Today’s enterprises are faced with new challenges in managing the risks to an increasing volume of data, adhering to information protection requirements, meeting business resiliency needs, and addressing enterprise governance, risk, and compliance management (GRC).
KPMG delivers our clients RSA Archer services, driven by a strong set of established methodologies that have been tried and tested across multiple large-scale GRC deployments. Each service has purpose-built tasks that will help realize industry-standards-based benefits of RSA Archer as well as a “process-first” viewpoint of KPMG with a well-heeled approach to project management and comprehensive organizational change management.
KPMG has unique insight into RSA Archer as both a partner and a customer. Our RSA Archer Certified Consultants, who implement our own internal RSA Archer solutions, also deliver RSA Archer services to our clients, allowing KPMG to share our experiences with our clients and help them avoid common pitfalls during their implementation.
KPMG integrates our in-depth understanding of Governance, Risk and Compliance (GRC) management processes with the technological capabilities available in the RSA Archer Suite to improve and report on enterprise risk and compliance needs including IT, security, business resiliency, and third party risks, amongst others. We deliver our clients strategy, implementation roadmap, configuration, and enablement of specific GRC processes and holistic GRC programs on the RSA Archer platform. This range of services enables our clients to take smart, flexible approaches to the adoption of the RSA Archer platform.
How we have helped companies with important business issues:
- KPMG helped a life sciences company review its current environment; identify any gaps prior to RSA Archer 6.x upgrade; perform the upgrade across its development, test, and production environments; and complete an end-to-end validation post upgrade. The client received a fully upgraded platform where current users were not impacted. In addition, new users onboarding onto the RSA Archer platform will get to work with the latest features offered by the tool.
- To help a healthcare services and distribution company with its board-level initiative to enhance manual third-party risk management processes, KPMG worked to achieve a single repository for IT policies and issues that can be used for roll-up reporting at the enterprise level. In addition, the client was able to operationalize its third-party risk processes and report third party risk to the board.
- A regional financial services organization needed a way to report on its overall cybersecurity posture to the board and measure its assurance against NIST CSF. KPMG provided RSA Archer strategy and implementation services, and by completion of the project, the client was able to operationalize a Cybersecurity Assurance Program, measure maturity across the NIST CSF framework, and identify any deficiencies for continuous cybersecurity improvement.
- At a major wireless network operator, manual GRC processes were labor intensive and minimally leveraged across different organizations within the enterprise. KPMG assisted in the development and implementation of reengineered GRC processes using the RSA Archer platform. This resulted in an enabled unified GRC platform integrating its previously disparate GRC processes with a unified framework aligned to industry standards and leading practices. Our work enabled a centralized view of GRC issues, events, and unresolved findings and improved accountability and tracking.
- A major oil and gas company strived to be a leading organization in information risk management but was faced with a number of different systems, controls, processes, and assurance structures that did not allow for maximum value to be achieved from its business model. By implementing the RSA Archer eGRC solution, KPMG was able to establish a consistent platform for risk, compliance, and incident management processes. KPMG delivered a program of behavioral change management that prepared the workforce for the new technology and enhanced processes.
- KPMG helped a leading insurance company replace a Sarbanes-Oxley (SOX) compliance point solution that was not user friendly and had become bloated from over a decade of use and was not able to provide effective workflows necessary to ensure a managed end-to-end SOX management process. We helped deliver a wide-ranging SOX compliance program that is managed within RSA Archer. Mature SOX and issues management processes were developed and agreed upon by all stakeholders, providing an enhanced yet consistent approach to addressing these areas.
- A global media and entertainment organization conducted unstructured and uncoordinated IT GRC activities and improvement initiatives with limited integrated vision for IT GRC. It had limited program governance and oversight, with limited direction and knowledge of IT GRC strategy and no single channel for policy-related issues and guidance. KPMG provided visibility and organization of IT GRC issues to management, provided a peer assessment, formalized known improvement areas by establishing them into project charters to ease implementation, and provided a two-year road map to formalize the IT GRC program.
- A large multinational financial services company engaged KPMG to assist the company with development of a GRC strategy and an Archer eGRC road map that would allow the company to track enterprise risk, IT risk assessments, application assessments, related issues management, and foundational elements. Upon completion of the project, the company is now enabled to provide its executive stakeholders real-time enterprise-wide status updates on enterprise risk management and enterprise technology risk assessment such as IT risk assessments and application assessments and enhanced with related issues management activities through a single platform.
KPMG and RSA together
Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities. Any trademarks or service marks herein are the property of their respective owners.