KPMG Workbench is KPMG’s single global AI platform designed to scale global adoption and integration of AI.
Workbench is a flexible platform built on Microsoft Azure AI that enables interoperable, agent to agent communications. It brings together capabilities from across KPMG’s ecosystem of alliance partners for clients to deploy the right model for the right task.
Telstra, a regulated Telecommunications provider operating across more than twenty countries, has already adopted KPMG Workbench using a set of agents and compliance tools that sit on the platform to seamlessly assess and enhance policies and controls to meet country-specific standards.
Compliance powered by AI
Powered by the advanced capabilities of our generative AI platform, this solution is designed to decipher and manage the regulatory maze with unparalleled intelligence and efficiency.
It synthesises and scrutinises data, uncovering vital connections and identifying any discrepancies against KPMG's robust frameworks and controls.
-
Empower compliance
turn dense regulations into a clear set of obligations, making compliance easier to understand and act upon.
-
Predict impact
examine your processes, detect the fine threads between obligations and risks, and strengthen these connections.
-
Active control optimisation
quickly grasp an ever-evolving inventory of controls evaluated by AI against industry and KPMG gold-standard practices.
AI-driven compliance across industries and sectors
From banking to insurance to telecommunications, organisations face an ever-growing volume of complex, time-consuming regulatory demands. To meet this challenge, we partnered with Microsoft to develop a powerful AI solution that turns dense regulatory text into clear, actionable insights.
Telstra is leading the way, using the tool to navigate thousands of local and international laws with greater speed and accuracy. The AI agent helps teams interpret new regulations, map them to internal controls, and assess control effectiveness – reducing a process that once took months to just days.
By combining Microsoft OpenAI capability with our deep regulatory experience, we’re helping organisations across industries simplify compliance, reduce risk and deliver better outcomes for their customers.
Enhance compliance for the long haul
Equip your teams with an AI expert in risk and compliance.
| Driver | KymCompliance, built on KPMG Workbench |
|---|---|
| Compliance is impeded by the reality that individuals cannot hold all the knowledge about organisational processes, obligations, systems, etc. | Interactive and searchable knowledge base covering obligations, risks, and controls. KPMG KymCompliance helps you find the right information quickly. |
| Critical knowledge often exits the organisation with staff turnover, and corporate restructures hamper continuity. | Centralise knowledge and reference systems of record, instead of relying on human knowledge centres. |
| Varying compliance comprehension levels lead to inconsistent approaches to compliance management across departments. | Users upskill as they interact with an AI compliance professional. Users improve their knowledge of their obligations and understand what a good control looks like. |
| Lapses in capturing and transferring institutional knowledge can create regulatory risks. | Close gaps by running scaled AI-led analysis over obligation, risk, and control coverage. Identify gaps and receive instant insights and recommendations. |
| Driver | KymCompliance, built on KPMG Workbench |
|---|---|
| A predominance of manual, reactive controls versus automated, preventative measures. | AI evaluation of controls identifying ways to improve coverage and control effectiveness, including transitioning to automated and preventative controls. |
| Existence of control gaps where controls do not have the granularity to cover all compliance obligations. | Assessment of control linkage to obligations and risks, including highlighting gaps and weak links. |
| Control environment complexity due to unnecessary duplications and inefficiencies. | Automated identification of control duplication between obligations and risks, including mapping and scoring of control linkage to guide control updates. |
| Operational effectiveness of controls is frequently untested due to resource constraints. | Automate basic control checks like obligation linkage and evaluation of descriptions, allowing Line 2 Risk and Assurance teams to focus on testing operating effectiveness. |
| Driver | KymCompliance, built on KPMG Workbench |
|---|---|
| Not all impacts of regulatory change on business domains are readily apparent, leading to unforeseen compliance issues. | Increase your team's understanding of company-wide obligations. Test breach scenarios upfront, to understand if outcomes could lead to regulatory breach events. |
| Reliance on self-assessment questionnaires for compliance impact is outdated and unreliable. | Obligation statements are accessible and interactive to review upfront, improving accuracy of impact assessments. |
| It's challenging for those managing change to grasp the full scope of impacted compliance obligations. | Obligation statements are accessible and interactive to review upfront, improving accuracy of impact assessments. |
| Rapid and complex updates to compliance standards, technology, and organisational priorities challenge timely adoption of compliance improvements. | Compare existing authoritative instruments with drafts or updated versions to automatically identify changes. Compare authoritative instruments or sources (e.g. policies) for common or contradictory obligation statements. |
Key capabilities of AI driven compliance
Power your compliance with AI on standby, ready to answer your questions in plain English and clarify any aspect of your compliance responsibilities.
