0. Governance, Risk & Compliance (GRC) – Vendor Landscape and Implementation Considerations
Sean Winekauf – Director
Enterprise Risk Management & Governance, Risk & Compliance, KPMG
04/07/15

1. Agenda What is GRC? GRC Marketplace today GRC Software Vendors
Why GRC?
Areas of Organizations that benefit from integrated GRC
Tangible and intangible benefits
Roles of technology
Technology selection – do’s and dont’ s
Closer look at Internal Audit
Lessons learned
How KPMG is helping clients
Q&A

2. What is GRC ?
An approach to align the organization’s governance, risk and compliance processes to its strategy, allowing for convergence and transparency of information to drive performance and resilience in a dynamic economic business environment.
KPMG’s Definition “ ”

3. What is going on in the GRC Software Market?
Software GRC Market Outlook
Software GRC market is expected to grow from:
2014
~$34.5B
2010
Source: IDC
54%
of compliance officers at public companies expect a spending increase in compliance and ethics in 2014
$19.3B
CAGR:
~16%
Source: Thomson Reuters
$2B+
in additional expenses in our overall control effort will have been made since 2012 through the end of 2014”
GRC market growth will accelerate as regulations and technology environments grow more complex “
Jamie Dimon
Chairman and CEO
J.P. Morgan Chase & Co.
2014 Annual Letter to Shareholders
Software GRC Growth
CAGR:
~16%
Source: Competitive Enterprise Institute, Thomson Reuters.

4. Current GRC Spend – Survey results
Annual Cost of Federal Regulation
The estimated compliance and economic cost burden of federal regulation and oversight in 2012
$1.8T
2013 Compliance Executive Survey Results
800 compliance practitioners, including heads of compliance and chief executives, were surveyed:
Over the next 12 months 67% of compliance professionals expect the compliance team budget to be more than today
Over the next 12 months 80% of compliance professionals expect the regulatory focus on managing regulatory risk to be more than today
Over the next 12 months 67% of compliance professionals expect the cost of senior compliance staff to be to be more than today
Source: Competitive Enterprise Institute, Thomson Reuters.

5. GRC – What we are seeing in the Marketplace today
Increased regulations and a more rigorous compliance environment
Siloed approaches in responding to these requirements leading to duplication of functions and multi-layered Governance, Risk and Compliance processes
Board executives and senior management struggling to see the value generated by these activities and view them as cost of doing business rather than an investment to improve corporate performance
Company Characteristics
Are relatively large in terms of employees or revenues
Have multiple divisions/SBUs
Present in highly-regulated industries or markets
Have acquired or are in the process of acquiring businesses within or across regions
Are present in several regions/countries and therefore need to comply with regulations across all the regions
Do not have a clear owner for GRC across the firm

6. GRC Software Vendors
Forester Wave 2014

7. Increases accountability for risks, controls, and issues
Why GRC?
Increases accountability for risks, controls, and issues
Automation of Control Testing workflow
Single view of
controls across the organization
Consolidated and real-time reporting of cross-functional risks and issues
Automation of Certification

8. What drives Corporate Directions in Governance, Risk and Compliance?
Increasing regulatory requirements have resulted in complex business and risk management processes BU
Risk
Management
Internal
Audit
Finance and
Treasury
Department
Legal
Human
Resources
Compliance
Shareholder
Auditor
Regulator
Rating
Agencies
External
Board/Committees
Executive / Senior
Business and risk management information
process
analysis
Stakeholders
Inefficiencies
Reporting &
Disclosure process
Data capture
and analysis
Business
Units
Oversight
functions

9. Why GRC? >> What does a GRC enabled Organization look like?
Legal Entities
Legal Entities
Geographical Regions
Geographical Regions
Sales and Marketing
Operations
Finance
Shared Services and Support
Human Resources
Legal and Regulatory IT
Product Development
Audit
Sales and Marketing
Operations
Finance
Shared Services and Support
Human Resources
Legal and Regulatory IT
Product Development
Audit
Desired State
Technology
eGRC Foundation Transformation
Business and Controls
ERM
Compliance
Internal Audit
Other Assurance Groups
CONTROL REPORTS
ERM REPORTS
COMPLIANCE REPORTS
AUDIT REPORTS
ISSUE MANAGEMENT REPORTS
QUARTERLY DEFICIENCY
SOX REPORTING
QUARTERLY ASSESSMENT
FIRM
CRMP
AUDIT PLAN
AUDIT COMMITTEE
OPEN ISSUES
PAST DUE ISSUES
CLOSED ISSUES
EXTERNAL AUDIT REPORT
Business and Risk Management Information
Business and Risk Management Information
Internal
External
Internal
External
Board/ Committees
Executive/ Senior Management
Stakeholders
Auditor
Regulator
Rating Agency
Board/ Committees
Executive/ Senior Management
Stakeholders
Auditor
Regulator
Rating Agency

10. SOX Internal Audit Compliance Risk / ERM
What areas of an Organization can benefit from an integrated GRC program?
SOX
Internal Audit
Control Testing (test of design, test of operating effectiveness)
Control test scheduling
Link controls to risks, control objective, assertion
302 certification survey
Testing documentation storage
Deficiency Management
Annual Audit Planning
Audit Planning & Risk Assessment
Audit Resource & Scheduling Management
Audit fieldwork execution (Controls Test of Design, Test of Operating Effectiveness)
Audit Reporting
Audit Finding Remediation Management
Compliance
Risk / ERM
Compliance Test Scheduling
Compliance Risk Assessment
Control testing (test of design, test of operating effectiveness)
Management of policies
Exception / Issue Management
Risk Assessment
Risk Scoring
Risk Reporting and Dashboards
Storage of risk data

11. Benefits of an Enterprise GRC Program
Across the marketplace, we see Enterprise GRC initiatives enable companies to more effectively manage risk and compliance activities in an aligned manner. Establishing a common language and converging multiple, independent risk and compliance initiatives into an integrated approach can result in many intangible and tangible benefits. We have highlighted some benefits below:
Tangible Benefits
Improved Gap Detection and Mitigation
Reduced Risk Assessment Effort
Reduced Compliance Effort
Optimized Business Processes
Automated Security Controls Monitoring
Rationalized IT Systems and Support
Improved Reporting
Reduced Risk of Penalties, Fines Due to Noncompliance
Reduced Operating Risk
Intangible Benefits
Benefits:
Potential reduction in overall risk and compliance management effort due to integrated eGRC activities
Dashboarding providing executives their risk profile across value chain and risk category
Improved gap detection and mitigation through automation of remediation plans and deficiency analysis
Efficiencies as a result of automation of eGRC activities
Scoping at the account level creating a linkage between account and control
Testing workflow
302 Automation
Business process controls optimization due to integration and automation
Increased accountability helping embed risk management into BAU activities instead of making it a check the box exercise.
eGRC
Convergence

12. How does Technology enable an integrated GRC program?
Move away from those old spreadsheets
Have the necessary information be pushed to you
Technology facilitates dynamic GRC connections
Empower the broader GRC community with proactive insight
Business Law Solutions
Board Solutions
Disclosure Solutions
Due Diligence Solutions
Regulatory Intelligence Solutions
Training Solutions
Screening Solutions
Policy Management Solutions
GRC TECHNOLOGY
REGULATORY & LEGAL INSIGHT
Regulatory News and Analysis, Legal and Business Research
INTERNAL ASSURANCE
Internal Audit, Risk Management, Internal Controls, Policy Management
CORPORATE GOVERNANCE
Regulatory Disclosure, ICFR Certification, Board Management
Internal Audit Solutions
Risk Management Solutions
Internal Controls Solutions
Enterprise GRC Solutions
SCOPE OF GRC SOLUTION SETS

13. What to look for when selecting a GRC tool
Allow sufficient time for the process
Look to the future as well as the past
Understand the business needs and relevant requirements before judging the quality of competing package solutions
Consider the relative priorities and importance of the different aspects, in particular, which ones are critical to the success of the chosen solution
Avoid selecting individual departmental solutions
Narrow down the number of suppliers to evaluate in detail
Put in writing the organization's needs and requirements so that the package supplier is obliged to state (in writing) whether and how the package can meet those needs
Seek independent views from users of the packaged solutions
Balance the size of the solution with the size of the problem, i.e., accept minor shortcomings if the organization can achieve better overall business benefits
Bear in mind the supplier is potentially going to be a permanent partner in the business solution

14. Cautions and pitfalls of GRC tool selection process
Window shop, selecting a package based on recommendation or looks alone
Send large Requests for Proposal to every possible supplier – instead use simple, key criteria to identify the most probable candidates
Class everything as ‘mandatory’
Just ask the salesman if the requirements can be met
Let different team members follow different packages – there will be inconsistencies
Rely upon the supplier to identify references
Just go to the supplier’s standard demonstration
Automatically take the highest scoring solution

15. Audit Lifecycle: Key Internal Audit Areas
Reporting
Issue Management
Board Reporting and Quality Metrics
Resource Management
Time Management
Foundational Elements
Audit
Universe
Enterprise Wide View
External Audit
5. Remediation
Regulations
1. Audit Planning
2. Audit Execution
3. Audit Reporting
KPMG views these as key areas across industries in the Internal Audit Lifecycle
4. Issues Mgmt
Internal Assurance functions
Internal
policies

16. Setting your Internal Audit Foundation Using GRC Concepts
Risk Profile
Perform a Risk Assessment, that aligns with ERM and the Company’s strategic objectives (ensure in-line with 1st and 2nd lines of defense)
Consider building out a Continuous Risk Assessment Program to gain efficiencies and increase scope of coverage
Use of a single Risk Taxonomy throughout the Company
Position Internal Audit to focus on the riskiest areas and add the greatest amount of value to the Company
Governance, Infrastructure and Organization
Develop an Internal Audit Methodology and Audit Approach (i.e. end to end process reviews) tailored to the needs of the Company
Determine a governance structure and set up lines of communication to Senior Leadership, and Audit Committee including escalation procedures
Consider Efficient Audit techniques (i.e. Data Analytics and KPI’s)
Consider use of technology to automate and streamline the Audit process (i.e. GRC systems)
Culture
Develop Internal Audit’s mandate to meet stakeholder expectation and position IA to be a value added function
Set and communicate expectations (i.e. timelines and responsibilities) with Management early in the process
Maintain lines of communication throughout the life cycle of the audit process to keep Management engaged and aware of progress.
Enterprise Assurance
Understand and leverage monitoring/testing/assurance activities within the 1st and 2nd lines of defense
Align testing efforts with the 2nd line of defense to avoid duplicate efforts and gain efficiencies
Integrate reporting with 2nd line of defense to Senior Leadership, Board of Directors and Audit Committee
Develop an Issue Resolution Tracking process to ensure findings are remediated timely.

17. GRC, Internal Audit and Enterprise Assurance
GRC FOUNDATIONAL ELEMENTS
What should we focus our audit efforts on?
How do we keep Risk Info Current?
Continous Risk Assessment
Risk Assessment & Internal Audit Plan
What approach or techniques should we use to audit?
Understanding of and Alignment with other assurance efforts
Value Added Specialists &
End-to-end process reviews
Performance Audits
Data analytics, continuous auditing & monitoring
SOX, Compliance, Quality, Safety, Environmental Groups
How do I enable efficient workflow, data storage and real time reporting?
RISK-BASED INTERNAL AUDIT METHODOLOGY
Implement GRC technology to enable Risk Assessment, Audit workflow, data repository and reporting

18. Some Key Questions to consider when selecting an Internal Audit tool
Internal Audit Point Solutions
Business Process Adaptation: Does the tool support YOUR business processes. What is the level of configuration and customization that is going to be required?
Flexibility : How flexible is the tool to meet your needs. Conversely , how flexible are your processes to adapt to tool limitations?
The Vision: Does your long term vision look at process efficiencies, integration, cost effectiveness and a horizontal view of risk across the Organization?
Time to Implement: What is driving the timeline for implementation? Strategic initiatives, Regulatory requirements, expired licenses for current tools?
Cost: What are the budget constraints given the short term and long term vision for implementation of the tool
GRC
Key Point: Consider an Internal Audit software tool that allows for integration with technology that supports other risk and compliance functions within your organization to support a long term vision of a horizontal view risk across your Organization

