To maintain rigorous data security, KPMG helped a financial services firm establish role-based access as it moved to cloud HR technology.
On the cusp of implementing a Workday transformation, the human resources organization of a U.S. financial services firm had the opportunity to jump-start a broader enterprise role-based access program that could reduce risk, streamline access, and provide a better user experience. Wary of giving up too much control to the Workday cloud solution, HR wanted to maintain the same rigorous security standards it already had but take full advantage of a whole new category of technology.
The organization also wanted to avoid additional complexity in what could easily be the biggest HR system implementation the company would undergo for the next 20 years.
In designing the Workday system for the company's human resources organization, KPMG considered the impact of roles from an end-to-end enterprise perspective and created a consistent, common framework that allows HR to:
Having just worked with the firm on an engagement related to mapping and improving enterprise access, we could accelerate the design of application roles within the new Workday platform because we knew which applications and systems needed to be consolidated into Workday. Even if the firm wanted to follow the full road map we developed, there weren’t nearly as many systems for which the firm needed to manage access, but it still needed to link all those systems together for maximum efficiency.
Working against an ambitious time line, we quickly convened resources from KPMG cyber security services and from our HR transformation team to drive towards a stronger, better access structure inside Workday and the surrounding HR technologies while reducing the burden on the resources of the financial services firm.
Using the KPMG Powered Enterprise suite, we bypassed the months it can take to tweak access for different HR roles and created a set of standard roles for Workday that encompassed 80 to 90 percent of what clients typically need. For the remaining HR roles, the KPMG Powered Enterprise suite modeled them to apply to the applications not being replaced by Workday. That meant the firm no longer had to manually provision access. One system— automatically providing access to Workday and non-Workday systems—could be managed by the firm’s existing cyber processes and tools, further reducing risk.
In less than six months we:
As a result of our work, the firm has a stable and secure platform that supports human capital, digital enablement, expanded privacy laws, and improved efficiency.
Implementing a role-based access control project has a significant impact on managerial effectiveness and operational efficiency. Focusing on business outcomes can help determine the right access, data and tools to give employees.
When HR captures the data necessary to assign roles to employees—rather than basing access on each individual user’s needs—access management becomes easier for security organizations.
Many of the activities and processes necessary to implement Workday are patterns that can be adopted for other cloud technologies.
KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, some services described herein may not be available to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.