Client Story

Anticipating risk, from any direction

KPMG helped a renowned research hospital with leading-practice data security and SoD governance for its Workday HCM solution.

Sai Gadia

Sai Gadia

Partner, KPMG LLP

+1 612-305-5087

A global patient care and medical research leader
Workday HCM and security configuration
  • Client challenge
  • Benefits to client
  • Approach
  • Why KPMG

Client challenge

Protecting a world leader in patient care and medical research from financial, regulatory, and reputational risk is a nonstop, evolving endeavor. The hospital’s leadership wanted to protect its transactions and data from threats, and asked KPMG to help design a Security and Segregation of Duties (SoD) framework.

KPMG helped the organization design a leading practice, risk-aware Human Resources (HR) operating model, embedded in its system, policies, and procedures—all powered by the Workday cloud technology. As a result, leadership has balanced the divergent tasks of employee enablement with balancing transactions and personal data. Nearly 16,000 employees have new transaction support tools. And a strong HR organization has grown even stronger—prepared for risk, from whatever direction it arrives.

Benefits to client

With the help of KPMG, the medical facility and its teams are now equipped with a security framework that respects immediate return-on-investment considerations, and supports future-forward risk-awareness. Specific benefits include:

  • a leading-practice Security and SoD governance model in place, which balances employee enablement with a strong security and control environment
  • reduction in financial, regulatory, and reputational risk exposure, through identification and remediation of SoD conflicts in key HR areas of administration, payroll, core HR, and benefits prior to going live on Workday
  • an HR organization equipped for Workday Human Capital Management solution enhancements (as part of future releases), through training, knowledge-transfer, and skills development
  • elevated and expanded security awareness at the leadership level, to include strategic considerations of both short- and long-term privacy, reputation, regulatory, and financial risk.


KPMG built on our client’s existing cloud experience, helping put into place a leading-practice SoD model within Workday’s Human Capital Management solution. KPMG:

  • advised the hospital on the security and controls of Workday’s Human Capital Management cloud solution in order to align it with the current organizational structure, business processes, and regulatory requirements
  • used our proprietary Workday Security and SoD Analyzer tool to conduct a detailed gap assessment of SoD conflicts—in wide-ranging HR processes (e.g., hire-to-retire), role definitions, and application access
  • delivered Workday training workshops for hospital employees overseeing security, change management, and incident management controls prior to Workday go-live
  • advised the client about data security including the security over personally identifiable information stored within Workday.


Clients value specialized tools like our proprietary Workday Security and SoD Analyzer

Our solution is part of our ongoing commitment to bring the full breadth of KPMG to bear on specific client challenges, combining skill sets and insight from deep experience in Workday, cloud security, business process, and information technology risks.

We help clients build security and controls awareness into system-implementation efforts

We take a holistic approach, helping clients consider security and controls opportunities as they upgrade technology or business processes, incorporating security and controls leading practices, and using our specific skill sets to help organizations transition to new behaviors and mindsets.

Clients need trusted advisors who deeply understand their chosen technology solution

KPMG uses our technology alliance with Workday to deliver immediate, specialized insight and help clients best leverage their technology investments. In this case, our client benefited from our strong understanding of Workday’s distinctive and sophisticated security capabilities.

Our proprietary Workday Security and SoD Analyzer tool provided this client with a detailed gap assessment of SoD conflicts.