kpmg ema cacm survey (2012)

© 2012 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International.

Continuous auditing and continuous

monitoring: The current status and

the road ahead

KPMG’s EMA region survey

December 2012

2 | Continuous auditing and continuous monitoring: The current status and the road ahead


Introduction 4

Executive Summary 5

About the survey 6

Are the potential benefits of CA/CM well understood? 8

Which processes benefit most from CA/CM? 10

Who are the initiators and beneficiaries? 12

Current and future state of adoption 14

Barriers to adoption 16

Past and future investments 18

Do technology and tooling provide adequate support? 20

How KPMG can help 22

Contacts 23

Contents

Continuous auditing and continuous monitoring: The current status and the road ahead | 3




Introduction

In general, CA/CM seeks to add value by improving compliance and supporting business goals. From a technology perspective, CA/CM enables a high degree of automation to monitor systems and data, and implements closed-loop mechanisms for any exceptions detected. As a monitoring mechanism, CA/CM helps to detect irregularities in system configurations, processes and data, either from a risk or a performance perspective. Potential benefits of CA/CM include:

• Enhanced and more timely oversight of compliance across the enterprise;

• Improved efficiency and effectiveness of the control environment through automation, leading to cost-reduction opportunities;

• Business improvement through reduced errors and improved error remediation, allowing reallocation of resources to value-adding activities;

• The ability to report more comprehensively on compliance with internal and regulatory requirements.

The purpose of this document is to summarise the results of a survey conducted in 2012 across Europe, the Middle East and Africa. It explores the potential benefits of employing

CA/CM in the current economic climate and gauges how advanced their implementation is. The target group consisted primarily of company officials whose daily activities are currently supported by CA/CM- related tools, or officials who hold functions in which CA/CM may play an important role in the future. Examples of these types of functions are boards of directors, finance, operational/line management, internal control and internal audit.

A word of thanksWe would like to thank all the different parties involved in this paper. We would especially like to thank all the participants in this survey, whose valuable insight into the current and future status of CA/CM within their organisations forms the basis of this white paper. Special thanks are also due to Koen Rombauts, Bert Scherrenburg, Barbara Legg, Maurice op het Veld and Peter Paul Brouwers, all from KPMG the Netherlands, for conducting the survey and drafting this white paper.

Defining CA and CM

Continuous auditing (CA) is the collection of audit evidence and indicators by either the external auditor or the internal auditor in information technology (IT) systems, processes, transactions and controls on a frequent or continuous basis throughout a period.

Continuous monitoring (CM) is a feedback mechanism used by management to ensure that controls operate as designed and that transactions are processed as described. This monitoring method is the responsibility of management and can form an important component of the internal control structure. Definitions taken from KPMG LLP’s Continuous Auditing and Continuous Monitoring: Transforming Internal Audit and Management Monitoring to Create Value, 2008

New board and regulatory pressures, cost and efficiency considerations and the emergence of new business risks are helping to change the scope of risk and performance management. In this shifting scope, continuous auditing (‘CA’) and continuous monitoring (‘CM’) will have an increasing role to play.



Executive Summary

CA/CM is winning ground within organisations that aim for continuous control and continuous performance. The level of awareness, the increasing availability of tools and the aim for greater efficiency in assurance are important drivers for further investigation into what CA/CM can bring to the organisation.

This report summarises the outcome of a survey which examined the awareness about and the current and future status of CA/CM across Europe, the Middle East and Africa. The key observations are:

• Respondents do understand the benefits of CA and CM. They realise that CA aims to bring comprehensive assurance with greater coverage across the organisation (89% of the respondents). Many believe CA will also facilitate real-time operational assurance (81%) and a reduced burden for line management (74%). CM is set up to detect and correct process irregularities and helps to identify process improvements (90%);

Page 8

• CA/CM is considered to be most valuable in scenarios where processes are repetitive and susceptible to risk e.g. financial management reporting (82%). These processes are often transaction-based supported by applications with structured data;

Page 10

• Eighty five percent of the respondents stated that the

internal auditors introduced CA/CM into the organisation and that they are also seen as its main beneficiary (87%). Operational/ line management is not often the initiator (59%) of CA/CM but certainly enjoys its benefits (87%);

Page 12

• The current state of adoption is low. Only 9% of respondents have both CA and CM embedded across their organisation. However, a remarkable 83% have at least considered implementing CA/CM;

Page 14

• Respondents consider the limited insight into the CA/CM tooling available on the market as the largest barrier to the adoption of CA/CM (69%). It is not always clear what suitable CA/CM tooling should consist of;

Page 16

• Organisations are changing position from just being interested in CA/CM to actually investing in CA/CM-related projects. In the next two years, the percentage of organisations that are not investing in CA/CM will decline from 37% to 19%, while 62% expect to commence projects valued at up to €250,000.

