This technology solution provider’s approach to mobile platform and application development was lacking risk management, governance, enterprise standards, processes and controls. KPMG was engaged to develop an operating model that would exploit Agile development’s continuous improvement and speed to product delivery capabilities, while simultaneously ensuring adherence to standards, controls and security requirements.
The new KPMG-led mobile platform and application implementation has enabled increased transparency, trust, and confidence in the security of its products through the standardization of key development components. It's also improved traceability through product backlog management, increased the development team’s security awareness and aptitude to respond to vendor audits, and standardized security analysis by embedding security by design throughout the Agile development process.
Given the breadth and depth of this engagement, KPMG leveraged the expertise and capabilities of an integrated team of professionals from its Experience Design and Engineering, Technology Management Risk Services, Cyber, and Security groups.
We assessed the current environment, provided delivery-focused guidance to help improve the product build and development stage, and developed a roadmap for implementation of leading Agile and Scrum practices, mandatory process controls, and an optimized risk-management process. We also embedded risk and threat modeling to improve product sustainability and accelerate identification of vulnerabilities.
By building security by design into the DNA of product development, you'll be able to reduce ever-increasing cyber security–related expenses.
Integrating the best components of Agile development with auditability, reliability, standards and controls requirements isn’t only possible; it’s critical in today’s increasingly competitive and risk-filled environment.
KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, some services described herein may not be available to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.