Client Story

Anticipating risk, from any direction

KPMG helped a renowned research hospital with leading-practice data security and SoD governance for its Workday HCM solution.

Sailesh Gadia

Sailesh Gadia

Partner, Advisory, Cyber Security Services, KPMG US

+1 612-305-5087

Client
A global patient care and medical research leader
Sector
Healthcare
Project
Workday HCM and security configuration
  • Client challenge
  • Benefits to client
  • Approach
  • Why KPMG

Client challenge

Protecting a world leader in patient care and medical research from financial, regulatory, and reputational risk is a nonstop, evolving endeavor. The hospital’s leadership wanted to protect its transactions and data from threats, and asked KPMG to help design a Security and Segregation of Duties (SoD) framework.

KPMG helped the organization design a leading practice, risk-aware Human Resources (HR) operating model, embedded in its system, policies, and procedures—all powered by the Workday cloud technology. As a result, leadership has balanced the divergent tasks of employee enablement with balancing transactions and personal data. Nearly 16,000 employees have new transaction support tools. And a strong HR organization has grown even stronger—prepared for risk, from whatever direction it arrives.

Benefits to client

With the help of KPMG, the medical facility and its teams are now equipped with a security framework that respects immediate return-on-investment considerations, and supports future-forward risk-awareness. Specific benefits include:

  • a leading-practice Security and SoD governance model in place, which balances employee enablement with a strong security and control environment
  • reduction in financial, regulatory, and reputational risk exposure, through identification and remediation of SoD conflicts in key HR areas of administration, payroll, core HR, and benefits prior to going live on Workday
  • an HR organization equipped for Workday Human Capital Management solution enhancements (as part of future releases), through training, knowledge-transfer, and skills development
  • elevated and expanded security awareness at the leadership level, to include strategic considerations of both short- and long-term privacy, reputation, regulatory, and financial risk.

Approach

KPMG built on our client’s existing cloud experience, helping put into place a leading-practice SoD model within Workday’s Human Capital Management solution. KPMG:

  • advised the hospital on the security and controls of Workday’s Human Capital Management cloud solution in order to align it with the current organizational structure, business processes, and regulatory requirements
  • used our proprietary Workday Security and SoD Analyzer tool to conduct a detailed gap assessment of SoD conflicts—in wide-ranging HR processes (e.g., hire-to-retire), role definitions, and application access
  • delivered Workday training workshops for hospital employees overseeing security, change management, and incident management controls prior to Workday go-live
  • advised the client about data security including the security over personally identifiable information stored within Workday.

Why KPMG

Clients value specialized tools like our proprietary Workday Security and SoD Analyzer

Our solution is part of our ongoing commitment to bring the full breadth of KPMG to bear on specific client challenges, combining skill sets and insight from deep experience in Workday, cloud security, business process, and information technology risks.

We help clients build security and controls awareness into system-implementation efforts

We take a holistic approach, helping clients consider security and controls opportunities as they upgrade technology or business processes, incorporating security and controls leading practices, and using our specific skill sets to help organizations transition to new behaviors and mindsets.

Clients need trusted advisors who deeply understand their chosen technology solution

KPMG uses our technology alliance with Workday to deliver immediate, specialized insight and help clients best leverage their technology investments. In this case, our client benefited from our strong understanding of Workday’s distinctive and sophisticated security capabilities.

Our proprietary Workday Security and SoD Analyzer tool provided this client with a detailed gap assessment of SoD conflicts.

Related content

KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, some services described herein may not be available to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.