Alternative data sources present businesses with powerful new opportunities. They also introduce risks.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) addressed this challenge in its 2024 report, Alternative Data: The COSO Perspective. This report offers valuable guidance on how businesses can leverage nontraditional data sources into their enterprise risk management (ERM) frameworks.
The value of an ERM
Implementing an enterprise risk management (ERM) framework helps managers anticipate risks and recognize that change creates opportunities, not simply the potential for crises. Internal control is just one small part of ERM. It may also encompass strategy setting, governance, stakeholder communications, and performance measurement. These principles apply at all business levels, across all functions and to organizations of any size.
Today, COSO’s Enterprise Risk Management — Integrated Framework is the cornerstone of modern risk management practices. COSO continuously updates its guidance to address emerging risks.
What’s alternative data?
Companies increasingly rely on social media analytics, satellite imagery, web scraping, transactional data, smart sensor feeds, and environmental, social, and governance (ESG) indicators to drive strategic decision-making. Such alternative data sources may provide fresh insights into market trends and consumer behavior.
These unconventional sources can enhance forecasting and risk assessment. But they also introduce challenges, such as data integrity, privacy concerns, and regulatory compliance. Without a structured approach to managing these risks, alternative data can create more uncertainty than clarity. To fully capitalize on alternative data, companies must embed it within their risk management practices.
COSO emphasizes that businesses must ensure alternative data aligns with their strategic objectives, such as improving customer engagement, optimizing supply chains, and strengthening investment strategies. If alternative data doesn’t contribute to well-defined business outcomes, the risk may not be worth it.
How to put the guidance into action
COSO recommends the following five steps to successfully integrate alternative data into your organization’s ERM framework:
1. Perform a data audit. Begin by identifying all sources of alternative data currently used or under consideration. To get a complete picture of your organization’s data landscape, evaluate these questions:
- How is alternative data collected, and who provides it?
- Does the data introduce potential privacy or security risks?
- Is the data relevant to the company’s strategic objectives?
Not all alternative data is created equal. Three key areas where quality issues commonly arise are source reliability, accuracy and bias, and timeliness. Vet third-party data providers carefully to ensure they’re credible, transparent, and compliant with industry standards.
2. Strengthen governance practices. Assigning oversight responsibility to a chief data officer or a data governance committee helps ensure accountability. Businesses without proper governance practices risk drawing inaccurate conclusions, facing regulatory penalties, or damaging their reputations.
Also stay informed about rapidly evolving data privacy laws and document data collection and usage practices thoroughly. This includes creating internal codes of ethics for responsible data use, especially when using AI-driven analytics.
3. Invest in technology and security. Protect alternative data and reduce risk exposure with technology and security measures, including:
- Transparent, explainable, and unbiased AI-driven analytics and machine learning algorithms
- Data encryption
- Role-based access control that allows only authorized personnel to handle sensitive data
Cybersecurity infrastructure — such as robust firewalls, intrusion detection systems, and endpoint security solutions — is also essential to protect sensitive data. Partner with reputable data providers to maintain compliance with industry standards and conduct due diligence before engaging with new vendors to ensure compliance with security best practices and regulatory standards.
4. Train employees on best practices. Even with advanced security measures, data risks often arise due to human error, lack of awareness, or poor decision-making. Conduct regular data literacy training sessions to prevent misuse of alternative data and maximize its strategic value.
Education programs foster a data-driven culture where employees recognize the importance of risk assessment and informed decision-making. Consider such topics as interpreting AI-generated insights responsibly, preventing data bias, understanding regulatory implications, and implementing cybersecurity best practices. Interactive workshops that simulate real-world data scenarios can engage participants and promote cross-departmental collaboration.
5. Monitor and adapt. As technology advances, alternative data opportunities and risks will evolve, requiring businesses to update their ERM practices continuously. By regularly assessing the impact of alternative data on business decisions, staying updated on regulatory changes and refining risk management strategies, businesses can properly balance innovation and compliance.
Think of alternative data as an asset
A structured risk management approach helps ensure your organization uses alternative data ethically, responsibly, and strategically. As the technology and regulatory landscapes evolve, agile leaders can stay ahead of compliance requirements and governance best practices.
© 2025 KraftCPAs PLLC
Get news, analysis, and ideas to help you make sound financial decisions