- Client challenge
- Benefits to client
- Why KPMG
For a large foreign banking organization that deals with complex transactions, protecting sensitive data and other enterprise and customer assets is paramount to serving its markets and competing in international finance. However, the processes the organization used to gather and aggregate data and calculate enterprise-wide technology risks were disparate and difficult to industrialize.
The organization wanted to reduce the most risk for the least dollars. But technology risk is an uncertain world. Without strong data-driven insights, the organization had only a general understanding of its technology risk exposure and could not determine which risk mitigation investments would deliver the greatest returns.
Leveraging KPMG Tech Risk Intelligence, a robust risk quantification tool, KPMG technology risk professionals helped the organization leverage deeper risk analysis, improve risk decision-making, and optimize risk reduction activities.
One component of the tool ingested historical financial data, publicly reported financial information, and relevant risk and control metrics to quantify the organization’s technology risk exposure. The results were fed into dashboards, helping the organization assess which technology risks posed the greatest financial threats.
Another component of the tool simulated the impact of investments in risk and control activities, helping the client address risks more strategically based on expected funding and returns.
Working with the client, the KPMG team piloted the tool on a specific business unit. By aggregating the relevant data, the KPMG team saw that the business unit was already mitigating 55.3 percent of its technology risk by simply executing its control portfolio and processes for risk reduction. However, that left an additional 44.7 percent in residual technology risk exposure.
Leveraging the KPMG Tech Risk Intelligence tool, additional risk and control activities were prioritized through the tool’s optimization engine by simulating over 100,000 risk reduction scenarios and their financially backed risk decisions. If undertaken by the business unit, the priority activities would reduce the most risk for the least investment.
Benefits to client
Based on these initial results, the organization was able to further develop its risk quantification capability, which will enable it to consistently prioritize and optimize its risk reduction investments and improve future enterprise-wide risk decision-making.
- The client can now quantify its technology risk exposure.
- Dashboards help the organization assess which technology risks posed the greatest financial threats.
- The impact of investments in risk and control activities can help the client address risks more strategically based on expected funding and returns.
After the additional risk and control activities were prioritized through the KPMG Tech Risk Intelligence tool optimization engine during the business unit pilot, benefits demonstrated were:
- technology risk mitigated by existing controls and processes: 55.3 percent
- residual technology risk: 44.7 percent
- investment in existing processes and controls: ~$3.98 million
- technology risk mitigated by investment ~$13.62 million
- risk reduction return: 242 percent.
In data-sensitive sectors, proven risk quantification capabilities are critical
KPMG used its Tech Risk Intelligence quantification tool to prioritize our client’s investment decisions based on the best risk/return. But the key is that they are now set up to further develop their own risk quantification capabilities, consistently prioritize and optimize risk reduction investments, and improve future enterprise-wide risk decision-making.
Large, complex enterprises, with ambitious process and technology aims, need journey advisers with the bench strength and scale to pace with them.
KPMG is built to quickly and flexibly deliver service teams and advice to support them, wherever needed.