Key capabilities Framework Case study FAQs

Compliance powered by AI

Powered by the advanced capabilities of our generative AI platform 'Kym', this solution is designed to decipher and manage the regulatory maze with unparalleled intelligence and efficiency.


It synthesises and scrutinises data, uncovering vital connections and identifying any discrepancies against KPMG's robust frameworks and controls.


Empowering compliance

KPMG’s AI turns dense regulations into a clear set of obligations, making compliance easier to understand and act upon.


Predict impact

Our AI examines your processes, detects the fine threads between obligations and risks, and strengthens these connections.


Active control optimisation

Quickly grasp an ever-evolving inventory of controls evaluated by AI against industry and KPMG gold-standard practices.

Driver KPMG compliance tracking AI
Compliance is impeded by the reality that individuals cannot hold all the knowledge about organisational processes, obligations, systems, etc. Interactive and searchable knowledge base covering obligations, risks, and controls. KPMG's Kym helps you find the right information quickly.
Critical knowledge often exits the organisation with staff turnover, and corporate restructures hamper continuity. Centralise knowledge and reference systems of record, instead of relying on human knowledge centres.
Varying compliance comprehension levels lead to inconsistent approaches to compliance management across departments. Users upskill as they interact with Kym, an AI compliance professional. Users improve their knowledge of their obligations and understand what a good control looks like.
Lapses in capturing and transferring institutional knowledge can create regulatory risks. Close gaps by running scaled AI-led analysis over obligation, risk, and control coverage. Identify gaps and receive instant insights and recommendations.
Browse the blueprint

Driver KPMG compliance tracking AI
A predominance of manual, reactive controls versus automated, preventative measures. AI evaluation of controls identifying ways to improve coverage and control effectiveness, including transitioning to automated and preventative controls.
Existence of control gaps where controls do not have the granularity to cover all compliance obligations. Assessment of control linkage to obligations and risks, including highlighting gaps and weak links.
Control environment complexity due to unnecessary duplications and inefficiencies. Automated identification of control duplication between obligations and risks, including mapping and scoring of control linkage to guide control updates.
Operational effectiveness of controls is frequently untested due to resource constraints. Automate basic control checks like obligation linkage and evaluation of descriptions, allowing Line 2 Risk and Assurance teams to focus on testing operating effectiveness.
Browse the blueprint

Driver KPMG compliance tracking AI
Not all impacts of regulatory change on business domains are readily apparent, leading to unforeseen compliance issues. Increase your team's understanding of company-wide obligations. Test breach scenarios upfront, to understand if outcomes could lead to regulatory breach events.
Reliance on self-assessment questionnaires for compliance impact is outdated and unreliable. Obligation statements are accessible and interactive to review upfront, improving accuracy of impact assessments.
It's challenging for those managing change to grasp the full scope of impacted compliance obligations. Obligation statements are accessible and interactive to review upfront, improving accuracy of impact assessments.
Rapid and complex updates to compliance standards, technology, and organisational priorities challenge timely adoption of compliance improvements. Compare existing authoritative instruments with drafts or updated versions to automatically identify changes. Compare authoritative instruments or sources (e.g. policies) for common or contradictory obligation statements.
Browse the blueprint

Key capabilities of KPMG Compliance Tracking AI

Power your compliance with KPMG's intuitive AI assistant Kym on standby, ready to answer
your questions in plain English and clarify any aspect of your compliance responsibilities.

 

Obligations

A clear, referenced inventory of your compliance obligations, so you know exactly what's required.

Insightful analysis of how well your current processes match up to these obligations, with smart suggestions for new, more efficient connections.

Risks

Creation of a comprehensive risk register that aligns with both regulations and your day-to-day operations.

Intelligent evaluations of your risk management strategies, offering recommendations to enhance safeguarding measures.

Controls

Assessment of your control descriptions against industry-leading practises, proposing new measures to ensure you meet every compliance demand.

Detailed analysis of the links between your obligations and controls, with advice on strengthening these crucial connections.

AI

Leveraging 100+ Years of KPMG Insight for Compliance Excellence

Benefit from a heritage of over 100 years where KPMG has guided clients through the complexities of regulatory compliance, reinforcing it with robust, high-quality controls.

