Upload
trannga
View
218
Download
1
Embed Size (px)
Citation preview
Overview
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
1
Are you prepared to deal with the exposures associated with an Oracle ERP related breach?
“ ”
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
2
Is your current Oracle ERP security & controls solution impeding the performance of your organization?
“ ”
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
3
Does your legacy Oracle ERP security & controls solution
support today’s dynamic, global operational requirements?
“ ”
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
4
Does your Oracle ERP security & controls solution provide a cost effective platform to support regulatory compliance requirements?
“ ”
Oracle ERP Security & Controls Challenge
How do you effectively and efficiently balance user enablement with transaction & data protection?
Mobile
Cloud Web Client Server ERP Mainframe
Employees
Key Business
Drivers
Increased Cyber
Threats
Burdensome Regulatory
Requirements
Operational Complexities
Need to Empower
Employees
Unrelenting Technology
Changes
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
5
Controls
Security
Risk
Compliance
Traditionally, Oracle ERP project teams are focused on core ERP functionality, prioritizing implementation activities to align with timeline limitations and budget constraints.
This tactical approach commonly results in risk and control compromises not fully appreciated, until after go-live.
Once the ERP solution is live and operational, organizations begin to realize the significance of their oversights and compromises and are forced to initiate post go-live remediation projects to make the necessary corrections. These projects are disruptive, exponentially more expensive and time consuming.
The primary function of our Oracle Risk Consulting practice is to provide experienced resources to proactively assist ERP implementations through a focus on the Securing the ERP principles to help minimize the threat of costly rework after the ERP solution is operational.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
6
Securing the ERP
KPMG’s Securing the ERP approach is a 360 degree view of ERP security and controls positioned to help industry leading organizations effectively balance the divergent tasks of empowering ERP business users while simultaneously protecting sensitive data and transactions.
Oracle ERP
Advanced Controls
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
7
Advanced Controls
Oracle ERP
Advanced Controls
Key Business Drivers
• Revenue leakage • ERP centric business processes complexities and inefficiencies • Fraud and errors • High ERP configuration costs • Complex regulatory compliance requirements • Greater transparency required for sensitive transactions
Key Capabilities for Advanced Controls
• Business Process Controls Framework to organize manual controls, ERP application controls and automated controls
• Preventative Controls to mitigate process risks • Detective Controls to monitor sensitive transactions and data changes • Configuration Controls to track/monitor configuration changes and
compare Oracle ERP instances • Conversion & Interface Controls • Fine grain Segregation of Duties
Realized Value
• Automated controls • Effective configuration management program • Effective regulatory compliance program
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
8
Application Security
Oracle ERP
Key Business Drivers
• Employees access to ERP applications • Sensitive ERP transactions and data • Fraud and error • Complex regulatory compliance requirements
Key Capabilities for Application Security
• Authentication : Oracle ERP authentication/single sign-on • Role Based Access Controls (RBAC) based on specific job functions • Access Permissions Architecture based on specific requirements such
as job role or geographic location • Function Security restricts user access to individual menus of ERP
functions, such as forms, HTML pages, or widgets • Data Security to restrict the access to the individual data that is shown
once a user has selected a menu or menu option. • Operational Segregation of duties(SOD) framework
Realized Value
• Enabled ERP users aligned with job functions • Reduced user administration costs • Effective regulatory compliance program
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
9
Data and Infrastructure
Data & InfrastructureSecurity
Oracle ERP
Key Business Drivers
• External threats • Internal threats • Technology vulnerabilities • Complex regulatory compliance requirements • High availability
Key Capabilities for Data & Infrastructure
• Information protection to protect data at rest and data at motion, database security, data masking , vulnerability management
• Infrastructure Security harden operating system and hardware • Cyber Security program to minimize the impact of cyber security
attacks by proactively monitoring transactions & leveraging an incident response program
• Business and Technology Resilience to provide business continuity planning & management, disaster recovery, crisis management, high availability capabilities, performance monitoring
• Privilege user management program to manage administration and system–to-system user accounts
Realized Value
• Effective, risk-based information security program to protect ERP solution
• Effective regulatory compliance program 10© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
User Access Administration
11
Oracle ERP
Key Business Drivers
• Ongoing user administration and control governance • High user administration and Controls cost • Complex regulatory compliance requirements • Greater need to understand user activities and usage trends
Key Capabilities for User Access Administration • ERP Security Operations and Controls Governance
• Organizational design & operational processes • Policies and procedures • Controls Governance & reporting • ERP Controls enablement and remediation processes • Segregation of Duties process
• User Access Administration Functions and Tools • Registration / Approval • Self Service • Delegation • User Provisioning : Add, Change, Inactive • Password Management • Certification
• User Analytics
Realized Value
• Efficient ERP user administration program • Reduced user administration cost • Effective regulatory compliance program
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Securing the ERP Roadmap
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
12
Securing the ERP
Works ho
Jumpstart Project
Advanced Controls • User Access
Administration
/8 Securing the ERP 'fiialJ Journey
\OJ\ cY
St rate gyt_ Assess 1fXesig'ti1= =~=-1 il_@J Data
Security
~t===--Infrastructure
Security
ERP Project
Roadmap
ERP Project © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
13
Methodology
Our KPMG Securing the ERP framework uses a risk-based phased approach to create more manageable and
measurable engagements. Each phase logically leads to the next phase and leverages work performed in all
prior phases, while managing the project closely with the client in each phase.