Page 18

KPMG’s vision

Organisations should realise that effective implementation of CA/CM can take time and effort. A variety of challenges can be expected along the way. No matter how they choose to launch the effort, organisations should look to define the desired end-state for their CA/CM efforts.

Organisations should understand that CA/CM is not only about implementing tooling, it is a change in the way of working where you have to redefine your objectives, roles and responsibilities and the way to handle the outcome. Moreover, implementing CA/CM is about understanding the extent to which CA/CM can transform processes, risk and controls, technology, and people in an integrated way. When implementing CA/CM, organisations typically follow several stages of maturity, starting with the introduction of data analytics techniques to support existing manual procedures. Depending on the drivers behind CA/CM, the end state may be CA/CM systems that are fully embedded and used throughout organisations.

Together, CA and CM provide insight and transparency for continuous control and performance improvement. Therefore CA and CM must be perceived as long-term, systematic approaches rather than short-term measures.

Based on our practical experiences with supporting the implementation of several CA/CM frameworks we at KPMG strongly believe that this will definitely be a way forward to create greater transparency in an efficient and sustainable way.


About the survey


Within these regions, the respondents were from the 32 following countries:

Western Europe Eastern Europe Middle East Africa

- Andorra- Austria- Belgium- Finland- France- Germany- Italy- Luxembourg- The Netherlands- Norway- Portugal- Spain- Switzerland- United Kingdom

- Bulgaria- Greece- Hungary- Moldova- Poland- Romania- Slovakia- Turkey

- Bahrain- India- Qatar- Saudi Arabia- United Arab Emirates- Yemen

- Guinea-Bissau- Kenya- Nigeria- South Africa

Western Europe

Eastern Europe incl Turkey

Middle East

Africa

68%

4%4%

24%

Survey questions included the following:• What are the benefits of CA/CM?• Who are the initiators of CA/CM

and who benefits most?• How much capital needs to be

invested? • What are the barriers to adoption?• What future does CA/CM have?

Representation of regions and countriesMost of the respondents by far were from Western Europe (68%) and Eastern Europe including Turkey (24%). Nevertheless, respondents from the Middle East and Africa (both 4%) are also included in the survey results.

Analysis of the survey results showed that there are not many significant differences between the various regions. As a result of this, the outcome of the survey and analysis as included in this white paper represents the whole EMA region.

The KPMG online survey was rolled out across the EMA region (Europe, Middle East, and Africa) in 2012 and contains responses from 718 individuals. The respondents are primarily from internal audit as well as from boards of directors, CFOs, operational/line management, finance and risk management professionals.



Less than € 50 million€ 50 million - € 250 million€ 250 million - € 1 billionGreater than € 1 billion

36%

24%

21%

19%

Financial services Industrial markets Infrastructure, government, healthConsumer markets Technology, media, telecoms

29%

26%

20%

15%

10%

First line Second line Third line

37%

13%

50%

Size of organisations responding to the surveyThirty six percent of respondents were from organisations with a turnover exceeding €1 billion and 24% from organisations with a turnover ranging between €250 million and €1 billion.

Cross section of sectorsThe respondents represented a cross section of industry sectors, including: financial services (29%), industrial markets (26%), infrastructure, government and health (20%), consumer markets (15%), and technology, media, telecoms (10%).

Representation of lines of defence Of the respondents, 37% were from the first line of defence (boards of directors, CEO, CFO, finance, operational/line management, IT); 13% were from the second line of defence (risk management, internal control and compliance); 50% of the respondents were from internal audit (third line of defence).

Business owners: first line of defence

Compliance regulators: second line of defence

Assurance providers: third line of defence

Business owners have risk content ownership. They are responsible for identifying and managing risks incurred over the course of daily business. Such risks can be operational in nature or may be associated with finance and compliance. The risks may represent discrete events rather than ongoing exposure. In addition to complying with risk-management policies, business owners are expected to identify and assess emerging exposure.

Standard setters own risk processes and specific monitoring responsibilities. They establish policies and procedures handling risk; provide guidance and coordination among all stakeholders; identify enterprise trends, synergies, and opportunities for a change; and operationalize new events. In addition to facilitating critical liaison betweenbusiness owners and assurance providers, standard setters provide oversight within specific risk areas (such as credit), and in terms of specific enterprise objectives(such as compliance).

Assurance providers ensure that the company is achieving business objectives, mitigating and managing risks, and optimizing risk management process effectiveness. Internal Audit often serves as the primary assurance provider in the third line of defense for many companies. Assurance providers are responsible for setting standards for risk management, ensuring that these are well understood, broadly embraced, and adequate for the company’s needs. Assurance providers liaise with senior management or the corporate board to enable visibility into enterprise risk management activities.

Source: KPMG.com – Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness and efficiency.



CA is designed to result in comprehensive assurance with greater coverage across the organisation. CM detects and corrects process irregularities and helps implement process improvements. Many believe CA will also facilitate real-time operational assurance and reduce the burden for line management.

Based on the survey:Respondents do understand the benefits of CA and CM. They realise that CA provides more assurance with greater coverage and depth and that it enables real-time operational assurance. However, organisations are less likely to take into consideration that CA can also lower costs. This

Are the potential benefits of CA/CM well understood?


Provides more assurance with greater coverage and depth

Enables real-time operational assurance to be obtained regarding business processes/activities

Reduces burden for line management to facilitate audit activities (e.g. no or limited interviews, walkthroughs etc.)

Reduces internal audit costs

Reduces external audit costs

CA is not/will not be adopted, so this question is not relevant for my organisation

Main drivers of CA adoption for an organisation

89%

81%

74%

56%

53%

41%

Enables identification of process irregularities and implementation of process improvements on a continuous basis

Improves transparency/reporting requirements from board/management

Transfers the responsibility regarding detecting and correcting of irregularities to the business processes itself

Complies with applicable legislation and regulations (e.g. anti-bribery, export controls)

Reduces compliance costs

Achieves competitive advantages

Main drivers of CM adoption for an organisation

indicates a short-term perception that relatively high up-front investments are needed while the long-term benefits of CA are not yet fully understood. Overall, the survey results reflect that respondents understand what CM can bring to the organisation i.e. it enables identification of process irregularities

on a continuous basis. Moreover, it transfers the responsibility regarding detecting and correcting irregularities onto the business itself. However, only 64% of respondents believed that CM will result in the organisation achieving competitive advantages.

90%

84%

84%

78%

69%

64%

Clearly, many organisations are aware of the drivers of CA/CM. However, understanding the benefits of CA/CM alone cannot drive it forward. Strategic drivers include the pressure to strengthen governance, enhance performance and accountability and the ability to improve visibility over global operations. Operational drivers include the occurrence or risk of fraud and misconduct and process improvement through the identification of irregularities on a continuous basis. External drivers include the expanding regulatory and risk environment, scrutiny from rating agencies, and an uncertain economic environment.

Since CA/CM does not always necessarily result in immediate and direct operational/strategic results, organisations find it hard to appreciate the competitive advantage of CA/CM.

KPMG analysis

PastAssurance mainly

delivered by internal audit

Current/futureHigher level of management

assurance via effective internal control framework

No surprises

Managementassessment(1st line of defence)

Managementassessment(1st line of defence)

Internal control / Risk management(2nd line of defence)

Internal control / Risk management(2nd line of defence)

Internal audit (3rd line of defence) Internal audit (3rd line of defence)

• Basedonrealfacts• Lessmanualinterpretation/

intervention• Flexiblereporting(overview & detailed reporting)

• Automaticof(data)analysis• Re-usablebyinternal/external

audit• Reducingmanualprocedures

• Realtimeinsights• Highlevelofdetail• Lesshuman interpretation

&

Increased transparency

Reducing cost of compliance






Typically, CA/CM is most valuable in scenarios where processes are repetitive and susceptible to risk (e.g. financial management reporting). These processes are often transaction-based supported by applications that run on structured data.

Which processes benefit most from CA/CM?

Based on the survey:In the first place most respondents believe that CA/CM is best suited to support processes such as ‘Financial management reporting’ and ‘Treasury and cash management’.

