Securing the fabric of trust

Our client is one of the world's largest apparel companies, selling multiple product lines through a combination of chain retailers, department stores, online sites, and its global footprint of retail stores.

Constant innovation and change are dominant forces in the culture of the company that has been making well-known clothing brands for more than a century. Instigating yet another major change when going public required the company to prove that its internal financial controls complied with SOX 404(b) standards.

Around the same time, the company initiated a multiyear transformation of its enterprise resource planning (ERP) system to the latest SAP version, S/4HANA, to modernize and integrate this technology solution for its organization and respective customers. The company’s control environment was spread across a number of legacy SAP and other ERP systems, some in different countries. These systems were all at varying levels of control maturity, creating a need to ensure that security and controls were integrated.

To top off the challenges, all these initiatives were taking place as COVID-19 was restricting workplace and societal interactions.

KPMG has been working with this global apparel company for more than a decade, therefore, as they considered going public, the organization also leveraged the capabilities of KPMG as it increased SOX compliance efforts at an accelerated pace.

In addition to the increased SOX efforts, our client gave us the opportunity to help integrate security, controls, and GRC protocols into the fabric of the SAP transformation that was occurring at the same time.

As part of the KPMG role, we helped our client:

• define a common set of global business and IT controls to further leverage automation within SAP
• define a global security template that is scalable and complies with SOX requirements, including separation of duties
• improve manual compliance controls to align with SOX requirements.

Although COVID-19 impacted in-person collaboration efforts, our offshore team handled about half of the work. We also complemented our team with consultants experienced with retail and fashion-specific technology.

Successful compliance with SOX 404(b) requirements and the first implementation and integration of new security, controls, and GRC protocols into the SAP S/4HANA system were completed within one year. Our client earned the trust of capital markets and stakeholders by meeting its compliance requirements for going public while at the same time reducing manual controls, increasing automation, and improving security in the new SAP S/4HANA system. The company achieved:

• successful SOX 404(b) compliance for the first time with no material weaknesses, enhancing shareholder trust
• an increase in control automation across key financial and IT processes by approximately 25 percent as part of the first phase of SAP S/4HANA global deployment, with plans to further optimize control automation in subsequent releases
• an efficient and effective SAP security framework and GRC access control solution deployed within S/4HANA that meets SOX compliance requirements.

We are on your side all the way. 

We know our clients.

We enhance client trust by showing that we understand the complexity of each client’s business, industry, technology, people, and culture. With a strong understanding of the level of excellence required, KPMG teams collaborate with clients, bringing the organization along on the transformation journey. We transfer our knowledge and help the organization’s people grow as we go, leaving them with a sustainable solution and set up for future success.

Large, complex enterprises with ambitious process and technology aims need journey advisers with the bench strength and scale to pace with them.

We know that the challenges global organizations face are qualitatively different. As their priorities change, KPMG is built to quickly and flexibly deliver service teams wherever needed and pivot on short notice.