Headquartered in the Netherlands, ING is a global financial institution with strong European foundations that offers retail and wholesale banking services in over 40 countries. As one of Europe’s top twenty banks, it has over 57,000 employees and more than 38 million customers.
ING’s internal audit function consists of more than 400 individuals across 36 teams in over 20 countries. This function covers a wide variety of topics, locations, and processes, all of which need to be audited. Specifically, over 1,350 auditable entities are defined. Each one has an average audit cycle of almost three years and a lead time requirement of 8-10 weeks. Internal Audit uses data analytics in about 65%-70% of the audits performed each year, aiming to reach 80%-85% in the coming years.
Internally, ING/Internal Audit has ambitions to become a data-driven department while standing by their mission to provide assurance on managing risk during internal audits.
Internal audit covers many different topics, and often the same topic is addressed in different audits, for instance in different countries. From a data analytics perspective, this means that different audit tests for different topics may be required. It can also mean that the same audit tests may be reused for similar topics but using different data sources. The complexity of analytics for internal audit lies therefore not in the tooling or use of advanced models, but rather in the wide range of topics with multiple and varying data sources. The biggest challenge is finding a way to handle different data types and sources while creating efficiencies and ensuring consistency across all applications.
ING/Internal Audit’s goal is to make data analytics an indispensable part of every audit. The approach is for all Internal Audit staff to become proficient at applying analytics to their audits. An expert team performs advanced analytics and provides support and training. The approach, both from an audit and a staff perspective, requires a data analytics tool that is user-friendly and intuitive, has low (or no) code, supports reusability and sharing, and is flexible and scalable. Because KNIME ticks these boxes, it became the tool of choice for Internal Audit at ING.
KNIME was first made available in 2017. Since 2020, it has been used not just for its additional computational power and storage, but also for building data apps, which has made working with data and doing analytics even easier.
Stopping terrorist financing, fighting economic crime, and complying with sanctions are major concerns for the banking industry. It’s important to know your customer and properly screen transactions so you can comply. One of ING’s daily tasks is to review payment transactions for short-term financing, which comes with a lot of trade finance documentation. Documents can be sent in multiple formats, such as invoices, contracts, loan documents, etc. The task is to review the entities on these documents (which could be human names or port/ship names) and cross-reference them with a sanctions list.
Part of the procedures when performing an audit on this topic is re-performing the screening process. Prior to discovering KNIME, the auditors needed to manually read each document, highlight all names or entities and compare the outcome with the lists prepared by the ING analysts.
Using KNIME Analytics Platform, ING/Internal Audit built workflows to develop a tool that could automatically scan, read, and cross-reference documentation. This ensured completeness of optical character recognition (OCR) for each image. As a company, they must thoroughly and accurately scan 100% of documents going through review. If, for instance, only 90% have been scanned properly, they must identify which 10% were not and which 90% were. And this is where their KNIME-built workflow comes into play.
This intuitive tool automatically reads a PDF and produces a color-coded result, indicating any words that were missed during scanning and any information/data flagged at a low confidence level of being scanned properly (based on OCR). Then, the tool scans all names and words on the document and compares them to the sanctions list. Therefore, instead of manually scanning over many pages by hand, the audit team only has to focus on the highlighted words indicated by the tool.
Process mining is used to analyze process flows based on event log data. In many current business processes, IT applications create log files, which register who is doing what and when for every transaction or trade. An event log consists of three important elements: a case ID, the activity itself, and the timestamp. It’s usually enriched with additional data, such as user IDs and departments. It then visualizes the process while it’s taking place — also known as the “as-is” process. In an audit, the main use case is process discovery. The “as-is” process is benchmarked against the “should-be” process, which enables auditors to identify non-compliance quickly.
The solution at ING/Internal Audit consists of a workflow, which is built and deployed with KNIME as a branded web-based data app. The user opens the data app in their browser, selects the process mining solution, and follows the predetermined steps. These steps include uploading event log data, assigning columns, and conducting the analysis. The purpose-built but easy-to-follow interface offers the right amount of complexity for auditors to conduct their own data analysis anywhere, anytime. The interaction points are all pre-determined by the KNIME workflow, which is running in the background. The workflow consists of many KNIME components, which bundles the workflow functionality into logical, reusable steps.
Using KNIME, the team can process insights based on actual data, enable conformance checking, identify bottlenecks, and overall, optimize and simplify process mining efforts.
ING/Internal Audit has managed to integrate data analytics into the everyday work of their auditors, without a lot of heavy lifting, which has gone a long way in helping achieve their vision of becoming data driven. Increasingly, users who didn’t dive into the data before can now generate insights self-sufficiently and faster than before. Because KNIME workflows are reusable and shareable, it’s helped to standardize processes and generate efficiencies at ING. While these efficiencies do come after investing significant time in creating reusable solutions, it’s already paying off. In some cases, it’s reduced the work of individual auditors from three days to 15 minutes.
To hear Tjasse Biewenga, head of data analytics for internal audit at ING, talk about these efficiency gains and leveraging KNIME for data analytics, watch his full presentation at the 2022 KNIME Fall Summit.
To hear more success stories like ING’s and learn how other businesses and data experts across multiple industries are leveraging their data with KNIME, register for our upcoming Spring Summit in Berlin, April 17-19. Early bird tickets are still available.