Securing the ERP
Application Security Advanced Controls
Data & Infrastructure Security User Access Administration
Securing the ERP Services • Strategy, business requirements and business case development • Facts to Value current state assessments • Oracle ERP Security and Advanced Controls design and
implementation • Automated Controls implementation – Preventative & Detective
• User Access Administration design and operational realization • Data and Infrastructure security design an implementation • Configuration controls implementation
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
14
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
15
Methodology
“ ”
Plan Design Build Implement Monitor
Advanced Controls
Application Security
Data & Infrastructure
Security
User Access Administration
Securing the ERP Strategy
Current State Assessment
Securing the ERP
Project Plan
EBS Application Security Design
Update User Administration
Program
Risk & Controls
Matrix Review & Update
Manual Controls Design
EBS Controls Design
Oracle Advanced Controls Design
EBS Data Security Design
RBAC Design
SOD Design
EBS Infrastructure security Design
Build & Validate EBS Roles &
Responsibilities
EBS Configuration
OAC Install & Configuration
Build Data Security Architecture
Build Infrastructure Security Architecture
Convert & Validate Test
Users
Execute User Administration
Program
Review User Administration Program
SOD Review Users
Testing Cycles Validate Process
Controls
Convert & Validate End
Users
SOD Review Permission
Testing Cycle Validate Data & Infrastructure
Testing Cycles ERP Application Security
Blue Sky Strategy
Workshop
KPMG Security and Controls Practice
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
16
Practice Overview
Oracle Our KPMG brings a depth and breadth of security and controls expertise to today’s ERP security challenges. Security & Controls resources know the business advantages of a well-managed ERP system, and they know how to implement the right security & control solutions in a given context to not just foster a company’s growth and efficiency, but help ensure that its assets and data are protected.
KPMG’s Oracle Security & Controls Practice Highlights
20 years of Oracle security and controls experience
Global delivery team with 100+ Oracle security & controls resources
Oracle Security & Controls implementations have included EBS, PeopleSoft, and integrations with Siebel, Hyperion, BRM , PIM, and OIM
100+ Securing the ERP engagements delivered by the team members
Long standing relationships with Oracle Advanced Controls product development, and product support organization
Thought Leadership Profit Magazine Securing the ERP Interview August 2014
Real-Life Examples: Oracle Advanced Controls (OAC) Benefits in Oracle EBSR12 Upgrades/Implementations March 2014
Record to Report (R2R) White Paper April 2014
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
17
Tools and Accelerators
Securing the ERP Methodology Risk & Controls Catalog
Implementation Tools & Accelerators
Deliverable Process Analysis Templates Flowcharts Tools
Role Designer Role Uploader
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
18
Securing the ERP Maturity Model
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
19
Maturity Model
Securing the ERP Maturity Model Individual Defined user RBAC UMX - User Identity
Security User Permission Approach
request and approval process
Single Sign-on
HR position based permissions
self service
Adaptive authentication
integration
Level Initial Repeatable Defined Managed Optimized 1 2 3 4 5
Ad Hoc Reactive -----------------------Automated---------------------
Manual ERP Automated Detective Control driven Controls configurable SOD Controls Business
controls management Preventative Process Controls No SOD Controls Optimization Controls matrix Configuration
controls © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
20
Client Use Case Examples
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
21
Client Use Case Examples
Oracle ERP Application Security Business Driver: The client was in the middle of an R12 Upgrade when leadership became aware of a significant user access issue. Specifically, the organization had a limited understanding of which employees had access to critical transactions. ERP Users: 6,500 Responsibilities: 4,873
Solution: KPMG leveraged our Securing the ERP – Role Based Access controls design accelerators to standardize functional roles and help our client realign user access to better enable the business processes. ERP Users: 6,500 Responsibilities: < 500 Oracle
ERP
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
22
Client Use Case Example
Oracle ERP Application Security Employee HR Position Role Responsibilities
Job Position
Role
Role
Role
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
23
Use Case Example
User Access Administration
Business Driver: The client’s user management processes were inadequately supporting the user community. Client leadership was concerned with their auditor feedback related to user administration, certification and segregation of duties.
