Solution Talk Book November 2013 1 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis--vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. FOR INTERNAL USE ONLY Our clients need help both in understanding and managing IT Risk IT risk has matured from a specialist element of operational risk management to a recognized and priority strategic risk: 38% of organisations defined top risks relate to Information Technology 55% have difficulty in dealing with IT risk 57% note that the pace of change in IT has increased their overall risks * Identified by KPMG in co-operation with the Economist Intelligence Unit between 2005 and 2013 IT risk is an executive-level concern that should priority in the global market, but one which our clients are ill prepared to manage Yet effective IT risk management remains a key and growing challenge for our clients: 40% of risk managers rate their understanding of IT risks as moderate or poor 42% cite poor communication between the IT and risk functions as a significant difficulty in managing IT risk 66% of C-levels are dissatisfied with risk management around IT Systems 2 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis--vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. FOR INTERNAL USE ONLY A gap exists in the market for helping clients setup and optimise their IT Risk Management systems Risk Management Information Systems are outside of the reach of many of our clients: 36% of organisations find implementation complexity of available solutions a key barrier Typical GRC implementations cost organisations between $200,000 and $600,000 (including software, hardware, and implementation services). Over 70 percent of clients expect to increase their spending on risk management technology over the next three years ~ from a 2012 Deloitte survey The only other actor in this space (outside of GRC solution vendors) is Deloitte - already a partner with IBM in implementing their GRC platform OpenPages.
Forrester research shows a lack of available mature and fit-for-purpose IT Risk Management solutions only 47% of needs met.
KPMG has an established relationship with BWise, a leading GRC platform, and has the necessary skills and experitse. 3 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis--vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. FOR INTERNAL USE ONLY KPMG can offer our clients an IT Risk Management system that can scale with the organisation Clients benefits include: efficiency benefits faster report aggregation decreased audit costs faster time to remediate control deficiencies strategic performance benefits better strategic decisions using risk and compliance information The proposed solution will leverage existing knowledge and systems to provide clients with the immediate benefit of visibility over the key Operational and Strategic Risk elements of IT Charter, TOR, Policy Gap analysis IT Risk Framework Facilitated definition Industry benchmark Emerging risks IT Risk Universe Risk-appetite linked Combined assurance plan IT Risk Control Catalogue Indicator identification Analytics services Benchmarking Risk and Control Indicator Analytics Loss data aggregation Risk trend reporting Risk-based Decision Support Report templates Content vetting Training Board Risk Reporting Services 4 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis--vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. FOR INTERNAL USE ONLY Enhancing KPMGs services and business Integrates a number of disparate services and offerings into a single, client-focused offering, re-uses existing technology and skills Leverages a low-cost Centre of Excellence Software-as-a-Service model Is ideally suited to Africa, but has Global applicability Creates avenues to leverage our BWise partnership Provides a platform to integrate with other service lines FRM Enterprise Risk Framework Forensics use of CA/CM Cost of development $100,000 Potential client take-up %25 of advisory clients ~ 7 anchor clients Projected Fees Risk Framework $9,000 setup Risk Universe $8,000 setup Control Catalogue $10,000 setup Indicator Analytics $12,000 setup, $2,000 p/a Decision Support $5,000 setup, $1,000 p/a Board Reporting $4,000 setup, $1,000 p/a Payback Period 100% @ 7 anchor clients Thank you Presentation by Robb Anderson All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. 2013 KPMG Services Pty Ltd, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.