19. Internal Audit Tools - Key Considerations and Benefits
Functions
Key Considerations for Internal Audit Technology
Benefits
Enterprise Wide Foundational Elements /
Core Data
Support of common structure and language for: Organizational Structure, Process Hierarchy, Risk Hierarchy, Control Hierarchy, Issue Classifications
Horizontal view of risks and issues across the organization empowers Management to make informed decisions
Audit Universe and Risk Assessment
Ability to capture and standardize criteria for risk assessments, audit planning (annual, audits and special projects) and creation of key documentation
Effective risk assessment process and set up of audit universe
Audit Planning
Supports individual audit risk assessment, planning tools (identification of risks and controls), definition of scope/objective of audit, meetings and capturing planning approvals.
Aligns schedule, anticipated scope, and risk assessment
Audit Execution
Assignment of audit procedures, testing and documentation of controls, walkthroughs, storage of testing evidence, review/approval process and issue identification.
Streamlines and organizes the audit process
Provides a clear picture of the review status
Audit Reporting
Generate status reports (including graphical representation) on a variety of topics/criteria.
Ability to create a valid depiction of the audit status
Issue Management & Remediation
Tracking of issues and action plans through to resolution, ownership of issues, status of issue remediation activities, and retesting by internal audit
Used to track, schedule testing, and evaluation of overall company status in regards to open/closed findings.
Board Reporting & Quality Metrics
Annual Audit Plan Status, Tracking of Audit open Issues, IA Performance Scorecard
Ability to provide snapshot reports as to the progress and effectiveness of Internal Audit Group
Resourcing Management
Management of resources within the IA group, allocating resources to project/audits based on other projects/audits, time off/conflicts, skills, and certifications.
Capability to ensure the utilization and capabilities of auditors is being met.
Time Management
Tracking of time and expenses for each audit or special project
Provides a snapshot of the overall budget

20. Internal Audit Technology – What should you be looking for?
Audit Universe &
Risk Assessment
Execution & Fieldwork
Issus Mgmt. &
Reporting
Internal Audit Lifecycle
Recommended Internal Audit Technology
Capabilities
Planning & Scoping
Support of audit charter, vision and strategies
Develop or adoption of a risk framework (COSO)
Capturing and assessment of the most significant risks to achieving the objectives and opportunities
Systematic and structured way of aligning an organization’s approach to risk with its strategy
Resource Mgmt.
Configuration of Risk assessments factors, weights, risk scores
identification of future growth opportunities and strategic objectives for the business
context (e.g. facilitated sessions or surveys)
Assess material risk, link to SOX, materiality thresholds, account balance info from G/L
Assign the “scope” of each business process, risk, and control to identify whether applicable to Audit, Compliance, ERM, IT etc
Capture of attributes – dates, stakeholders, assertions, fraud scenarios, inherent/residual risk etc.
Change a risk assessment, as well as show changes year over year
Link to historical data to understand entity, environment, previous audits
Capture, develop and maintain risk register, risk and controls matrix
Capture test scripts, test results
Attach evidence and supporting documents and work paper repository
Process, risk, control, issue, owners, date info
Creation of issues from failed tests
Automated alerts for items in tasks, outstanding due dates and reporting
Standard checklists for planning, post-audit and other standard activities
Attach pre-defined templates, copy prior audits
Hyperlinks within reports to forms enabling users to edit information real-time
Automated Out-of-the-box reports (e.g..: SAD, Audit Committee)
Creation of a risk summary report that describes key risks, how they
are being managed and monitored, remediation of key issues, and accountability
Report on KPIs and KRIs
Document, link issues and attributes (e.g.. Process, control, owner, dates)
Drill down reports for metrics (e.g.. Open issue, completed audits, outstanding tasks)
Provide business areas with a comprehensive view of all of their issues reported by Internal Audit
Retention and reporting of characteristics of audit personnel such as job ‎classification, certifications, background information, special skill sets, and training completed and plannedall levels
Close out time periods to prevent auditors from charging additional time, in addition to allowing the administrator to re-open a period
Link to official repository of contractor information
Define & maintain time tracking codes
Track time and expenses against contingent worker contract.
Store charge rates
Staff time tracking capability, including audit and non-audit hours - charge time by day and task
Workflow management for each audit-related “document”, including audit, audit program, checklists, audit process, audit risks, audit controls, and audit work papers
Ability to capture and link org, processes, risks
Export to PDF, XLS etc.
Security
Search Functions
Audit Trail
System Integration

