Survey - Governance, Risk and Compliance

Similar documents
IT Audit Auditing IT General Controls

How to avoid storms in the cloud. The Australian experience and global trends

Trough a cyber security lens

Cyber Security. It s not just about technology. May 2017

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Ahead of the next curve

The GDPR Are you ready?

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities

Clarity on Cyber Security. Media conference 29 May 2018

Turning Risk into Advantage

Auditing IT General Controls

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

Never a dull moment. Media Conference «Clarity on Cyber Security» 24 May 2016

SAP: Speeding GRC Control Testing by 90% with SAP Solutions for GRC

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

HA240 SAP HANA 2.0 SPS02

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Physical security advisory services Securing your organisation s future

Achieving effective risk management and continuous compliance with Deloitte and SAP

Integrating SAP GRC RM, PC and AC: An end-to-end solution

SAP Security Remediation: Three Steps for Success Using SAP GRC

Pave the way: Build a value driven SAP GRC roadmap March 2015

Oracle Buys Automated Applications Controls Leader LogicalApps

HA240 Authorization, Security and Scenarios

COURSE LISTING. Courses Listed. with Governance, Risk and Compliance (GRC) SAP BusinessObjects. 19 February 2018 (15:13 GMT) GRC100 -

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

SAP Security Remediation: Three Steps for Success Using SAP GRC

HIPAA Privacy, Security and Breach Notification

Cyber security and awareness for non-financial services. 24/25 May 2017

KPMG Clara. User guide September 2018

GDPR: A QUICK OVERVIEW

IIoT cyber security simulation

WEB ANALYTICS. An Overview

Enterprise Data Management - Data Lineage

INTELLIGENCE DRIVEN GRC FOR SECURITY

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Navigating your KPMG Central Audit Collaboration Home Page

Saving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust

OVERVIEW BROCHURE GRC. When you have to be right

SAP security solutions Is your business protected?

UPGRADING DEVELOPMENT SKILLS

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

A Global Look at IT Audit Best Practices

Predictive Coding. A Low Nerd Factor Overview. kpmg.ch/forensic

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

MDG100 Master Data Governance

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017

Governance, Risk, and Compliance Controls Suite. Release Notes. Software Version

Improve Internal Controls with Governance, Risk, and Compliance Solutions

Patrick van der Griendt Atos International GSI SAP SAP HANA

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

SLT100. Real Time Replication with SAP LT Replication Server COURSE OUTLINE. Course Version: 13 Course Duration: 3 Day(s)

HA300 SAP HANA Modeling

S4H01. Introduction to SAP S/4HANA COURSE OUTLINE. Course Version: 04 Course Duration: 2 Day(s)

IBM Security Guardium Analyzer

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

Cyber Security Law --- Are you ready?

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

A sharper focus on internal controls

HA100 SAP HANA Introduction

MULTI-CLOUD REQUIRES NEW MANAGEMENT STRATEGIES AND A FORWARD-LOOKING APPROACH

Cyber Espionage A proactive approach to cyber security

Uncovering the Risk of SAP Cyber Breaches

A new approach to Cyber Security

RSM TECHNOLOGY ACADEMY Syllabus and Agenda TECHNICAL BOOTCAMP FOR MICROSOFT DYNAMICS AX 2012 R3

HA215 SAP HANA Monitoring and Performance Analysis

DATA GOVERNANCE LEADS TO DATA QUALITY

ACL Interpretive Visual Remediation

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

What matters in Cyber Security

Governance, Risk, and Compliance Controls Suite. Hardware and Sizing Recommendations. Software Version 7.2

SFC strengthens internet trading regulatory controls

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Implementation of a SAP GRC solution at a Swiss Mobile Network Operator. Andreas Eberhardt, Senior Consultant Barcelona,

IT Attestation in the Cloud Era

Strengthening your fraud and cyber-crime protection controls. March 2017

What Directors and C-Suite professionals need to know kpmg.ca/insuranceconference2017

Demystifying GRC. Understanding Governance, Risk Management, and Compliance Programs. Jan. 16, Audit Tax Advisory Risk Crowe Horwath LLP

System Chief Business Officer - B. J. Crain The Texas A&M University System Position Description--January 13, 2010