Solution: Leveraged Oracle Identity Management products to streamline user management and automate the certification processes. In addition, the solution integrated Oracle Identity Management products with Oracle Advanced Controls – AACG to address SOD challenges.
Oracle ERP
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
24
Client Use Case Example
User Access Administration
Certification
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
25
Client Use Case Example
Order to Cash Scrap Controls
Business Driver: To support a business process improvement initiative the client’s leadership wanted greater transparency of their order to cash processes. Specifically, leadership wanted to make the reason code mandatory when scrap transactions where processed by the business.
Oracle ERP
Advanced Controls
Solution: Leverage Oracle Advanced Controls – Preventative Controls Governor to make the reason code mandatory. Standard Oracle EBS functionality does not require this.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
26
Client Use Case Example
Order to Cash Scrap Controls Standard functionality of Miscellaneous Transactions form: “Reason” field optional.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
27
Client Use Case Example
Order to Cash Scrap Controls Leveraged Oracle Advanced Controls – Preventative Controls Governor to make this field required.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
28
Facts to Value
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
29
.
Facts 2 Value
KPMG: Facts 2 Value A data analytics solution that is positioned to help our clients to identify irregularities and opportunities for improving efficiency and effectiveness in ERP operational and financial processes.
Risk & Control Focus Process Improvement Cost Savings
Improving audits ■ Full volume testing vs. sampling ■ Using transactional data for testing application
controls ■ Central testing of automated controls
Improving risk management ■ Identify problem areas in processes ■ Focus on issues instead of generic risks
Improving internal control ■ Determine customized control settings ■ Verify master data reliability ■ Scan authorizations including actual usage ■ Identify key areas for control improvement
Process effectiveness ■ Full insight into actual flows (buckets) including
number of documents and value
Process efficiency ■ Insight into document processing time ■ Number and value of parked and blocked
documents
Benchmarking ■ Internal between e.g. Organizations ■ External with anonymous industry data
Project reviews ■ Pre-go-live scans ■ Post-implementation reviews
Working capital ■ Days sales outstanding ■ Evaluation of rebate agreements ■ Days payables outstanding ■ Evaluation of payment terms ■ Stock analyses (dead, safety, etc.) ■ Interest earnings ■ Asset analyses
Tax improvements ■ Used tax determination scenarios ■ Inaccurate use of tax code derivations ■ Possible tax savings (reduce possible fines, apply
lower tax schemes)
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
30
Facts 2 Value
Business Process Controls Area of Focus Purchase to Pay
• Possible duplicate vendor invoices
• Display actual usage of 3-way match invoices
• Detect parked or held incoming logistic invoices
• Display use of invoice verification tolerance limits
• Display all changes to vendor master data
• Display outstanding parked invoices
• Detect goods receipt without a purchase order
• Display actual usage of 2-way and 3-way match invoices
• Detect incomplete foreign trade data for vendors
• Display incomplete vendor master data
Order to Cash
• Detect blocked sales orders
• Detect invoices in Sales but not processed in Finance
• Sales orders delivered but not yet invoiced
• Display customers with exceeded credit limits
• Detect incomplete foreign trade data for customers
• Detect customers without credit limit
• Detect deliveries without goods issue
• Display all changes to customer bank account data
• Overview of created credit notes
• Detect incomplete customer master data
Order to Cash
• Days Sales Outstanding
• DSO per customer
• DSO per country
• Early/late payments
• Used payment terms
• Frequency of invoicing
• Credit memo / invoice ratio
• Customer consignment orders
• Orders per user
• Invoices per user
• Frequency of dunning
• Used payment methods
• Contract compliance
• Order cancellations
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
31
Facts 2 Value
Business Process Controls Area of Focus Purchase to Pay
• Days Payable Outstanding
• DPO per vendor
• DPO per country
• Early/late payments
• Used payment terms
• TAX reclaim analysis
• Contract compliance
• Orders per user
• Invoices per user
• Vendor return orders
• One-time vendor payments
• Vendor consignment orders
• Early payment rebates
• Frequency of invoicing
Finance to Report
• Detect GL accounts allowed for manual postings
• Changes to GL account settings
• Display all changes to asset master data
• Display all open posting periods
• Display all open items per GL account
