Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

SOD 3.0: Next-generation separation of duties for the modern ERP

Four pillars upon which to build a persistent SOD framework

Increasing complexity, increasing risk

Multiple ERPs and enterprise applications from myriad vendors. Regular cloud-based software updates. Shifting employee and department responsibilities. Changing regulations and standards. All of these common factors complicate risk management and enterprise-wide controls.

To compete effectively in today’s global marketplace, companies must embrace digital information and emerging technologies. Yet, these advances can also make the organization more vulnerable to data access and security risks

Innovation, for better and for worse 

In the last five years, many companies have moved from one large ERP platform to multiple vendors and a mix of cloud and on-premise deployments. In this hybrid application landscape, companies can pick and choose among best-of-breed offerings, building an enterprise technology platform that meets their specific needs.  

However, even with the same vendor, buyers face challenges from cross-application risk in addition to multiple security models. Given the ease of acquiring cloud-based applications, business leaders are often adding new solutions without involving IT, which typically is more familiar with cloud security and compliance requirements. More applications means more workflows, automation, and integration points, as well as more sets of mitigating or compensating controls that have to work together. And, after initial implementation, companies also must manage the cascading impacts of mandatory software updates in addition to the introduction of enterprise applications into the landscape.

Overwhelmed by the complexity, many organizations are doing the bare minimum to ensure separation of duties (SOD) controls on an entity-wide basis.

A new approach in SOD

KPMG SOD 3.0 is a next-generation approach that uses predefined role definitions that are directly aligned with front-, middle-, and back-office business processes. These predefined roles are designed to work with application controls and address data security, user access administration risk, and compliance requirements. They continue to protect the organization long after they are put into place by adapting to changing business needs.

Cowritten with Fastpath, this article provides insight on how organizations can implement the SOD 3.0 approach to ensure SOD controls on an entity-wide basis.

Dive into our thinking:

SOD 3.0: Next-generation separation of duties for the modern ERP

Advances in digital information and emerging technologies can make the organization more vulnerable to data access and security risks.

Download PDF

Explore more

Guiding Insurers through IT Application Risks

The tools needed to add further value to the specific policy, billing, and claims processes for Insurance organizations.

Read more

Meet our team

Image of Mick McGarry
Mick McGarry
Principal, Advisory, GRC Technology, KPMG US
Image of Joseph Franczkowski
Joseph Franczkowski
Advisory Managing Director, GRC Technology, KPMG US

Explore other services tailored to your business

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline