How we have helped companies with important business issues:
- KPMG helped a life sciences company review its current environment; identify any gaps prior to Archer 6.x upgrade; perform the upgrade across its development, test, and production environments; and complete an end-to-end validation post upgrade. The client received a fully upgraded platform where current users were not impacted. In addition, new users onboarding onto the Archer platform will get to work with the latest features offered by the tool.
- To help a healthcare services and distribution company with its board-level initiative to enhance manual third-party risk management processes, KPMG worked to achieve a single repository for IT policies and issues that can be used for roll-up reporting at the enterprise level. In addition, the client was able to operationalize its third-party risk processes and report third party risk to the board.
- A regional financial services organization needed a way to report on its overall cybersecurity posture to the board and measure its assurance against NIST CSF. KPMG provided Archer strategy and implementation services, and by completion of the project, the client was able to operationalize a Cybersecurity Assurance Program, measure maturity across the NIST CSF framework, and identify any deficiencies for continuous cybersecurity improvement.
- At a major wireless network operator, manual GRC processes were labor intensive and minimally leveraged across different organizations within the enterprise. KPMG assisted in the development and implementation of reengineered GRC processes using the Archer platform. This resulted in an enabled unified GRC platform integrating its previously disparate GRC processes with a unified framework aligned to industry standards and leading practices. Our work enabled a centralized view of GRC issues, events, and unresolved findings and improved accountability and tracking.
- A major oil and gas company strived to be a leading organization in information risk management but was faced with a number of different systems, controls, processes, and assurance structures that did not allow for maximum value to be achieved from its business model. By implementing the Archer eGRC solution, KPMG was able to establish a consistent platform for risk, compliance, and incident management processes. KPMG delivered a program of behavioral change management that prepared the workforce for the new technology and enhanced processes.
- KPMG helped a leading insurance company replace a Sarbanes-Oxley (SOX) compliance point solution that was not user friendly and had become bloated from over a decade of use and was not able to provide effective workflows necessary to ensure a managed end-to-end SOX management process. We helped deliver a wide-ranging SOX compliance program that is managed within Archer. Mature SOX and issues management processes were developed and agreed upon by all stakeholders, providing an enhanced yet consistent approach to addressing these areas.
- A global media and entertainment organization conducted unstructured and uncoordinated IT GRC activities and improvement initiatives with limited integrated vision for IT GRC. It had limited program governance and oversight, with limited direction and knowledge of IT GRC strategy and no single channel for policy-related issues and guidance. KPMG provided visibility and organization of IT GRC issues to management, provided a peer assessment, formalized known improvement areas by establishing them into project charters to ease implementation, and provided a two-year road map to formalize the IT GRC program.
- A large multinational financial services company engaged KPMG to assist the company with development of a GRC strategy and an Archer eGRC road map that would allow the company to track enterprise risk, IT risk assessments, application assessments, related issues management, and foundational elements. Upon completion of the project, the company is now enabled to provide its executive stakeholders real-time enterprise-wide status updates on enterprise risk management and enterprise technology risk assessment such as IT risk assessments and application assessments and enhanced with related issues management activities through a single platform.