The combination of business and technology owners working in collaboration is a long-standing form of shared responsibility. Modern ERP has expanded and added complexity to that shared responsibility model. In this podcast, Nick Wozny and Tim Murphy, managing directors in the GRC Technology Services group of the KPMG Risk Assurance practice, discuss how to implement and sustain effective controls while increasing dependence on third-party relationships.
Discussion topics include:
- common misperceptions of risk control ownership when business processes reside in the cloud
- how governance models need to change to better address third-party responsibilities
- possible gaps in the design of controls that can expose new risks
- examples of real-life pitfalls in the expanded shared responsibility model.