During these times of significant disruption, many organisations are undergoing transformation to remain competitive, viable and relevant to their customers and stakeholders. This rapidly changing environment presents a myriad of new risks and challenges, and with transformation programs moving at pace, losing control of what is happening internally is easy.
Critical areas of heightened risk such as fraud, regulatory compliance, cyber security as well as developments in the ESG space require organisations to focus on: building robust and outcomes-focused controls frameworks, improving culture, delivering on their key committments and making a step change in internal risk and controls management. All without incurring prohibitive costs.
A one size approach doesn’t fit controls transformation. It should be tailored, suiting your organisation’s needs, culture, ways of working and strategy.
Key questions to consider
- Who sets the standards for controls? Does everyone in the organisation understand what is expected of them when it comes to controls? It’s essential that the overall tone is set from the top.
- Who is responsible for designing the controls? Is there a clear ‘design authority’ who ensures the appropriate standards are maintained and there are no significant control gaps or weaknesses?
- Who operates the controls? The entire organisation must be clear about who owns and executes the controls.
- Who determines how controls are monitored, tested and reported, and who owns this function? There needs to be end-to-end visibility and assurance that the risks are being managed to the appropriate standards.
- What tools are you going to use? It is important that there is appropriate tooling in place to support the operation of control and facilitate the efficient, accurate and reliable capture and reporting of risk and control information.
- There is one final, but critical, component: culture and behaviours. Do you have the right culture and behaviours to support the effective operation of your control framework?
KPMG Controls Framework
How KPMG can help
Our approach blends governance, controls, automation, culture and behaviours.
It helps you focus on what’s most critical for your organisation, whilst effectively managing the costs. KPMG can help you deliver a robust and sustainable controls environment through the following services.
Controls diagnostic
What we do
Scan assessment of your control environment to establish maturity and compare to leading industry practices and international standards (e.g. Committee of Sponsoring Organisations of the Treadway Commission (COSO), Controls Objectives for Information and Related Technologies (COBIT), National Insitute of Standards and Technology (NIST).
Key benefits
This will help you quickly understand your current controls maturity and identify any potential gaps or weakness that require immediate attention. Furthermore, a controls scan provides great insights in to how well an organisation is being managed.
Cost of controls
What we do
Assessment of the true spend on controls including direct cost of controls execution and monitoring as well as any ‘hidden costs’ (e.g. due to controls failures.
Key benefits
Our assessments show that some organisations spend as much as $2,000-$3,000 to operate (execute, monitor and test) one control.
With some organisations operating hundreds of controls, understanding the overall cost of controls is critically important and can lead to significant savings.
Critical controls
What we do
Identification and assessment of must have or critical controls across the most pertinent areas of risk (‘business as usual’ and/or during a crisis).
Key benefits
Once conducted, organisations can better prioritise resources, invest in controls that help achieve business outcomes and optimise assurance spend (e.g. potentially reduce audit costs).
Controls framework design and implementation
What we do
Assistance with establishing and implementing robust and outcomes-focused controls frameworks (e.g. financial, cyber, enterprise-wide).
Key benefits
Having a well-documented and robust controls framework allows boards, audit committees and management gain transparency over the operating effectiveness of controls. A strong framework also reduces costs and creates best practice that can be shared across the organisation.
An effective framework allows the business to be managed more effectively and to optimise its risk management efforts. Ultimately, this minimises ‘surprises’ or instances where controls failed.
Controls automation
What we do
Assistance to help organisations transition to more optimised and automated controls environment through the use of innovative technology and tooling, including robotic process automation, artificial intelligence, data analytics and powered enterprise.
Key benefits
Our assessments show that some organisations spend as much as $2,000-$3,000 to operate (execute, monitor and test) one control.
Rationalising, digitising and automating controls will ensure a more robust, proactive approach focused on risk prevention and early detection of any potential controls failures.
ESG In Control
Organisations must have effective and efficient controls that align with their ESG strategy.
KPMG can help design and implement robust and fit-for-purpose ESG control frameworks, tailored to align with organisation’s ESG strategy and commitments.
This includes:
- performing a controls gap analysis against leading practice ESG controls and assess the overall controls maturity of the organisation
- developing an ESG controls framework and documenting key ESG controls in place (ESG Risk & Controls register)
- uplifting the current approach to ESG controls, for example, improving how data and automation capabilities are used more effectively to support the effective operation of the control framework.
Find out more
Get in touch below and subscribe for Risk & Governance Insights direct to your inbox.