Proposal for a CRO IT Risk Management System

8/11/2019 Proposal for a CRO IT Risk Management System

1/7

IT Risk ManagementSystem for the CRO

Solution Talk BookNovember 2013


2/7

1 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independentmember firms affiliated with KPMG International Cooperative, a Swiss ent ity. KPMG International provides no clientservices. No member firm has any authority to obligate or bind KPMG International or any other m ember firm vis--vis thirdparties, nor does KPMG International have any such authority to obligate or bind any m ember firm. All rights reserved.FOR INTERNAL USE ONLY

Our clients need help both in understanding andmanaging IT Risk

IT risk has matured from a specialistelement of operational risk managementto a recognized and priority strategic risk:

38%of organisations defined top risksrelate to Information Technology

55%have difficulty in dealing with IT risk

57%note that the pace of change in IThas increased their overall risks

* Identified by KPMG in co-operation with the Economist Intelligence Unit between 2005 and 2013

IT risk is an executive-level concern that should priority in the global

market, but one which our clients are ill prepared to manage

Yet effective IT risk management remainsa key and growing challenge for ourclients:

40%of risk managers rate theirunderstanding of IT risks as moderate or poor

42%cite poor communication between theIT and risk functions as a significant difficulty inmanaging IT risk

66%of C-levels are dissatisfied with riskmanagement around IT Systems


3/7


A gap exists in the market for helping clients setupand optimise their IT Risk Management systems

Risk Management Information

Systems are outside of the

reach of many of our clients:

36%of organisations findimplementation complexity of availablesolutions a key barrier

Typical GRC implementations cost

organisations between $200,000and $600,000 (including software,hardware, and implementation services).

Over 70 percent of clients expect to increase their spending on risk

management technology over the next three years ~from a 2012 Deloitte survey

The only other actor in this space (outsideof GRC solution vendors) is Deloitte -already a partner with IBM in implementingtheir GRC platform OpenPages.

Forrester research shows a lack ofavailable mature and fit-for-purpose ITRisk Management solutionsonly 47% ofneeds met.

KPMG has an established relationship withBWise, a leading GRC platform, and hasthe necessary skills and experitse.


4/7


KPMG can offer our clients an IT Risk Managementsystem that can scale with the organisation

Clients benefits include:

efficiency benefits

faster report aggregation decreased audit costs

faster time to remediate controldeficiencies

strategic performance benefits

better strategic decisions usingrisk and compliance information

The proposed solution will leverage existing knowledge and systems to

provide clients with the immediate benefit of visibility over the keyOperational and Strategic Risk elements of IT

Charter, TOR, PolicyGap analysisIT Risk Framework

Facilitated definitionIndustry benchmark

Emerging risks

IT Risk Universe

Risk-appetite linkedCombined assuranceplan

IT Risk Control Catalogue

Indicator identificationAnalytics servicesBenchmarking

Risk and ControlIndicator Analytics

Loss data aggregationRisk trend reportingRisk-based DecisionSupport

Report templatesContent vettingTraining

Board Risk ReportingServices


5/7


Enhancing KPMGs services and business

Integrates a number of disparateservices and offerings into a single,client-focused offering, re-usesexisting technology and skills

Leverages a low-cost Centre ofExcellence Software-as-a-Servicemodel

Is ideally suited to Africa, but hasGlobal applicability

Creates avenues to leverage ourBWise partnership

Provides a platform to integrate withother service lines

FRMEnterprise RiskFramework

Forensicsuse of CA/CM

Cost of development $100,000Potential client take-up %25 of advisory clients ~

7 anchor clients

Projected Fees

Risk Framework $9,000 setup

Risk Universe $8,000 setupControl Catalogue $10,000 setup

Indicator Analytics $12,000 setup, $2,000p/a

Decision Support $5,000 setup, $1,000 p/a

Board Reporting $4,000 setup, $1,000 p/aPayback Period 100% @ 7 anchor clients


6/7

Thank you

Presentation by Robb Anderson


7/7

All information provided is of a general nature and is not intended toaddress the circumstances of any particular individual or entity.Although we endeavor to provide accurate and timely information,there can be no guarantee that such information is accurate as ofthe date it is received or that it will continue to be accurate in thefuture. No one should act upon such information without appropriateprofessional advice after a thorough examination of the particular

situation.

2013 KPMG Services Pty Ltd, a South African company and amember firm of the KPMG network of independent member firmsaffiliated with KPMG International Cooperative, a Swiss entity. Allrights reserved.

The KPMG name, logo and cutting through complexity are

registered trademarks or trademarks of KPMG International.

Documents

Proposal for a CRO IT Risk Management System