• No results found

KPMG Canada s IT Advisory Services

N/A
N/A
Protected

Academic year: 2021

Share "KPMG Canada s IT Advisory Services"

Copied!
20
0
0

Loading.... (view fulltext now)

Full text

(1)

KPMG Canada’s IT Advisory Services

Helpingclientsaddresstoday’stechnologyagenda

(2)

9

ISGovernanceandPerformance

8

InfrastructureandContinuity

7

Green/SustainableIT

6

EnterpriseArchitecture

5

DueDiligence

4

CostOptimizationforIT

3

BusinessSystemsAdvisory

2

AssetManagementandContractCompliance

18

SolutionandVendorEvaluation

17

SecurityServices

16

RecordsandKnowledgeManagement

15

ITValue

14

ITStrategy

13

ITSourcing

12

ITPortfolioManagement

11

ITInternalAudit

10

ITAttestation

KPMG’sITAdvisoryprofessionalscanhelpyoualignyourITcapabilitieswiththepressingstrategic

andfinancialobjectivesofyourorganization.

WehavetheknowledgeandexperiencetohelpyouasyouseekimprovedperformancefromyourIT

investments.WithafullycoordinatedserviceofferingacrosstherangeofmanagementchallengesinIT,wework

withseniormanagementastheylooktomaketherightchoicesat therighttimeandattherightcost.

(3)

Asset Management and Contract Compliance

IM/ITAssetManagementisfocusedonpeople, process, and technology.AssetManagementconsiders thefullassetlifecycle(“cradletograve”)andisthereforenotlimitedtoIM/IT.ItofteninvolvesLegal, Procurement,andFinance. KPMG’sITAdvisoryprofessionalsreviewtheprocessesandsupportingdiscoverytechnologyfor managingIM/ITassets;reviewhowassetsaretrackedandadministered;andidentifypotentialgapsinthe controls. AssessIM/ITAssetManagementoperatingeffectiveness(variances betweendeploymentandentitlement provideevidenceofIM/ITAssetManagementprocessweaknesses)anddesigneffectivenessincluding people,process,andtechnologycompetenciesinordertoprovide acompletepictureoftheIM/ITAsset Managementrootcauseissues. EachIM/ITAssetManagementcomponentthroughoutthelifecycleisassessedaninfrastructure optimizationmaturity:Basic,Standardized,Rationalized,orDynamic. Information and control Direct cost savings from licensing optimization and contract re-negotiation Lower support costs (help desk, IMAC, deployment) Cost savings from enabling the organization to reach a higher level of IO maturity

SAM

Mitigate financial and legal risks Financial savings Enablement of financial savings
(4)

Business Systems Advisory

Business System Implementation, Optimization & Controls

Integration

− EnterpriseApplicationStrategy,Planning&Governance − BusinessRequirementsIdentification

− Conversions,Interfaces,BusinessTestingandValidationSupport − ERPHealthCheck&Optimization

Business System Standalone Services

− IFRSEnterpriseApplicationsConversion − BusinessProcessControls/AccessControls&SoD/Information Security&Continuity − MasterDataManagement/DataQuality&Integrity − Governance,Risk&Compliance/ContinuousMonitoring& Auditing

When implementing a business system, an organization should seek a balance across four dimensions:

-risk and controls;

-process optimization;

-organization and people; and

(5)

Cost Optimization for IT

A risk- based approach

Improved balance between the

organization's resources and its risk across the technology agenda

Benefits

Reduce IT spend while maintaining IT

performance against business goals

Aligning future spend with high priority business investments

Transparent reporting

Improved utilization of existing investments

Sustainable process improvements

KPMGbringsagloballyconsistentmethodologyfordeliveringcostoptimizationassignmentsthathelpstocreatea betterunderstandingofIM/ITvalue,enablingmoreappropriateinvestmentsininitiativesthatbothsupportand anticipatebusinessgoals.