An AI-powered framework for compliance
Leveraging 100+ Years of KPMG Insight for Compliance Excellence
Benefit from a heritage of over 100 years where KPMG has guided clients through the complexities of regulatory compliance, reinforcing it with robust, high-quality controls.
At the core of our approach sits a sophisticated knowledge graph, grounded in frameworks and controls tailored for rigorous compliance demands, shaped by leading KPMG specialists.
Better practice frameworks
Our approach is built upon a complex network of regulatory frameworks, inputs and outputs.
A knowledge graph is used to relate concepts that the Al can then use to recall specific details and relationships.
KPMG expert review and tuning
Tuning uplifts quality further to align to our SME's expectations.
Outputs re-reviewed against KPMG's quality standards.
Review and testing of solution rules and outputs for continuous improvement.
The path of an engagement
How KPMG helps you deliver sustainable compliance
We combine the power of AI with our deep industry insights to help you enhance the maturity of your compliance efforts.
By managing risk at speed and scale, you can protect your business against the consequences of non-compliance in an increasingly complex and fast paced regulatory environment.
Download the fact sheet
Contact KPMG's AI compliance specialists
- Item 1
- Item 2
- Item 3
Frequently asked questions
Controls
The AI Solution is not a replacement of a GRC tool, but rather, a virtual staff member that sits 'over' the GRC tool and can provide insights for you by searching and analysing what is in your GRC.
You may have documented obligations, risks and controls - but can you, instantaneously and at any point in time, answer whether:
- these obligations are up to date?
- the situation you've encountered is a breach of the obligation?
- the controls directly link to the obligations and/or risks?
- your controls are not processes in disguise?
- which obligations do not have associated controls?
- the situation you've encountered indicates which controls have failed?
The AI Solution acts as an additional 'SME' within your existing Risk, Compliance and/or Assurance functions. It is intended to support the prioritisation of your team's time by providing answers through the search and analysis of your GRC system.
The AI Solution has multiple features and functionalities, tailored to all three parts of the three lines of defence model.
For example:
- Those in the Business (Line 1) are able to use this capability to identify and understand their obligations, or develop strong and robust controls accordingly
- Those in Central Risks/Compliance/Assurance (Line 2) are able to use this capability to determine the extent of obligation area coverage and oversight.
- Those in Internal Audit (Line 3) can use this capability to understand the current controls (normally done through preliminary walkthroughs) prior to assessing design and operating effectiveness.
Obligations
The solution scans through obligation sources to identify key obligations. It can interpret complex legislative language and guidelines, and translate them into easy to understand statements. This allows organisations to quickly grasp their compliance responsibilities and take next steps like managing risks and controls.
The solution can ingest and read many different authoritative instruments including legislation, codes, acts, industry guidelines, policies and more. Any source with written regulatory or compliance requirements is compatible.
Yes. The solution can compare updated or different source documents to identify changes and differences and update obligation statements accordingly. This enables your obligations register to remain current with the latest requirements. You can also assess obligations in 'Draft' source documents, to stay ahead of upcoming changes.
Education
The AI chat agent serves as an on-demand compliance expert. Users can interact with it through a conversational interface to ask questions about their regulatory obligations, controls, or any other part of the solution. The chat agent uses the context of the data it has reviewed to provide informed responses.
Yes, it can. The chat agent is capable of understanding and answering specific questions relating to the compliance documents it has processed.
Users gain a deeper understanding of compliance through interaction with the AI solution. Not only does this capability support you in identifying and understanding obligations and controls, but also is an educational platform offering explanations, examples, and further insights into compliance requirements and results.
Technical
All of the data processed by KPMG Compliance Tracking AI is sent only to Australian data centres where it is processed on a private OpenAI instance. Your data is not shared with the public OpenAI models for training, and is not retained by KPMG for model development.
Our solution tackles hallucination in a range of ways, but most importantly:
- Limiting the context and scope of questioning for the AI through curation of the data used by the model as well as careful orchestration of prompts into discrete components. By avoiding open ended questions and an unconstrained data set (such as the public GPT training set) we can nearly eliminate the risk of any hallucination.
- Rigourous testing of outputs by our developers and SME team members to ensure accuracy and consistency in outputs, feeding into progressive refinement of prompts and approaches to using the AI. This has resulted in a robust testing suite that we can re-run at each version release to avoid any risk of model drift over and ensure that outputs continue to meet the standard we expect.
KPMG Compliance Tracking AI is built on a stack entirely constructed from standard Azure components. There are no proprietary platform components in the solution. While we are focused on the Microsoft Cloud we have support options available for organisations using other cloud platforms (i.e. Google, Amazon) which we can discuss with your architects.
KPMG Compliance Tracking AI has been designed as a deployed application which we support in your environment leveraging your infrastructure. KPMG can also host the solution within our infrastructure if that is preferred.
