KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

Similar documents
Powered by technology, our experts are unlocking the value of your audit. Dynamic Audit

Giving you clarity on your change programmes

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

2017 Internal Controls Survey

Source-to-pay: Delivering value beyond savings

Financial Services Internal Audit insights. Effective Internal Audit RAISING THE BAR. May 2014

Learning and Knowledge enabling the magnet for talent

Astrus Third Party Intelligence

Emerging & disruptive technology risks

Third Party Risk Management ( TPRM ) Transformation

KPMG Managed Services

The Concept: Moving from Data Analysis to Data Analytics

Driving excellence in IT Operations Navigating the digital world with next generation IT operating models. KPMG.com.au

Accelerating your automation journey through outsourcing

Supporting Every Aspect of Your Individualised Marketing Strategy

Your global work force is your business. Helping you effectively manage your mobility programs across borders is ours.

Risk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015

Tax Technology Solutions. A summary of our solutions designed to meet your organisation s needs

THOMSON REUTERS CLIENT ON-BOARDING

Source-to-pay: Delivering value beyond savings

Ready for GDPR? Five steps to turn compliance into your advantage

Global Entity Management Global coverage, local expertise

Guide on AASB 16 Technology solutions AASB 16 Leases

How well does your procurement measure up?

Internal audit: Threading the needle Strategic insights on internal audit A KPMG benchmark survey on internal audit

Bringing Solvency II alive in the boardroom are you doing enough?

KPMG s Global Compliance Management Services

Internal controls over financial reporting Uncovering the full picture of control costs

Internal controls over financial reporting

Customer Experience Cloud

kpmg.com/au/dynamicaudit

KPMG International. kpmg.com

KPMG International. kpmg.com

5th CAE Annual Conference

Audit Committee Self Assessment

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

A step towards strengthening governance

Internal controls over financial reporting

The compliance investment

Crowe Consumer Compliance Consulting Services

Finance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead

KPMG s financial management practice

Off-payroll working in the private sector - April 2020

Third Party Governance and Risk Management

Revenue recognition and leasing

Powered by DATA+ ANALYTICS. KPMG Audit

Business beyond borders

Extended Enterprise Risk Management

KPMG LINK 360. Visibility and control of global compliance. Global Compliance Management Services. kpmg.com

Intelligent automation and internal audit

Simplify and Secure: Managing User Identities Throughout their Lifecycles

Deal Advisory / Australia WORKING BETTER BY WORKING TOGETHER. We can help you Partner.

Robotic Process Automation for Financial Services

KPMG Accelerated Testing

Back to School for Business Services how to get it right?

Minimizing fraud exposure with effective ERP segregation of duties controls

Enterprise Compliance Management for Credit Unions

We help companies operate responsibly and sustainably, grow with a clear understanding of strategic risk and

Intelligent automation and internal audit

Data rich and regulation wary

Smart Net Total Care. Realizing the Promise of Automation for Network Support Operations

2 ACCENTURE TRADING PLATFORMS CAPABILITIES

Significant technology disruptions over the last decade

ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE

Audit Management - Software. Internal Audit Refresher Course Technical Session 6 27 August, 2016

Business Risk Intelligence

189,000. Operates in. countries. Europe, Middle East and Asia (EMA) is KPMG s fastestgrowing. Global Green Initiative. KPMG was founded.

July 2017 KPMG.com/in

Thomson Reuters Client On-boarding. An end-to-end client lifecycle management solution.

Effective Risk Management With AML Risk Assessment. January 25, 2017

Thomson Reuters Regulatory Change Management

How to assess the maturity of Identity Management

Expertise you can rely on. Anytime.

Modernizing Financial Management for Faster and More-Effective Decision Making

ORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE

Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements

Meeting the challenge of software quality and maximizing return on investment Performance driven. Quality assured.

Planning to win. Deal Advisory / Australia. Driving value growth through competitive, flexible funding and supportive financing relationships.

Managing risks of the growing RPA jungle

4/26. Analytics Strategy

Rethinking the way personal computers are deployed in your organization

EMEA TMC client conference Operationalising transfer pricing. The Crystal, London 9-10 June 2015

BPS Resolver Internal Audit

RouteONE Helping enhance the real value from SAP GRC Access Control

A Strategic Approach to Bank Fraud

Internal Audit and Robotic Process Automation

Project Management. Risk Management

Future of finance: Finance disrupted. How should the CFO respond to a business environment in turmoil? kpmg.com/us/futurefinance

SafeNet Authentication Service:

Seeking value through Internal Audit

Managing compliance in a complex world

Agile Taxonomy Maintenance

Extended Enterprise Risk Management

Transcription:

