Professional Documents
Culture Documents
risk radar
Third edition
< > 1
Contents
Introduction 2
1 Media-reported events: key findings 3
What happened? 4
What were the causes? 5
Which industries were affected? 7
Sectors at a glance 8
2 n industry view on key
A 9
technology risks
Banking 10
Insurance 12
Investment management and funds 14
Consumer markets and retail 16
Technology, media, telecoms 18
Healthcare and pharmaceuticals 20
Energy and natural resources 22
Industrial manufacturing 24
Central government 26
Education 28
3 Our data analytics methodology 30
Media–reported events: data analytics 31
Contact us 32
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
< > 2
Introduction
What are the current and emerging technology- We all know there is a universal shift to a more digitally
related risks that businesses face? What types of connected world. This means businesses need more
advanced risk governance and management. The increased
incidents have been reported in the press? What speed of technology developments and their impact on
are the trends in different industries? And what business models and operations means businesses have to
are the risks on the horizon facing businesses keep a constant eye on evolving risks, taking a rolling view on
what is relevant to them.
tomorrow?
And, as organisations increasingly partner with other
KPMG’s Technology Risk Radar seeks to provide answers to
organisations and service providers, they need to consider
such questions by combining extensive analysis of reported
risks from the ‘extended enterprise’ perspective. The value
technology incidents with qualitative insight from industry
chain is only as strong as the weakest link.
specialists. It provides a broad-ranging view of the global
technology risk landscape by offering insight into what’s On the plus side, IT investment is back in vogue and many
going on, and what’s going wrong, across the market. organisations are replacing legacy systems to allow them to
keep up with competitors and new entrants. The best way to
The Technology Risk Radar enables risk and audit
succeed with new IT investment is employing the right level
professionals to make better informed decisions about the
of assurance over the right risks – for which this edition of
risks they should address while providing insight into where
Tech Risk Radar should help.
reputational risks may lie. Clients have told us that they have
found this information invaluable in audit and risk planning
exercises as it helps point them towards where the risk lies
and what’s driving it.
This third version is a refresh from 2015 and is based on
another year of research covering numerous publications
and web sources around the world. We filtered these for
duplication, categorising and cross-referencing them to
produce an overall analysis and a view sector-by-sector. Andrew Shefford Kiran Nagaraj
KPMG member firms’ industry experts then complemented
this data by providing a narrative.
Across most sectors we saw new topics emerge such as
digital labour and social media. But KPMG member firms
continue to see well-known risks around cyber security, use
of third-party services and legacy systems.
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 3
Media-reported
events: Key
findings
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
< > 4
What happened?
IT did not meet
Cyber security incidents continue to be the attention-
customer need
grabbing element of technology risk within business
today. But here is something interesting that our research
IT did not behave uncovered - only a little over half of the 700+ surveyed IT
as expected incidents were security related, with most being attributed
An IT service or system was to data being stolen or compromised intentionally. About
not available when required 36 percent affected the availability or performance of a key
IT service. And an additional 9 percent affected the quality of
3 a key IT service with IT either not behaving as expected or
not meeting customer need.
6.5
The proportion of incidents related to security, availability
20.7 and quality followed the same order across all ten industries
surveyed, i.e., security related incidents were most prevalent,
IT infrastructure followed by availability and quality related incidents.
was misused or
abused 22.8 These statistics are alarming, as these incidents must arise
from a failure of internal controls – checks that should be a
Figures are % basic element in any security control system, technological
15.5 or otherwise. Cyber security therefore, continues to be a key
Performance
area of concern for organisations. Later in this document,
of an IT service
KPMG member firms technology risk specialists provide
or system was
some practical insights on how organisations can protect
5.3 degraded
themselves and better prioritise their investment in this area.
26.2
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 5
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 6
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 7
Industries affected
Consumer, Energy, Natural
Industrial
Technology, The top two industries affected were the same as last year, although
Financial Healthcare and
Markets and Resources and Media and Government Education their positions have changed: Technology, Media and Telecommunication,
Services Pharma Manufacturing
Retail Utilities Telecom
and Government, in order.
