close
Share with your friends

During these times of significant disruption, many organisations are undergoing transformation to remain competitive, viable and relevant to their customers and stakeholders during these times of significant disruption. This rapidly changing environment presents a myriad of new risks and challenges, and with transformation programs moving at pace, losing control of what is happening internally is easy.

Critical areas of heightened risk such as fraud, regulatory compliance, cyber security as well as recent business continuity events require organisations to focus on: building robust and outcomes-focused controls frameworks, improving culture, and making a step change in internal risk and controls management. All without incurring prohibitive costs.

A one size approach doesn’t fit controls transformation. It should be tailored, suiting your organisation’s needs, culture, ways of working and strategy.

Key questions to consider

  • Who sets the standards for controls? Does everyone in the organisation understand what is expected of them when it comes to controls?
    It’s essential that the overall tone is set from the top.
  • Who is responsible for designing the controls? Is there a clear ‘design authority’ who ensures the appropriate standards are maintained and there are no significant control gaps or weaknesses?
  • Who operates the controls?
    The entire organisation must be clear about who owns and executes the controls.
  • Who determines how controls are monitored, tested and reported, and who owns this function?
    There needs to be end-to-end visibility and assurance that the risks are being managed to the appropriate standards.
  • What tools are you going to use?
    It is important that there is appropriate tooling in place to support the operation of control and facilitate the efficient, accurate and reliable capture and reporting of risk and control information.
  • There is one final, but critical, component: culture and behaviours. Do you have the right culture and behaviours to support the effective operation of your control framework?


KPMG Controls Framework

  

KPMG controls framework infographic


How KPMG can help

Our approach blends governance, controls, automation, culture and behaviours. It helps you focus on what’s most critical for your organisation, whilst effectively managing the costs. KPMG can help you deliver a robust and sustainable controls environment through the following services.

Controls diagnostic

What we do Key benefits
Scan assessment of your control environment to establish maturity and compare to leading industry practices and international standards (e.g. Committee of Sponsoring Organisations of the Treadway Commission (COSO), Controls Objectives for Information and Related Technologies (COBIT), National Insitute of Standards and Technology (NIST). This will help you quickly understand your current controls maturity and identify any potential gaps or weakness that require immediate attention. Furthermore, a controls scan provides great insights in to how well an organisation is being managed.

Cost of controls

What we do Key benefits
Assessment of the true spend on controls including direct cost of controls execution and monitoring as well as any ‘hidden costs’ (e.g. due to controls failures).

Our assessments show that some organisations spend as much as $2,000-$3,000 to operate (execute, monitor and test) one control.

With some organisations operating hundreds of controls, understanding the overall cost of controls is critically important and can lead to significant savings.

Critical controls

What we do Key benefits
Identification and assessment of must have or critical controls across the most pertinent areas of risk (‘business as usual’ and/or during a crisis).

Once conducted, organisations can better prioritise resources, invest in controls that help achieve business outcomes and optimise assurance spend (e.g. potentially reduce audit costs).

Controls framework design and implementation

What we do Key benefits
Assistance with establishing and implementing robust and outcomes-focused controls frameworks (e.g. financial, cyber, enterprise-wide).

Having a well-documented and robust controls framework allows boards, audit committees and management gain transparency over the operating effectiveness of controls. A strong framework also reduces costs and creates best practice that can be shared across the organisation. An effective framework allows the business to be managed more effectively and to optimise its risk management efforts. Ultimately, this minimises ‘surprises’ or instances where controls failed.

Controls automation

What we do Key benefits
Assistance to help organisations transition to more optimised and automated controls environment through the use of innovative technology and tooling, including robotic process automation, artificial intelligence, data analytics and powered enterprise.

Rationalising, digitising and automating controls will ensure a more robust, proactive approach focused on risk prevention and early detection of any potential controls failures.

Watch the webinar

Meet the team

Connect with us

Related information

Related information