Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Similar documents
Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

Accelerate Your Enterprise Private Cloud Initiative

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Achieving effective risk management and continuous compliance with Deloitte and SAP

How to avoid storms in the cloud. The Australian experience and global trends

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Turning Risk into Advantage

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

Oracle Buys Automated Applications Controls Leader LogicalApps

Cyber Security. It s not just about technology. May 2017

MetricStream GRC Summit 2013: Case Study

GDPR: A QUICK OVERVIEW

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Symantec Data Center Transformation

A sharper focus on internal controls

Survey - Governance, Risk and Compliance

OVERVIEW BROCHURE GRC. When you have to be right

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

A Good Offense is the Best Defense: Compliance with GRC SECTORS AND THEMES. Additional information in Univers 45 Light 12pt on 16pt leading

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

INTELLIGENCE DRIVEN GRC FOR SECURITY

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Pave the way: Build a value driven SAP GRC roadmap March 2015

IT Audit Auditing IT General Controls

Data Sheet The PCI DSS

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Quality Assurance and IT Risk Management

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

Navigating the Clouds Fortifying ITIL for Cloud Governance

Run the business. Not the risks.

SAP: Speeding GRC Control Testing by 90% with SAP Solutions for GRC

HEALTH CARE AND CYBER SECURITY:

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Cognizant Cloud Security Solution

CAPABILITY STATEMENT

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

HCL GRC IT AUDIT & ASSURANCE SERVICES

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Best Practices in Securing a Multicloud World

SFC strengthens internet trading regulatory controls

IT-CNP, Inc. Capability Statement

Smart Data Center Solutions

CYBERSECURITY AND THE MIDDLE MARKET

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Driving Global Resilience

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Overview. Business value

Cyber security and awareness for non-financial services. 24/25 May 2017

IT Attestation in the Cloud Era

MITIGATE CYBER ATTACK RISK

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Solving the Enterprise Data Dilemma

THE POWER OF TECH-SAVVY BOARDS:

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

RSA Advanced Cyber Defence Summit

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

Global Security Consulting Services, compliancy and risk asessment services

A new approach to Cyber Security

SOLUTION BRIEF Virtual CISO

for TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method

Securing Your Digital Transformation

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Symantec Security Monitoring Services

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

IDC MarketScape: Worldwide Datacenter Transformation Consulting and Implementation Services 2016 Vendor Assessment

The GDPR Are you ready?

LEADING WITH GRC. Approaching Integrated GRC. Knute Ohman, VP, GRC Program Manager. GRC Summit 2017 All Rights Reserved

EY s data privacy service offering

Defense Engineering Excellence

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Perfect Balance of Public and Private Cloud

Technology and cyber risk management Protect and enable the business with a holistic risk and governance framework

Professional Services for Cloud Management Solutions

Invest in. ISACA-certified professionals, see the. rewards.

itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors

Business Architecture Implementation Workshop

AN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION

Cybersecurity. Securely enabling transformation and change

Defining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline

HIPAA Privacy, Security and Breach Notification

DIGITAL INNOVATION HYBRID CLOUD COSTS AGILITY PRODUCTIVITY

Protecting your data. EY s approach to data privacy and information security

ISO/ IEC (ITSM) Certification Roadmap

Changing the way companies run their data centers

The Network Integrator Journey

Cylance Axiom Alliances Program

Growing Communities for Co-Creation : How Employees and Customers/Users Collaborate To Increase Adoption and Retention

VMware Virtualization and Cloud Management Solutions

Transcription:

Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com

KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional firms providing Governance, Risk, and Compliance (GRC) Advisory services. Our high-performing people cut through complexity and deliver informed perspectives and clear methodologies that drive realizable value for our clients. Our commitment to the GRC community to help drive realizable value IBM OpenPages A leader in GRC software OpenPages is a leader in enterprise-wide GRC and quality solutions for global operations. OpenPage s enterprise solutions are used by leading corporations in diverse industries. IBM OpenPages egrc solutions allow you to build an efficient, collaborative enterprise governance, risk, and compliance (egrc) program through a flexible platform. KPMG and OpenPages have both been consistently rated as high performers in the marketplace by leading analysts such as Gartner and Forrester. 2 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations

Better together Excellence for our clients GRC frameworks, strategies, and technology are on the forefront for many C-level executives for large and small companies. An integrated approach to GRC backed by powerful technology is required to manage risks, maintain compliance, monitor internal controls effectively, and provide real-time insight to management on issue status and remediation. The KPMG and IBM OpenPages partnership can help clients in their transformational GRC journey via our timetested methodology. The strategic alliance between KPMG and IBM OpenPages provides a single, thorough approach to enhancing risk management programs, quality processes, regulatory and industry-mandated compliance programs, and corporate governance initiatives. Clients engage with a core team of specialized GRC professionals well versed in working on joint engagements across multiple industries. KPMG and IBM OpenPages can approach the project as a single unit which means you could work with one multidisciplinary GRC team with a wealth of risk and compliance business practices and GRC systems experience executing on a single project plan. We believe KPMG is well positioned to deliver exceptional value and a satisfying client experience by combining our GRC implementation experience with OpenPages value-adding technology. Anna Shimerda, Manager KPMG s GRC Services KPMG LLP s GRC Advisory Services for IBM OpenPages implementations 3