82%

Financial management reporting

Treasury and cash management

Purchase to payment

IT management

Sales order to cash receipt

HR/payroll

Travel and expenses

Fixed asset management

Inventory

Industry-specific processes (retail, insurance, telecoms, production)

Other

Processes that benefit most from CA and CM

80%

82%

77%

72%

71%

66%

65%

62%

61%

59%

4%

KPMG analysis

On the whole, CA/CM helps to foster a culture focussed on efficiency. For example, organisations can use CM to help align components of the procure-to-pay cycle so vendors are not paid too early but in line with the terms of the contract. CM enables an organisation to evaluate the date of purchase, the due date of the invoice and the date of payment. Automating manual processes to detect issues early and prevent escalation can save retrospective remediation costs.

Obviously, preventing errors from occurring improves the overall business process efficiency as well.

Typically, areas that tend to have the greatest return on investment (ROI) in an initial CA/CM implementation include: • Manual journal entries;• Time and expense;• Purchase to pay;• Purchasing cards (P-cards);• Order to cash;• Inventory management.

CA/CM can add most value to organisations where processes are repetitive and susceptible to risk. It can improve the organisation’s risk management and control activities. For example, internal audit’s approach to audit planning tends to be largely risk-based. Expanding this approach to include CA can enhance internal audit’s coverage, regardless of how much risk is expected in those additional areas. CM can also help to allocate risk-management resources effectively.






Internal Audit, supported by the CFO, often introduces CA/CM within the organisation and is also seen as its main beneficiary. Operational/line management is not often the initiator of CA/CM but does enjoy its benefits.

Who are the initiators and beneficiaries?

Based on the survey:Overall, the survey shows that functions across the organisation gain value from CA/CM – even if they are not the initiators. Internal audit is

considered both the main initiator and also the main beneficiary of CA/CM. Many respondents also believe that the CFO or the finance department are initiators. Once presented with

a strong business case, operational/line management and the board of directors tend to be easily convinced of the benefits of CA/CM.

Internal audit

CFO/Finance

Internal control

Risk management

Compliance

Board of directors

IT

Legal

Other

Initiators and beneficiaries of CA and CM

85%

69%87%

87%

87%

68%

82%

67%81%

59%77%

59%

59%

56%83%

55%69%

39%

4%2%

Operational/line management

Initiators of CA and CM Beneficiaries of CA and CM

KPMG analysis

Internal audit often triggers CA/CM initiatives because it has experience with data analytics from a control testing perspective and CA constitutes the next logical step. Operational/line management is not often the first initiator of CA/CM but does benefit from it. This may be due to the fact that operational/line management does

not solely act from a risk perspective – it is primarily responsible for the organisation’s core business processes. However, operational/line management realises that its responsibilities extend further and include internal controls, which are often closely linked to CA/CM.





Adoption continues to be low despite awareness around the benefits of CA/CM. The main reason is that organisations find it difficult to quantify the benefits of CA/CM which are needed to justify the business case for its implementation. As a result organisations are taking small steps in embedding CA/CM, for example by experimenting with tools on pilot projects.

Current and future state of adoption

Based on the survey:The current state of adoption is low. A remarkable 17% of respondents have never considered implementing CA/CM and 14% have only considered it but have not yet taken any action. Only 10% of respondents are running pilots on either CA or CM and another 12% are actually implementing CA or CM. A mere 16% of the respondents

What is the current status of CA/CM within the organisation

indicated they have already embedded CA within their internal audit function but only 9% have both CA and CM embedded across their respective organisations.

The number of organisations with CA/CM fully embedded is likely to rise slightly in the very near future however. A quarter of respondents revealed that

they plan to investigate the added value of CA/CM to their organisations. The number of organisations running pilots remains stable, but the survey shows that the number of organisations planning to embed both CA and CM in the next two years is expected to increase significantly (from 9% today to 23% two years from now).

CA and CM are embedded across the organisation and integrated operationally

CM is embedded within line management responsibilities

CA is embedded within internal audit

Currently implementing CA and/or CM

CA and/or CM pilot is currently being run

Currently busy drawing up business case and/or obtaining budget for CM

Have considered, but not yet taken any action

Have not considered CA or CM / don’t know

9%

12%

16%

12%

10%

10%

14%

17%

Where organisations would like to be in two years time with respect to CA and CM

CA and CM are embedded across the organisation

CM is embedded in monitoring activities of line management

CA is embedded in internal audit

Pilot project(s) underway in various parts of the organisation

Business case is completed and budget is obtained

An investigation is conducted into the added value of CA/CM for our organisation

Will not consider CA/CM

23%

10%

15%

8%

4%

25%

15%


KPMG analysis

Although organisations do realise the benefits of CA/CM, there is still some reluctance to fully adopt either CA or CM. However, with the need for continued risk assurance growing, this is likely to improve and more businesses can be expected to invest in CA/CM in the near future. Like any transformation process, the adoption and implementation of CA/CM will take time and effort.

