In May, the Swiss Bankers Association (SBA; German: Schweizer Bankiervereinigung SBVg) published a guide on "Handling data in day-to-day business". The document outlines six specific use cases to illustrate the existing risks and responsibilities when creating value from data. In particular, finding the balance between "seizing opportunities" and "avoiding risks" is a significant challenge for companies.
We are using this guide as an opportunity to shed light on the topic of "handling data."
For fans of the American national sport football, this is the most exciting time of the season. The playoffs are underway and the Super Bowl is already casting its shadow. What I always find interesting about the sport is the size of the team and the staff. There are 53 players and staff, which means about 80 - 100 people on the field, who have to communicate with each other clearly and purposefully. Especially in decision-making situations under time stress, clear rules are needed on how, who and what is communicated. If this is not defined, everything goes haywire, processes do not work and moves go wrong. The topic of governance is described in the attached article.
The NFL, as the rule-making authority, has introduced clear rules for communication. For example, one player from the offense and one from the defense are allowed to have contact with the coach, and communication is only possible from one side - only from the sideline to the player. So answering is not possible. The players involved (usually the quarterback) have a speaker in their helmet and are identified to the outside world by a green dot on their helmet. The statement from Michelle McKenna-Doyle, NFL CIO "I try to make sure it's not tech for tech's sake. It's tech to make the game better, safer, move faster." can be applied perfectly to our daily business - mistakes are not an option. Even though we in business communication are not quite exposed to this game stress and publicity, we know the same challenges to ensure meaningful and efficient communication in our organizations.
I found it very interesting that the SBA includes the topic of artificial intelligence, AI. This is a branch of computer science that tries to teach computers intelligent behavior in an automated way. Many companies are daring to take their first steps with corresponding use cases, and some are already using AI-based solutions productively. If the focus is placed on the benefit, the risks are often forgotten, starting at the drawing board through to established solutions.
We have already been able to review some AI solutions and have developed a framework for this purpose. We pay special attention to the following:
- Data governance should be established, especially in the area of data quality. A human operator can filter out erroneous data using common sense; this is not (automatically) possible using AI.
- Regulatory aspects, which may be regulated by organizational measures, must necessarily be technically intercepted in the AI environment.
- A transparent purpose of use is the prerequisite for the purpose limitation of the data, which is a key topic in data protection. At the latest for revoking consent – the right to be forgotten – it is central to know for what purpose the data was processed. It is also foreseeable that regulations in the AI environment will adopt such directories.
- Questions about controllability examine whether decisions are made directly from AI algorithms and to what extent these are reversible. Ideally, the algorithms and models will be regularly checked for biases and possible discriminations.
- Transparency is important to make decisions comprehensible. The extent to which those affected (e.g., applicants or customers) are and must be informed about the use and background of AI should also always be discussed here.
With the introduction of MS Teams and the relocation of data storage and authorization management to the cloud, compliance and auditing officers are also faced with new issues that they did not have with traditional data storage. You gain new opportunities for collaboration, but there are also new risks that need to be taken into account. The following is a brief overview of the obvious risks. Of course, these can diverge depending on the environment and industry.
Establishing effective governance rules for MS Teams is an essential foundation for efficient use. These rules must be defined organization-wide and be technically enforceable. From an auditor's perspective, the following questions are always a good starting point:
- Is meaningful team governance documented and implemented?
- Is a suitable naming convention available and is implementation/compliance automated?
- Are rules for data deletion and data retention in place and implemented?
- What data labeling and classification rules have been implemented and do they comply with data protection requirements?
- How can governance compliance be verified by the responsible units?
With the six use cases in its guide, the SBA provides some insights into which topics are currently possible. However, I often see a more straightforward starting point not in the customer-oriented topics but in the analysis of data in internal processes. Again, this raises several questions about risks, but they are easier to control.
In a future post, I will discuss how an organization can identify and prioritize possible use cases and what framework conditions should be met for data to be used.
Conclusion
ConclusionTeams brings numerous advantages in day-to-day collaboration. At the same time, however, there are also risks that should be tamed with good governance. For those responsible for compliance and/or internal auditing, the assessment of team governance is an item that should not be missing from a well-sorted audit plan.
What new capabilities and skills are needed to build a corporate IT that accompanies and actively drives innovation as part of corporate value creation?
DevOps is the widely used buzzword for a far-reaching transformation of the IT organization in companies. In this first article, we address the core aspect of DevOps: a new culture in IT.
Digital workplace: Introduction of MS Teams
The Eraneos e-paper on the successful introduction of Microsoft Teams within the Eraneos Group.
News & Eraneos Insights
Reports on our projects, interesting facts from the various competence and customer areas as well as information about our company have been compiled here for you.