21. Vendor Landscape: Internal Audit Solutions – Key Differentiators & Highlights
[RSA Archer]
RSA’s GRC & IA content includes pre-mapped policies, control standards, procedures, authoritative sources and assessment questions
Audit Management enables the identification and risk assessment of the audit universe. Work papers with configurable workflow are generated by the solution to allow audit staff to document the results of procedures associated with an audit project. Has notifications and alerts
[MetricStream]
Built-in remediation workflows, time tracking, - based notifications and alerts, risk assessment methodologies, and offline functionalities for conducting internal audits at remote field sites Structured process for managing audit work papers and documentation including supporting evidence, findings, analysis, and results for each audit program. The tool provides approval workflow, check‑in, check‑out features, version control, document preparation workflows, comments, powerful work paper organization, and search capabilities.
Record qualitative or quantitative findings along with detailed observations and recommendations in predefined formats,
 Graphical executive dashboards and flexible reports with drill-down capability provide statistics on a variety of parameters such as by audited entities, audit schedule and calendar, finding reports, and corrective and remediation actions triggered
Regulatory Content
Modern UI
Flexibility
Out of the box
Drag & Drop Capability
[Nasdaq BWise]
Ability to capture and store audit data and results in logical folders, which are automatically created based on the audit work program/work papers
Offers a flexible Data Model, providing a way of relating elements of the audit framework in many-to- many relations between elements such as processes, risks, controls, control objectives, etc
Automatically create multi-year audit plans, based on audit rating, risk rating and cyclical audit frequency
Audit Analytics assisting in reducing data collection efforts with both standard and ad hoc analysis
Findings and Recommendations with configurable workflows to review and monitor on a one time basis
Basic scheduling functionality
RSA Archer
MetricStream
Nasdaq
BWise
Thomson
Reuters
IBM
OpenPages
[Thompson Reuters]
Centralized data capture, risk assessment, reporting and documentation similar to SharePoint folder structure
Ability to share risks and risk assessments, audit findings, key risk areas and recommendations across the internal audit department and provide quantifiable evidence of compliance through real-time dashboards and reports; Workflow and notifications. Resource scheduling are also key features
Flexible deployment options - On-premise perpetual license, on- demand or hosted perpetual license options mean that Accelus Audit Manager will fit into your current audit and risk processes, providing you with maximum benefit with minimum disruption.
[IBM OpenPages]
Supports top-down and bottom-up approaches to risk assessment and creation of multiple-year audit plans
Maintains a centralized library of electronic work papers, and automates work paper review and approval.
Manages auditor time and expenses to avoid versioning conflicts and promote consistency
Integrated with financial controls management, IT risk and compliance management, general regulatory compliance efforts, and operational risk management programs

22. Internal Audit Technology Implementation Success Factor: Interlinked with Other Assurance Areas – A long term vision
Foundational Elements
Common Taxonomy & Reporting
SOX/Internal Controls
Management’s
View
Other Assurance Areas
(ERM, Compliance, Policy Mgmt.
etc)
Internal Audit
Better Practices across industries show that the success of Internal Audit tool implementations is greatly increased when the implemented in such a way that it is able to interlink with technology utilized by other assurance areas – giving Management a view of risk and issues across the Organization

23. Internal Audit Technology – Key Consideration Areas
Time to Implement
Flexibility, Configurability, & Customization
Maturity & Sophistication of Modules & Capabilities supporting in­ scope areas
Client Specific Requirements & why they selected it

24. Lessons Learned in GRC Technology Implementations
Include all relevant stakeholders at the start
of the project
Define and agree upon the functional and business requirements
Establish a clear project plan inclusive of change and risk management
Develop a deployment plan
Establish a clear change management plan
Perform System Testing and User
Acceptance Testing
Develop and provide training tailored to
the end user
Don’t let a tool drive the process

25. Enterprise Governance, Risk and Compliance (GRC) Considerations
GRC Vision
Guiding Principles
Executive Buy-in
Functional Commitment
Roadmap
Foundational Elements
Future State Process Flows
Convergence Opportunities, Alignment of Shared Functionality, and Integration Points with GRC Tool
High-level Business, Functional, and Technical Requirements Definition 1 2
Convergence & Foundational Elements
Strategy
Link between Business Requirements and Business Process Design
Requirements to System Mapping /Proof of Concept
Data Conversion
Testing Strategy, Performance and User Acceptance Testing 6 3
Project Governance
Project Plan, Timeline and Budget
Project Risks/Issue Tracking
Project Resource Management
Enterprise GRC Considerations Components
Technology
Enablement
Program Management
Business Requirements
&
Reporting
People & Change
GRC Business requirements design & documentation
Fit-Gap Analysis
Process, Risk, Transactional level dashboards & reporting
Stakeholder Analysis
Roles and Responsibilities
Communication Plan
Learning, Development and Training
Adoption Plan/Roll-out 5 4

