KPMG Digital Risk Platform | Tom Kennes

KPMG Digital Risk Platform

In short

The digital risk platform (DRP) is hailed as the biggest investment of KPMG NL as of 2019, and aims to provide clients with a platform to aid in their risk management operation by automating various processes around execution and monitoring of risk controls, built in close collaboration with Microsoft. My responsibilities include: DevOps CI/CD pipelines, QA and back-end engineering for the BI team using tooling provided by Microsoft and Microsoft Azure.

Digital Risk Platform

Nowadays, Audit- and Advisory firms such as the big Four are generally required to strongly separate their services into Audit and Advisory. In practice this means that advisory services cannot be sold to clients that are already purchasing audit services, but there are some cases where this might still happen. For instance when an Audit project requires skills that are generally more found within Advisory, or vica-versa, or when projects fall within their overlap. One of those overlapping fields, and therefore happily offered service involves the Risk management function. This function looks at defining, managing and removing controls that aim to control a certain risk.

For example, let’s say your finance department is involved with paying invoices, as is commonly one of its functions. If your company is large enough, it might require software systems to keep track of incoming- and paid invoices and invoice-details. Those details might need regular updating, and very quickly your administration escalates. One of those risks might be employees changing supplier IBAN’s to their own IBAN’s and in turn paying respective invoices to those suppliers. In order to prevent this from happening in practice, the risk owner defines controls and allocates them to people within the organisation. Periodically, they are then required to submit proof of the execution of the control and feedback on the effectivity of the control.

Overall, this might look a bit like:

C o n t r o | m l a p C n A e o a r C n g f o t e o n r s r t o - m r l | s o l O w E n x e e r c u d t e o | f r i R n i e C s s o k n t O r w o | n m l e a p r C n B e o a r C | n g f o t e o n r s r t o - m r l | s o l O w E n x e e r c u t o r C o n t r o | m l a p C n C e o a r C n g f o t e o n r s r t o - m r l | s o l O w E n x e e r c u t o r

The Digital Risk Platform offered a way to large organizations to automate the management of these controls, since the number of controls and involved people might become quite complex and cumbersome.

There are multiple reasons to develop such a platform, for a company like KPMG it really allows to more cement their advisory services within the client’s way of working while not interrupting its audit services. That is really the beauty of such a platform, it can be sold as advisory and audit service.

My Role

Initially, I joined the BI team as a data engineer. The BI team consisted of about 6 people ranging from juniors to experienced externally hired seniors. Initially I was somewhere in between, but the close collaboration with those experienced seniors allowed me to progress quickly and learn a lot. As such, I started of responsible for pipelines in Azure Data Factory and dashboarding through PowerBI embedded and quickly got involved with issues around environment drift, data quality testing and Azure DevOps Pipelines issues. I pioneerd our approach on Data Quality using a custom rule-based solution within Microsoft SQL, somewhat similar to the more modern tool: Great Expectations, using various ideas from contract testing.