation (RPA) to help automate manual, recurring and resource-intensive tasks that RM & IA teams are doing. A client who adopted RPA for internal controls has reduced time spent on routine tasks from 900 working days to 15 working days. The tasks are done 60,000 per cent faster, ensuring compliance while also boosting the morale of staff since they can now focus on challenging tasks and can also leave work on time. With the cost of RPA technology decreasing each year, its affordability now means businesses can recoup the investment within months.
2. Increase data processing capability with analytics
Current good practice for data sampling is to randomly select 10 per cent of the target population – a method that has not changed for decades. However, the 10 per cent practice in the digital age poses two major challenges to risk assurance. The first is the low possibility of detecting risk and abnormal transactions. The second is inability to handle 10 per cent of transactions, especially for businesses that operate digitally such as e-commerce. For example, in 2020 food delivery applications saw an estimated 68 million transactions – which is impossible for RM & IA teams to effectively monitor. With this scenario, we need tools to increase analytic capability. Deloitte foresaw this problem and has for some time been advising clients to use data analytic and visualisation.
A fast-rising technology in this field is Process Mining, which helps users take in all data generated throughout a given business process. At this point, you may be asking how Process Mining differs from other Business Intelligence (BI) tools. The significant advantage of Process Mining is its ability to create maps of your processes based on three key data fields – transaction ID, activity and activity’s time-stamp. With this tool, the risk management and internal audit teams can see how business processes operate from end to end, covering 100 per cent of transactions with limited resources.
This full oversight of business processes allows RM & IA teams to see exactly which part of the operation is causing delays, identifying bottlenecks and where processes deviate from established standards. Using the resulting experience in business processes, good practice and data, teams can provide insights into business operations, pinpointing risks and suggesting improvements that unlock business opportunities worth millions trapped within your organisation.
In conclusion, as businesses undergo digital transformation and collect large pools of data, they must focus on maximising analysis and use of digital data. This applies to every business unit, including supporting functions such as risk management and internal auditing. RM & IA teams must adopt these digital assets and become internal consultants for the business – providing insights, improvements and assurance to the organisation. Doing so will give RM & IA a seat at the decision-making table, freeing millions in trapped revenue and contributing to the next wave of business growth.
Noratip Dhanasarnsilp is senior manager for Risk Advisory Services at Deloitte Thailand.