better connections, better results: leveraging information...

Better Connections, Better Results:

Leveraging Information

to Align Risk and

Performance Management

Tools & Processes

November 2011

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent

member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. KPMG and the KPMG logo are

registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.

1

Agenda

■ Market Pressures and Issues

■ Summary Overview of Component Parts:

Business Intelligence, GRC, and CA/ CM

■ Focusing on the Critical Commonalities

■ Client Scenarios

■ Summary

■ Q&A




2

What are the Market Pressures and Execution Issues?

Pressures

Growth and Transformation

Public Policy/Regulatory Compliance

Issues

Achieving strategic and operational goals

Balancing risk and performance with integrated reporting & analytics

Supporting the creation of information into knowledge, better information, governance & reliable access

Improving effectiveness of controls, enhancing efficiency of operational processes, providing more timely information, and reducing complexity

Preventing and detecting fraud, waste and abuse, including sustained monitoring of known control gaps for exploitation.

Ensuring effective compliance with regulatory mandates and company policies

Limited or duplicative risk/performance-driven automation

Risk Management/Mitigation

Vendor and solution consolidation




3

Understanding the Value of an Integrated

Organizational Capability

What It Takes to Get There:

■ Moving beyond siloed roles

■ Designing the tools to work together

■ Preparing decision makers to understand the combined perspective(s).

■ Align their common focus - achieving company goals and objectives

■ Optimize from a cost perspective




4

Summary Overview: Business Intelligence

The convergence of Performance and Risk

involves shifting the enterprise’s business

intelligence objective beyond reporting to delivery

of information that enhances the business

performance outcome while minimizing risk.

Analytics and Decision Support represent

the ability to acquire, consolidate and transform

relevant information into knowledge

Information Management is the collection,

organization, and distribution of all types of

information to deliver business value to an

organization




5

Summary Overview: IT GRC




6

Macro-Level Analysis for

trends, patterns, results

(e.g., DSO, No. of POs/week)

Changed or deleted

Configurable

application controls,

SOD, etc.

Transaction-based

exception analysis

and business rule

management

Controls

Dimension

Transactions

Dimension

Macro-Analytic Dimension

Risk and Performance Monitoring is optimized when all three dimensions are implemented

Risk /

Performance

Summary Overview: Continuous Auditing / Continuous

Monitoring




7

Summary Overview of Component Parts:

Business Intelligence, GRC, and CA/ CM

■ Solution Vendors & Tools

- ACL Services

- BWise

- CaseWare IDEA-Symsure

- Cognos

- EMC-RSA (Archer)

- Greenlight Technologies

- IBM (OpenPages)

- Lawson-Approva

- MetricStream

■ Organizational Accountabilities &

Stakeholders

- CFO and controller

- Chief Compliance Officer

- CIO

- CRO

- Data Quality & Data Governance

Business intelligence

GRC

Continuous Auditing / Continuous Monitoring

- Oracle (eGRC Manager, OFSAA,

TCG, AACG)

- Oversight Systems

- SAP (SAP BusinessObjects GRC)

- SAS

- Security Weaver

- Tableau

- TCG, AACG, Hyperion, MDM,

OBIEE)

- Thomson Reuters

- Enterprise Risk Management

- Finance Transformation

- Head of Operations

- Internal Audit




8

Focusing on the Critical Commonalities

Aligning Common Objectives Around Four Areas:

■ Optimize interactions with business processes and systems

■ Optimize common need to accessing, analyzing, and

reporting information

■ Approach Applications and Tools as a Portfolio

■ Advance organizational culture with an integrated risk and

performance reporting capability

Integrated Value Proposition:

■ Moving beyond silos and optimizing spend and total cost of

ownership

■ Build and embed as an organization capability vs. point

solutions – preparing decision makers to understand the

combined perspective

■ Better outcomes and realization of benefits

■ Mitigate risk and remediate gaps in controls, processes, etc.

Business intelligence

GRC

Continuous Auditing / Continuous Monitoring




9

Client Scenario: Financial Services Institution

Situation Assessment:

A global financials services client converted to Bank Holding Company status. This required a more formalized approach to Governance, resulted in a number of new regulatory reporting requirements, and necessitated a more integrated approach to various compliance initiatives.

Clients Approach / Entry Point:

Initial requirements were to understanding the number and nature of the regulatory reports, including an assessment of the quality, relevance, and availability of the information.

There was a parallel program to develop an operational risk dashboard leveraging information from over 20 disparate systems.

Opportunities discussion / linkage:

There were over 20 change related initiatives that had similar reporting, compliance and governance objectives. Each project did their own current state assessment and gap analysis vs. combining a data lineage analysis.




10

Client Scenario: Pharmaceutical Manufacturer


A global pharmaceutical manufacturer wanted to implement a health care professional risk assessment, monitoring and reporting process in order to comply with a new regulation (the Physician Payment Sunshine Act).


Company is developing a technology-enabled process to facilitate compliance with the new regulation.

Opportunities discussion / Linkage:

There is an opportunity to develop and implement a base IT infrastructure and related process(es), supported by technology, which can provide for a comprehensive vendor risk management process including third-party due diligence activities, continuous monitoring around procurement-related business processes, including travel and entertainment expense.

This infrastructure can be further extended to other compliance and performance areas including tax compliance (e.g., meals and entertainment tax deductions) and optimization of sourcing to reduce costs.




11

Client Scenario: Media Company


A global media company needed to automate their Enterprise Risk and SOX processes. Across the enterprise a variety of disparate technology was being utilized to enable risk and compliance related activities.


Company is deploying an enterprise GRC tool and has developed a strategic road-map to define a common architecture and address business units in a prioritized manner.

Opportunities discussion / Linkage:

There is an opportunity to clearly articulate and operationalize the three layers of defense target operating model. Specific leverage can drive incremental ROI by implementing an approach which includes continuous monitoring.

This information being captured across the common architecture and enterprise framework can be used to enhance the decision making process and increase transparency.




12

Summary

Key Takeaways

The sum of the whole is greater than its parts

A marginal increase in investment to properly integrate the three can optimize the collective results

Enterprises can increase efficiency by taking a more holistic look at their processes

Things You Can Do Now

Understand the current state around these three initiatives and identify any related initiatives (e.g., ERM, ERP migration, response to regulations)

Determine the overall enterprise objectives. What can you see outside the silos?

Determine where there are opportunities to extend these processes and technologies across the enterprise (i.e., scalable and extendable)

Seek some convergence of these silos to maximize the benefits and achieve efficiencies and cost savings

Presenter’s

Contact Details

Jim Littley

KPMG LLP

(267) 256-1833

[email protected]

www.kpmg.com

All information provided is of a general nature and is not intended to address the circumstances of any particular

individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that

such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one

should act upon such information without appropriate professional advice after a thorough examination of the

particular situation.

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of

independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.

The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG

International Cooperative (“KPMG International”).

better connections, better results: leveraging information...

Documents