Insights

Fresh thinking and actionable insights that address critical issues your organization faces.

Learn more

Resources

Services

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

View all Alliances

Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more
Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

A lock on secure banking

To help the U.S. division of a large global bank protect its data, KPMG responded quickly to test IT security controls and standardize access protocols.

Client

The U.S. division of a large global bank

Sector

Financial services

Project

Security controls testing and identity access management

Client challenge

Facing material weaknesses and regulatory issues, the main U.S. division of a highly decentralized global bank needed help fast. Auditors had identified an immediate need to re-test the IT security controls implemented by a third party to help ensure compliance with Gramm-Leach-Bliley Act (GLBA) and Financial Accounting Standards Board (FASB) regulations.

Acting on the referral of a former client now employed at the bank, KPMG began testing IT security controls within 48 hours of the introduction. Less than three months later, we discovered deficiencies in the installation of a privileged access platform being installed by another third party. We fielded an experienced team to begin on-boarding over 200 identity access applications. Since then, we have been helping four of the bank’s six U.S. divisions with overall project management, governance, identity access, and IT controls testing.

Time was short. The bank had discovered that work done by a staff augmentation company was subpar. Yet, security controls compliance milestones had to be met.

Approach

Though we had not worked with this bank before, a new executive vice president called us in based on our work with him at two previous banks. Because of his recommendation, our insights, and the urgency of the situation, we were asked to provide a statement of work within 24 hours. One day later, we were awarded a sole-source contract and immediately set to work testing security controls.

Time was short. The bank had discovered that the previous nine months of work by a staff augmentation company was subpar. It was now Fall 2017. Certain milestones had to be met by year-end so that the security controls would comply with the GLBA and regulations from the U.S. FASB. Our team worked nonstop through the holidays, testing the controls for compliance and scoping out work to be done for the rest of the year and for the first quarter of 2018 and beyond.

Then, just before the end of the year, we found something that the bank’s internal auditors had missed—the third-party implementation of SailPoint, a software platform for digital identity governance, was incomplete and inaccurate. The bank had made commitments to regulators that 80 of the platform’s 200 applications would be installed by the middle of the following year.

Working quickly over the weekend in late 2017, the head of our SailPoint practice and other specialists in privileged access management talked with the client and put together a team: 

1

To begin onboarding the apps in two of the bank’s six U.S. entities. 

 

2

Ultimately, the client asked KPMG to install the entire platform of more than 200 apps in all six organizations, work that is still ongoing. 

 

3

Recognizing that the other entities in the bank’s global network also need common governance, tools, and processes, we have begun working with the bank to create a managed service for identity and access management, to be operated by KPMG Global Services in India.

Benefits to client

KPMG’s quick response has allowed the bank to:

1

Improve compliance and assure regulators and auditors that effective security controls and identity access measures are in place.

2

Reduce the cost of compliance by processing access through a shared service center.

3

Enhance ease of use by standardizing access protocols across six U.S. entities.

4

Better manage risk and protect data by ensuring that the right people have access to the right application at the right level.

5

Reduce manual testing and ultimately lower the cost of internal audits.

KPMG insights

  • Have a plan and a methodology for proceeding with major system implementations

    We provided a roadmap and checkpoints so that the necessary resources, skill sets, and direction could be determined in advance. 

  • An outsourced managed service can provide innovative, scalable and customized services

    KPMG Global Services leverages the experience and talent of 7,000 professionals with deep risk competencies and broad regulatory, technology, process, and control knowledge. This knowledge can help clients tackle business challenges more effectively and bring about a significant improvement in their performance.

Meet our team

Image of Cynthia Izzo
Cynthia Izzo
Principal and Service Network Leader, Technology Risk Management, KPMG US
Read bio
Image of Cynthia Izzo
Cynthia Izzo
Principal and Service Network Leader, Technology Risk Management, KPMG US
Read bio

Explore more

Service
GRC Technology Services
Read more
Industry
Banking and capital markets
Read more
Alliance
SailPoint
Read more

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2024 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline