Risk and Compliance Technology

What's on your mind?

• The need to demonstrate internally and externally strong governance of IT systems as well as compliance with standards and regulations
• The need for technology suppliers to provide proof to clients around the security, quality and resilience of their service
• The need to prevent, detect and respond to 'e-crime' incidents such as cyber attacks, industrial espionage and data theft
• The need to detect and prevent fraud by analysing transactional and corporate data
• The need to identify, collect, review and disclose electronic documentation as part of a legal, investigatory or regulatory matter
• The need to identify opportunities to drive cost efficiencies and reduce waste and loss through leveraging data analytics techniques

We can help provide high levels of assurance and insights in respect of your technology, including:

• IT internal and external audit services to help clients achieve high levels of assurance and risk management across their technology environment
• IT attestation and certification to independently verify that technology suppliers have the requisite levels of control and security to meet standards such as SAS 70 and FIT 1/94
• IT security and business resilience to help ensure up-to-date protection against, and effective response to, rapidly evolving cyber crime threats
• Advanced data analytics to 'intelligently' analyse corporate data for signs of financial loss, business insights as well as system controls and weakness allowing corrective action to be taken - Evidence and disclosure management (e-disclosure) to identify and handle important electronic information relating to a court case, investigation or regulatory enquiry
• Records management advisory services to help ensure information government policies and their technical implementation accord with good practice

What's in it for you?

• Demonstrate sound governance, audit opinion, risk management and cost effective compliance across your technology environment to the board
• Significantly reduce the risk of IT security breaches through penetration testing, firewall strengthening and strategy development
• Reduce internal and external fraud losses, delivering bottom line cost savings
• Realise time, cost and risk benefits in a contentious situation by finding and disclosing relevant information to enquiring agencies quickly and efficiently

Why KPMG?

• Most IT advisors have vested interests in terms of the hardware and software they utilise
• We are a genuinely technology-independent advisor
• We have one of the largest forensic technology units in the UK which utilises our wealth of anti-fraud, dispute advisory and regulatory response experience
• Our combination of advanced technology, in-depth experience, access to technical and sector knowledge, global network and track record, means we are one of the market leaders

Case Study

• IT systems assurance and control - The client wanted to reduce costs by replacing its existing finance and supply chain systems with a new integrated solution. They asked us to provide independent assurance to enable the project to remain on track, and to mitigate the numerous risks involved. We planned and implemented a series of reviews across the entirety of the system implementation. This covered programme governance and planning, risk and data management, internal controls and security as well as business readiness. Our reviews formed part of the risk management programme embedded within the overall project overview. We provided the assurance necessary to keep the system implementation on track, identifying key risk areas which could have led to delays, extra cost and failure of the system to meet expectations. The client was kept informed throughout the project of developments and emerging risk areas to help them to monitor the system post-implementation
• Data analytics - Major pharmaceutical company. Our client was upgrading its CRM system to improve its sales and marketing. It wanted to focus on the system's free text fields - to understand the potential customer insights, and the potential regulatory and reputational risks, residing within them. We assessed the quality and quantity of the free text data, using 'fuzzy matching' on agreed terms and expressions to identify unexpected values to investigate further. Using various analytic and modelling techniques we discovered patterns and relationships within the data which identified specific threats and opportunities. Our client experienced exceptional value for money from finding valuable insights without incurring substantial investment on technology or human resources. The client achieved a greater level of understanding of their new system, allowing them to achieve full future value from it. The client could take pre-emptive action on regulatory compliance and reputational threats, reducing the chance of consequent financial and commercial damage
• Evidence and disclosure management (Pharmaceutical industry). The client needed to collect, process and disclose evidence located in 20 jurisdictions as part of its defence of a multi-dollar pound legal claim around the development of a new drug. Reporting to the client's General Counsel, we managed the global evidence and disclosure exercise from a central UK control team, providing guidance to the local collection teams and ensuring consistency across the world as well as compliance with local data privacy rules. We collected 25 terabytes of data (equivalent to roughly 1.5 bn pages) using over 100 forensic technology professionals from our global network. All relevant evidence was collected, reviewed and disclosed to the time and standard expected. This gave the client gave itself the best possible chance of a successful outcome to the case by ensuring no evidence was excluded and the client was on top of the evidence provided