Client Story

Smarter technology helps optimize risk decision-making

KPMG in the U.S. helped a foreign bank develop a quantified, strategic approach to technology risk mitigation endeavors.

Luke Nelson

Luke Nelson

Managing Director, Technology Risk Management, KPMG LLP

Mihai Liptak

Mihai Liptak

U.S. Service Co-Lead, Risk Quantification , KPMG LLP

+1 212 954 4342

Client
A large foreign bank
Sector
Financial services
Project
Tech risk intelligence
  • Client challenge
  • Approach
  • Benefits to client
  • Why KPMG

Client challenge

For a large foreign banking organization that deals with complex transactions, protecting sensitive data and other enterprise and customer assets is paramount to serving its markets and competing in international finance. However, the processes the organization used to gather and aggregate data and calculate enterprise-wide technology risks were disparate and difficult to industrialize.

The organization wanted to reduce the most risk for the least dollars. But technology risk is an uncertain world. Without strong data-driven insights, the organization had only a general understanding of its technology risk exposure and could not determine which risk mitigation investments would deliver the greatest returns.

Approach

Leveraging KPMG Tech Risk Intelligence, a robust risk quantification tool, KPMG technology risk professionals helped the organization leverage deeper risk analysis, improve risk decision-making, and optimize risk reduction activities.

One component of the tool ingested historical financial data, publicly reported financial information, and relevant risk and control metrics to quantify the organization’s technology risk exposure. The results were fed into dashboards, helping the organization assess which technology risks posed the greatest financial threats.

Another component of the tool simulated the impact of investments in risk and control activities, helping the client address risks more strategically based on expected funding and returns.

Working with the client, the KPMG team piloted the tool on a specific business unit. By aggregating the relevant data, the KPMG team saw that the business unit was already mitigating 55.3 percent of its technology risk by simply executing its control portfolio and processes for risk reduction. However, that left an additional 44.7 percent in residual technology risk exposure.

Leveraging the KPMG Tech Risk Intelligence tool, additional risk and control activities were prioritized through the tool’s optimization engine by simulating over 100,000 risk reduction scenarios and their financially backed risk decisions. If undertaken by the business unit, the priority activities would reduce the most risk for the least investment.

Benefits to client

Based on these initial results, the organization was able to further develop its risk quantification capability, which will enable it to consistently prioritize and optimize its risk reduction investments and improve future enterprise-wide risk decision-making.

  • The client can now quantify its technology risk exposure.
  • Dashboards help the organization assess which technology risks posed the greatest financial threats.
  • The impact of investments in risk and control activities can help the client address risks more strategically based on expected funding and returns.

After the additional risk and control activities were prioritized through the KPMG Tech Risk Intelligence tool optimization engine during the business unit pilot, benefits demonstrated were:

  • technology risk mitigated by existing controls and processes: 55.3 percent
  • residual technology risk: 44.7 percent
  • investment in existing processes and controls: ~$3.98 million
  • technology risk mitigated by investment ~$13.62 million
  • risk reduction return: 242 percent.

Why KPMG

In data-sensitive sectors, proven risk quantification capabilities are critical

KPMG used its Tech Risk Intelligence quantification tool to prioritize our client’s investment decisions based on the best risk/return. But the key is that they are now set up to further develop their own risk quantification capabilities, consistently prioritize and optimize risk reduction investments, and improve future enterprise-wide risk decision-making.

Large, complex enterprises, with ambitious process and technology aims, need journey advisers with the bench strength and scale to pace with them.

KPMG is built to quickly and flexibly deliver service teams and advice to support them, wherever needed.

Engaging the KPMG Tech Risk Intelligence platform and team allowed us to prioritize our investment decisions based on the best risk/return.
U.S. technology risk leader for a large foreign banking organization

Related content

KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, some services described herein may not be available to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.