Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

SOX compliance in a new financial reporting system

Keeping an engineering firm compliant and confident through a financial reporting transformation


Jacobs Engineering Services


Engineering Services


Oracle Cloud Security and Controls

Internal Audit and Enterprise Risk Management

A global engineering firm was undertaking of a years-long Oracle Financial Systems transformation when it realized that there were gaps in the system’s compliance controls, especially around Sarbanes-Oxley (SOX). The firm asked KPMG LLP to help identify and address the risks.

With a deep understanding of both Oracle and SOX, KPMG configured the Oracle program to meet the client’s business needs.  We assisted Jacobs Engineering in implementing business process controls across accounting, procurement, and other operations. We assessed the security access conflicts and helped the client strengthen segregation of duties across transactional access, master data access, and application settings. The completion of this project ensured Jacob’s Engineering could launch their new Oracle Cloud solution with confidence from a compliance perspective.


The implementation of the Oracle system inadvertently created compliance gaps with potential financial and reputational risks for the client. KPMG identified multiple areas for improvement.


Control matrices needed to be updated to account for the new capabilities and ways of working introduced by Oracle Cloud.


Custom Oracle Cloud security roles did not account for segregation of duty risks and sensitive access.


New key reports for SOX controls needed to be design and tested for completeness and accuracy.
YouTube thumbnail image


Billy Allen:

Jacobs is an engineering and consulting firm. We provide engineering solutions for companies across a lot of different markets.

I'm Chief Accounting Officer and Senior Vice President for Jacobs.

The company has been an Oracle shop for a number of years. Most recently, probably about two-thirds of the company is on an R12 on-prem platform. The rest of the company has been on a group of disparate systems, and we like the idea of Oracle Cloud being a really good solution for that group of companies and with their disparate systems to come together into one.

SOX challenges were pretty common. It was around getting good documentation and completeness of what our SOX control structures were that were in scope, that were associated with all of those disparate systems, and how to determine the bridge of how you were going to go from that portfolio of key controls in those old systems to the portfolio and what it would look like under this one common solution with Oracle Cloud.

It's about preparation at the very beginning, end to end, communicating with all the stakeholders, whether it be process owners, whether it be SteerCo members, executive management, members of the board, and the audit committee, helping them understand what the process is going to look like, not only the IT side, but also the business process side that's going to be affected by a conversion of this size.

Definitely get prepared. Communicate early. Learn the as is model of what you are converting from. Learn that backwards and forwards. It will enable the team to know what good is going to need to look like and be in a position to say, "Hey, we're ready on all fronts. The technology's working, the controls are working, the teams are trained. Everything is ready to go."

KPMG has been a partner for many years. There was a lot of familiarity with our policies and our procedures and our people, and that was really a winning combination that made the choice about who we would work with a pretty simple one, actually.

KPMG, professional, first class, very communicative. And one of the best things about working with them on this project was their collaboration with our other external advisors who were also members of the Big Four, including our audit firm. And to this day, I talk to the team about how that made such a huge difference and was really a game changer for us to be able to cut over and convert to this first phase in the timeframe that we were able to do.

They brought the subject matter expertise into the conversations that helped us determine where we needed to look and also helped us build the tools that we want to use in the future that will help us get better at that really critical part of a conversion. They also knew what our requirements were going to be from an audit perspective.

I thought it said a lot about KPMG, that they saw the need to be collaborative and be nothing else except collaborative the entire time. When I think about capabilities and subject matter expertise on the system control side, definitely the experience speaks with the KPMG team. Their organization, their approach to the project is very intuitive from the client perspective.

I like how KPMG was able to assess the situation and immediately start to develop action plans that we needed to act upon. And you don't do that unless you have a lot of good experience and background. On the IT side and on the business process side, we couldn't have done it without KPMG, and we'd give them a very strong recommendation for other opportunities to do more of this work for other clients.

It’s the journey from potential non-compliance and all the risks that entailed to being compliant and being confident in the reliability and accuracy of the systems and related controls.

Jose Rios

Director, Advisory, KPMG LLP

Key KPMG initiatives

To ensure the new system was SOX compliant, KPMG internal audit and Application Security and Controls professionals worked closely with the client to assess operations and reporting structures.


We identified compliance risks and configured the Oracle system to eliminate them.


We lessened or eliminated risks by preventing access to conflicting duties, and we strengthened segregation of duties.


We identified new security requirements, designed and built roles, tested them, and supported the users through go-live.


We worked seamlessly with client counterparties and third-party advisors to complete the project successfully in a tight timeframe. 

Business impact

Today, due to KPMG involvement, the company is confident in its compliance practices, including its SOX reporting. 


With the adjustments made to the system, the company can take full advantage of the power of Oracle software.


Automation has replaced many functions previously performed manually; and has made reporting faster and more accurate.


With compliance now built into the system, the company can move forward with greater confidence than was previously possible.


  • We know Oracle and we know compliance
    KPMG combines long history as an Oracle partner with unsurpassed SOX experience. We bring internal audit professionals and enterprise risk experts together with our Oracle application security and controls experts, who support the technical aspects of managing both risk and SOX requirements.

  • We work well with others
    Our knowledge of business processes, compliance requirements and technology, coupled with our proven ease in collaborating with third parties to advance our client’s interests continue to make KPMG a natural choice for configuring Oracle systems to meet the compliance needs of clients around the world.

  • We have built a record of outstanding performance
    KPMG has a long history of helping companies implement transformations smoothly and efficiently. As a valued Oracle Alliance partner, we can harness the software’s power to help clients transform their front, middle and back office, empower users, all while protecting information and staying compliant with financial reporting requirements. 

Meet our team

Image of Laeeq Ahmed
Laeeq Ahmed
Managing Director, GRC Technology, KPMG US
Image of Jose Rios
Jose Rios
Manager Advisory, GRC Technology, KPMG LLP

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.