KPMG Canada s IT Advisory Services

Transcription

1 I T A D V I S O R Y KPMG Canada s IT Advisory Services Helping clients address today s technology agenda A D V I S O R Y

2 Overview of KPMG Canada s IT Advisory Services KPMG s IT Advisory professionals can help you align your IT capabilities with the pressing strategic and financial objectives of your organization. We have the knowledge and experience to help you as you seek improved performance from your IT investments. With a fully coordinated service offering across the range of management challenges in IT, we work with senior management as they look to make the right choices at the right time and at the right cost. Asset Management and Contract Compliance 2 IT Attestation 10 Business Systems Advisory Cost Optimization for IT Due Diligence Enterprise Architecture Green/ Sustainable IT Infrastructure and Continuity IT Internal Audit IT Portfolio Management IT Sourcing IT Strategy IT Value Records and Knowledge Management Security Services IS Governance and Performance 9 Solution and Vendor Evaluation 18 1

3 Asset Management and Contract Compliance IM/IT Asset Management is focused on people, process, and technology. Asset Management considers the full asset lifecycle ( cradle to grave ) and is therefore not limited to IM/IT. It often involves Legal, Procurement, and Finance. KPMG s IT Advisory professionals review the processes and supporting discovery technology for managing IM/IT assets; review how assets are tracked and administered; and identify potential gaps in the controls. Assess IM/IT Asset Management operating effectiveness (variances between deployment and entitlement provide evidence of IM/IT Asset Management process weaknesses) and design effectiveness including people, process, and technology competencies in order to provide a complete picture of the IM/IT Asset Management root cause issues. Each IM/IT Asset Management component throughout the lifecycle is assessed an infrastructure optimization maturity: Basic, Standardized, Rationalized, or Dynamic. Financial savings Cost savings from enabling the organization to reach a higher level of IO maturity Information and control Lower support costs (help desk, IMAC, deployment) SAM Direct cost savings from licensing optimization and contract renegotiation Mitigate financial and legal risks Enablement of financial savings 2

4 Business Systems Advisory Business System Implementation, Optimization & Controls Integration Enterprise Application Strategy, Planning & Governance Business Requirements Identification Conversions, Interfaces, Business Testing and Validation Support ERP Health Check & Optimization Business System Standalone Services IFRS Enterprise Applications Conversion Business Process Controls / Access Controls & SoD / Information Security & Continuity Master Data Management / Data Quality & Integrity Governance, Risk & Compliance / Continuous Monitoring & Auditing When implementing a business system, an organization should seek a balance across four dimensions: - risk and controls; - process optimization; - organization and people; and - technology. 3

5 Cost Optimization for IT KPMG brings a globally consistent methodology for delivering cost optimization assignments that helps to create a better understanding of IM/IT value, enabling more appropriate investments in initiatives that both support and anticipate business goals. A typical review will cover the following initiatives: Strategic: generate sustainable performance improvements consistent with strategic goals and long-term value creation. Consider performance improvements that may reflect high degree of innovation and involve shifts of fundamental business models. Tactical: improve performance of existing business model to respond to emerging competitive pressures, deteriorating cost control or other margin pressures, stakeholder pressure for short-term performance improvement, and offers to acquire a portion of the business. Survival: rapid cost reduction to adapt to severe cost pressures, enabling the organization to stay in business. With survival at stake, speed is of the essence. KPMG s IT Advisory professionals can help organizations identify and stop all non-essential spend and cease non-core services. Benefits Reduce IT spend while maintaining IT performance against business goals Aligning future spend with high priority business investments Transparent reporting Improved utilization of existing investments Sustainable process improvements A risk- based approach Improved balance between the organization's resources and its risk across the technology agenda 4

6 Due Diligence Due Diligence includes reviewing the target organization to assess the risks associated with its IM/IT systems and the feasibility of the projected EBITDA, given the alignment of IM/IT plans with business plans. Due Diligence confirms the IM/IT assets involved in the transaction; assesses their suitability and capability to meet the investment hypothesis; reviews the historical and planned technology spending; identifies the existence of technology risks; and provides indications of anticipated postdeal expenditure with regard to IT. Additional to the core scope of IM/IT due diligence, and dependent on client interest and investment hypotheses, the engagement may include: Identification of opportunities to improve technology performance or achieve cost savings Assess the effort required to integrate the target with other entities, e.g. roll-up or with parent Provide suggestions on post-deal enhancements to improve target performance Review proposed transition service agreements. 5

7 Enterprise Architecture Business Model System Model KPMG Canada, through its recent acquisition of Chartwell IRM, brings skills and experience in Enterprise Architecture, which helps clients with the use of structured methods to plan and design complex business changes. In its simplest terms, we help client s use enterprise architecture to align the design of a business and its critical resources with its strategic vision. Our practitioners use standardized models or blueprints to analyze the design of an enterprise to identify business improvement opportunities. We then create a road map of change projects that are traceable to the strategic intent of the business. Improvements might include innovations in products and services, organizational structure and business processes, the quality and timeliness of business information, or the contribution of its IT. Value Chain to System Infrastructure Alignment & Integration Aligns Strategy Enterprise Architecture Aligns Aligns Business Architecture Solutions Architecture Aligns Aligns Aligns Business Operations Technology 6

8 Green/ Sustainable IT Developing and executing a green IT strategy requires a combination of business and technology skills and experience, as well as broad organizational cooperation across multiple functions such as IT architecture, data center operations, facilities management, corporate real estate, and procurement. Linking green IT initiatives to broader corporate green initiatives shaped by strategic-level Corporate and Social Responsibility (CSR) frameworks enables IT to be a value-added business partner in the journey to a greener business. It further offers organizations an unprecedented opportunity to align environmental management initiatives with broader sustainability initiatives. We take a top-down view shaped by strategic-level frameworks that help link green IT initiatives with a broader enterprise-wide program. Grassroots efforts and disparate green initiatives are a starting point in the effort to reduce the environmental and economic impact of IT, but a broader program-level effort that considers the total IT life cycle is often needed to yield enhanced benefits. KPMG s approach to Green IT leverages our Business Performance Improvement and Change Management methodologies, and provides a green lens for IT and data centre operations. 7

9 Infrastructure and Continuity Service Level Agreement Insurance Coverage Fault Tolerant Infrastructure Accounting and Finance Communication Technology Legal Human Resources Recoverability and Continuity of Operations Crisis Management Risk and Vulnerability Assessment: identifies potential threats; identifies vulnerabilities; identifies existing controls; analyzes exposures; prepares risk and vulnerability report. Business Impact Analysis: confirm assumptions; develop survey questionnaires; identify survey recipients; obtain business function data; distribute survey; collect responses; verify results; and prepare BIA report. Critical Recovery Resource Requirements: review business processes and determine recovery resource requirements; determine business process recovery time objectives; identify IM/IT processing requirements; identify IM/IT support profile; prepare business function recovery profiles. Alternative Recovery Strategies: identify viable support strategies; develop high-level relative cost assessments; analyze and determine most appropriate strategies; produce reports and procedures; prepare the business continuity plan; analyze exposures; develop implementation plans; negotiate vendor contracts. Plan Maintenance Initiation Business Review impact BIA analysis Review BCP Assess and other risks plans Review Design BCP the plan tests Develop Review a Governance road map Report 8

10 IS Governance and Performance Governance Review effectiveness of existing IM/IT governance model Assess and design a plan for improvements, ITIL/COBIT process design work (IT Operations, SDLC, PMO), organizational models Implementation, Change Management of planned design. Performance Assess the efficiency, cost, and effectiveness of IM/IT departments using KPMG s IS Governance Framework. The focus is on support and sustain the direction. Process Communication Controls People Strategic Initiatives Performance Management Business Alignment Technology Management Framework Communication Financial Management Compliance Risk Management Risk Transformation Strategic Spending Investment Management Cost Control Communication 9