Vision and strategy Technology enablement GRC transformation components Convergence and foundational elements Vendor selection Program management People and change 4 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations

The KPMG GRC life cycle KPMG s GRC services span across the various functional areas. Whether our clients are looking to implement point solutions or an enterprise-wide GRC program, we work with IBM OpenPages to tailor an approach that will help in an effective and efficient GRC implementation. Vision and strategy GRC vision Guiding principles Executive buy-in Functional commitment Maturity assessment Road map Convergence and foundational elements Future state process flows Convergence opportunities, alignment of shared functionality, and integration points with GRC tool High-level business, functional, and technical requirements definition Foundational elements common language and taxonomy Maturity assessment Enhanced GRC functional area methodologies Program management Project governance Project plan, time line, and budget Project risks/issues tracking Project resource management People and change Stakeholder analysis Roles and responsibilities Communication plan Learning, development, and training Adoption plan/roll-out Vendor selection GRC business case development Vendor demonstration, RFP scoring Tool selection, request for information (RFI)/ request for proposal (RFP) Technology enablement Business requirements definition, based on process design Requirements to system mapping and proof of concept Data conversion Testing strategy, performance, and user acceptance testing Deployment postproduction support plan KPMG LLP s GRC Advisory Services for IBM OpenPages implementations 5

KPMG s success in the IBM OpenPages GRC marketplace Core team of experienced GRC professionals We know GRC Tailored approach based on tried and tested GRC framework Premade accelerators for timely and successful implementation Cross-functional skillset to effectively deliver with an agile approach GRC and IBM OpenPages experience The tried and tested KPMG IBM OpenPages experience Industry experience Powerful, experienced industry advisory council Tried and tested track record across three lines of defense We know the industry landscape Flexible business integration and technology experience 6 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations

KPMG s approach for IBM OpenPages implementations KPMG and IBM OpenPages can help enable clients to enhance their GRC investment by providing experience, leading practices, and technology from design to implementation of a GRC program. Strategy. KPMG can work with your company to develop a GRC vision and road map to effectively align, streamline, and automate a GRC program across multiple groups. This includes recognizing opportunities to automate mature functions first, advising on how to gain buy-in to a GRC technology investment, and assisting to optimize return on investment. Technology and processes. Professionals at KPMG can assess your existing business processes to identify opportunities for converging and enhancing processes across the three lines of defense. With a gap analysis, KPMG and IBM OpenPages can design a future state to drive efficiencies, enhance the risk management program, and increase the transparency across the organization. Our goal is to align processes and systems to a desired GRC model improving the management of the risk across the organization and reporting to key stakeholders. People and change management. Communication, training, change management, and the appropriate governance structure are of critical importance to a GRC initiative, especially if your company s GRC initiative spans multiple functions or departments. KPMG s approach includes consideration of the people and change aspects to help gain user buy-in, acceptance, and visibility into new GRC processes and technology and train users on the new process enabled via IBM OpenPages technology. KPMG s holistic GRC implementation methodology, transformation capabilities, KPMG s member firms footprint, and our strategic alliance with IBM positions KPMG within the various marketplaces to assist organizations with their transition to IBM s OpenPages GRC Platform. KPMG is proud to be a Global Systems Integrator for IBM products. Sean Winekauf, Director, KPMG s ERM/GRC Practice KPMG LLP s GRC Advisory Services for IBM OpenPages implementations 7

KPMG s GRC core competencies GRC functional areas Compliance Management Internal Audit Management Policy Management Information Security Management Enterprise Risk Management Operational Risk Management Survey Management Issues Management Loss Management Case Management Third-party Risk Management Regulatory Change Management IBM OpenPages apps Issue Management Policy Management Enterprise Risk Management Compliance Management Incident Management Vendor Management Threat Management Business Continuity Management Audit Management Model Risk Management IBM OpenPages inventory of apps Key industries GRC functional areas Key industries supported Financial services Insurance Healthcare Technology Banking and capital markets Energy and natural resources Retail 8 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations

KPMG s IBM OpenPages implementation qualifications Qualified professionals We have a strong team of IBM OpenPages professionals Tried and tested implementation track record We have strong functional and technical teams to effectively deliver complex solutions Flexible approach We have a tailored approach for each client to help ensure flexibility and successful implementations Wellestablished relationships We pride ourselves with building strong client relationships to help ensure a cohesive experience for our clients Key accelerators We have developed tools that have been validated to accelerate readiness and implementation activities for core solutions KPMG LLP s GRC Advisory Services for IBM OpenPages implementations 9