• Detect all FI postings not processed
• Detect unposted assets
• Manual customer payments
• Manual vendor payments
• Reconciliation Finance-Manufacturing
Inventory Management
• Days Inventory Outstanding
• DIO per plant
• DIO per customer
• Material movement analysis – raw materials
• Material movement analysis – finished products
• Safety stock analysis – minimum stock levels
• Safety stock analysis – delivery reliability
• Vendor delivery quantity reliability
• Vendor delivery time reliability
• Quality lead time analysis – raw materials
• Quality lead time analysis – finished products
• Dead stock analysis
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
32
Facts 2 Value
Business Process Controls Area of Focus - HR Personnel Master Data
• Non-registered staff using actions
• Duplicate employee data
• Employees with no addresses
• Incomplete personnel members
• Duplicate personnel members
• Employees with multiple Oracle ERP account names
• Active employees without an Oracle-user
• Manual change of the contract without changes in leave
• Manual changes of leave without a contract change
• Personnel with a contract but not in the organization chart
Employment & Absence
• Temporary employments
• Overtime for specific functions
• Untimely sickness reporting
• Untimely or incorrect registration of leave
Time Reporting
• More than 8 hours a day
• More than 40 hours a week
• Total hours per week
• Timeliness of timesheet entering
• Timeliness of timesheet approval
• Hours not yet approved
• Hours booked per week
• Hours transferred to other project or WBS element
• Hours entered and approved
• Approve own hours
Benefits & Salary
• Additional payments (wages) inconveniences
• Requested move expenses without address change
• Work at home costs without changed commuting compensation
• Ratio variable and fixed income
• Changes in salaries
• Changed own salary
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
33
Facts 2 Value
Business Process Controls – Purchase to Pay Visualization
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Purchase order
Manually controlled process
System controlled process
Processed Orders with receipt
$ 554m
163,882 orders
Open / parked documents Open orders (> 3 months)
Not analyzed
Legend
without receipt $ 283m
475,710 orders
Receipt
Processed Receipts
$ 559m
669,532 receipts
Processed Receipts
Receipts without orders $ 0 0 receipts
Payment (AP) (inc. VAT)
Invoice (inc. VAT)
Open AP Items
$ 185m (193,636 items) Due for payment:
0 – 60 days: $ 183m (192,066) 60 – 121 days: $ 590k (620) >120 days: $ 1.8m (950)
Processed AP Items Regular AP payments
(payment run)
$ 772m 58,111 items
Manual AP payments
$ 3m 267 items
Other AP postings
Not analyzed
Processed Invoices 3-way match invoices
$ 499m (48%) 331,426 invoices (34%)
2-way match invoices $ 248m (24%) 450,440 invoices (46%)
Direct invoices (without PO) $ 296m (28%) 189,699 invoices (20%)
Processed Credit Memos Credit memos
$ 98m (9%)
14,576 credit memos
Invoices not processed in AP $ 1m
695 invoices
Manual release $ 312m (63%)
135,009 invoices
Matched $ 187m (37%)
196,417 invoices
Manual release $ 40m (16%)
76,881 invoices
Matched $ 208m (84%)
373,559 invoices
Manual release $ 65m (22%)
47,105 invoices
Auto. release $ 231m (78%)
142,594 invoices
Possible duplicate invoices $ 0 0 invoices
34
Securing the ERP Workshop
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
35
© 2016 KPMG LLP a Delaware limited liabili artnershi and the U.S. member firm of the KPMG network of inde endent member firms affiliated with
36
Securing the ERP Workshop
Review KPMG’s Securing the ERP areas of focus and understand how this program can be used to strategically Goal
align Oracle ERP Security & Controls related spend and operational priorities
9:00 to 11am
Review Securing the ERP Areas of Focus - Controls Enabled Business Process Optimization and Performance Analytics - ERP Advanced Controls (Automated, Detective, User, Configuration) - ERP Application Security (Users, Permissions, Role Based Access Controls , SOD) - User Access Administration (User Operations, Business Processes & Analytics) - Data & Infrastructure Security ( Data in Motion/Data at Rest, Cyber Risk,…)
Agenda 11:00 to 12 noon Lunch and Real-Life Example / Use Case Discussion
Strategy & Planning Deep Dive
- Strategic Planning Considerations
1:00 to 3pm - Prioritization & Budgeting
- Current State – “White Board” Assessment
- Strategic Roadmap Deep Dive – 24 Month
- Current State “White Board “Assessment Output
- Prioritized Strategic Roadmap , ty p p p
KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Securing the ERP Workshop
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Director of
Internal
Audit
Chief
Information
Officer
Finance
Chief
Risk
Officer
Controls
Leader
Chief
Information
Security
Officer
ERP Project
Leader
Human
Resources
37
Laeeq Ahmed [email protected]
(818) 227 6032
Brian Jensen [email protected]
(817) 946 9552
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.