11 IT Attestation KPMG provides a range of IT attestation services to help satisfy the requirements of third parties that depend on IT environments. The most common IT attestation services include : AICPA SAS 70 or CICA Section 5970 (S5970) examinations. Standard that was designed to serve the assurance needs of service providers relating to the integrity of processes and services that impact a Company s financial statements. Two types of reporting are available : Type 1: Use to assess the design of controls whether they are in operation as at point in time Type 2: Use to assess the design of controls in operation and the operating effectiveness of the controls over a period of time (typically 6 months to 12 months). KPMG Systrust and Webtrust KPMG Other Assurance Reports (CICA Section 5025, CICA Section 5815) Agreed-upon Procedures (CICA Section 9100 or 9110). Attestation services encompass a wide range of business processes including IT, custody, fund administration, clearing and depository, pension benefits administration, manufacturing/distribution, IT/web hosting, and payroll processing. Planning Data Gathering Test of Design Test of Operating Effectiveness Reporting 10

12 IT Internal Audit KPMG s IT Internal Audit services provides a cost-effective means of independently assuring that business understand the risks they face, and that they have effective controls in place across their IT organization to mitigate these risks. IT Internal Audit Needs Assessment: Our risk assessment methodology enables us to obtain a detailed understanding of IT risks facing the business, which supports the development of effective IT audit plans. IT Performance Review: Our approach is designed to help clients assess IT performance in selected areas or across the enterprise, so they can strike the right balance between business needs and IT resources. Business Systems Controls: A structured approach to assessing, designing, and implementing the processes and controls related to existing or new business software applications. IT General Controls Assessment: Assesses the technology risks facing your organization and whether existing controls are sufficient to address those risks. 11

13 IT Portfolio Management Alignment involves using an objective, balanced and accepted process to evaluate and filter component ideas to produce a prioritized list for the next business planning cycle. Benefits Management involves providing a structure and framework for the forecasting and realization of portfolio benefits. Capacity Management considers demand and supply, identifying constraints on the organization that could impede the delivery of the portfolio. Financial Management considers funding, investment opportunities and financial returns from the overall portfolio. Governance ensures that appropriate structures and processes are in place for effective decision making, work allocation and performance reporting. Organization & Leadership considers executive direction setting for the portfolio and structuring the organization for integration across portfolio, program and project levels. Performance Management involves tracking the delivery of the portfolio against a predefined set of parameters including time, cost, quality, risk and benefits. Risk Management manages the level of risk involved in delivering the portfolio. Stakeholder Engagement involves engaging individuals or groups of people within and outside the organization to ensure on-going support for the portfolio. A risk-based approach Improves management of the business risks, in relation to the appetite for risk Improved balance between the organization's resources and its risk A prioritized set of programs Prioritize based on the attractiveness and achievability of change initiatives Integrated planning at portfolio level Strategic priorities based on the accurate data Strategic alignment Strategic alignment between the programs and the business strategy Greater organizational agility in order to respond to the changing economic environment Controlled, measurable realization of corporate objectives all of which results in better returns on investment Cost reductions Reduced cost of delivering programs Optimal use of resources (increased cost savings) Non-aligned or programs with a low contribution will be terminated or rescope, minimizing future costs Benefits Maximum value from the organization's change programs and initiatives Increase visibility of benefit data across the portfolio Program failing to delivery benefits identified early Implement clear accountabilities for achieving benefits 12

14 IT Sourcing IT outsourcing options have become more complex over the years. As they each bring their strengths and weaknesses, they should be chosen with care, matching the business needs. KPMG's IT Sourcing methodology assists clients throughout the sourcing lifecycle, including the outsourcing of business and services as well as the implementation and operation of shared services. It is highly flexible, allowing for an overall approach to outsourcing, or providing assistance for existing outsourcing agreements. Our approach breaks a long and complex lifecycle into six manageable steps: develop the strategy, scope and plan, design and select, transition, deliver, evolve. Engagement activities can include: assessing proper IM/IT service delivery model for clients: in-house, outsourced, or hybrid; review of existing agreements the Right to Audit clause; contract renewals; evolve / remediation; and development of a services catalogue. Client business goals Focus on Core Business Release Capital Enhance Quality Reduce Costs Enhance Agility Reduce Risk Sourcing as a strategy Cost reduction through economies of scale Focus on core competencies by moving administrative functions from operations Improve process quality and efficiency Improve customer services Leverage technology in a common infrastructure with standard data Divestment new businesses developed Sourcing models Global Shared Services Regional Shared Services BOT (Build/Operate/Transfer) Joint Venture Outsourced Companies initially look for cost reductions, but expand to quality and enhanced competitiveness 13

