Upload
dinhlien
View
220
Download
3
Embed Size (px)
Citation preview
Better Connections, Better Results:
Leveraging Information
to Align Risk and
Performance Management
Tools & Processes
November 2011
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
1
Agenda
■ Market Pressures and Issues
■ Summary Overview of Component Parts:
Business Intelligence, GRC, and CA/ CM
■ Focusing on the Critical Commonalities
■ Client Scenarios
■ Summary
■ Q&A
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
2
What are the Market Pressures and Execution Issues?
Pressures
Growth and Transformation
Public Policy/Regulatory Compliance
Issues
Achieving strategic and operational goals
Balancing risk and performance with integrated reporting & analytics
Supporting the creation of information into knowledge, better information, governance & reliable access
Improving effectiveness of controls, enhancing efficiency of operational processes, providing more timely information, and reducing complexity
Preventing and detecting fraud, waste and abuse, including sustained monitoring of known control gaps for exploitation.
Ensuring effective compliance with regulatory mandates and company policies
Limited or duplicative risk/performance-driven automation
Risk Management/Mitigation
Vendor and solution consolidation
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
3
Understanding the Value of an Integrated
Organizational Capability
What It Takes to Get There:
■ Moving beyond siloed roles
■ Designing the tools to work together
■ Preparing decision makers to understand the combined perspective(s).
■ Align their common focus - achieving company goals and objectives
■ Optimize from a cost perspective
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
4
Summary Overview: Business Intelligence
The convergence of Performance and Risk
involves shifting the enterprise’s business
intelligence objective beyond reporting to delivery
of information that enhances the business
performance outcome while minimizing risk.
Analytics and Decision Support represent
the ability to acquire, consolidate and transform
relevant information into knowledge
Information Management is the collection,
organization, and distribution of all types of
information to deliver business value to an
organization
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
5
Summary Overview: IT GRC
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
6
Macro-Level Analysis for
trends, patterns, results
(e.g., DSO, No. of POs/week)
Changed or deleted
Configurable
application controls,
SOD, etc.
Transaction-based
exception analysis
and business rule
management
Controls
Dimension
Transactions
Dimension
Macro-Analytic Dimension
Risk and Performance Monitoring is optimized when all three dimensions are implemented
Risk /
Performance
Summary Overview: Continuous Auditing / Continuous
Monitoring
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
7
Summary Overview of Component Parts:
Business Intelligence, GRC, and CA/ CM
■ Solution Vendors & Tools
- ACL Services
- BWise
- CaseWare IDEA-Symsure
- Cognos
- EMC-RSA (Archer)
- Greenlight Technologies
- IBM (OpenPages)
- Lawson-Approva
- MetricStream
■ Organizational Accountabilities &
Stakeholders
- CFO and controller
- Chief Compliance Officer
- CIO
- CRO
- Data Quality & Data Governance
Business intelligence
GRC
Continuous Auditing / Continuous Monitoring
- Oracle (eGRC Manager, OFSAA,
TCG, AACG)
- Oversight Systems
- SAP (SAP BusinessObjects GRC)
- SAS
- Security Weaver
- Tableau
- TCG, AACG, Hyperion, MDM,
OBIEE)
- Thomson Reuters
- Enterprise Risk Management
- Finance Transformation
- Head of Operations
- Internal Audit
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
8
Focusing on the Critical Commonalities
Aligning Common Objectives Around Four Areas:
■ Optimize interactions with business processes and systems
■ Optimize common need to accessing, analyzing, and
reporting information
■ Approach Applications and Tools as a Portfolio
■ Advance organizational culture with an integrated risk and
performance reporting capability
Integrated Value Proposition:
■ Moving beyond silos and optimizing spend and total cost of
ownership
■ Build and embed as an organization capability vs. point
solutions – preparing decision makers to understand the
combined perspective
■ Better outcomes and realization of benefits
■ Mitigate risk and remediate gaps in controls, processes, etc.
Business intelligence
GRC
Continuous Auditing / Continuous Monitoring
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
9
Client Scenario: Financial Services Institution
Situation Assessment:
A global financials services client converted to Bank Holding Company status. This required a more formalized approach to Governance, resulted in a number of new regulatory reporting requirements, and necessitated a more integrated approach to various compliance initiatives.
Clients Approach / Entry Point:
Initial requirements were to understanding the number and nature of the regulatory reports, including an assessment of the quality, relevance, and availability of the information.
There was a parallel program to develop an operational risk dashboard leveraging information from over 20 disparate systems.
Opportunities discussion / linkage:
There were over 20 change related initiatives that had similar reporting, compliance and governance objectives. Each project did their own current state assessment and gap analysis vs. combining a data lineage analysis.
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
10
Client Scenario: Pharmaceutical Manufacturer
Situation Assessment:
A global pharmaceutical manufacturer wanted to implement a health care professional risk assessment, monitoring and reporting process in order to comply with a new regulation (the Physician Payment Sunshine Act).
Clients Approach / Entry Point:
Company is developing a technology-enabled process to facilitate compliance with the new regulation.
Opportunities discussion / Linkage:
There is an opportunity to develop and implement a base IT infrastructure and related process(es), supported by technology, which can provide for a comprehensive vendor risk management process including third-party due diligence activities, continuous monitoring around procurement-related business processes, including travel and entertainment expense.
This infrastructure can be further extended to other compliance and performance areas including tax compliance (e.g., meals and entertainment tax deductions) and optimization of sourcing to reduce costs.
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
11
Client Scenario: Media Company
Situation Assessment:
A global media company needed to automate their Enterprise Risk and SOX processes. Across the enterprise a variety of disparate technology was being utilized to enable risk and compliance related activities.
Clients Approach / Entry Point:
Company is deploying an enterprise GRC tool and has developed a strategic road-map to define a common architecture and address business units in a prioritized manner.
Opportunities discussion / Linkage:
There is an opportunity to clearly articulate and operationalize the three layers of defense target operating model. Specific leverage can drive incremental ROI by implementing an approach which includes continuous monitoring.
This information being captured across the common architecture and enterprise framework can be used to enhance the decision making process and increase transparency.
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are
registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
12
Summary
Key Takeaways
The sum of the whole is greater than its parts
A marginal increase in investment to properly integrate the three can optimize the collective results
Enterprises can increase efficiency by taking a more holistic look at their processes
Things You Can Do Now
Understand the current state around these three initiatives and identify any related initiatives (e.g., ERM, ERP migration, response to regulations)
Determine the overall enterprise objectives. What can you see outside the silos?
Determine where there are opportunities to extend these processes and technologies across the enterprise (i.e., scalable and extendable)
Seek some convergence of these silos to maximize the benefits and achieve efficiencies and cost savings
All information provided is of a general nature and is not intended to address the circumstances of any particular
individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that
such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one
should act upon such information without appropriate professional advice after a thorough examination of the
particular situation.
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of
independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG
International Cooperative (“KPMG International”).