26. Convergence & Foundational Elements
KPMG vs. GRC Technology Vendor – Division of Roles and Responsibilities
GRC Technology Vendor
Assist with the development of a GRC Strategy, mission statement, guiding principles, and success criteria
Assist with the identification of current and potential future stakeholders and perform potential future usage for enterprise-wide solution
Provide support in forming GRC Steering Committee and establishing roles and responsibilities for the initiative
Participate in and help facilitate as needed GRC Steering Committee meeting
Provide guidance with obtaining executive buy-in
Perform maturity assessment for each stakeholder group and oversight/assurance activity to serve as input to roadmap
Assist with the development of strategic and tactical roadmap for GRC Journey
Assist with creation of support model and governance board to provide direction on changes to the tool both during and after the project 1
Participate, as needed, in Steering Committee meeting
Participate in meetings to determine duration and staging of user groups for strategic GRC roadmap/ GRC Journey
Strategy
Assist with defining the baseline set of taxonomies/values required to setup the tool (such as organizational structure, process list, and risk categories)
Assist with gaining agreement for common definitions of terms and ratings criteria to be shared by users
Review/document future state process flows for use as starting point for business requirements
Identify and map GRC Technology Vendor tool integration points in future state processes
Identify gaps and facilitate discussions for process changes required due to tool capability/functionality
Provide list of configuration options to be defined for initial product setup
Create a sandbox environment to facilitate workshop sessions and design decisions
Assist with facilitation of targeted demonstration (walkthrough of technology and future state process) 2
Convergence & Foundational Elements
Assist with creation of support model and governance board to provide direction on changes to the tool both during the project
Develop integrated GRC project plan, incorporating each workstream and GRC Technology Vendor timelines
Facilitate/participate in project status meetings
Provide detailed project plan, budget, risk and scope tracking 3
Program Management
Provide project plan for activities assigned for GRC Technology Vendor to lead (i.e. tool installation, configuration, unit/functional testing, etc)
Participate in project status meetings
Provide project status updates, per agreed upon project plan, to PMO

27. Business Requirements & Reporting
KPMG vs. GRC Technology Vendor – Division of Roles and Responsibilities, (continued)
GRC Technology Vendor
Create a training strategy and rollout plan by user group and level (i.e. admin, super user, lite user)
Develop and train UAT testers
Create user group specific training guides, presentations, and quick reference guides using client-specific GRC Technology Vendor screen shots to enable the business process
Coordinate and instruct training sessions specific to client’s usage of GRC Technology Vendor 4
People &
Change
Provide super user training guides, screen shots and hold initial standard tool functionality training
Provide standard ‘out-of-the-box’ training guides
Help facilitate sessions with client and GRC Technology Vendor to identify business/functional requirements
Review/document detailed future use and functional requirement documents
Assist in reviewing/documenting business requirements and Gap document
Determine users access rights, user groups, and user profiles
Facilitate sessions to document landing page views, reporting requirements including quick reports to view daily and those processes nightly in batch
Develop mock reports and requirements for integrated reporting needs
Provide attributes/criteria to consider for process mapping
Provide detailed advice on tool capabilities based on client contract
Participate in business requirements work sessions, including navigating dedicated client sandbox to determine field attributes and approval workflows
Document business requirements in the Gap document to record areas of the tool that require configuration (such as mandatory fields, pick list values, etc.) 5
Business Requirements & Reporting 6
Perform technical installation
Provide on site support to UAT testers for timely root cause analysis and resolution of defects
Assist IT with system integration and interfaces with other systems
Perform any configuration changes, software updates, or technical modifications to the software
Provide on-going technical support
Develop testing strategy for System Integration Test (SIT), User Acceptance Testing (UAT), and regression testing
Assist with the creation of detailed test cases and scripts to ensure business requirements, functional requirements, and technical requirements are being met
Perform UAT testing, including detailed defect tracking and validation with GRC Technology Vendor
Technology Enablement

28. Q&A – Open Discussion

29. Sean Winekauf - Director, ERM & GRC swinekauf@kpmg.com
Contact Info
Sean Winekauf - Director, ERM & GRC
Phone:
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.