At the core of our approach sits a sophisticated knowledge graph, grounded in frameworks and controls tailored for rigorous compliance demands, shaped by leading KPMG specialists.
AI 2

Better practice frameworks

Our approach is built upon a complex network of regulatory frameworks, inputs and outputs.

A knowledge graph is used to relate concepts that the AI can then use to recall specific details and relationships.

Browse a knowledge graph
AI 3

KPMG expert review and tuning

Tuning uplifts quality further to align to our SME’s expectations.

Outputs re-reviewed against KPMG’s quality standards.

Review and testing of solution rules and outputs for continuous improvement.

The path of an engagement


PILOT (optional)


Run a Pilot using KPMG’s secure environment to prove the benefits using your obligations, your data, and your people. We’ll work with you to select a scope area and provide resources and training to get you going.

DEPLOY


Deploy the solution into your environment or establish an accessible, dedicated instance on our side. We’ll help to configure the best solution for your needs, including alignment to your risk and compliance approach.

HOST


We host and manage the solution in our dedicated environment, providing secure access to your teams, while eliminating the need for internal infrastructure and resource allocation.

SCALE


Continuous service across your organisation to close gaps in obligation statements, identify new risks and controls, and evaluate control descriptions. Plus you’ll have ongoing access to Kym, our AI compliance assistant.

AI

Problem

The organisation had recently completed a Compliance uplift program to ensure that all obligation areas were at an acceptable level of maturity. However, in an environment of constant change and increasing scrutiny from regulators the challenge is to sustain compliance over the long term without increasing head count or external cost.
AI 2

KPMG Solution

KPMG Compliance Tracking AI enabled by Kym addresses recurring regulatory themes and compliance challenges, offering a unique, effective response to improving compliance maturity and sustainment.

KPMG Compliance Tracking AI incorporates KPMG’s regulatory risk and compliance better practices and had been trained on telecommunications sector regulations and organisation specific nuances. We are deploying the solution across all of the organisation’s obligation areas, with users from across all parts of the organisation having a Compliance co-pilot to support across the compliance lifecycle.
AI 3

Outcome

KPMG Compliance Tracking AI educates teams about quality controls, fostering continuous learning and improvement. Enhanced responsiveness to regulatory changes ensures coverage remains up-to-date, while prioritising strategic tasks over routine work boosts efficiency in risk management. Clear, actionable steps and improved compliance tracking enhance accountability and trust within the organisation’s control environment.

How KPMG helps you deliver sustainable compliance

We combine the power of AI with our deep industry insights to help you enhance the maturity of your compliance efforts.

By managing risk at speed and scale, you can protect your business against the consequences of non-compliance in an increasingly complex and fast paced regulatory environment.

Download the factsheet

The revolution of risk and compliance

(PDF 326KB)

Get in touch

Jacinta Munro blog posts
Jacinta Munro
Partner, Risk Assurance
KPMG Australia
Profile | | Phone
Levi Watters blog posts
Levi Watters
National Sector Lead, Telecommunications
KPMG Australia
Profile | | Phone
Dhawal Jaggi blog posts
Dhawal Jaggi
Partner, Data & AI
KPMG Australia
Profile | | Phone
Mark Gossington blog posts
Mark Gossington
Partner, Financial Services, Risk Strategy & Technology
KPMG Australia
Profile | | Phone

FAQs

Controls


  • I already have a GRC, with documented obligations, risks and controls. Why is this different?

    The AI Solution is not a replacement of a GRC tool, but rather, a virtual staff member that sits 'over' the GRC tool and can provide insights for you by searching and analysing what is in your GRC.

    You may have documented obligations, risks and controls - but can you, instantaneously and at any point in time, answer whether:

    • these obligations are up to date?
    • the situation you've encountered is a breach of the obligation?
    • the controls directly link to the obligations and/or risks?
    • your controls are not processes in disguise?
    • which obligations do not have associated controls?
    • the situation you've encountered indicates which controls have failed?

  • How will this solution support my compliance management practices?

    The AI Solution acts as an additional 'SME' within your existing Risk, Compliance and/or Assurance functions. It is intended to support the prioritisation of your team's time by providing answers through the search and analysis of your GRC system.

  • Which parts of the three lines of defence model is this solution geared towards?

    The AI Solution has multiple features and functionalities, tailored to all three parts of the three lines of defence model.

    For example:

    • Those in the Business (Line 1) are able to use this capability to identify and understand their obligations, or develop strong and robust controls accordingly
    • Those in Central Risks/Compliance/Assurance (Line 2) are able to use this capability to determine the extent of obligation area coverage and oversight.
    • Those in Internal Audit (Line 3) can use this capability to understand the current controls (normally done through preliminary walkthroughs) prior to assessing design and operating effectiveness.

Obligations


  • How will this solution help me understand my regulatory obligations?

    The solution scans through obligation sources to identify key obligations. It can interpret complex legislative language and guidelines, and translate them into easy to understand statements. This allows organisations to quickly grasp their compliance responsibilities and take next steps like managing risks and controls.

  • What types of obligation sources can the solution read?

    The solution can ingest and read many different authoritative instruments including legislation, codes, acts, industry guidelines, policies and more. Any source with written regulatory or compliance requirements is compatible.

  • Can the solution help me manage updates to obligation sources?

    Yes. The solution can compare updated or different source documents to identify changes and differences and update obligation statements accordingly. This enables your obligations register to remain current with the latest requirements. You can also assess obligations in 'Draft' source documents, to stay ahead of upcoming changes.

Education


  • Can you tell me more about the AI compliance chat agent in the solution?

    The AI chat agent serves as an on-demand compliance expert. Users can interact with it through a conversational interface to ask questions about their regulatory obligations, controls, or any other part of the solution. The chat agent uses the context of the data it has reviewed to provide informed responses.

  • Can the AI chat agent help with specific regulatory queries?

    Yes, it can. The chat agent is capable of understanding and answering specific questions relating to the compliance documents it has processed.

  • Will the AI chat agent help me improve my risk and compliance knowledge?

    Users gain a deeper understanding of compliance through interaction with the AI solution. Not only does this capability support you in identifying and understanding obligations and controls, but also is an educational platform offering explanations, examples, and further insights into compliance requirements and results.

Technical


  • Where is my data going?

    All of the data processed by KPMG Compliance Tracking AI is sent only to Australian data centres where it is processed on a private OpenAI instance. Your data is not shared with the public OpenAI models for training, and is not retained by KPMG for model development.

  • How do you tackle hallucination and model drift?

    Our solution tackles hallucination in a range of ways, but most importantly:

    • Limiting the context and scope of questioning for the AI through curation of the data used by the model as well as careful orchestration of prompts into discrete components. By avoiding open ended questions and an unconstrained data set (such as the public GPT training set) we can nearly eliminate the risk of any hallucination.
    • Rigourous testing of outputs by our developers and SME team members to ensure accuracy and consistency in outputs, feeding into progressive refinement of prompts and approaches to using the AI. This has resulted in a robust testing suite that we can re-run at each version release to avoid any risk of model drift over and ensure that outputs continue to meet the standard we expect.

  • What technology is KPMG Compliance Tracking AI built on?

    KPMG Compliance Tracking AI is built on a stack entirely constructed from standard Azure components. There are no proprietary platform components in the solution. While we are focused on the Microsoft Cloud we have support options available for organisations using other cloud platforms (i.e. Google, Amazon) which we can discuss with your architects.

  • How is the solution hosted?

    KPMG Compliance Tracking AI has been designed as a deployed application which we support in your environment leveraging your infrastructure. KPMG can also host the solution within our infrastructure if that is preferred.

Related services

Artificial intelligence category
KPMG's Artificial Intelligence hub

Read the latest AI insights, discover our services, and sign up for updates.

Digital journey
Digital-driven transformation category
Digital Services

KPMG helps reimagine and reinvent organisations to become leading digital enterprises.

Tech Innovation category
AI Consulting Services

Enhanced decision-making through process design, analytics and data-driven AI technology.

Related insights

Artificial intelligence category
Generative AI – Changing the game with KymChat

Learn how the team navigated risk to deliver KPMG KymChat in record time.

Artificial intelligence category
Navigating AI: analysis and guidance on use and adoption

AI development, use and adoption guidelines.

Intelligent automation category
Boost productivity with Microsoft Copilot for Microsoft 365

Accelerate business with your Copilot for Microsoft 365 implementation.