• Technology now has the dubious privilege of being the industry
most affected by IT incidents, according to our research. The
12.1% 5.3% 9.8% 1.5% 15.1% 25.0% 22.8% 8.4% growing shift to a digitally connected world with the pervasiveness
of the Internet of Things (IoT), social media and digital labour, and
the ubiquity of devices suggest that this industry will keep this top
spot for some time.
• Government comes in at number two. We believe that the
government sector has this high ranking due to the public nature
of its operations, increasing third party risk and ineffective project
management.
• The financial services industry has moved from the fourth
most affected industry to the seventh among the ten industries
surveyed. This may be attributed to the heavy regulatory
environment within which FS organisations have built risk
management capabilities that have arguably matured over the
years. Interestingly the Fintech sector, which is a hybrid of
Technology, media & telecoms – the most affected industry,
and FS, is expected to face similar regulatory scrutiny.
What is also interesting is that specific types of incidents are affecting
some industries more than others. For example:
• Industrial manufacturing had a higher proportion of availability
related incidents than any other industry. Availability also appeared
to be significant problem in the financial services industry with 40
percent of incidents related to availability.
• Quality issues continue to be a problem in the Government sector
with almost 17 percent of incidents related to quality.
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 8
Sectors at a glance
HIGHEST LOWEST
TOP 10 RISKS IDENTIFIED FOR EACH SECTOR RISK 10 9 8 7 6 5 4 3 2 1 RISK
Overall avg
score
Risk impact and probability Investment Consumer Technology,
Healthcare and Energy and natural Industrial Central Education (the lower the
in descending order Banking Insurance Management and Markets and Media and
Pharmaceutical resources manufacturing Government (Universities)
Funds Retail Telecommunications score the more
PER SECTOR
critical across
industries)
Poor risk management alignment
across organisation and process
1 6 4 9 6 4 4 6 9 9 1 5.8
Dependence on inflexible and
undersupported legacy systems
2 4 6 4 6 6 4 4 6 9 6 5.5
Poor cyber security, cyber-crime
and unauthorised access
3 3 4 4 4 4 6 6 6 4 9 5.0
Non-compliance with regulation
and legislation, e.g. privacy
4 4 3 4 6 4 9 4 2 6 6 4.8
Lack of IT strategy and lack of
board representation 5 6 6 6 4 2 2 6 2 4 9 4.7
Inadequate data quality and lack of
capability to leverage data to manage risk 6 4 2 9 2 9 6 2 2 4 1 4.1
Inability to deploy and exploit
emerging technology
7 6 9 1 9 4 1 2 2 2 4 4.0
Failure to deliver programmes and to
build in control, resilience and security 8 3 4 2 2 2 6 6 4 9 2 4.0
Reliance on, and poor security and
control in, vendors/third parties
9 9 3 6 6 2 2 3 1 6 1 3.9
Ineffective service management
and delivery
10 6 2 6 4 2 2 2 2 2 1 2.9
Ineffective IT asset management 11 2 2 2 2 3 3 2 3 3 4 2.6
Inadequate resilience and
disaster recovery capability 12 3 2 2 2 2 2 2 4 2 2 2.3
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 9
An industry
view on key
technology risks
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
< > 10
Banking
David DiCristofaro
There have been a few red faces in banking over the past
Poor risk management alignment across
1 organisation and process
couple of years. High-profile technology-related incidents have
caused ATM networks to fail, payment systems to seize up –
and even central bank systems to go down. Media and public
Dependence on inflexible and under
2 supported legacy systems attention has made those affected respond fast.
2 Root cause analysis has shown that many of these incidents
4
3
Poor cyber security, cyber-crime and were due to problems with third-party suppliers. It’s not the
unauthorised access
banks’ own operations that have been putting them at risk –
10 often it has been the operations of the vendors and partners
Non-compliance with regulation and 5 they rely on.
4 legislation, e.g. privacy 9
The good news is that it appears that the number of these
Lack of IT strategy and lack of board 11 1 12 incidents is falling. If this is the case, we believe that it
5 representation could be because of greater management focus, improved
remediation, and a healthier understanding and management
7
Inadequate data quality and lack of 3 of the risks associated with third-party providers. Banks
6 capability to leverage data to manage risk
6 realise that their business partners need to have at least
the same high bar on risk thresholds as they do. And that is
Inability to deploy and exploit 8 forcing better governance, risk management and compliance
7 emerging technology in those wanting to partner banks.
While third-party dependence continues to be a major
Failure to deliver programmes and to risk issue, our view is that it is being overtaken by other
8 build in control, resilience and security
risks, including poor IT strategy, cyber-crime and the risk of
business interruption.
HIGHEST LOWEST
Reliance on, and poor security and RISK 10 9 8 7 6 5 4 3 2 1 RISK
9 control in, vendors/third parties One of the main root causes common to all is the
management and control of super-user access. Theoretically
only a very small number of users should be able to do
Ineffective service management
10 and delivery everything in a system. But as time goes by, banks often
lose control of the numbers of super users. When perhaps
11 Ineffective IT asset management three developers had super access to a system they were
installing or doing an access review over, it’s common to find
Inadequate resilience and disaster that a year later that number has risen to 10. Potentially most
12 recovery capability dangerous is when one of these is a vendor.
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 11
Banking (cont’d)
This comes back to the point about third parties. The whole
vendor risk management programme is huge and critical for
We also feel the lines of defence need to be better aligned
with the business. It’s not unusual to find that internal audit is
“The whole vendor risk
every bank. Questions banks should be asking include: how
do we pick our vendors, how do we monitor them, and how
working to a different set of risks than compliance – and that
the business has a different view again. The technology risk
management programme
do we remove them when they cannot meet the standards
we need. Banks that aren’t focusing on this yet should put
organisation in the business must have good communication
with compliance to bridge any risk gaps. We are seeing some
is huge and critical for
vendor risk management at the top of their regulatory
agenda right now.
banks set up a one-and-a-half line of defence to align their
risk management better. This is a good start. But we believe
every bank. Questions
Sadly no system is foolproof. Manual processes fail,
that more banks should be taking this direction, focusing on
getting compliance and the business to work better together
banks should be asking
sometimes through lack of proper training. Hardware
components break down, occasionally within weeks of
while maintaining the independence demanded by the
regulators.
include: how do we pick
scheduled maintenance. It is impossible to legislate for all
possible system fragilities. Risks vary according to bank. Most are talking to the our vendors, how do we
regulators about four issues: cyber risk, protecting against
But there are still measures banks can take. First they should
try to automate their processes as much as possible. Second,
system outages; third parties and reliance; and IT strategy monitor them, and how do
through matters such as automation and robotics.
they should make sure they have the right kind of backup
and redundancies. And third, recovery must be as swift as There is no silver bullet to deal with each of these. But the
we remove them when
possible. No matter how good the backup, responsiveness to
the root cause analysis is critical, not least to reduce the risk
one overarching factor that does make a difference is having
more technology expertise on boards. Only then can those at
they cannot meet the
of the issue happening again. the top have the confidence to challenge business strategy,
to point out the risks, to make informed decisions on risk
standards we need. Banks
And for brand management reasons. The power of social
media means that outages are trending around the world
appetite and to decide how best the risks should
be managed.
that aren’t focusing on this
within minutes, not hours or days. Banks simply have
shorter response times to work through problems than yet should put vendor risk
in the past – something they are factoring into their
remediation processes. management at the top
The push for this must come from the top. Board members
have to understand technology. They have been slow to grasp
of their regulatory agenda
this challenge but KPMG member firms are seeing signs of
change. Some boards are designating one of their members
right now.”
to keep an eye on technology; increasingly non-executive
directors are challenging the auditors and management about
technology risks. We applaud this trend but believe that more
banks need to follow suit.
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 12
Insurance
Jill Farrington Jon Dowie
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 13
Insurance (cont’d)
latest technology, there is a strong infrastructure in place to
continue to manage and govern risk in the end state.
This brings us back to the wider point: the impact of
technological change. There is a lot of disruption in the
“Insurance companies are
Insurance companies are getting better at having the right
insurance industry and much of it is down to advances
in technology. KPMG member firms have seen this trend
getting better at having the
skill sets at the board level to oversee and manage technology
risk appropriately. But we feel there is room for improvement.
increase over the past few years and know that it will only
grow further and faster.
right skill sets at the board
Boards should be asking more questions about the risk
governance process. They need to have a better overview Much of the current focus within insurers is on business level to oversee and manage
of what is going on and be sure that the organisations they processing, such as claims processing. But some are starting
govern have the resources, processes and protocols in place to turn to cognitive technologies and advanced analytics to technology risk appropriately.
to understand incidents, to know how to respond to them, get rid of manual processes. This is just the start of a greater
and to ensure a fast response. trend to use robotics higher up the value chain as a more But we feel there is room for
integral part of the business. And this trend will demand an
Part of the reason why this is hard for boards is that insurance
companies often think about technology risk tactically, such
even greater concentration on security and controls. improvement. Boards should
as by thinking about security as managing data and the
perimeter walls. We believe that boards need to concentrate
Boards and executive management are starting to pick up on
the risk element of these new and emerging technologies.
be asking more questions
on the overall picture, embedding a technology and risk
management strategy into everything the business does.
Managing those risks effectively is only going to get more
important as organisations move into uncharted territory.
about the risk governance
Some companies already do this. But we think the practice
needs to be more widespread.
The implications of not doing it right are enormous. This is
why our main message is simple: for insurers to embed
process. They need to have
And this approach does more than help manage technology
technology risk management into every product, every
service, every new platform and every business decision.
a better overview of what
risk. Having embedded security, rather than slotting it on as
an afterthought, can be a great market differentiator when it is going on and be sure that
comes to deploying new solutions.
Another of the technology-related risks facing the insurance
the organisations they govern
sector comes from outside – from new technologies in other
sectors. Self-driving cars, personal health devices and home
have the resources, processes
monitoring devices all carry their own technology risks, the
biggest of which relate to security and integrity of data.
and protocols in place to
Liability for breaches is shifting from being consumer-oriented
to being product-oriented. That will have a big impact on
understand incidents, to know
insurers’ underwriting business – raising questions about
what information and control, if any, insurers have over the
how to respond to them, and
technology being used. to ensure a fast response.”
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 14
Investment management
and funds John Machin Ameet Sharma
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 15
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 16
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 17
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 18
Technology, media
& telecoms Annie Armstrong David Eastwood
Consumers are the life blood of the TMT sector. New media
Poor risk management alignment across
1 organisation and process
companies, telecoms providers, technology businesses – all
12 have direct connections with consumers. And through those
connections they collect a vast amount of personal data.
Dependence on inflexible and under
2 supported legacy systems
9 We believe that the top technology risk facing the TMT
sector revolves around data: personal data, business data
Poor cyber security, cyber-crime and 4 and employee data. Over half the incidents in our survey
3 unauthorised access 2 results had a security impact, and half of those were
around data loss. The sector is responding by putting a vast
Non-compliance with regulation and 7
4 11 amount of resource into tightening access and trying to
legislation, e.g. privacy
prevent data leakages.
6
Lack of IT strategy and lack of board 1 But we think data risk is about more than security. Big data is
5 representation the order of the day. Companies are keen to know how they
can mine their data to drive better business. They see this as
3
Inadequate data quality and lack of the future – and the constant improvement in data analytics
6 capability to leverage data to manage risk increases their interest in the huge potential that big data has
10 for them.
Inability to deploy and exploit
7 emerging technology
The problem is that this push from the business side is
5
8 running ahead of societal expectations. As data volumes
increase, companies will find they have acquired data in ways
Failure to deliver programmes and to they hadn’t expected and that they can use it in ways they
8 build in control, resilience and security
hadn’t expected too. But are they considering the implications
– the impacts on privacy or on civil liberties?
