Vital Risk Insights kpmg.com



Similar documents
Driving business performance Using data analytics

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Your incentive compensation plans have no borders.

Using business intelligence to drive performance through accuracy in insight

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

How To Transform It Risk Management

GOVERNANCE, RISK AND COMPLIANCE. Internal Audit. Assessing Fraud Vulnerabilities. kpmg.com/in

Continuous Auditing / Continuous Monitoring

KPMG s Financial Management Practice. kpmg.com

Transforming risk management into a competitive advantage kpmg.com

IT Transformation. Moving Beyond Service Management to a Strategic Business Role. August kpmg.com

SUSTAINING COMPETITIVE DIFFERENTIATION

Addressing common challenges in the record-to-report process. kpmg.com

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Running the business of IT metrics that matter

IBM Cognos Enterprise: Powerful and scalable business intelligence and performance management

Automatic Exchange of Information

Placing a Value on Enterprise Risk Management ADVISORY

Driving Business Value. A closer look at ERP consolidations and upgrades

BI forward: A full view of your business

Transforming operations and technology

SAP Thought Leadership Business Intelligence IMPLEMENTING BUSINESS INTELLIGENCE STANDARDS SAVE MONEY AND IMPROVE BUSINESS INSIGHT

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Outperform Financial Objectives and Enable Regulatory Compliance

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Developing a Free Credit Score Program. kpmg.com

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Setting smar ter sales per formance management goals

IBM Cognos Performance Management Solutions for Oracle

Drive to the top. The journey, lessons, and standards of global business services. kpmg.com

Managing Risk at Bank of America Corporation. Overview

Cyber security: Are consumer companies up to the challenge?

Game Changer The Impact of Cognitive Technology on Business and Financial Reporting. May 23, 2016

Management Update: The Cornerstones of Business Intelligence Excellence

Leveraging a Maturity Model to Achieve Proactive Compliance

Measure Your Data and Achieve Information Governance Excellence

COSO Internal Control Integrated Framework (2013)

Infor10 Corporate Performance Management (PM10)

Understanding and articulating risk appetite

Leveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014

Data2Diamonds Turning Information into a Competitive Asset

The IBM Solution Architecture for Energy and Utilities Framework

Enterprise Risk Management: From Theory to Practice

Making confident decisions with the full spectrum of analysis capabilities

Compliance Risk Management Survey A Point of View

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Using data analytics and continuous auditing for effective risk management

Building and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP

ORACLE PROJECT ANALYTICS

Transforming Internal Audit Through Critical Thinking. kpmg.com

White Paper February How IBM Cognos 8 Business Intelligence meets the needs of financial and business analysts

Real-Time Security for Active Directory

How To Manage Social Media Risk

ERP Controls Integration

A full spectrum of analytics you can get yourself

KPMG Powered Enterprise

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

AD Management Survey: Reveals Security as Key Challenge

Client Onboarding Process Reengineering: Performance Management of Client Onboarding Programs

Establishing Enterprise Portfolio and Project Management in a Shared Service Environment

Investment Management: Rising to the Risk and Compliance Challenge kpmg.com

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

Transform Audit Practices and Move Beyond Assurance

Your incentive compensation plans have no borders. Why should your compliance processes? Powered by KPMG LINK Global Equity Tracker

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

Preserving and Growing Value Through Enterprise Risk Management

Increase Business Velocity with Connected, Insightful, Cloud-Based Software

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

Driving business performance with enterprise risk management

Rocket CorVu NG. Rocket. Independence from Engineering. Powerful Data Visualization for Critical Decision-Making. brochure

Implementing the value chain of the future

ORACLE FUSION HUMAN CAPITAL MANAGEMENT

IBM Cognos TM1. Enterprise planning, budgeting and analysis. Highlights. IBM Software Data Sheet

Unlocking the opportunity with Decision Analytics

Real Estate Business Intelligence Steps to Success

Project and Portfolio Management for the Innovative Enterprise

04 Executive Summary. 08 What is a BI Strategy. 10 BI Strategy Overview. 24 Getting Started. 28 How SAP Can Help. 33 More Information

Rethinking Human Resources in a Changing World

Beyond risk identification Evolving provider ERM programs

USING DATA DISCOVERY TO MANAGE AND MITIGATE RISK: INSIGHT IS EVERYONE S JOB

Point of View: FINANCIAL SERVICES DELIVERING BUSINESS VALUE THROUGH ENTERPRISE DATA MANAGEMENT

Accenture Federal Services. Federal Solutions for Asset Lifecycle Management

Meet challenges head on

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Transcription:

Vital Risk Insights kpmg.com KPMG INTERNATIONAL

business Using intelligence software to monitor indicators of governance, risk and compliance Success in today s global marketplace demands that leading companies keep up with the remarkable pace of technological change and innovation, particularly in regard to business intelligence software. Capturing market share often involves taking advantage of social media solutions such as apps on smart phones and tablets, interactive visualization, and scenario modelling. Such solutions are also becoming important tools for tracking the effectiveness of governance, risk management, and compliance activities. A company that has not yet acted upon and put into place such solutions has an opportunity to design executive dashboards that integrate performance data, risk indicators, and information related to internal control and corporate governance, risk management, and compliance management (GRC). For those companies that do have such dashboards in place, the opportunity exists to expand their scope by including other GRC stakeholders. Vital Risk Insights 1

Management must keep the board informed of the facts of the company s operating performance, which includes information such as the status of key risks, assurance on critical controls, details of material losses, and developments in the area of compliance. GRC where should we be? Because it is a highly visible member of society in both the local and global sphere, the modern company is expected to uphold community values. Its leadership and board of directors are responsible for enacting and enforcing policies that help ensure the welfare and interests of both its stakeholders and society. Such policies are commonly managed through a structured and formalized GRC system characterized by such aspects as board committees, scheduled reports to leadership and the board and a program of risk management that includes an infrastructure for monitoring the internal controls. Given the importance of the board s mandate to protect stakeholder interests, it is vital that the board is kept abreast of key facts relating to risks, internal controls, losses and trends. The board has a right to be kept fully advised of significant initiatives by management and that such information will be provided in a timely manner. GRC systems support this reporting and monitoring process based on four principles of good governance: accountability, responsibility, fairness and transparency. In order for the value of GRC to be fully realized, its information must be reported objectively, and presented in a way that demonstrates any potential impact on the company s strategic objectives, performance targets and financial framework. This implies that information about risks, controls and losses is expressed in numeric terms and in terms of fact-based key risk indicators. GRC what are we doing well? Structured programs to manage risk have become widely accepted in large corporate enterprises, characterized by processes such as formal risk assessments, programs of control testing, and internal risk reporting. Specialized functions address inherent risk exposures ranging from market risk to sustainability risk. Board oversight is provided through governance structures and supported by periodic reporting by management. Compliance management is embedded within the fabric of leading companies and rigorous audit programs help ensure that operations meet regulatory requirements. Generally, accepted standards and processes of GRC have helped to improve these kinds of practices around the world. GRC What are our challenges? Management bias and viewing risk subjectively pose a challenge to many companies. Since management is rewarded for good news and not bad through a program of incentives, the temptation exists to focus on its achievements and downplay mistakes. Overly optimistic reporting can result in incomplete or biased assessments that can harm or have an even fatal impact on a company. Internal reporting processes that depend entirely upon personal interpretation, traffic light ratings and free-form style may expose a company to this problem. This kind of vulnerability is compounded when submissions are presented with no empirical evidence to support them. An increasing number of companies have addressed the challenge of subjectivity and management bias by implementing real-time reports based on actual data. Continuous monitoring also addresses this challenge and provides the ability to respond to identified issues more rapidly. 2 Vital Risk Insights

Thus, instead of depending upon an annual declaration by management on the status of internal controls, companies rely on real-time reports based on actual data pulled from operating systems. Quantifying non-financial risks is considered difficult if not impossible by many management teams, so essential techniques such as setting risk tolerance thresholds, matching risk values to financial imperatives, and measuring risk concentrations, are often not used at all. Choosing the right indicators of risk is often seen as problematic and too much of a challenge, causing management to adopt simplistic ranking scales in compensation. Reports and submissions to GRC oversight functions and committees are typically produced on an infrequent or periodic basis rather than in real time. Although substantial time and expense may be incurred in producing such information, a lack of current data may inhibit deep insights into the connection between risk and performance. A single view of GRC and assurance is often not provided to board committees. With no standardized framework, content or methodologies, and these disparate functions can often appear fragmented and disconnected from one another. A culture of good risk management is notoriously difficult to achieve when these functions are positioned outside of the core business, and weaknesses in management buy-in will be evident in the quality and substance of reporting. Ratings of risks, controls and losses may remain static or not evaluated accurately for fear of being exposed by peers. GRC requires sound processes and structures in order to function optimally, and the maturity model illustrated above illustrates that a company s GRC maturity normally evolves over time. The importance of having good quality data and master-data for advancing GRC maturity cannot be over-stated. Where there is an existing business intelligence technology in place, it makes good sense to include a meaningful GRC perspective. KPMG Maturity Model: Continuous Monitoring Assurance Manual/single risk events, errors Manual data extraction and analysis Manual reporting and follow-up Manual escalation Automated coordination of single risk events, errors Automated data extraction and analysis Automated Excel, Powerpoint and PDF reporting Automated tracking and coordination via Email Manual follow-up and escalation Visualization/focus on exceptions, indicators Visualization and (internal) benchmark analysis Drill down to the level of single events, errors Self service BI Manual follow-up and escalation Automated monitoring and predictive analytics Automation level Fully integrated systems Single sign on and covering the whole organizational structure by using active directory Automated follow-up and escalation A culture of good risk management is notoriously difficult to achieve when these functions are positioned outside of the core business, and weaknesses in management buy-in will be evident in the quality and substance of reporting. Vital Risk Insights 3