KPMG Smart Controls Putting you in control of your controls kpmg.co.uk

KPMG Smart Controls Putting you in control of your controls Our solution for Control Testing, Assurance and Clouded by controls Many organisations operate thousands of controls to meet a multitude of external and internal compliance needs. The complexity of the control environment can be overwhelming and make it impossible to be sure that the controls mitigate the risks you face which defeats the purpose of implementing the controls in the first place. We call this being clouded by controls. Every one of these controls needs to be tested to ensure it is effective. This is often a huge undertaking and can be impacted by a lack of experienced staff. We have seen controls tested many times in one year, by different teams, to accommodate each compliance, operational and regulatory need - and as a result costs increase and the business suffers significant disruption. An effective testing cycle should highlight the overlaps and redundancy within your control estate and, more importantly, alert you to the unmitigated risks you are still running. It is time for Smart Controls. Inconsistently disaggregated Control Framework A separate risk function, lack of clarity on roles, inconsistent application of policies, lack of clear ownership, disaggregated processes. Organisations needing improvement Clearly defined model inconsistently applied Some forward Risk related Management Information available, box ticking approach to documentation, challenges to cost of control results in review, manual intervention still required, higher risk testing prioritised, audit methodology focused on high risk. Clearly defined model applied across Group Good risk reporting coverage although still manual, clearly defined standards and frameworks undergoing annual refresh, automation of processes and related controls, manual front end reporting, standardisation of controls. Many Current Industry Organisations Fully embedded automated governance model Clearly defined Risk policy, controls driven from top down with inter dependencies, integrated dashboard Automatically updated, controls tested by Managed Services, fully integrated testing model focused on high value, high risk areas. Leading Organisations Top risks for organisations 48% 39% 33% Government regulation/impact of public policy initiatives Operational risk/ control environment Legal/regulatory compliance Increasing regulatory focus Simple control failures have resulted in a staggering range of financial loss and reputational damage across many industries. Not only do these control failures lead to sizeable remediation costs, the incidents can also carry significant regulatory fines and increased regulatory focus on the impacted businesses. These failures can be traced back to a lack of stability and robustness of the overall control environment. Significant control failures lead to increased regulatory scrutiny and ultimately to a greater compliance burden. It is critical that organisations ensure a reliable and sustainable control solution is in place to meet the compliance burden. This solution must provide repeatable, continuous, indepth testing, assurance and reporting over the control environment allowing the organisation to focus on its business and its customers. It is time for Smart Controls. Source: 2014 Global Audit Committee Survey KPMG Audit Committee Institute

Our approach specifically tailored to your needs The Smart Controls solution Our Smart Controls solution is specifically designed to cater to the needs of your complex control environments. Our approach integrates People, Process and Technology, designed to meet operational, regulatory and compliance requirements, provide necessary management oversight and reduce workplace demands. Smart Controls works to maximise efficiency by implementing repeatable testing of controls through technology. It also, by its very nature, has been designed to emphasise cost optimisation without compromising quality. It is tailored to deliver recurring testing and reporting cycles as a managed service while working to ensure sustainable quality through the implementation of a clear methodology with experienced subject matter experts and highly qualified testers at the helm. The managed service leverages KPMG s Global Services (KGS) resources in an onshore/offshore model. KGS provides a critical mass of specialist capabilities and experience in a wide spectrum of industries, using proven methodologies, processes and tools. KGS also helps broaden client capabilities by adding value to the control framework, including remediation and benchmarking. Streamlined processes Secure transmission Audit trail & archiving Qualified testers Flexible resourcing SME insight Cost aware Process People Technology Dedicated GRC tool Rapid development prototype UK data centre Smart Controls is a solution designed to fit all organisations across all industries. It can support your first, second or third line activities and manage a wide range of compliance processes. Client Risks and Controls Onshore Leads OneTechnology Data Centre KPMG Service Board Offshore SME Testing Pool Onshore QA People : Delivering professional standards The Smart Controls onshore/offshore model combines cost and operational synergies to provide a coordinated control testing, assurance and reporting function. The onshore leads bring subject matter expertise and face to face accountability, and bring to bear the full weight of our client insight. The leads manage our service and work closely with the quality assurance team to give you the fullest confidence in our work. The offshore SME testing pool provides a dedicated team of client facing professionals with proven global experience. We can flex this team to suit your changing requirements over the testing lifecycle. The KPMG Service Board is responsible for monitoring, reporting and managing changes to our overall service. It aims to ensure our service is at all times transparent and responsive. Our global network of firms enables us to provide our people where you need them.

KPMG Smart Controls Putting you in control of your controls Allowing you to focus on what is important to you. Technology: Putting you in control of your controls Our service is underpinned by a leading Governance, Risk and Compliance (GRC) tool designed to revolutionise your ability to manage and understand your compliance programme. The tool is configured with your control framework and compliance process. It provides: Single view of your entire control framework Control, process and risk libraries that link across frameworks to promote the desired test-once, report many efficiencies Testing workflow to enforce adherence to rules for each stage, with a full audit trail and the ability to view evidence against each test Automated alerts to control owners and operators when actions are due Links between issues, controls and risks to enable appropriate remediation plans Built in Quality Assurance and acceptance approvals The final benefit of the tool is the powerful reporting capability which provides real-time analytics on progress, issues and trends. Users can drill down from dashboard to detail in a few simple clicks. Process Walkthrough Risk and Control Identification Controls Adequacy and Implementation Testing Control Operational Effectiveness Testing Control Status Identification of process inefficiencies Risk v Control Gap Analysis Control Adequacy and Implementation Issues Control Operational Effectiveness Issues Gaps, Issues and Improvement Workflow Quality Assurance Governance Management Progress Management Information (MI) Our rapid deployment capability has been built to ensure that these benefits are delivered from the outset not after a lengthy implementation. For organisations with an embedded tool of choice, we can also augment your existing tool set or simply use your existing systems. Process: Test Properly, Test Once, Report Many A complex compliance burden requires a harmonised testing approach. Our SMEs are experienced in designing and implementing testing processes to meet your compliance needs. They: Use our risk-based methodology to identify key risks and evaluate controls to mitigate these risks Assess the design and operational effectiveness of controls Identify areas of improvement, gaps and weaknesses Prioritise issues by risk and consider impacts across businesses, processes and geographies Assess remediation approaches and improvement opportunities, incorporating industry leading practice solutions Track issues through to resolution and implement repeatable tests to ensure sustainable remediation Provide constant oversight and Quality Assurance through the testing and reporting process By providing dashboards and ad hoc reporting at a personal, business unit and organisational level, the reporting process allows you to focus key resources away from spreadsheet management and on to valuable risk management. The application of this approach across all of your compliance processes means we can truly harmonise the testing effort designed to achieve the test once, report many goal.

KPMG Smart Controls Putting you in control of your controls Easing the compliance burden Your concerns, our solution Many organisations operate thousands of controls to meet a multitude of external and internal compliance needs. This compliance burden can be exacerbated by a number of organisational concerns, including: High cost of controls testing Lack of experienced testing personnel Constantly evolving compliance and regulatory requirements Inability to focus on core business capabilities Recurrence of control incidents How KPMG can help you Deliver effective control testing Our Smart Controls solution provides the ability to perform and benefit from repeatable, in-depth, tailored controls testing as frequently as required to provide assurance over the health of the control environment. Identify areas of efficiency Smart Controls can be used to develop efficiencies in control testing. By harmonising testing processes, we reduce the testing effort and the impact on your business. Improving your control environment Rapidly changing regulation and the evolving nature of business increase the need for a robust, and efficient control environment. We can help you identify the areas of improvement within your control environment through Smart Controls. Case Study What were the requirements? KPMG was asked to assist a leading financial services institution in designing and testing its control environment to ensure compliance. Over 1000 controls needed to be tested across their SOx, Payment Certifications and Internal Policy compliance frameworks. What did we do? We spent 12 months helping our client to manage their compliance with SOx, Payments Certifications and internal policies in essence designing and executing their control testing processes across 1000 controls globally. After a year of successful delivery, they asked us to develop a cost efficient approach to running this work on a repeat basis over the next 5 years and so we developed Smart Controls. We have designed each element People, Process and Technology to produce a delivery mechanism which can be used to perform any repeat testing of controls. The key components are: On-shore SMEs to lead the work, improve testing processes, quality assure delivery and support the client on a daily basis A professional offshore team to execute control testing A rapid-deployment workflow tool that enforces process and standards, ensures consistency, harmonises control frameworks and for the first time in many cases shows stakeholders the true picture of their control estate. We have significantly reduced the spend on controls testing, increased the experience and quality of the testing team, introduced flexibility to cope with fluctuations in workload and developed a tool that gives our client realtime insight into progress, issues and accountabilities. Further benefits will come from the harmonisation of the various control frameworks, which we are currently building into the system. Having captured all of the control testing requirements for each regulation and policy, we are able to test once, report many for each control and deliver a huge increase in efficiency and reduce disruption to the business.

Contact us Daniel Gorton T: + 44 20 7311 5950 E: daniel.gorton@kpmg.co.uk Sam Subesinghe T: + 44 13 1527 6836 E: sam.subesinghe@kpmg.co.uk Anushka Sarin T: + 44 20 7311 5362 E: anushka.sarin@kpmg.co.uk The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2014 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. www.kpmg.co.uk The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International Cooperative (KPMG International). Create Graphics CRT010940 February 2014 Printed on recycled material.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback