Business System Controls

Business System Controls

KPMG provides services that can help organizations manage risk by facilitating its identification of risk and the design of effective controls

KPMG provides services that can help organizations manage risk by facilitating...

Advanced integrated systems can help organizations design business processes that minimize costs. Risk management is a fundamental component of any large system implementation, regardless of whether applications are standard ERP packages (such as SAP, PeopleSoft or Oracle), or are custom-built to meet specific business requirements.
The speed with which new systems are implemented is critical to profitability. As such, designing and implementing effective controls and security are not always emphasized. Such an oversight can lead to inadequate process controls, high levels of security risk, or other system failures.

How KPMG Can Help
KPMG member firms provide services that can help organizations manage risk by facilitating its identification of risk and the design of effective controls.

Our Business System Controls services help companies verify that optimal system controls relating to a major application implementation are in place and operating effectively.

We provide four component services that can be delivered individually or in combination, depending on the project scenario:

Business Process Controls – evaluation and design of system-based and manual controls around application business processes.
Information Security Controls – evaluation and design of information security controls to help provide effective, efficient, and secure access to information within the system.
IT operational Controls – evaluation and design of controls associated with the operation, support, and maintenance of the technical environment.
Data Quality/Integrity Controls – evaluation and design of controls associated with required master data set-up, data conversions, and data interfaces.

Our approach
The success of our Business Systems Controls projects is directly related to our structured, yet flexible, approach.

Our engagements are successful because:

Our service teams comprise a range of professionals with complementary skill sets
We use proprietary tools and resources
We have the ability to team with implementation personnel or client management.

Our BSC services can address the implementation life cycle for controls, from review and evaluation through to design and implementation. We support various project scenarios with services such as:

End-to-end support – Intended to support clients who are just beginning or are in the early stages of a major system implementation effort.
Pre/post-implementation review – Geared toward clients who are in the final phase of a major system implementation effort.
Specific client requests – Designed to assist clients who request the review of a specific control area within the context of their overall application environment.


The design and implementation of efficient operational and financial controls within business processes. We make good use of the controls features available within the system while developing manual controls where needed.
A focus on controls throughout the project life cycle where critical configuration and business-change decisions are made.

Minimization of potential risks rising from control failures which may have an impact on Financial Statement Audit and may jeopardize company’s internal controls effectiveness.
A security approach that supports business process control objectives and protects sensitive information.
The integrity of operational and financial information is maintained throughout the system transition. We evaluate the operational and financial implications of data cleansing, consolidation, and reconciliation differences during data conversion and system interface activities.

Good practice IT control feedback based on our breadth of experience in IT risk management, system implementations, and information security.

Connect with us