KPMG Canada’s IT Advisory Services
Helpingclientsaddresstoday’stechnologyagenda
9
ISGovernanceandPerformance
8
InfrastructureandContinuity
7
Green/SustainableIT
6
EnterpriseArchitecture
5
DueDiligence
4
CostOptimizationforIT
3
BusinessSystemsAdvisory
2
AssetManagementandContractCompliance
18
SolutionandVendorEvaluation
17
SecurityServices
16
RecordsandKnowledgeManagement
15
ITValue
14
ITStrategy
13
ITSourcing
12
ITPortfolioManagement
11
ITInternalAudit
10
ITAttestation
KPMG’sITAdvisoryprofessionalscanhelpyoualignyourITcapabilitieswiththepressingstrategic
andfinancialobjectivesofyourorganization.
WehavetheknowledgeandexperiencetohelpyouasyouseekimprovedperformancefromyourIT
investments.WithafullycoordinatedserviceofferingacrosstherangeofmanagementchallengesinIT,wework
withseniormanagementastheylooktomaketherightchoicesat therighttimeandattherightcost.
Asset Management and Contract Compliance
IM/ITAssetManagementisfocusedonpeople, process, and technology.AssetManagementconsiders thefullassetlifecycle(“cradletograve”)andisthereforenotlimitedtoIM/IT.ItofteninvolvesLegal, Procurement,andFinance. KPMG’sITAdvisoryprofessionalsreviewtheprocessesandsupportingdiscoverytechnologyfor managingIM/ITassets;reviewhowassetsaretrackedandadministered;andidentifypotentialgapsinthe controls. AssessIM/ITAssetManagementoperatingeffectiveness(variances betweendeploymentandentitlement provideevidenceofIM/ITAssetManagementprocessweaknesses)anddesigneffectivenessincluding people,process,andtechnologycompetenciesinordertoprovide acompletepictureoftheIM/ITAsset Managementrootcauseissues. EachIM/ITAssetManagementcomponentthroughoutthelifecycleisassessedaninfrastructure optimizationmaturity:Basic,Standardized,Rationalized,orDynamic. Information and control Direct cost savings from licensing optimization and contract re-negotiation Lower support costs (help desk, IMAC, deployment) Cost savings from enabling the organization to reach a higher level of IO maturity
SAM
Mitigate financial and legal risks Financial savings Enablement of financial savingsBusiness Systems Advisory
Business System Implementation, Optimization & Controls
Integration
− EnterpriseApplicationStrategy,Planning&Governance − BusinessRequirementsIdentification
− Conversions,Interfaces,BusinessTestingandValidationSupport − ERPHealthCheck&Optimization
Business System Standalone Services
− IFRSEnterpriseApplicationsConversion − BusinessProcessControls/AccessControls&SoD/Information Security&Continuity − MasterDataManagement/DataQuality&Integrity − Governance,Risk&Compliance/ContinuousMonitoring& Auditing
When implementing a business system, an organization should seek a balance across four dimensions:
-risk and controls;
-process optimization;
-organization and people; and
Cost Optimization for IT
A risk- based approach
Improved balance between the
organization's resources and its risk across the technology agenda
Benefits
Reduce IT spend while maintaining IT
performance against business goals
Aligning future spend with high priority business investments
Transparent reporting
Improved utilization of existing investments
Sustainable process improvements
KPMGbringsagloballyconsistentmethodologyfordeliveringcostoptimizationassignmentsthathelpstocreatea betterunderstandingofIM/ITvalue,enablingmoreappropriateinvestmentsininitiativesthatbothsupportand anticipatebusinessgoals.
Atypicalreviewwillcoverthefollowinginitiatives:
− Strategic:generatesustainableperformanceimprovementsconsistentwithstrategicgoalsandlong-term
valuecreation.Considerperformanceimprovementsthatmayreflecthighdegreeofinnovationandinvolve shiftsoffundamentalbusinessmodels.
− Tactical:improveperformanceofexistingbusinessmodeltorespondtoemergingcompetitivepressures,
deterioratingcostcontrolorothermarginpressures,stakeholderpressureforshort-termperformance improvement,andofferstoacquireaportionofthebusiness.
− Survival:rapidcostreductiontoadapttoseverecostpressures,enabling theorganizationtostayinbusiness.
Withsurvivalatstake,speedisoftheessence.KPMG’sITAdvisoryprofessionalscanhelporganizations identifyandstopallnon-essentialspendandceasenon-coreservices.
Due Diligence
DueDiligenceincludesreviewingthetargetorganizationtoassesstherisksassociatedwithits IM/ITsystemsandthefeasibilityoftheprojectedEBITDA,given thealignmentofIM/ITplanswith businessplans. DueDiligenceconfirmstheIM/ITassetsinvolvedinthetransaction;assessestheirsuitabilityand capabilitytomeettheinvestmenthypothesis;reviewsthehistoricalandplannedtechnology spending;identifiestheexistenceoftechnologyrisks;andprovidesindicationsofanticipatedpost-dealexpenditurewithregardtoIT. AdditionaltothecorescopeofIM/ITduediligence,anddependentonclientinterestand investmenthypotheses,theengagementmayinclude: − Identificationofopportunitiestoimprovetechnologyperformanceorachievecostsavings − Assesstheeffortrequiredtointegratethetargetwithotherentities,e.g.roll-uporwithparent − Providesuggestionsonpost-dealenhancementstoimprovetargetperformance − Reviewproposedtransitionserviceagreements.Enterprise Architecture
Business Model
System Model
Value Chain to System
Infrastructure Alignment &
Integration
KPMGCanada,throughitsrecentacquisitionofChartwell IRM,bringsskillsandexperiencein EnterpriseArchitecture,whichhelpsclientswiththeuseofstructuredmethodstoplananddesign complexbusinesschanges.Initssimplestterms,wehelpclient’suseenterprisearchitecturetoalign thedesignofabusinessanditscriticalresourceswithitsstrategicvision. Ourpractitionersusestandardizedmodelsorblueprintstoanalyzethedesignofanenterpriseto identifybusinessimprovementopportunities.Wethencreatearoadmapofchangeprojectsthatare traceabletothestrategicintentofthebusiness.Improvementsmightincludeinnovationsinproducts andservices,organizationalstructureandbusinessprocesses,thequalityandtimelinessofbusiness information,orthecontributionofitsIT. Solutions Architecture Business Architecture Strategy Aligns Aligns Aligns Aligns Business Operations Technology Enterprise Architecture Aligns AlignsGreen/ Sustainable IT
DevelopingandexecutingagreenITstrategyrequiresacombinationofbusinessandtechnologyskillsand experience,aswellasbroadorganizationalcooperationacrossmultiplefunctionssuchasITarchitecture,data centeroperations,facilitiesmanagement,corporaterealestate, andprocurement. LinkinggreenITinitiativestobroadercorporategreeninitiativesshapedbystrategic-levelCorporateandSocial Responsibility(CSR)frameworksenablesITtobeavalue-addedbusinesspartnerinthejourneytoagreener business.Itfurtheroffersorganizationsanunprecedentedopportunitytoalignenvironmentalmanagement initiativeswithbroadersustainabilityinitiatives. Wetakeatop-downviewshapedbystrategic-levelframeworksthathelplinkgreenITinitiativeswitha broaderenterprise-wideprogram.Grassrootseffortsanddisparategreeninitiatives areastartingpointinthe efforttoreducetheenvironmentalandeconomicimpactofIT,butabroaderprogram-leveleffortthatconsiders thetotalITlifecycleisoftenneededtoyieldenhancedbenefits.KPMG’s approach to Green IT leverages our Business Performance Improvement and Change Management methodologies, and provides a green lens for IT and data centre operations.
Infrastructure and Continuity
Risk and Vulnerability Assessment:identifiespotentialthreats;identifiesvulnerabilities;identifies
existingcontrols;analyzesexposures;preparesriskandvulnerabilityreport.
Business Impact Analysis:confirmassumptions;developsurveyquestionnaires;identifysurvey
recipients;obtainbusinessfunctiondata;distributesurvey;collectresponses;verifyresults;and prepareBIAreport.
Critical Recovery Resource Requirements:reviewbusinessprocessesanddeterminerecovery
resourcerequirements;determinebusinessprocessrecoverytimeobjectives;identifyIM/IT processingrequirements;identifyIM/ITsupportprofile;prepare businessfunctionrecoveryprofiles.
Alternative Recovery Strategies:identifyviablesupportstrategies;develophigh-levelrelativecost
assessments;analyzeanddeterminemostappropriatestrategies;producereportsandprocedures; preparethebusinesscontinuityplan;analyzeexposures;develop implementationplans;negotiate vendorcontracts.
Plan Maintenance
Fault Tolerant Infrastructure
Se rvic e L eve l A gre em en t Insura nce C ove rage Hum an Res ourc es Crisi s Man agem ent Lega l R e co ve rab ility an d C on tinu ity o f O pe ra tion s Acco untin g an d Fina nce C omm un ica tion Technology
Review
BIA
Review
BCP
tests
Report
Initiation
Review
BCP and
other
plans
Review
Governance
Business
impact
analysis
Design
the plan
Report
IS Governance and Performance
Governance − RevieweffectivenessofexistingIM/ITgovernancemodel − Assessanddesignaplanforimprovements,ITIL/COBITprocessdesign work(ITOperations,SDLC,PMO),organizationalmodels − Implementation,ChangeManagementofplanneddesign. Performance − Assesstheefficiency,cost,andeffectivenessofIM/ITdepartments usingKPMG’sISGovernanceFramework.Thefocusisonsupportand sustainthedirection. Compliance Risk Strategic Spending Cost Control Controls Financial Management Technology People Process Performance Management Risk Management Investment Management Business Alignment Co mm un ica tio n Com m un ica tion Communication StrategicInitiatives ManagementFramework
IT Attestation
KPMGprovidesarangeofITattestationservicestohelpsatisfy therequirementsofthirdpartiesthatdependon ITenvironments.ThemostcommonITattestationservicesinclude :
AICPA SAS 70 or CICA Section 5970 (S5970) examinations.Standardthatwasdesignedtoservethe
assuranceneedsofserviceprovidersrelatingtotheintegrityofprocessesandservicesthatimpactaCompany’s financialstatements.Twotypesofreportingareavailable:
− Type 1:Usetoassessthedesignofcontrolswhethertheyareinoperationasatpointintime
− Type 2:Usetoassessthedesignofcontrolsinoperationandtheoperatingeffectivenessofthecontrols
overaperiodoftime(typically6monthsto12months).
KPMG Systrust and Webtrust
KPMG Other Assurance Reports(CICASection5025,CICASection5815)
Agreed-upon Procedures(CICASection9100or9110).
AttestationservicesencompassawiderangeofbusinessprocessesincludingIT,custody,fundadministration, clearinganddepository,pensionbenefitsadministration,manufacturing/distribution,IT/webhosting,andpayroll processing.
Reporting
Planning
Gathering
Data
Test of
Design
Test of
Operating
Effectiveness
IT Internal Audit
KPMG’sITInternalAuditservicesprovidesacost-effectivemeansofindependentlyassuringthatbusiness understandtheriskstheyface,andthattheyhaveeffectivecontrolsinplaceacrosstheirITorganizationto mitigatetheserisks.
IT Internal Audit Needs Assessment:Ourriskassessmentmethodologyenablesustoobtainadetailed
understandingofITrisksfacingthebusiness,whichsupportsthedevelopmentofeffectiveITauditplans.
IT Performance Review:OurapproachisdesignedtohelpclientsassessITperformanceinselectedareasor
acrosstheenterprise,sotheycanstriketherightbalancebetweenbusinessneedsandITresources.
Business Systems Controls:Astructuredapproachtoassessing,designing,andimplementing theprocesses
andcontrolsrelatedtoexistingornewbusinesssoftwareapplications.
IT General Controls Assessment:Assessesthetechnologyrisksfacingyourorganizationandwhetherexisting
Alignmentinvolvesusinganobjective,balancedandacceptedprocesstoevaluateandfilter componentideastoproduceaprioritizedlistforthenextbusinessplanningcycle.
Benefits Managementinvolvesprovidingastructureandframeworkfortheforecastingand
realizationofportfoliobenefits.
Capacity Managementconsidersdemandandsupply,identifyingconstraintsonthe
organizationthatcouldimpedethedeliveryoftheportfolio.
Financial Managementconsidersfunding,investmentopportunitiesandfinancialreturns
fromtheoverallportfolio.
Governanceensuresthatappropriatestructuresandprocessesareinplaceforeffective
decisionmaking,workallocationandperformancereporting.
Organization & Leadershipconsidersexecutivedirectionsettingfortheportfolioand
structuringtheorganizationforintegrationacrossportfolio,programandprojectlevels.
Performance Management
involvestrackingthedeliveryoftheportfolioagainstapre-definedsetofparametersincludingtime,cost,quality,riskandbenefits.
Risk Managementmanagesthelevelofriskinvolvedindeliveringtheportfolio.
Stakeholder Engagementinvolvesengagingindividualsorgroupsofpeoplewithinand
outsidetheorganizationtoensureon-goingsupportfortheportfolio.
IT Portfolio Management
… all of which results in better returns on investment
Strategic alignment
Strategic alignment between the programs and the
business strategy
Greater organizational agility in order to respond to the changing economic environment
Controlled, measurable realization of corporate objectives
Cost reductions
Reduced cost of delivering programs
Optimal use of resources (increased cost
savings)
Non-aligned or programs with a low
contribution will be terminated or
re-A risk-based approach
Improves management of the business
risks, in relation to the appetite for risk
Improved balance between the
organization's resources and its risk
Benefits
Maximum value from the organization's change
programs and initiatives
Increase visibility of benefit data across the portfolio
Program failing to delivery benefits identified early
A prioritized set of programs
Prioritize based on the attractiveness and
achievability of change initiatives
Integrated planning at portfolio level
Strategic priorities based on the accurate data
IT Sourcing
IToutsourcingoptionshavebecomemorecomplexovertheyears.Astheyeachbringtheirstrengthsand weaknesses,theyshouldbechosenwithcare,matchingthebusinessneeds. KPMG'sITSourcingmethodologyassistsclientsthroughoutthesourcinglifecycle,includingtheoutsourcing ofbusinessandservicesaswellastheimplementationandoperationofsharedservices.Itishighlyflexible, allowingforanoverallapproachtooutsourcing,orprovidingassistanceforexistingoutsourcingagreements.Ourapproachbreaksalongandcomplexlifecycleintosix manageable steps:developthestrategy,scope andplan,designandselect,transition,deliver,evolve.
Engagementactivitiescaninclude:assessingproperIM/ITservicedeliverymodelforclients:in-house, outsourced,orhybrid;reviewofexistingagreements– the“RighttoAudit” clause;contractrenewals;evolve /remediation;anddevelopmentofaservicescatalogue. Enhance Quality Release Capital Focus on Core Business Reduce Risk Enhance Agility Reduce Costs Outsourced Joint Venture BOT (Build/Operate/Transfer)
Regional Shared Services Global Shared Services
Client business goals Sourcing models
Companies initially look for cost reductions, but expand to quality and enhanced competitiveness
• Costreductionthrough economiesofscale • Focusoncorecompetenciesby movingadministrativefunctions fromoperations • Improveprocessqualityand efficiency • Improvecustomerservices • Leveragetechnologyina commoninfrastructure withstandarddata • Divestment– newbusinesses developed Sourcing as a strategy
IT Strategy
KPMG’sIM/ITStrategyisadynamicprocessfocusedontheeffectivemanagementof
IM/IT performance, risk, and value.
OurIM/ITStrategyServicesmethodologyaddresses:
− EstablishingaprocesstohelpalignIM/ITinitiativestothebusinessstrategy − RecognizingthatanimportantgoalofeffectiveIM/ITstrategyisthe
improvementofbusinessperformance
− Develop3-5yearplanstoaligntheIM/ITstrategytothebusinessstrategy. KPMG’sapproachisbasedonsix main stepsasfollows:
− Understandthebusinessdirection − PerformITcapabilityassessment − Identifyrefinedbusinessrequirements − SelectITalternatives − DesignITstrategicscenario − DevelopITstrategicplan KPMGhassignificantglobalIM/ITStrategyServicesengagementexperience.
IT Value
TorealizethetruepotentialofITinvestment,CIOsshouldaligntheITagendawiththatofthewider business.Thisapproachhelpstoensurethatorganizationsinvestinthemostappropriateareas,applying strictinvestmentcriteriaforchangeprojectswhiledeliveringday-to-dayactivitieseffectively.Thisinvolves:
Adopting rigorous portfolio management:thiswillhelptoevaluatetherealbusinessbenefitsof
thevariousITinvestmentoptionsavailable,ensuringamoreoptimalallocationoffunds.
Improving the planning and management of day-to-day operations:theuseofrobust
industrializedprocessesalongwitheffectivecontrolmechanisms,cansignificantlyreducetheneed forfirefightingandhelpITmanagersmeetthedailyneedsofthebusiness.Suchgreaterefficiency willalsofreeupITmanagementtodevotemoretimetostrategic issues.
Introducing a true partnership between IT and the business it serves:jointplanningandregular
liaisonshouldalignITactivitycloselywithbusinessneedsand makeITmoreresponsiveandadaptable tochangingbusinesscircumstances.
Distinguishing between ‘change’ and ‘run’ expenditure:thesetwohaveverydifferentbusiness
modelswithdifferentinvestmentcriteria.Expenditureonday-to-dayoperationsisessentiallyan exerciseincostcontrolandefficiency,whilstinvestmentinchangeshouldfocusonthestrategic benefits,increasedturnoverandultimatelytheshareholdervalueitbringstothebusiness.
Establishing an appropriate funding and governance model for IT:ensuringthattheright
decisions– e.g.howmuchtospend/investandonwhat- getmadeintherightplacewithinthe organizationandintherightway. ITValue Assessment Develop Economic Baseline
Gather Data and Perform Interviews Analyse Data Define Opportunities Prioritise and Deliver Value Opportunities Develop Questionnaires
Records and Knowledge Management
DefinitionManagement(Collection/Disposal) − Inventoryandclassificationofrecords − Creation,alteration,anddestruction OwnershipManagement(Storage,Custodianship&Preservation) SensitivityManagement(Storage/Access) − Privacyandconfidentiality AccessibilityManagement(Access/Use) − Retrieval,DeliveryandDecisionMaking QualityManagementandIntegritySecurityMonitoring& Response InformationSecurity Assessment EnterpriseSecurity Architecture
Security Services
IdentityManagementandRoleBasedAccess Control Policies,Standards,andProcesses VulnerabilityandPenetrationTesting SecurityAssessment SecurityandPrivacyIncidentManagement DataCentricSecurity RiskAssessment SecurityOperationsReview SecurityGovernanceStrategy Thismodelyieldsthefour distinctareasuponwhich ourservicesfocus. Theservicesaremodularinnature andfittogetherasrequiredto facilitateeachclient’sunique requirements. Architecture Ourfundamentalmodelof enterprisesecurityarchitectureis basedoncoreenablersengaged inaprocessofprotecting informationassets. SecuritySolutions& IntegrationSolution and Vendor Evaluation
Solution Assessment Requirements Definition Provideindependentadvisetoassistclientsinassessingandstrategizingtheirtechnologysolutiontobest meettheirneeds. Assistclientsinidentifyingsolutionrequirements,documenting bothfunctionalandtechnicalrequirements, prioritizingthemandcreatenewprocessmapsand/ormodels. Market Research Evaluation Helpclientsinunderstandingthevendorandsolutionlandscape.Independent Verification & Validation
Offeradviceorassistancetoclientsinplanningtheselectionsolution.
Vendor Due Diligence Conductduediligenceonpotentialsupplierstominimizetheriskofselectinginappropriatepartner.
Business Case for System Change
Develop BusinessCasefortheSelectionExercise andassistincomprehendingthecriticalsuccessfactors forasuccessfulcase. RFP/RFI Process AdviseclientsinthemanagementoftheRequestforProposal(RFP)orRequestforInformation(RFI) process. Negotiation Support Recommendnegotiationstrategiesregardingbusinessterms,servicelevelsandfinancialarrangement.
Please contact your KPMG adviser or any of our IT Advisory professionals
Montréal
Jean-FrançoisCoulonval
(514)840-2117
jcoulonval@kpmg.ca
FrancisBeaudoin
(514)840-2247
fbeaudoin@kpmg.ca
Ottawa
JimAlexander
(613)212-5764
jalexander@kpmg.ca
Solly Patrontasch
(613)212-3723
spatrontasch@kpmg.ca
WesternCanada
ShaunWilson
(604)691-3188
shwilson@kpmg.ca
JeffThomas
(403)691-8012
jwthomas@kpmg.ca
All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information
…or visit us at www.kpmg.ca/itadvisory
Greater TorontoArea
YvonAudette
(416)777-8388
yaudette@kpmg.ca
JeffSmith
(416)777-8409
jmsmith@kpmg.ca
Southwestern Ontario
DavidEvans
(519)672-4880
djevans@kpmg.ca