Atypicalreviewwillcoverthefollowinginitiatives:

− Strategic:generatesustainableperformanceimprovementsconsistentwithstrategicgoalsandlong-term

valuecreation.Considerperformanceimprovementsthatmayreflecthighdegreeofinnovationandinvolve shiftsoffundamentalbusinessmodels.

− Tactical:improveperformanceofexistingbusinessmodeltorespondtoemergingcompetitivepressures,

deterioratingcostcontrolorothermarginpressures,stakeholderpressureforshort-termperformance improvement,andofferstoacquireaportionofthebusiness.

− Survival:rapidcostreductiontoadapttoseverecostpressures,enabling theorganizationtostayinbusiness.

Withsurvivalatstake,speedisoftheessence.KPMG’sITAdvisoryprofessionalscanhelporganizations identifyandstopallnon-essentialspendandceasenon-coreservices.

(6)

Due Diligence

DueDiligenceincludesreviewingthetargetorganizationtoassesstherisksassociatedwithits IM/ITsystemsandthefeasibilityoftheprojectedEBITDA,given thealignmentofIM/ITplanswith businessplans. DueDiligenceconfirmstheIM/ITassetsinvolvedinthetransaction;assessestheirsuitabilityand capabilitytomeettheinvestmenthypothesis;reviewsthehistoricalandplannedtechnology spending;identifiestheexistenceoftechnologyrisks;andprovidesindicationsofanticipatedpost-dealexpenditurewithregardtoIT. AdditionaltothecorescopeofIM/ITduediligence,anddependentonclientinterestand investmenthypotheses,theengagementmayinclude: − Identificationofopportunitiestoimprovetechnologyperformanceorachievecostsavings − Assesstheeffortrequiredtointegratethetargetwithotherentities,e.g.roll-uporwithparent − Providesuggestionsonpost-dealenhancementstoimprovetargetperformance − Reviewproposedtransitionserviceagreements.
(7)

Enterprise Architecture

Business Model

System Model

Value Chain to System

Infrastructure Alignment &

Integration

KPMGCanada,throughitsrecentacquisitionofChartwell IRM,bringsskillsandexperiencein EnterpriseArchitecture,whichhelpsclientswiththeuseofstructuredmethodstoplananddesign complexbusinesschanges.Initssimplestterms,wehelpclient’suseenterprisearchitecturetoalign thedesignofabusinessanditscriticalresourceswithitsstrategicvision. Ourpractitionersusestandardizedmodelsorblueprintstoanalyzethedesignofanenterpriseto identifybusinessimprovementopportunities.Wethencreatearoadmapofchangeprojectsthatare traceabletothestrategicintentofthebusiness.Improvementsmightincludeinnovationsinproducts andservices,organizationalstructureandbusinessprocesses,thequalityandtimelinessofbusiness information,orthecontributionofitsIT. Solutions Architecture Business Architecture Strategy Aligns Aligns Aligns Aligns Business Operations Technology Enterprise Architecture Aligns Aligns
(8)

Green/ Sustainable IT

DevelopingandexecutingagreenITstrategyrequiresacombinationofbusinessandtechnologyskillsand experience,aswellasbroadorganizationalcooperationacrossmultiplefunctionssuchasITarchitecture,data centeroperations,facilitiesmanagement,corporaterealestate, andprocurement. LinkinggreenITinitiativestobroadercorporategreeninitiativesshapedbystrategic-levelCorporateandSocial Responsibility(CSR)frameworksenablesITtobeavalue-addedbusinesspartnerinthejourneytoagreener business.Itfurtheroffersorganizationsanunprecedentedopportunitytoalignenvironmentalmanagement initiativeswithbroadersustainabilityinitiatives. Wetakeatop-downviewshapedbystrategic-levelframeworksthathelplinkgreenITinitiativeswitha broaderenterprise-wideprogram.Grassrootseffortsanddisparategreeninitiatives areastartingpointinthe efforttoreducetheenvironmentalandeconomicimpactofIT,butabroaderprogram-leveleffortthatconsiders thetotalITlifecycleisoftenneededtoyieldenhancedbenefits.

KPMG’s approach to Green IT leverages our Business Performance Improvement and Change Management methodologies, and provides a green lens for IT and data centre operations.

(9)

Infrastructure and Continuity

Risk and Vulnerability Assessment:identifiespotentialthreats;identifiesvulnerabilities;identifies

existingcontrols;analyzesexposures;preparesriskandvulnerabilityreport.

Business Impact Analysis:confirmassumptions;developsurveyquestionnaires;identifysurvey

recipients;obtainbusinessfunctiondata;distributesurvey;collectresponses;verifyresults;and prepareBIAreport.

Critical Recovery Resource Requirements:reviewbusinessprocessesanddeterminerecovery

resourcerequirements;determinebusinessprocessrecoverytimeobjectives;identifyIM/IT processingrequirements;identifyIM/ITsupportprofile;prepare businessfunctionrecoveryprofiles.

Alternative Recovery Strategies:identifyviablesupportstrategies;develophigh-levelrelativecost

assessments;analyzeanddeterminemostappropriatestrategies;producereportsandprocedures; preparethebusinesscontinuityplan;analyzeexposures;develop implementationplans;negotiate vendorcontracts.

Plan Maintenance

Fault Tolerant Infrastructure

Se rvic e L eve l A gre em en t Insura nce C ove rage Hum an Res ourc es Crisi s Man agem ent Lega l R e co ve rab ility an d C on tinu ity o f O pe ra tion s Acco untin g an d Fina nce C omm un ica tion Technology

Review

BIA

Review

BCP

tests

Report

Initiation

Review

BCP and

other

plans

Review

Governance

Business

impact

analysis

Design

the plan

Report

(10)

IS Governance and Performance

Governance − RevieweffectivenessofexistingIM/ITgovernancemodel − Assessanddesignaplanforimprovements,ITIL/COBITprocessdesign work(ITOperations,SDLC,PMO),organizationalmodels − Implementation,ChangeManagementofplanneddesign. Performance − Assesstheefficiency,cost,andeffectivenessofIM/ITdepartments usingKPMG’sISGovernanceFramework.Thefocusisonsupportand sustainthedirection. Compliance Risk Strategic Spending Cost Control Controls Financial Management Technology People Process Performance Management Risk Management Investment Management Business Alignment Co mm un ica tio n Com m un ica tion Communication Strategic

Initiatives ManagementFramework

(11)

IT Attestation

KPMGprovidesarangeofITattestationservicestohelpsatisfy therequirementsofthirdpartiesthatdependon ITenvironments.ThemostcommonITattestationservicesinclude :

AICPA SAS 70 or CICA Section 5970 (S5970) examinations.Standardthatwasdesignedtoservethe

assuranceneedsofserviceprovidersrelatingtotheintegrityofprocessesandservicesthatimpactaCompany’s financialstatements.Twotypesofreportingareavailable:

− Type 1:Usetoassessthedesignofcontrolswhethertheyareinoperationasatpointintime

− Type 2:Usetoassessthedesignofcontrolsinoperationandtheoperatingeffectivenessofthecontrols

overaperiodoftime(typically6monthsto12months).

KPMG Systrust and Webtrust

KPMG Other Assurance Reports(CICASection5025,CICASection5815)

Agreed-upon Procedures(CICASection9100or9110).

AttestationservicesencompassawiderangeofbusinessprocessesincludingIT,custody,fundadministration, clearinganddepository,pensionbenefitsadministration,manufacturing/distribution,IT/webhosting,andpayroll processing.

Reporting

Planning

Gathering

Data

Test of

Design

Test of

Operating

Effectiveness

(12)

IT Internal Audit

KPMG’sITInternalAuditservicesprovidesacost-effectivemeansofindependentlyassuringthatbusiness understandtheriskstheyface,andthattheyhaveeffectivecontrolsinplaceacrosstheirITorganizationto mitigatetheserisks.

IT Internal Audit Needs Assessment:Ourriskassessmentmethodologyenablesustoobtainadetailed

understandingofITrisksfacingthebusiness,whichsupportsthedevelopmentofeffectiveITauditplans.

IT Performance Review:OurapproachisdesignedtohelpclientsassessITperformanceinselectedareasor

acrosstheenterprise,sotheycanstriketherightbalancebetweenbusinessneedsandITresources.

Business Systems Controls:Astructuredapproachtoassessing,designing,andimplementing theprocesses

andcontrolsrelatedtoexistingornewbusinesssoftwareapplications.

IT General Controls Assessment:Assessesthetechnologyrisksfacingyourorganizationandwhetherexisting

(13)

Alignmentinvolvesusinganobjective,balancedandacceptedprocesstoevaluateandfilter componentideastoproduceaprioritizedlistforthenextbusinessplanningcycle.

Benefits Managementinvolvesprovidingastructureandframeworkfortheforecastingand

realizationofportfoliobenefits.

Capacity Managementconsidersdemandandsupply,identifyingconstraintsonthe

organizationthatcouldimpedethedeliveryoftheportfolio.

Financial Managementconsidersfunding,investmentopportunitiesandfinancialreturns

fromtheoverallportfolio.

Governanceensuresthatappropriatestructuresandprocessesareinplaceforeffective

decisionmaking,workallocationandperformancereporting.

Organization & Leadershipconsidersexecutivedirectionsettingfortheportfolioand

structuringtheorganizationforintegrationacrossportfolio,programandprojectlevels.

Performance Management

involvestrackingthedeliveryoftheportfolioagainstapre-definedsetofparametersincludingtime,cost,quality,riskandbenefits.

Risk Managementmanagesthelevelofriskinvolvedindeliveringtheportfolio.

Stakeholder Engagementinvolvesengagingindividualsorgroupsofpeoplewithinand

outsidetheorganizationtoensureon-goingsupportfortheportfolio.

IT Portfolio Management

… all of which results in better returns on investment

Strategic alignment

Strategic alignment between the programs and the

business strategy

Greater organizational agility in order to respond to the changing economic environment

Controlled, measurable realization of corporate objectives

Cost reductions

Reduced cost of delivering programs

Optimal use of resources (increased cost

savings)

Non-aligned or programs with a low

contribution will be terminated or

re-A risk-based approach

Improves management of the business

risks, in relation to the appetite for risk

Improved balance between the

organization's resources and its risk

Benefits

Maximum value from the organization's change

programs and initiatives

Increase visibility of benefit data across the portfolio

Program failing to delivery benefits identified early

A prioritized set of programs

Prioritize based on the attractiveness and

achievability of change initiatives

Integrated planning at portfolio level

Strategic priorities based on the accurate data

(14)

IT Sourcing

IToutsourcingoptionshavebecomemorecomplexovertheyears.Astheyeachbringtheirstrengthsand weaknesses,theyshouldbechosenwithcare,matchingthebusinessneeds. KPMG'sITSourcingmethodologyassistsclientsthroughoutthesourcinglifecycle,includingtheoutsourcing ofbusinessandservicesaswellastheimplementationandoperationofsharedservices.Itishighlyflexible, allowingforanoverallapproachtooutsourcing,orprovidingassistanceforexistingoutsourcingagreements.

Ourapproachbreaksalongandcomplexlifecycleintosix manageable steps:developthestrategy,scope andplan,designandselect,transition,deliver,evolve.

Engagementactivitiescaninclude:assessingproperIM/ITservicedeliverymodelforclients:in-house, outsourced,orhybrid;reviewofexistingagreements– the“RighttoAudit” clause;contractrenewals;evolve /remediation;anddevelopmentofaservicescatalogue. Enhance Quality Release Capital Focus on Core Business Reduce Risk Enhance Agility Reduce Costs Outsourced Joint Venture BOT (Build/Operate/Transfer)

Regional Shared Services Global Shared Services

Client business goals Sourcing models

Companies initially look for cost reductions, but expand to quality and enhanced competitiveness

• Costreductionthrough economiesofscale • Focusoncorecompetenciesby movingadministrativefunctions fromoperations • Improveprocessqualityand efficiency • Improvecustomerservices • Leveragetechnologyina commoninfrastructure withstandarddata • Divestment– newbusinesses developed Sourcing as a strategy

(15)

IT Strategy

KPMG’sIM/ITStrategyisadynamicprocessfocusedontheeffectivemanagementof

IM/IT performance, risk, and value.

OurIM/ITStrategyServicesmethodologyaddresses:

− EstablishingaprocesstohelpalignIM/ITinitiativestothebusinessstrategy − RecognizingthatanimportantgoalofeffectiveIM/ITstrategyisthe

improvementofbusinessperformance

− Develop3-5yearplanstoaligntheIM/ITstrategytothebusinessstrategy. KPMG’sapproachisbasedonsix main stepsasfollows:

− Understandthebusinessdirection − PerformITcapabilityassessment − Identifyrefinedbusinessrequirements − SelectITalternatives − DesignITstrategicscenario − DevelopITstrategicplan KPMGhassignificantglobalIM/ITStrategyServicesengagementexperience.

(16)

IT Value

TorealizethetruepotentialofITinvestment,CIOsshouldaligntheITagendawiththatofthewider business.Thisapproachhelpstoensurethatorganizationsinvestinthemostappropriateareas,applying strictinvestmentcriteriaforchangeprojectswhiledeliveringday-to-dayactivitieseffectively.Thisinvolves:

Adopting rigorous portfolio management:thiswillhelptoevaluatetherealbusinessbenefitsof

thevariousITinvestmentoptionsavailable,ensuringamoreoptimalallocationoffunds.

Improving the planning and management of day-to-day operations:theuseofrobust

industrializedprocessesalongwitheffectivecontrolmechanisms,cansignificantlyreducetheneed forfirefightingandhelpITmanagersmeetthedailyneedsofthebusiness.Suchgreaterefficiency willalsofreeupITmanagementtodevotemoretimetostrategic issues.

Introducing a true partnership between IT and the business it serves:jointplanningandregular

liaisonshouldalignITactivitycloselywithbusinessneedsand makeITmoreresponsiveandadaptable tochangingbusinesscircumstances.

Distinguishing between ‘change’ and ‘run’ expenditure:thesetwohaveverydifferentbusiness

modelswithdifferentinvestmentcriteria.Expenditureonday-to-dayoperationsisessentiallyan exerciseincostcontrolandefficiency,whilstinvestmentinchangeshouldfocusonthestrategic benefits,increasedturnoverandultimatelytheshareholdervalueitbringstothebusiness.

Establishing an appropriate funding and governance model for IT:ensuringthattheright

decisions– e.g.howmuchtospend/investandonwhat- getmadeintherightplacewithinthe organizationandintherightway. ITValue Assessment Develop Economic Baseline

Gather Data and Perform Interviews Analyse Data Define Opportunities Prioritise and Deliver Value Opportunities Develop Questionnaires

(17)

Records and Knowledge Management

DefinitionManagement(Collection/Disposal) − Inventoryandclassificationofrecords − Creation,alteration,anddestruction OwnershipManagement(Storage,Custodianship&Preservation) SensitivityManagement(Storage/Access) − Privacyandconfidentiality AccessibilityManagement(Access/Use) − Retrieval,DeliveryandDecisionMaking QualityManagementandIntegrity
(18)

SecurityMonitoring& Response InformationSecurity Assessment EnterpriseSecurity Architecture

Security Services

IdentityManagementandRoleBasedAccess Control Policies,Standards,andProcesses VulnerabilityandPenetrationTesting SecurityAssessment SecurityandPrivacyIncidentManagement DataCentricSecurity RiskAssessment SecurityOperationsReview SecurityGovernanceStrategy Thismodelyieldsthefour distinctareasuponwhich ourservicesfocus. Theservicesaremodularinnature andfittogetherasrequiredto facilitateeachclient’sunique requirements. Architecture Ourfundamentalmodelof enterprisesecurityarchitectureis basedoncoreenablersengaged inaprocessofprotecting informationassets. SecuritySolutions& Integration
(19)

Solution and Vendor Evaluation

Solution Assessment Requirements Definition Provideindependentadvisetoassistclientsinassessingandstrategizingtheirtechnologysolutiontobest meettheirneeds. Assistclientsinidentifyingsolutionrequirements,documenting bothfunctionalandtechnicalrequirements, prioritizingthemandcreatenewprocessmapsand/ormodels. Market Research Evaluation Helpclientsinunderstandingthevendorandsolutionlandscape.

Independent Verification & Validation

Offeradviceorassistancetoclientsinplanningtheselectionsolution.

Vendor Due Diligence Conductduediligenceonpotentialsupplierstominimizetheriskofselectinginappropriatepartner.

Business Case for System Change

Develop BusinessCasefortheSelectionExercise andassistincomprehendingthecriticalsuccessfactors forasuccessfulcase. RFP/RFI Process AdviseclientsinthemanagementoftheRequestforProposal(RFP)orRequestforInformation(RFI) process. Negotiation Support Recommendnegotiationstrategiesregardingbusinessterms,servicelevelsandfinancialarrangement.

(20)

Please contact your KPMG adviser or any of our IT Advisory professionals

Montréal

Jean-FrançoisCoulonval

(514)840-2117

jcoulonval@kpmg.ca

FrancisBeaudoin

(514)840-2247

fbeaudoin@kpmg.ca

Ottawa

JimAlexander

(613)212-5764

jalexander@kpmg.ca

Solly Patrontasch

(613)212-3723

spatrontasch@kpmg.ca

WesternCanada

ShaunWilson

(604)691-3188

shwilson@kpmg.ca

JeffThomas

(403)691-8012

jwthomas@kpmg.ca

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information

…or visit us at www.kpmg.ca/itadvisory

Greater TorontoArea

YvonAudette

(416)777-8388

yaudette@kpmg.ca

JeffSmith

(416)777-8409

jmsmith@kpmg.ca

Southwestern Ontario

DavidEvans

(519)672-4880

djevans@kpmg.ca

References

Related documents

The second, and related, hypothesis states that because of the progressive nature of government benefits, countries with stronger public retirement income security programs are

En conclusión, la trombolisis se aprecia como una estrategia de reperfusión segura usada en los pacientes con infarto con elevación del segmento ST en el Hospital General Docente Abel

• If the investigator cannot recognize physical evidence or cannot properly preserve it for laboratory examination, no amount of sophisticated laboratory instrumentation or

To ensure that those services, and the Bank’s role in the global financial community, continue to be delivered during a disruptive event, the Bank has created a Continuity

NICE technology appraisal 217 (Donepezil, galantamine, rivastigmine and memantine for the treatment of Alzheimer’s disease, March 2011) and NICE clinical guideline CG 42

The main research question for this eth- nographic study was therefore: How has the collective trauma of the Bosniak ethnic group influenced the identity formation

Se atribuye la actividad antioxidante a los compuestos fenólicos enlazados, como el ácido clorogénico y los ácidos fenólicos libres (ácidos cafeíco, ferulico y p-cumarico) siendo

In the context of Indigenous self-determination in Canada, antagonisms exist in the paramountcy of state sovereignty premised on a colonial history, which in turn is met by