The first step towards adoption is to build a business case to secure support from senior management and to outline the objectives, scope, expected costs and projected benefits of CA/CM. Starting on a small scale allows management or internal audit to

test the CA/CM concept first. The next step is to draw up a road map to be able to fully achieve the objectives of the CA/CM implementation.

Before significant resources are allocated to monitoring controls and transactions, management will need to consider whether the existing controls are the most effective to be able to address the underlying risks. In addition, management should give careful consideration to what should be measured, where the necessary data resides, and the quality of the data.

Simply ‘switching on’ rules that may exist within a standard technology tool without refining them could result in an

unmanageable number of ‘exceptions’ or ‘false positives’ requiring attention, in turn resulting in increased inefficiencies as well as a false sense of assurance. Similarly, ‘switching on’ poorly designed rules may also result in a false sense of assurance.





Limited insight and understanding of available technology tools is the largest barrier for organisations to tackle when considering CA/CM. This is caused by a lack of clarity about what kind of functionality CA/CM tooling actually consists of.

Barriers to adoption


Based on the survey:The key barrier for an organisation to adopt CA/CM is limited insight into the availability of suitable CA/CM tools. 75% of respondents are using IT tools, with only 13% of them using business intelligence dashboards and

Barriers to CA and CM adoption

Limited insight in availability of proper CA/CM tools

Organisation is not familiar with or does not understand the possibilities of CA/CM sufficiently

Lack of knowledge and experience regarding data analysis and/or continuous maintenance of tooling

Lack of staff to support CA/CM implementation

Limited commitment and/or awareness at board and senior management level

Limited suitability of IT infrastructure to apply CA/CM

Business case, including budget, has not been finalised and approved

Limited suitability to apply CA/CM in your type of organisation

69%

65%

64%

63%

55%

46%

45%

38%

10% using dedicated CA/CM tools. Unfamilarity and lack of knowledge or experience also ranked high amongst the responses. Lack of staff and limited commitment or awareness at a senior level within an organisation were also mentioned.

KPMG analysis

CA/CM is partly a technology solution and this obviously requires expert knowledge. At the same time there appears to be uncertainty about what functionality CA/CM tooling actually provides. From a KPMG perspective, CA/CM functionality includes at least: data extraction (from source systems), data analysis, case management (to make exceptions actionable) and reporting (e.g. via dashboards). Organisations should take steps to increase their knowledge and become more familiar with the concepts of CA/CM in order to overcome specific barriers to the implementation of CA/CM. There can also be resistance

to change and the focus on communication throughout the process is key to overcome this. Other barriers may include a highly scattered and diverse IT landscape and inferior quality source data, lack of internal resources and skills to manage CA/CM, or a lack of resources to implement CA/CM tools. If these risks can be mitigated, a successful implementation of CA/CM will generally translate into reduced reporting costs, enhanced governance, risk mitigation and compliance outcomes, financial and non-financial ROI, as well as increased detection and prevention of fraud.





The number of organisations with embedded CA/CM is likely to grow gradually. CA/CM will evolve naturally, from starting on a small scale to a mature capability.

Past and future investments


Based on the survey:The potential benefits of CA/CM are widely understood, yet a gap between understanding CA/CM and the willingness to invest in it continues to exist. Only a few companies have implemented CA/CM so far. The survey shows that organisations are gradually changing position from just being interested in CA/CM to actually investing in CA/CM-related projects. The number of organisations

€ 0 (no investment)Less than € 100,000€ 100,000 - € 250,000

€ 250,000 - € 500,000€ 500,000 - € 1 milliongreater than € 1 million

37%

37%

7% 7%

7%

10%

3%19%

16%

8%

4%

46%

Investment in CA/CM over the last two years

€ 0 (no investment)Less than € 100,000€ 100,000 - € 250,000

€ 250,000 - € 500,000€ 500,000 - € 1 milliongreater than € 1 million

37%

37%

7% 7%

7%

10%

3%19%

16%

8%

4%

46%

Investment in CA/CM in the next two years

surveyed that are not investing in CA/CM will decline by almost 50% over the next two years (from 37% to 19%), while 46% expect to start small projects and invest up to €100,000 in this period. However, the survey also shows that organisations are reluctant to commit to high investments – the number of companies investing more than €250,000 will remain quite stable and below 20%.