Incident Response and Cybersecurity: A View from the Boardroom

HA100 SAP HANA Introduction

Emerging Technologies The risks they pose to your organisations

CLD100. Cloud for SAP COURSE OUTLINE. Course Version: 16 Course Duration: 2 Day(s)

Fujitsu: Your Partner for SAP HANA Solutions

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

Hyperion Application Access Control Governor Blueprint for Oracle GRC Applications

HA100 SAP HANA Introduction

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

HA215 SAP HANA Monitoring and Performance Analysis

NEWSFLASH GDPR N 8 - New Data Protection Obligations

HA300 SAP HANA Modeling

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

Transcription:

Survey - Governance, Risk and Compliance 2018 emerging trends around GRC : SAP HANA, Continuous Control Monitoring & Data Analytics kpmg.fr

KPMG SURVEY RESULTS PARTICIPANTS of CAC40 companies CFO Audit & Internal control CIO 2

GRC SYSTEM LANDSCAPE of interviewees have a solution addressing GRC of them have deployed a SAP GRC solution Have you implemented a GRC solution? Yes No SAP GRC Other (Enablon, ACL, internal solutions) of GRC solutions used by participants have a Segregation of Duties management feature Which functional domains are covered by GRC solutions? Segregation of Duties management Internal audit Business / mitigating controls automation Control campaign documentation 3

SOD MATRIX ONLY 33% OF INTERVIEWEES REVIEW THEIR SOD MATRIX ON A REGULAR BASIS The matrix contains risks on average of matrix has never been updated of interviewees have set up dashboards & SoD indicators 98% of them do it with Microsoft Excel TOP 5 PRIORITIES AROUND SEGREGATION OF DUTIES Remediation of role / 1 user conflicts Setting up 5 a dashboard chosen by of interviewees chosen by of interviewees Definition of 2 compensatory controls GRC in 2018 Review of 4 the SoD matrix chosen by of interviewees chosen by of interviewees Compensatory controls 3 automation chosen by of interviewees 4

CONTROL AUTOMATION 26% OF INTERVIEWEES USE A TOOL TO DOCUMENT THEIR CONTROLS EFFECTIVENESS average number of controls identified in control framework (IT & usiness) of interviewees report having a tool to report the effectiveness of controls of interviewees report having fewer than 10% of automated controls The difficulty of running automated controls is due to: high amount of data involved (quoted by 63% of interviewees) multiple data sources (quoted by 45% of interviewees) TOP 4 PRIORITIES AROUND INTERNAL CONTROL SOLUTIONS Collaboration between Internal Control and IT teams Increase in control automation rate Setting up dashboards Ability to block transactions in real time 5

HANA SAP HANA PLATFORM IMPLEMENTATION - THE REASONS OF YOUR CHOICE of interviewees have implemented a SAP HANA platform Anticipation of the end of Business Suite maintenance (2025) Reporting 32 % 23 % 21 % Implementation of S/4 Finance or Central Finance New SAP implementation 35 % Improved performance of SAP solutions 43 % 6

BEYOND GRC PRIORITIES AROUND SAP DATA QUALITY AND GOVERNANCE MIGRATION TO SAP HANA REPORTING 85 % REPORTING EFFECTIVENESS PERFORMANCE AND EXECUTION SPEED 7

Contacts Pauline Eckert Partner IT Risk Consulting Tel.: +33 (0)1 55 68 89 15 Mob.: +33 (0)6 01 65 09 90 Mail: peckert@kpmg.fr Samuel Garnier Senior Manager IT Risk Consulting Tel.: +33 (0)1 55 68 28 19 Mob.: +33 (0)6 25 34 29 18 Mail: sgarnier@kpmg.fr Denise Strähl Manager IT Risk Consulting Tel.: +33 (0)1 55 68 73 12 Mob.: +33 (0)7 76 27 20 96 Mail: dstrahl@kpmg.fr kpmg.fr The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. KPMG S.A. refers to a group of French legally distinct entities. KPMG S.A. is the member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity («KPMG International»). KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. 2018 KPMG S.A., a French limited liability entity and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International Cooperative (KPMG International). Printed in France. Conception: Markets - OLIVER - June 2018.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback