Business Systems and Controls

Are you optimising IT systems to maximise success and ROI?

Managing risk and complexity effectively across business systems spanning controls, processes, people and technology is now a fundamental business objective.
Organisations want to further optimise their systems to drive cost improvements and gain competitive advantage, maximise success and ROI, with assurance that governance, risk and compliance is rmly embedded to place comfort over systems, projects and nancial reporting. Lack of adequate risk management in system implementation and Business as usual processes can raise security and control issues for management as regular updates and changes can affect the design and operation of embedded controls. KPMG is able to help organisations manage costs and gain efciency in their operations by reviewing risks and controls, relating to business application controls, data integrity, business processes and application security. Whats on your mind? Do you need advice on how to gain control of complex and business critical revenue or cost processes and ERP solutions including SAP and Oracle, efciently and effectively? Do you have large ERP transformation and implementations and need advice on the best way to design controls within ERP based business processes? Are you under pressure to reduce the cost of risk, governance, control and regulatory compliance through automation and transformation?

Is your controls framework adequately embedded within your technology initiatives and business as usual processes? Does your organisation have conicting views internally on data or efciency of business process, system functionality, reporting, and data integrity? Do you need to reduce costs in operational processes while continuing to manage risk effectively? How we can help turn risk to advantage KPMGs Business Systems and Controls team can help to improve clients return on their application investment by providing a one-stop shop to manage risk and complexity across their business systems, processes, people and technology. Existing control frameworks, usually focused on information security, provide an illusion of assurance whilst leaving major technology risks unmitigated. We support a number of project and steady state scenarios: End to end support intended to advise and support clients who are just beginning or are in early stages of a major system implementation effort. Pre & post implementation review geared towards clients who are in the nal phase of a major system implementation effort to provide assurance that the project will deliver the business requirements. Specic client requests designed to assist clients who request the review of specic controls or a business area within the context of their overall application environment, this can include system and business process and controls improvements.

2011 KPMG LLP , a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member rm of the KPMG network of independent member rms afliated with KPMG International Cooperative, a Swiss entity. All rights reserved.

We provide clients with advice and assurance on: Process Risk and Controls Apply risk based techniques for documenting people, business and technology processes and addressing the effectiveness of risk and controls. Our skills cover a range of processes across different industries, e.g., Mortgage, Investment, Tax, Benets, Procurement, Payroll, Financial etc. Process Governance, Risk and Compliance Provide advice on an integrated framework that unies governance, risk, compliance and assurance functions to achieve a consistent and holistic vision across the organisations. Business Systems Optimisation Verify that the right types of embedded systems controls are in place and are operating effectively. We have specic SAP and Oracle skills and tools to enable us to identify functionality and controls gaps quickly. Potential benets to you Improved understanding of technology risks and use of Business application and process control features Focus on controls and efciency throughout the Business systems project life cycle and Business As Usual processes Robust Security approach that supports business process controls objectives and protects sensitive information Enhanced business decision making through more accurate operational and nancial information throughout system transition Maintaining data integrity through evaluation of data cleansing, consolidation and reconciliation during data conversion and system interfaces activities Improved management of business and fraud risks through an improved internal control environment covering IT risk management, systems implementation and information security Better compliance with governance, risk and control regulatory requirements

Potential benets to you A Holistic Approach We engage at all stages of a system life-cycle from blueprint, detailed design, implementation and retirement/migration to advise and provide assurance to our clients to best manage risk, cost, time, control, compliance and benets realisation challenges. Multi-disciplinary capabilities We are able to draw upon expertise from multi-disciplinary capabilities from various teams such as Audit, Forensics, Data analytics, IT Risk and Programme Assurance to deliver a solution tailored to specic client issues and requirements. Industry knowledge Our team comprise of a range of professionals with complementary skills sets brings technology risk awareness to the boardroom with industry knowledge to provide effective solutions that bring people, process and technology together, helping clients keep information assets secure, systems functioning and controls operating effectively. Global reach KPMG is a global network of over 140,000 professionals in 150 countries. We have regional Business Systems and Controls teams who can service your needs using our dedicated propriety tools. This allows us to identify keys issues early on before performing detailed deep dive reviews into specic areas. How we have helped others Multinational oil and gas organisation Our client was transforming its downstream business from national led companies to global lines of business and each company had its own unique and complex supply chain. We performed a deep dive review of the business process and system controls for the Sell to Business Customer process (the largest and most complex process in the programme and the one most critical to successful transformation). We designed automated controls using our SAP Controls Catalogue as a baseline. As a result, we optimised the consistency of controls across all businesses and contributed towards the global control framework. These controls achieved business efciencies which were rolled out to other countries to maximise the effectiveness of the global process.

Contact: Gerry Penfold Partner T: +44 (0)7802 608 549 E: gerry.penfold@kpmg.co.uk Mohammed Rahman Partner T: +44 (0)7818 012 191 E: mohammed.rahman@kpmg.co.uk Ervin Jocson Director T: +44 (0)7795 354 104 E: ervin.jocson@kpmg.co.uk Manoj Shah Senior Manager T: +44 (0)7790 784 982 E: manoj.shah@kpmg.co.uk Andy North Director, IGH T: +44 (0)7711 713 385 E: andrew.c.north@kpmg.co.uk Sukhie Mann Senior Manager, FS T: +44 (0)7827 282 268 E: sukhie.mann@kpmg.co.uk

www.kpmg.co.uk/technologyrisk

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2011 KPMG LLP , a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member rm of the KPMG network of independent member rms afliated with KPMG International Cooperative, a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. RR Donnelley I RRD-257902 I August 2011