KPMG analysis

Organisations are eager to learn but shy away from high up-front investments. This sentiment can be attributed to various factors. Driven by limited discretionary spending and the need for heightened accountability, management must focus on achieving healthy ROIs while also lowering exposure to risk. Consequently, CA/CM must be allowed to evolve naturally, from starting small to a mature capability. Nevertheless, organisations should be able to fit investments within

budgets on a sustainable basis and start by composing a business case.

Furthermore, CA/CM tools are still at a stage of development. Many organisations are waiting for enhanced tools before they consider adoption. However, growing interest in CA/CM is increasingly prompting organisations to test CA/CM through pilot projects.

Some companies have successfully managed the cost challenges

associated with CA/CM by integrating these into wider project budgets. For companies looking to implement CA/CM, pilots can deliver results quickly and potentially help CA/CM to become auto-financing. An investment in CA/CM fits in well in the context of a larger business intelligence initiative where CA/CM can provide critical business decision-making capabilities. In most other cases, an incremental approach based on an ROI analysis may be more appropriate.





Advances in technology have paved the way for increased use of CA/CM. It is of course vital to opt for technology and tools that are suitable for an organisation’s needs.

Do technology and tooling provide adequate support?

Based on the survey:Many organisations have started to experiment with technology and standard tooling. As for technology, 75% are using IT, with one-third using office automation or standard auditing tools. Only 13% use advanced business intelligence (BI) dashboards,

while 11% use dedicated CA/CM tools from suppliers such as SAP GRC, BWise, Approva, Oversight or Aptean (EMF). In the area of tooling usage, internal audit (78%), finance (63%), internal control (59%) and operational/line management (56%) are using CA/CM tools.

Internal audit

Finance

Internal control

Operational/line management

Risk management

IT

Compliance

CA/CM tools are not implemented, so this question is not relevant for my organisation

Use of CA and CM tools

78%

63%

59%

56%

53%

52%

50%

43%

Not at all or don’t know

Use of office automation (e.g. Microsoft Excel or Access)

Use of standard auditing tools (e.g. IDEA or ACL)

Use standard reporting e.g. from ERP system

Use of Business Intelligence (e.g. dashboards, reports)

Use of dedicated CA/CM monitoring tools (e.g. SAP GRC, BWise, Oversight, EMF, Approva)

Use of technology to support CA/CM

25%

19%

16%

16%

13%

11%


KPMG analysis

Organisations that are currently interested in CA/CM need guidance and sufficient information on the benefits and techniques associated with CA/CM. At present, many organisations have started to experiment with standard tooling. However, tools should ideally be customised to meet specific needs within each organisation and are likely to evolve gradually into business intelligence dashboards and eventually into professional CA/CM tooling.

Advances in technology have paved the way for increased use of CA and CM in organisational processes, transactions, systems, and controls. Technology-

enabled control, auditing and monitoring tools integrated into ERP solutions, or built as third-party bolt-on solutions, have and will continue to evolve. They also help organisations to monitor the efficiency of internal controls, identify and correct lapses in controls and strengthen performance.

It is of course vital to opt for technology tools that are viable and suitable to an organisation’s needs. For instance, some organisations may find embedded tools too costly for their purpose. If this is the case then ‘extract and analyse’ software may be a more appropriate alternative. Any technology-dependent initiative


– including CA/CM implementation – is bound to face challenges in terms of achieving data accuracy and consistency. Furthermore, as data evolves constantly; formats, protocols and refresh cycles may vary widely across systems.

The success of a CA/CM initiative is highly dependent upon the effective implementation and use of the right technology tools. In the same way, those tools will only be successful if used effectively. Organisations need to evaluate how suitable the features, functions and capabilities of a tool are for their needs before engaging a specific tool provider.




How KPMG can help

Implementing CA/CM is much more than a technology exercise. KPMG has the experience and industry knowledge to help you effectively apply your knowledge of your business risks and internal mechanisms to designing a CA/CM framework that supports strategic management objectives. We also have assisted organisations in building successful business cases to demonstrate Return on Investment (ROI) from CA/CM implementation. Having helped organisations through CA/CM implementation, we understand the pitfalls and have the know-how to navigate the change management process.

