Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

A guiding North Star for cyber risk strength

KPMG helped a FORTUNE 500 omnichannel retailer's enterprise risk team assess and strengthen cloud risk management practices.


A leading Fortune 500 omnichannel retailer


Consumer and Retail


Google Cloud cyber security platform and cyber risk assessment

Client challenge

An omnichannel retailer had become a Fortune 500 household name by investing in innovation, managing risk every step of the way, and keeping long-term strategy in mind, regardless of the immediate challenge. Its multiyear information technology (IT) transformation journey is no exception.

As the company embraces the possibilities of Google Cloud Platform (GCP), it asked KPMG to assess and help strengthen its cloud risk management practices, with larger business objectives.

Moving through a multiyear digital transformation, this company counted on KPMG to help it ensure that governance is an IT value lever.

Key KPMG initiatives

KPMG helped the company assess current risk posture and develop a framework for ongoing monitoring of platform security and resiliency. Working with the company’s Enterprise Risk team, we leveraged the company’s existing cyber risk audit assets and experience with GCP to deliver a set of risk frameworks aligned to key cloud resources and risk domains. KPMG:


Conducted stakeholder discussions to assess the cloud roadmap, GCP services, third-party application development tools, and data types for cyber risk resilience.


Designed a set of technical audit guides that capture resource-specific risks, outline controls and configuration settings by vendor platform, and set forth testing approaches.


Incorporated additional, sector-specific customer data security and regulatory knowledge to configure the audit program to the company’s needs.


Tested controls to identify gaps in current processes, communicated critical risks to leadership periodically, and provided recommended actions to mitigate risks.

Business impact

With the help of KPMG, the Enterprise Risk team has identified key risks across the cloud platform and developed a foundational framework for ongoing management of risk and controls in GCP. Specific benefits include:


Governance leveraged as an IT value lever, as the company moves through a multiyear digital transformation.


Visibility into critical security, resiliency risks and misconfigurations, as the company continues adoption of GCP.


Framework for ongoing monitoring, audit visibility across GCP platform configuration to help ensure consistent application of appropriate processes, configurations and access model.


  • Strength and knowledge deliver a winning combination

    The KPMG next-generation alliance with GCP synergizes Google strengths in cloud-enabled IT transformation, with our own domain experience in risk, regulatory compliance, and enterprise deployment.

  • We know cyber security

    The right cyber strategy is an investment in the growth of the business, protecting and enabling the business to move at speed and pace. Our experience in cyber risk and security response combines that strategic perspective with tactical knowledge in areas such as security controls, cloud data storage, backup and recovery, and enterprise implementations.

  • We understand that risk and governance are value levers

    Organizations count on KPMG to bring a high-level strategic perspective to the design and implementation of technology-intensive risk and governance processes, including dimensions of compliance, effectiveness, cost, and resilience.

Dive into our thinking:

A guiding North Star for cyber risk strength

Download PDF

Meet our team

Image of Sai Gadia
Sai Gadia
Partner, Cyber Security Services, KPMG LLP

Explore related content

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.