Getting IPO ready—with no margin for error
For the leadership team at a large consumer goods company, the decision to go public wasn’t just about financial growth. It was about elevating the capabilities of their entire organization and firmly positioning the company and its people to thrive in a fiercely competitive market.
But they faced a stark reality: The IT environment, which had served them so well as a privately held company, felt suddenly outdated, uncontrolled, and not ready for the rigorous compliance standards required of a public company. That posed an enormous risk to the executive team’s mission-critical goal of an IPO within 18 months. To meet that timeline, the company would need to deconstruct its current approach and rebuild a robust controls environment that could withstand the scrutiny of auditors and public markets, safeguard against operational risks, and ensure compliance with Sarbanes-Oxley (SOX) and other SEC requirements.
With little margin for error, the company asked KPMG to help it resolve the interconnected challenges in its existing controls framework, which included:
- Unmitigated financial risk: The existing controls framework contained gaps that could lead to unmitigated risks, audit findings, and material misstatements.
- Inconsistent technology controls: Without a standardized information technology general controls framework, the company was at risk of material weaknesses post-IPO.
- Fragmented governance: SAP was managed by IT, but other critical systems were independently owned by HR, finance, and sales, creating operational silos and inconsistent controls, policies, and processes.
- Disparate access management: Highly customized and manual processes for managing access to programs and data heightened the risk of human error and security vulnerabilities.
- Segregation of duties (SOD) conflicts: The lack of cohesive access controls in the core SAP environments posed significant SOD issues, increasing the risk of security breaches and compliance failures.