proposal for a cro it risk management system
TRANSCRIPT
-
8/11/2019 Proposal for a CRO IT Risk Management System
1/7
IT Risk ManagementSystem for the CRO
Solution Talk BookNovember 2013
-
8/11/2019 Proposal for a CRO IT Risk Management System
2/7
1 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independentmember firms affiliated with KPMG International Cooperative, a Swiss ent ity. KPMG International provides no clientservices. No member firm has any authority to obligate or bind KPMG International or any other m ember firm vis--vis thirdparties, nor does KPMG International have any such authority to obligate or bind any m ember firm. All rights reserved.FOR INTERNAL USE ONLY
Our clients need help both in understanding andmanaging IT Risk
IT risk has matured from a specialistelement of operational risk managementto a recognized and priority strategic risk:
38%of organisations defined top risksrelate to Information Technology
55%have difficulty in dealing with IT risk
57%note that the pace of change in IThas increased their overall risks
* Identified by KPMG in co-operation with the Economist Intelligence Unit between 2005 and 2013
IT risk is an executive-level concern that should priority in the global
market, but one which our clients are ill prepared to manage
Yet effective IT risk management remainsa key and growing challenge for ourclients:
40%of risk managers rate theirunderstanding of IT risks as moderate or poor
42%cite poor communication between theIT and risk functions as a significant difficulty inmanaging IT risk
66%of C-levels are dissatisfied with riskmanagement around IT Systems
-
8/11/2019 Proposal for a CRO IT Risk Management System
3/7
2 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independentmember firms affiliated with KPMG International Cooperative, a Swiss ent ity. KPMG International provides no clientservices. No member firm has any authority to obligate or bind KPMG International or any other m ember firm vis--vis thirdparties, nor does KPMG International have any such authority to obligate or bind any m ember firm. All rights reserved.FOR INTERNAL USE ONLY
A gap exists in the market for helping clients setupand optimise their IT Risk Management systems
Risk Management Information
Systems are outside of the
reach of many of our clients:
36%of organisations findimplementation complexity of availablesolutions a key barrier
Typical GRC implementations cost
organisations between $200,000and $600,000 (including software,hardware, and implementation services).
Over 70 percent of clients expect to increase their spending on risk
management technology over the next three years ~from a 2012 Deloitte survey
The only other actor in this space (outsideof GRC solution vendors) is Deloitte -already a partner with IBM in implementingtheir GRC platform OpenPages.
Forrester research shows a lack ofavailable mature and fit-for-purpose ITRisk Management solutionsonly 47% ofneeds met.
KPMG has an established relationship withBWise, a leading GRC platform, and hasthe necessary skills and experitse.
-
8/11/2019 Proposal for a CRO IT Risk Management System
4/7
3 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independentmember firms affiliated with KPMG International Cooperative, a Swiss ent ity. KPMG International provides no clientservices. No member firm has any authority to obligate or bind KPMG International or any other m ember firm vis--vis thirdparties, nor does KPMG International have any such authority to obligate or bind any m ember firm. All rights reserved.FOR INTERNAL USE ONLY
KPMG can offer our clients an IT Risk Managementsystem that can scale with the organisation
Clients benefits include:
efficiency benefits
faster report aggregation decreased audit costs
faster time to remediate controldeficiencies
strategic performance benefits
better strategic decisions usingrisk and compliance information
The proposed solution will leverage existing knowledge and systems to
provide clients with the immediate benefit of visibility over the keyOperational and Strategic Risk elements of IT
Charter, TOR, PolicyGap analysisIT Risk Framework
Facilitated definitionIndustry benchmark
Emerging risks
IT Risk Universe
Risk-appetite linkedCombined assuranceplan
IT Risk Control Catalogue
Indicator identificationAnalytics servicesBenchmarking
Risk and ControlIndicator Analytics
Loss data aggregationRisk trend reportingRisk-based DecisionSupport
Report templatesContent vettingTraining
Board Risk ReportingServices
-
8/11/2019 Proposal for a CRO IT Risk Management System
5/7
4 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independentmember firms affiliated with KPMG International Cooperative, a Swiss ent ity. KPMG International provides no clientservices. No member firm has any authority to obligate or bind KPMG International or any other m ember firm vis--vis thirdparties, nor does KPMG International have any such authority to obligate or bind any m ember firm. All rights reserved.FOR INTERNAL USE ONLY
Enhancing KPMGs services and business
Integrates a number of disparateservices and offerings into a single,client-focused offering, re-usesexisting technology and skills
Leverages a low-cost Centre ofExcellence Software-as-a-Servicemodel
Is ideally suited to Africa, but hasGlobal applicability
Creates avenues to leverage ourBWise partnership
Provides a platform to integrate withother service lines
FRMEnterprise RiskFramework
Forensicsuse of CA/CM
Cost of development $100,000Potential client take-up %25 of advisory clients ~
7 anchor clients
Projected Fees
Risk Framework $9,000 setup
Risk Universe $8,000 setupControl Catalogue $10,000 setup
Indicator Analytics $12,000 setup, $2,000p/a
Decision Support $5,000 setup, $1,000 p/a
Board Reporting $4,000 setup, $1,000 p/aPayback Period 100% @ 7 anchor clients
-
8/11/2019 Proposal for a CRO IT Risk Management System
6/7
Thank you
Presentation by Robb Anderson
-
8/11/2019 Proposal for a CRO IT Risk Management System
7/7
All information provided is of a general nature and is not intended toaddress the circumstances of any particular individual or entity.Although we endeavor to provide accurate and timely information,there can be no guarantee that such information is accurate as ofthe date it is received or that it will continue to be accurate in thefuture. No one should act upon such information without appropriateprofessional advice after a thorough examination of the particular
situation.
2013 KPMG Services Pty Ltd, a South African company and amember firm of the KPMG network of independent member firmsaffiliated with KPMG International Cooperative, a Swiss entity. Allrights reserved.
The KPMG name, logo and cutting through complexity are
registered trademarks or trademarks of KPMG International.