15 IT Strategy KPMG s IM/IT Strategy is a dynamic process focused on the effective management of IM/IT performance, risk, and value. Our IM/IT Strategy Services methodology addresses: Establishing a process to help align IM/IT initiatives to the business strategy Recognizing that an important goal of effective IM/IT strategy is the improvement of business performance Develop 3-5 year plans to align the IM/IT strategy to the business strategy. KPMG s approach is based on six main steps as follows: Understand the business direction Perform IT capability assessment Identify refined business requirements Select IT alternatives Design IT strategic scenario Develop IT strategic plan KPMG has significant global IM/IT Strategy Services engagement experience. 14

16 IT Value To realize the true potential of IT investment, CIOs should align the IT agenda with that of the wider business. This approach helps to ensure that organizations invest in the most appropriate areas, applying strict investment criteria for change projects while delivering day-to-day activities effectively. This involves: Adopting rigorous portfolio management: this will help to evaluate the real business benefits of the various IT investment options available, ensuring a more optimal allocation of funds. Improving the planning and management of day-to-day operations: the use of robust industrialized processes along with effective control mechanisms, can significantly reduce the need for fire fighting and help IT managers meet the daily needs of the business. Such greater efficiency will also free up IT management to devote more time to strategic issues. Introducing a true partnership between IT and the business it serves: joint planning and regular liaison should align IT activity closely with business needs and make IT more responsive and adaptable to changing business circumstances. Distinguishing between change and run expenditure: these two have very different business models with different investment criteria. Expenditure on day-to-day operations is essentially an exercise in cost control and efficiency, whilst investment in change should focus on the strategic benefits, increased turnover and ultimately the shareholder value it brings to the business. Establishing an appropriate funding and governance model for IT: ensuring that the right decisions e.g. how much to spend / invest and on what - get made in the right place within the organization and in the right way. Prioritise and Deliver Value Opportunities Develop Economic Baseline Define Opportunities IT Value Assessment Develop Questionnaires Analyse Data Gather Data and Perform Interviews 15

17 Records and Knowledge Management Definition Management (Collection / Disposal) Inventory and classification of records Creation, alteration, and destruction Ownership Management (Storage, Custodianship & Preservation) Sensitivity Management (Storage / Access) Privacy and confidentiality Accessibility Management (Access / Use) Retrieval, Delivery and Decision Making Quality Management and Integrity 16

18 Security Services Identity Management and Role Based Access Control Policies, Standards, and Processes Vulnerability and Penetration Testing Security Assessment Security and Privacy Incident Management Data Centric Security Risk Assessment Security Operations Review Security Governance Strategy This model yields the four distinct areas upon which our services focus. Our fundamental model of enterprise security architecture is based on core enablers engaged in a process of protecting information assets. Information Security Assessment Enterprise Security Architecture Security Solutions & Integration The services are modular in nature and fit together as required to facilitate each client s unique requirements. Security Monitoring & Response Architecture 17

19 Solution and Vendor Evaluation Solution Assessment Provide independent advise to assist clients in assessing and strategizing their technology solution to best meet their needs. Business Case for System Change Requirements Definition Develop Business Case for the Selection Exercise and assist in comprehending the critical success factors for a successful case. Assist clients in identifying solution requirements, documenting both functional and technical requirements, prioritizing them and create new process maps and/or models. Market Research Evaluation Help clients in understanding the vendor and solution landscape. RFP/RFI Process Advise clients in the management of the Request for Proposal (RFP) or Request for Information (RFI) process. Vendor Due Diligence Conduct due diligence on potential suppliers to minimize the risk of selecting inappropriate partner. Independent Verification & Validation Offer advice or assistance to clients in planning the selection solution. Negotiation Support Recommend negotiation strategies regarding business terms, service levels and financial arrangement. 18

20 For more information on management issues in IT Please contact your KPMG adviser or any of our IT Advisory professionals Montréal Jean-François Coulonval (514) Greater Toronto Area Yvon Audette (416) Western Canada Shaun Wilson (604) Francis Beaudoin (514) Jeff Smith (416) Jeff Thomas (403) Ottawa Jim Alexander (613) Southwestern Ontario David Evans (519) Solly Patrontasch (613) or visit us at All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. 19