ACL and/or Tableau? 7 areas where enterprise consolidation of analytics fails for audit, risk management and compliance

Published | Tuesday, July 24th, 2018

Analytics consolidation is becoming more common in today’s technology landscape, where IT and shared data services groups are mandated by senior management to converge on licensing a single data tool across the enterprise for ‘analytics.’

While consolidation makes sense from the perspective of accounting or procurement looking to reduce overall G&A spend on software, it often makes less sense when you consider what your true business need is, the data you need to access and analyze, and the differences in capabilities between your various data tools, such as analytics vs. business intelligence (BI) vs. data visualization. If one tool can meet all your specific needs equally, it may indeed make sense to land on just one tool. But to make that assessment, you need to step back and identify the critical capabilities that make governance, risk and compliance (GRC) tick.

As an analytics vendor, we feel there are key differences between ACL and Tableau that make them more complimentary tools than competitors, despite what marketing materials might say to the contrary. Analyzing and visualizing data across your enterprise is like building a house: it often requires a different tool for a specific task. If you are looking to apply analytics to detect risk in your organization, test the effectiveness of controls or uncover anomalies indicating fraud, then ACL is better as an analytics tool—whereas Tableau excels in many other areas of intelligence and data visualization.

Here are seven areas where analytics consolidation can hurt GRC and why they matter:

1. GRC context and resources

A big difference between ACL and BI tools like Tableau is that ACL is an analytics and workflow vendor built specifically for a GRC professional domain to solve for risk, compliance and audit specific challenges. ACL has a vast ecosystem of training and content resources, and a peer community with rich GRC domain knowledge. This ecosystem incubates your team’s professional development to evolve over time, but equally important it helps answer the most important questions particular to GRC: Where do I start? What do I ask my data? Where does risk exist that I am not yet looking in operations, processes, entities or industries like mine?

2. Data access & cleansing

Among the hardest steps in performing audit, risk and compliance analytics is accessing, joining and cleansing source data across disparate systems. Data resides across PDFs, disparate MS Excel or .csv dumps, in a variety of ERP systems like SAP, and in data storage systems like SQL and Oracle. ACL is a masterful tool at connecting to a wider range of disparate sources directly, and then joining and cleansing and reconciling the raw data. Raw data is often full of extra spaces and special characters that can kill your analysis before it starts. Detecting and repairing that data is extremely frustrating and time consuming—and requires a tool built for the job. How accurate is ACL’s detection and data cleansing capabilities? Many of our customers’ IT departments use ACL to reconcile a data migration between a legacy data storage system and its replacement, that’s how accurate!

3. Risk and control analytics

ACL’s analytic engine has easy one-click commands designed specifically to find risk, fraud or compliance violations by detecting anomalies that universal business intelligence or data management tools are simply unable to. Vendor billing mistakes are common in large enterprises and governments, ACL has a few single commands that will find disparity and uncover seven-figure mistakes, such as where your vendor’s ERP system generated multiple invoices for the same PO, or where invoices are out of sequence. These easy-to-accomplish tests are not so easy to perform in generic data management tools like SQL or in more generic business intelligence tools like Tableau, Qlik and Excel.

4. Defensibility & provability

Every analytic step captures a provable activity log in ACL, which is often a requirement for assurance groups needing to satisfy tough regulatory oversight or, in extreme cases, litigation. ACL’s activity log can be easily copy-pasted to produce repeatable analytics script—making learnability and professional development easier.

5. Analytic results workflow

Perhaps the biggest difference between ACL and Tableau is how you flag data that requires action. ACL has a workflow platform that integrates with the analytic output—allowing the workflow to be easily configured by the customer. Tableau is a great tool to visualize the data, but when you want to action it and disseminate a flagged record for review and remediation—and assign to a review stakeholder and automatically alert outstanding actions and report to senior management the status—Tableau simply has no workflow to take this next step, making it easy for risks to slip through the cracks.

6. Reporting integration for complete enterprise data visualization

No question, Tableau is a superior business intelligence and data visualization tool. But whereas Tableau doesn’t offer the same analytic capability for the GRC domain, it’s a common enterprise-wide licensed tool to provide centralized reporting from a static dashboard. ACL has a driver for any business intelligence tool to directly consume our analytic output so it can be displayed in your centralized, static reporting tool. ACL’s driver is certified for Tableau.

7. Continuous monitoring and remediation

For GRC teams wanting to set up continuous monitoring and assign process or control owners to review and remediate flagged record, ACL’s platform allows for trusted IT direct data connections, pre-scheduled analytics to run off-production hours, and a workflow capability that allows you to action flagged analytic results to better remediate your risks and optimize your business performance.

ACL and Tableau together is a beautiful thing. ACL project files are now their own data connector. In fact, you can feed your ACL analytic output into any of your existing organization-wide BI and visualization tools (which typically don’t do analytics!).

  Get in touch with us!

In compliance with Section 45 of the ECT Act please confirm the following:

I would like to receive future communication from CQS.

Leave a Comment

Your email address will not be published. Required fields are marked *