The integrated nature of governance, risk management, and compliance dashboards enables its users to gain new insights about connected themes, patterns and trends across the organization, and glean information that is currently not delivered. How do we get there? Leading companies are placing more emphasis on dynamic reporting, numeric data, business indicators and measured information, all of which provide deeper insight into risk and allow management to perform governance responsibilities more effectively. Indicators are extracted automatically from operating systems and visualized in customized dashboards using business intelligence software. This provides real-time risk information and helps enable more rapid intervention and decision-making should the need arise. Risk intelligence dashboards can be customized for risk owners and for different role-players within GRC functions. *Information reflected is entirely fictional and for display purposes only. Instead of ploughing through a bewildering array of wordy documents and spreadsheets, management can use business intelligence software to assemble GRC indicators into one integrated workspace on a screen. There are no restrictions to the type of indicator that may be assembled for GRC dashboards, loss data, audit data, key risk indicators, insurance figures, legal claims, ethics data, survey results, safety statistics, audit scores, regulatory indices, and more. Measuring the potential net impact of risk with smart indicators in real time helps an organization to leverage value from the GRC program, and aligns its processes to the company s strategic objectives. This can encourage companies to take a more analytical approach and it can assist with identifying opportunities, quicker responses to adverse trends and shaping new improvement initiatives. The integrated nature of GRC dashboards enables its users to gain new insights about connected themes, patterns and trends across the organization, and glean information that is currently not delivered. Aligning GRC information to the company s performance targets leverages the function s value to management and the board of directors. 4 Vital Risk Insights

Conclu sion The current trend of including GRC activities in one portfolio represents a serious challenge. The subject matter now managed within the GRC portfolio has expanded to include sustainability, forensics, internal audit, insurance, safety, security, business continuity, project risk, stakeholder management, and many other well-established corporate functions. Companies are learning that using smart indicators within business intelligence software is an effective way to keep your finger on the pulse of performance trends, variance and change. Internal stakeholders with a justifiable interest in GRC and accurate and real-time status and progress reports now includes boards of directors and their committees; executives, operations, risk managers, internal audit executives, assurance providers, and specialist risk and control functions. Business intelligence strategies offer customization and personalized information for these different users. Information, charts and tables are easy to format and data can be imported by easy drag-and-drop from documents and spreadsheets. Business intelligence software has become a driving force and a stakeholder expectation as an integral part of the landscape of GRC. Its availability on mobile devices makes it even more attractive and accessible to management. Vital Risk Insights 5

Contacts Americas: John Farrell Global ERM/GRC Lead Partner KPMG in the US T: +1 212 872 3047 E: johnmichaelfarrell@kpmg.com Fiona Grandi Partner, ERM/GRC KPMG in the US T: +1 415 963 7812 E: fgrandi@kpmg.com Deon Minnaar Americas ERM/GRC Lead Partner KPMG in the US T: +1 212 872 5634 E: deonminnaar@kpmg.com EMA: Peter Paul Brouwers Global GRC technology and EMA CA/CM Partner KPMG in the Netherlands T: +31 40 2502346 E: brouwers.peterpaul@kpmg.nl Steven Briers Partner, Risk Consulting KPMG in South Africa T: +27 82 719 0517 E: steven.briers@kpmg.co.za AsPac: Brad Styles Partner, Management Consulting KPMG in Singapore T: +65 6411 8818 E: bradstyles@kpmg.com.sg Damion Keasey Associate Director, IARCS KPMG Australia T: +61 2 9335 7173 E: damionkeasey@kpmg.com.au kpmg.com/socialmedia kpmg.com/app Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2014 KPMG International Cooperative ( KPMG International ), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. Designed by Evalueserve. Publication name: Vital Risk Insights. Publication number: 120940. Publication date: April 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information