HIGHEST LOWEST
Reliance on, and poor security and RISK 10 9 8 7 6 5 4 3 2 1 RISK
9 control in, vendors/third parties We don’t think they are thinking about this enough. We
believe the real challenge is for TMT companies to judge how
society views what they can do, with data, against what they
Ineffective service management
10 and delivery want to achieve. That mismatch between what is possible and
what is acceptable will only grow. And that is where the risks
11 Ineffective IT asset management arise. Regulators are already on to this and stiffer (and more
complex) regulation is on its way.
Inadequate resilience and disaster
12 recovery capability What should companies be doing? We think that boards need
to have a better sense of the data within their organisations.
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 19
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 20
Healthcare and
pharmaceuticals Jamie Thompson Caroline Rivett Nicolina Demain
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 21
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 22
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 23
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 24
Industrial manufacturing
Marcelina Valdez Beth McKenny
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 26
Central government
Andy North Geoffrey Weber
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 27
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 28
Education
Richard Archer Hannah Cool
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 29
Education (cont’d)
infiltrate nuclear research databases to students hacking the
administration office to change their results.
The next step is for them to implement effective practices
and policies for their critical data, assets and infrastructure.
“Universities, which are
Universities work through management by consensus. The
Many do not yet seem ready for this. But the findings of
KPMG member firms risk assessments are pushing them
affiliated to hospital chains
challenge for them is to bring all the departments, schools
and institutes that comprise the university together to agree
into action. They know that they need to agree on what has
to be done, and to sell the idea to their staff responsible
carry valuable healthcare
a centralised technology approach: a common hardening
of servers, a common offering of encrypted laptops. This
for implementation. Ownership at middle-management information, making their
level is crucial. But it has to be driven by ownership at the
includes ensuring access control and policy is properly
enforced: too often universities are not using controls such as
top. Boards need to have a member who is assigned to be records a tempting target.
responsible for information security. This is the first and most
multi-factor authorisation.
crucial step, and one that many universities still have to take. Students are becoming
Without this joint approach it can be next to impossible
to have systematic asset management. IT is often bought
Our hope is that the scale and magnitude of security
incidents will become a springboard for higher education to
increasingly demanding,
and managed by individual departments. There is no formal
process for assessing what data is held on university devices
acknowledge the risks, to form a plan of action, to commit to
the investment needed, and to put the processes and people
expecting access to cutting-
– never mind the individual mobile devices that students bring
onto campus, or what happens to university devices when
in place to make this happen. edge technologies and the
they are no longer needed. We believe most universities are at a crossroads. Either
they will take the challenge or they will flounder. The key most flexible education
The root cause for all these problems is lack of investment.
There are so many other areas which need cash – from
for many will be finding a balance between the openness
that students value and the protection that the institutions
delivery options. Universities
faculty buildings and student facilities to professors and
teaching staff – that technology is often low down the
need – establishing critical assets, processes and data, and
concentrating on protecting these.
have to meet these services
spending priority list.
We believe that not enough university leaders have taken
and install expensive IT
the issues of cyber security, centralised management and infrastructure. Huge risks
processes seriously enough – despite the high value of the
data and intellectual property they hold. come with implementing
KPMG professionals are encouraged by the shift in awareness
and focus we have seen this year. Sadly this increased
and managing these new
attention is due to the sheer number of security-related
incidents. More university boards than ever have asked us
facilities, equipment and
to review their cyber security. And they are shocked by the
number of red flags KPMG member firms are raising.
processes.”
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 30
Our Data
Analytics
Methodology
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
< > 31
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< > 32
Contact us
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
< > 33
Contact us
Richard Archer David Eastwood Priya Mouli Jamie Thompson
Principal Partner Manager Director
KPMG in the US KPMG in the UK KPMG in the US KPMG in the UK
© 2017 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
< 34
kpmg.com/uk
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we
endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will
continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the
particular situation.
© 2017 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with
KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other
member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International.