KPMG client success stories A few examples Enterprisewide GRC program enabled by OpenPages KPMG provided professional services to assist a large insurance client implement an enterprise-wide GRC program. KPMG supported the execution of the client s Operational Risk Management, Financial Controls, IT Security, and Internal Audit solutions. Assisted in the GRC Program Management, vendor liaison, developing the GRC road map, foundational elements, review of the current state and build out of the future state processes, GRC tool configuration guidance, and testing. OpenPages compliance enablement KPMG assisted a large financial services client in designing and deploying thorough regulatory change management, compliance risk assessment, and compliance testing and monitoring functions. KPMG assisted the client by facilitating the future state processes to gain consistency across the organization, eliminate challenges, and identify requirements to be enabled through IBM s OpenPages. Vendor selection and business requirements KPMG assisted a large financial services client with the vendor selection process and business requirements. KPMG assisted the management team by identifying functional requirements, shortlisting vendors, participating in vendor demos, vendor Q&A, and creating a deployment roadmap. Thereafter, partnered with the client to implement the SOX, internal audit, and regulatory compliance solutions. Gap assessment of the openpages environment KPMG assisted a large financial services client by performing a gap assessment on their financial controls module in OpenPages. KPMG performed a high-level review of the client s current OpenPages Financial Controls module functionality and identify relevant gaps/challenges with the OpenPages environment. KPMG defined recommendations/areas of improvement that could help build a sustainable OpenPages environment. 10 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations

IBM OpenPages accelerators A few examples OpenPages GRC platform provides an integrated approach to risk management The OpenPages Governance Platform serves as the foundation for enterprise-wide business governance through its ability to unite an organization s GRC operations into a single governance management system, comprised of: Comprehensive and Integrated Suite of Applications Shared Governance Services Based on Extensible Architecture Central Repository for Policy, Risk, and Controls Management Integration with Leading-in-Class Applications Basic framework Example Object Model OpenPages Object Model is a predefined core set of objects and relationships. This relationship model provides a baseline for organizations for library setup and linkage of organizational structure, processes, risks, and controls. Object types are associated to one or more other object types and have a parent-child relationship. OpenPages uses a relational database and therefore supports oneto-many and many-to-one object type associations. FastMap configuration workbooks The FastMap import utility is a special customized screen/view that allows a user to perform work that is not available within OpenPages. It is used to simplify complex activities that would otherwise take dozens of mouse clicks and screen changes to accomplish. The FastMap utility helps to perform administrative or maintenance tasks and typically run by business or system administrators. AFCON configuration workbook The AFCON is an automated forms configuration the was designed to be used as an efficient way of completing initial configuration tasks. KPMG has developed these IBM OpenPages validated accelerators that not only accelerate our client s GRC implementation, but also can make the GRC project more efficient and effective. Source: IBM OpenPages, 2016 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations 11

12 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations

Thought leadership The global industry landscape is facing unprecedented change. New GRC technologies are allowing companies to manage the change and associated risks in a proactive manner. To thrive through this transformation, companies must align on how these changes will impact them and develop clear GRC strategies to evolve and win. Optimizing governance, risk, and compliance programs: The vital role of managing change Successful GRC initiatives have a deliberate strategy for managing changing processes, reporting, expectations, and anxieties. This piece discusses the strategy that should be executed with the same discipline and enthusiasm as the more technical aspects of the implementation. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations 13

Is the KPMG and IBM OpenPages approach right for you? Global enterprises can realize real and measurable benefits from a unified approach that combines KPMG s experience with IBM OpenPages s GRC technology solution. Contact us if your company is looking to: Expand or better automate part or all of your GRC functional areas (i.e., operational risk, internal control testing/sarbanes-oxley, enterprise risk management, internal audit, conflict minerals, supplier risk governance, policy management, information security, business continuity/disaster recovery, compliance, etc.) Enforce a common language and methodology to assess risk and controls across your organization Enable real-time integrated reporting on issues, risks, and controls across your organization Manage and converge multiple risk, compliance, and assurance functions across the organization Purchase or replace existing technology to support any or multiple GRC functions Manage costs associated with risk management, compliance, and related monitoring activities. Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates. 14 KPMG LLP s GRC Advisory Services for IBM OpenPages implementations

KPMG LLP s GRC Advisory Services for IBM OpenPages implementations 15

KPMG global GRC leadership team Deon Minnaar Global ERM/GRC Lead Partner T: +1 212-872-5634 M: +1 201-759-8749 E: deonminnaar@kpmg.com Sean Winekauf Director, Advisory/ERM and GRC T: +1 402-661-5205 M: +1 402-672-0126 E: swinekauf@kpmg.com Anna Shimerda Manager, Advisory/ERM and GRC T: +1 402-661-5287 M: +1 402-659-0245 E: ashimerda@kpmg.com kpmg.com/socialmedia The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. NDPPS 596565 The KPMG name and logo are registered trademarks or trademarks of KPMG International.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback