Client Story

Securing the fabric of trust

KPMG helped a global, multi-brand apparel company become Sarbanes-Oxley 404(b) compliant and fully integrate security, controls and GRC capabilities into SAP S/4HANA.

A global multi-brand apparel company
Consumer goods and retail
SOX compliance; security, controls and GRC for SAP S/4HANA ERP

Project at a glance

KPMG helped our client move from a nonpublic to public company, achieving Sarbanes-Oxley (SOX) 404(b) compliance in an accelerated timeline. At the same time, our client was in the process of a multiyear transformation enabled by SAP S/4HANA in the cloud to provide a modernized and integrated technology solution. KPMG successfully helped integrate security; controls; and governance, risk management, and compliance (GRC) capabilities into the fabric of this business transformation.

  • Client challenge
  • Key KPMG initiatives
  • Business impact
  • Why KPMG?

Client challenge

Our client is one of the world's largest apparel companies, selling multiple product lines through a combination of chain retailers, department stores, online sites, and its global footprint of retail stores.

Constant innovation and change are dominant forces in the culture of the company that has been making well-known clothing brands for more than a century. Instigating yet another major change when going public required the company to prove that its internal financial controls complied with SOX 404(b) standards.

Around the same time, the company initiated a multiyear transformation of its enterprise resource planning (ERP) system to the latest SAP version, S/4HANA, to modernize and integrate this technology solution for its organization and respective customers. The company’s control environment was spread across a number of legacy SAP and other ERP systems, some in different countries. These systems were all at varying levels of control maturity, creating a need to ensure that security and controls were integrated.

To top off the challenges, all these initiatives were taking place as COVID-19 was restricting workplace and societal interactions.

Key KPMG initiatives

KPMG has been working with this global apparel company for more than a decade, therefore, as they considered going public, the organization also leveraged the capabilities of KPMG as it increased SOX compliance efforts at an accelerated pace.

In addition to the increased SOX efforts, our client gave us the opportunity to help integrate security, controls, and GRC protocols into the fabric of the SAP transformation that was occurring at the same time.

As part of the KPMG role, we helped our client:

  • define a common set of global business and IT controls to further leverage automation within SAP
  • define a global security template that is scalable and complies with SOX requirements, including separation of duties
  • improve manual compliance controls to align with SOX requirements.

Although COVID-19 impacted in-person collaboration efforts, our offshore team handled about half of the work. We also complemented our team with consultants experienced with retail and fashion-specific technology.

Business impact

Successful compliance with SOX 404(b) requirements and the first implementation and integration of new security, controls, and GRC protocols into the SAP S/4HANA system were completed within one year. Our client earned the trust of capital markets and stakeholders by meeting its compliance requirements for going public while at the same time reducing manual controls, increasing automation, and improving security in the new SAP S/4HANA system. The company achieved:

  • successful SOX 404(b) compliance for the first time with no material weaknesses, enhancing shareholder trust
  • an increase in control automation across key financial and IT processes by approximately 25 percent as part of the first phase of SAP S/4HANA global deployment, with plans to further optimize control automation in subsequent releases
  • an efficient and effective SAP security framework and GRC access control solution deployed within S/4HANA that meets SOX compliance requirements.


We are on your side all the way. 

We know our clients.

We enhance client trust by showing that we understand the complexity of each client’s business, industry, technology, people, and culture. With a strong understanding of the level of excellence required, KPMG teams collaborate with clients, bringing the organization along on the transformation journey. We transfer our knowledge and help the organization’s people grow as we go, leaving them with a sustainable solution and set up for future success.

Large, complex enterprises with ambitious process and technology aims need journey advisers with the bench strength and scale to pace with them.

We know that the challenges global organizations face are qualitatively different. As their priorities change, KPMG is built to quickly and flexibly deliver service teams wherever needed and pivot on short notice.

A huge thank-you to the KPMG team for helping us achieve SOX 404(b) compliance and for ensuring that the same level of high internal control standards was implemented during our first release of SAP S/4HANA. I appreciate the KPMG team’s dedication to making 2020 a success and all the hard work the team put in throughout the year. We faced several challenges and tight timelines, and I have nothing but respect for how quickly the team worked together to accomplish so much.
Senior Director, Global SOX Compliance, worldwide apparel company
Duleep Rodrigo

Duleep Rodrigo

National Advisory Leader, Consumer & Retail, KPMG US

+1 949-278-2899
Blake Elder

Blake Elder

Managing Director, Governance, Risk & Compliance, KPMG US

+1 415-963-8994
Justin Fox

Justin Fox

Advisory Managing Director, Internal Audit & Entrprse Risk, KPMG US

+1 503-820-6617