In addition, KPMG can assist in:

• Software selection for CA/CM tool(s)

• Designing and implementing CA/CM risk-based approaches- Dashboards- Scorecards- Analytics- Reports- Management Protocols

• Optimising past CA/CM implementations (e.g. control rationalisation)

• Integrating with governance, risk, and compliance initiatives

• Integrating with business intelligence initiatives

• Integrating with other data analysis initiatives

• Conducting a walk along or post implementation review

• Training

CONTINUOUS AUDITING

CONTINUOUS MONITORING

INDUSTRY & FUNCTIONAL KNOWLEDGE

People

Process

Technology

Implement

DesignAssess



EMA regionMr. P.P. (Peter Paul) BrouwersPartner KPMG IT AdvisoryT: +31 (0)40 250 23 25E: [email protected]

AustriaMr. T. (Theodor) Demut Director KPMG ForensicT: +43 732 6938 24 22E: [email protected]

Bahrain / QatarMs. J. (Jeyapriya) PartibanHead of Risk Consulting, PartnerT: +973 1722 48 07E: [email protected]

BelgiumMr. P. (Peter) van den SpiegelSenior Manager KPMG IT AdvisoryT: +32 2708 37 79E: [email protected]

FinlandMrs. Anneli Grönfors-KallioDirector KPMG IARCST: +358 20760 36 97E: [email protected]

FranceMr. C. (Cédric) de LavalettePartner KPMG IT AdvisoryT: +33 15568 67 12 E: [email protected]

GermanyMr. T. (Thomas) ErwinPartner KPMG IT AdvisoryT: +49 62 1426-72 49E: [email protected]

HungaryMr. I. (István) MolnárSenior Manager KPMG IT Risk and ComplianceT: +36 1887 74 45E: [email protected]

Contacts

IndiaMr. S. (Sathish) GopalaiahDirector KPMG GRCST: +91 80306 540 52E: [email protected]

ItalyMr. P. (Piermario) BarzaghiPartner KPMG IARCST: +39 0267 64 31E: [email protected]

Kenya/Tanzania/UgandaMr. B. (Brian) D’SouzaPartner KPMG IT AdvisoryT: +2542 9280 61 32E: [email protected]

The NetherlandsMr. M. (Maurice) op ‘t VeldPartner KPMG IT AdvisoryT: +31 10 453 42 14E: [email protected]

NigeriaMr. O. (Olumide) OlayinkaHead of Risk Consulting, PartnerT: +234 1271 89 55E: [email protected]

NorwayMr. K.P. (Karl-Petter) AarskogSenior Manager KPMG IT AdvisoryT: +47 4063 95 63E: [email protected]

PortugalMr. R. (Rui) GomesPartner KPMG IT AdvisoryT: +35 121 011 00 18E: [email protected]

RomaniaMr. R. (Richard) PerrinPartner KPMG AdvisoryT: +40 37237 77 92E: [email protected]

Saudi ArabiaMr. A. (Altaf) DossaDirector KPMG ForensicT: +96 61874 85 00E: [email protected]

South AfricaMr. F. (Frik) CoetzerDirector KPMG IT AdvisoryT: +270 84431 16 64E: [email protected]

SpainMr. A. (Angel) Requena RodriquezPartner KPMG Forensic T: +34 91456 34 15E: [email protected]

SwitzerlandMr. L. (Luka) ZupanDirector KPMG IARCS T: +41 58 249 36 61E: [email protected]

TurkeyMrs. I. (Idil) Gurdil Head of Risk Consulting, PartnerT: +90 (216) 681 90 14E: [email protected]

United KingdomMr. D. (Damien) MargetsonDirector KPMG Forensic T: +44 161 246 46 43E: [email protected]

UAE/MESAMr. K. (Karl) HendricksHead of KPMG RC MESAT: +9714 424 89 00E: [email protected]

We would be happy to share our CA/CM experiences with you and provide insight into the road ahead. Please contact us for more information.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual

or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is

accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information

without appropriate professional advice after a thorough examination of the particular situation.

The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

© 2012 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent

firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to

obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such

authority to obligate or bind any member firm. All rights reserved. Printed in the Netherlands. 1212

kpmg ema cacm survey (2012)

Business

kpmg llpscontinuous

continuous monitoring

continuous auditing

continuous performance

member firms

current economicclimate

swiss entity

potential benefits of