Download - KPMG Digital Risk Platform on social media KPMG app KPMG Digital Risk Platform Enabling a step- change in Risk Management _____ The information contained herein is of a general

Page 1: KPMG Digital Risk Platform on social media KPMG app KPMG Digital Risk Platform Enabling a step- change in Risk Management _____ The information contained herein is of a general

KPMG on social media KPMG app

KPMG Digital Risk PlatformEnabling a step-change in Risk Management


The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2017 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.

The name KPMG and logo are registered trademarks of KPMG International.

ContactsFor more information about the step-change in your risk management practices and the immediate benefits of KPMG’s Digital Risk Platform for your organization, contact us or visit us at

Global RetailerA global retailer has deployed our Platform’s Control Framework application to facilitate their quarterly sign-off of ~2,000 controls by approximately 150 users across the globe. In addition, the Platform monitors ~30 business controls on a continuous basis, synced in near real time with their on-premise ERP system. The dashboard functionality supports the monitoring of the control sign-off progress and provides reports to the audit committee and Board.

Global Food ManufacturerAt a global food company we’ve implemented a Data Analytics solution to monitor ~90 business controls in multiple very large SAP ERP applications. Their challenge was a time consuming process of extracting controls data from SAP ERP. In addition, there were long cycles for processing the data and for the actual execution of the controls. In the solution the Platform is connected to the same database as the ERP application, allowing for real-time insights and Continuous Control Monitoring and Continuous Auditing.

Value deliveredBoth cases demonstrate our ability to apply our Platform to very large datasets, in complex global organizational environments and resulting in significant tangible cost savings and improved risk management. It also shows the potential to expand the Risk Platform to internal audit functions where it can be leveraged to drive efficiencies, improve the quality of assurance, on top of lower external audit fees.

Ben [email protected]+31 20 656 71 37

Maria [email protected]+31 10 453 42 50

John [email protected]+31 20 656 83 94

Reference Implementations

Douglas W. HubbardCEO Hubbard Decision Research [email protected]+1 630 858-278

Page 2: KPMG Digital Risk Platform on social media KPMG app KPMG Digital Risk Platform Enabling a step- change in Risk Management _____ The information contained herein is of a general

— Assess cyber maturity with versatile and continuous industry benchmarking.

— Assess business partner and vendor risks.

The KPMG Digital Risk Platform provides an integrated, powerful and expanding portfolio of applications which include:

— Manage security in IT projects (‘security by design’) and procurement processes (like Cloud assessments).

— Discover and manage shadow IT. — Monitor security baselines (including SAP) and monitor

and risk rate vulnerabilities found by scanners and penetration tests.

— Capture cyber threats.

Our visionThe ChallengeIn today’s dynamic world full of new business opportunities and threats, stakeholders and regulators are pushing company Boards and management for better and more transparent management of risks.

Risk management practices in most organizations, despite investment in GRC solutions, fall short of expectations. Practices are often siloed, completeness and agility are a challenge, and neither investments, nor operational status can be satisfactorily explained in terms of the company risk appetite.

The KPMG solutionKPMG is committed to support organizations to achieve a step-change in their risk management practices, by using its new cloud-based Digital Risk Platform.

The KPMG Digital Risk Platform enables organizations to better understand the risks to achieving their strategic objectives, and to factor risk insights into their strategic and operational business decisions. In addition, organizations can significantly reduce the labor cost of their risk management processes.

The Platform differentiates itself from other market offerings in two key areas:

1. The Platform harnesses the best risk management practices developed by KPMG globally. These range from enterprise risk management, to IT, financial, legal, regulatory, tax and cyber risk management. Practices are offered as turn-key applications, and are continuously optimized using industry risk data and client learnings.

2. The Platform takes an end-end approach to risk management, with discovery engines ensuring completeness (like Shadow IT or Personal Data discovery), a single integrated data model underpinning all applications, and powerful operational risk reporting. The KPMG proprietary, robust and sustainable risk model embedded in the Platform enables effective risk appetite conversations.

We are excited that by using the scalable, secure and constantly extending cloud services from Microsoft, KPMG is no longer fully dependent on third party (GRC) software vendors, but is at liberty to express its own practices directly in a modern software solution. This puts us in a position to help our clients achieve their risk management ambitions through simpler and more cost-effective propositions.

Our Digital Risk Platform can be implemented quickly to create almost immediate results in a particular area of risk, and can subsequently be extended step-by-step, enabling a strategic implementation journey with unparalleled benefits.






— Define, monitor and report compliance with requirements in the areas of data protection (including GDPR), trade controls (including sanctions lists), and anti-trust.

— Discover personal data, track browser cookies and manage consent.

— Monitor tax compliance. — Track Legal & Regulatory improvement programs.

— Model enterprise risk hierarchies, risk scenarios, risk interconnectedness, impact and cost of controls.

— Calculate loss exceedance curves and compare with risk appetite.

— Capture threats and incident. — Calculate risk indicators and provide operational risk


— Manage an integrated control framework which maps to a comprehensive set of requirements.

— Assess control effectiveness through distributed manual control sign-off, sample based testing, and or continuous control monitoring.

— Derive control scoping from risk assessments (such as for SOx).

— Manage control deviations.— Manage findings in a risk based and consistent manner

across all lines of defense.

KPMG’s leading know-howThe Platform is bringing together KPMG’s leading advisory practices, methodologies and know-how in a single solution. The Platform for example covers the latest risk management practices for data privacy, for business analytics, and for robotics process automation. Working with our community of customers, and using industry risk data, we are committed to continuously improve our Platform.

Cloud technology enabledThe Digital Risk Platform is a cloud based Software as a Service (SaaS) solution. The Platform runs on Microsoft Azure and benefits from continuous Microsoft innovations. This provides excellent security and almost boundless scalability for our customers. Cloud solutions are easier to implement, and avoid the challenges of expensive and complicated version upgrade projects of on-premisesolutions.

Fully integrated data modelThe Platform employs a single integrated risk data model which connects the traditionally siloed risk, control and assurance processes. This ensures that data produced in one area can be used by all others, reducing guess work and errors, and enabling a consistent, reliable and holistic risk view.

End to end perspectiveThe most challenging part for risk functions is to effectively oversee the risks and controls in all areas and to combine the insights into operational and structural risk views that are perceived as meaningful and actionable by senior management and company stakeholders. We have developed, together with Douglas W Hubbard, a new method to generate risk views based on explicit assumptions and which are consistent at each level of the organization. This risk modelling is fully embedded in the Platform, and requires almost no effort from client organizations. This implies that, for the first time, information risk calculations can become a sustainable, rather than a once-off activity in your company.

Powerful analyticsAutomated risk processes rely on data analytics to identify new risks or control weaknesses that require attention. Such continuous monitoring allows organizations to avoid late-in-the year audit issues and empowers the operational organizations to take full accountability of the quality of their processes. The quality of the analytics data feeds is constantly monitored and has a full audit trail to enable reliance on the results by the different lines of defense.

Intuitive to useThe Digital Risk Platform enables the complete Plan-Do-Check-Act cycle. From identifying and assessing risk, to risk treatment and remediation management. This is enabled by (personalized) cockpits showing open actions for the relevant parties, based on a powerful workflow engine. The Platform user interface is modelled after the world of mobile apps and works on any type of device.

The Platform Principles

The Platform Solutions— Risk appetite— Control & assurance— Legal, regulatory & tax— Cyber security— Appraisal

KPMG Digital Risk Platform

© 2017 KPMG Advisory N.V.

Page 3: KPMG Digital Risk Platform on social media KPMG app KPMG Digital Risk Platform Enabling a step- change in Risk Management _____ The information contained herein is of a general

KPMG on social media KPMG app

KPMG Digital Risk PlatformEnabling a step-change in Risk Management


The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2017 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.

The name KPMG and logo are registered trademarks of KPMG International.

ContactsFor more information about the step-change in your risk management practices and the immediate benefits of KPMG’s Digital Risk Platform for your organization, contact us or visit us at

Global RetailerA global retailer has deployed our Platform’s Control Framework application to facilitate their quarterly sign-off of ~2,000 controls by approximately 150 users across the globe. In addition, the Platform monitors ~30 business controls on a continuous basis, synced in near real time with their on-premise ERP system. The dashboard functionality supports the monitoring of the control sign-off progress and provides reports to the audit committee and Board.

Global Food ManufacturerAt a global food company we’ve implemented a Data Analytics solution to monitor ~90 business controls in multiple very large SAP ERP applications. Their challenge was a time consuming process of extracting controls data from SAP ERP. In addition, there were long cycles for processing the data and for the actual execution of the controls. In the solution the Platform is connected to the same database as the ERP application, allowing for real-time insights and Continuous Control Monitoring and Continuous Auditing.

Value deliveredBoth cases demonstrate our ability to apply our Platform to very large datasets, in complex global organizational environments and resulting in significant tangible cost savings and improved risk management. It also shows the potential to expand the Risk Platform to internal audit functions where it can be leveraged to drive efficiencies, improve the quality of assurance, on top of lower external audit fees.

Ben [email protected]+31 20 656 71 37

Maria [email protected]+31 10 453 42 50

John [email protected]+31 20 656 83 94

Reference Implementations

Douglas W. HubbardCEO Hubbard Decision Research [email protected]+1 630 858-278