Cyber-Risk Management Built In From The Start As Deloitte Transforms Its Core Finance System

Estelle Lagorce

Core system revitalization is one of eight key trends that lead to digital innovation in the Deloitte report “Tech Trends 2016.” And it’s a key trend that’s likely to continue.

There are cyber risk implications in the areas of security, privacy, regulatory mandates, and compliance. Deloitte’s report intentionally looks at cyber risk not as a separate topic, but as an enterprise discipline embedded in the planning, design, and realization of each individual trend.

Core systems are often decades old, but the reality is that many roads to digital innovation lead through these “heart-of-the-business” applications. The bottom line is that organizations have an increasing need for speed, flexibility, and the capability to handle large amounts of data from a growing number of sources. For this reason, many organizations are now developing strategies that involve re-platforming, modernizing, and revitalizing for reimagining their core systems.

In fact, Deloitte has recently undergone a transformation with its own core finance system, reimagining it to support the business well into the future. With its “SWIFT – Strategic, World-Class, Innovative, Forward-Thinking” transformation project, Deloitte is leveraging emerging technologies – including governance, risk, and compliance (GRC) solutions – to enhance its global financial processes.

At a recent Digital GRC Webinar, Mike Kosonog, partner at Deloitte, explained the impact of digital transformation on governance and compliance and shared Deloitte’s experience implementing GRC solutions as part of its ongoing digital transformation. Bruce McCuaig, director of Solution Marketing, Governance, Risk, and Compliance, at SAP, also highlighted how GRC solutions safeguard the digital transformation of core systems, as transparency and reliability in times of fast-paced change become key business needs.

Case for change

Like many companies, Deloitte’s business was rapidly expanding internationally, which presented an opportunity to gain synergies from consolidating financial systems and putting in place common processes that would globally span member firms. Plus, system consolidation would better enable the firm to handle the increasing volumes of transactions that were bogging down its aging infrastructure.


However, although it was clear that a global system would bring many opportunities, it also presented a number of challenges, including the need to maintain client confidentiality, localization, and harmonization of both governance and business processes. In short, there was a need to establish global governance over the systems and solutions.

Early inclusion of a GRC solution

With the early realization that GRC was critical to the success of SWIFT, Deloitte saw the ability to adopt an overarching GRC solution at the same time as its new financial system was implemented. The GRC solution serves as a model for the overall establishment of a global GRC foundation and supports harmonization. It is being used to address the above challenges and several key impacts of globalization.

  • Confidentiality – The need to protect key client data required a robust security strategy. The answer was secure provisioning, such that requests for access are routed to appropriate approvers and there are periodic reviews of users that have access to sensitive information.
  • Localization – While standardization of processes was a key goal, local differences needed to be addressed. By building a thorough list of controls and identifying their relevance to member firms, as well as having a central point to manage access, business processes, and IT risks, there is now a clear understanding of the commonalities and differences at the local level.
  • Change management – The establishment of global change-management processes was critical to the success of the new solution. Workflow approval of role changes, combined with the continuous monitoring and real-time reporting of changes in process configurations, are supporting a global approach to change management. New functionalities (like segregation-of-duty rule set, controls implications, and provisioning) are integrated, simplifying the user experience.
  • Harmonization – The GRC solution is serving as a model for the establishment of an overall global governance, risk, and compliance foundation.

By replacing its core financial systems with a single, central platform, Deloitte has transformed its finance function and positioned itself for future growth. Establishing and addressing the GRC requirements early were key factors in the success of the broader finance transformation project.

To learn more about how finance executives can take a more strategic approach to GRC, read the Forrester report Adopt Three Lines of Defense Technology To Manage GRC. Also, check out the GRC Value Calculator.

On Feb. 22, attend the Webinar Maximizing Strategic and Operational Performance with Three Lines of Defense, to learn more about Deloitte’s implementation and how governance, risk, and compliance solutions safeguard digital transformation of core systems.

Attend the Digital GRC Webinar in Spanish (run by our Latin American teams).

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube

About Deloitte: Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the U.S. member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States, and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms.

Estelle Lagorce

About Estelle Lagorce

Estelle Lagorce is the Director, Global Partner Marketing, at SAP. She leads the global planning, successful implementation and business impact of integrated marketing programs with top global Strategic Partner across priority regions and countries (demand generation, thought leadership).