KPMG Capabilities
Naftiko 0.5 capability definitions for KPMG - 106 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Accounts Receivable Confirmation Pipeline
▼
audit accounts-receivable sap azure-databricks sharepoint salesforce
Tests accounts receivable balances by extracting AR aging from SAP, selecting confirmation samples in Databricks, generating letters in SharePoint, and tracking responses in Salesforce.
naftiko: "0.5"
info:
label: "Accounts Receivable Confirmation Pipeline"
description: "Tests accounts receivable balances by extracting AR aging from SAP, selecting confirmation samples in Databricks, generating letters in SharePoint, and tracking responses in Salesforce."
tags:
- audit
- accounts-receivable
- sap
- azure-databricks
- sharepoint
- salesforce
capability:
exposes:
- type: mcp
namespace: ar-confirmation
port: 8080
tools:
- name: test-ar-balances
description: "Test accounts receivable balances through confirmation procedures."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement ID."
- name: cutoff_date
in: body
type: string
description: "AR cutoff date."
steps:
- name: extract-ar-aging
type: call
call: "sap.get-ar-aging"
with:
cutoff_date: "{{cutoff_date}}"
- name: select-sample
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM ar_sampling WHERE engagement_id = '{{engagement_id}}' AND cutoff_date = '{{cutoff_date}}'"
- name: generate-confirmation-letters
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/ARConfirmations"
template: "ar_confirmation_letters"
- name: create-tracking-records
type: call
call: "salesforce.bulk-create"
with:
object: "AuditConfirmation__c"
records: "{{select-sample.sampled_customers}}"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: ar
path: "/FI_SRV/ARaging"
operations:
- name: get-ar-aging
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: bulk
path: "/composite/sobjects"
operations:
- name: bulk-create
method: POST
ADP Payroll Summary Lookup
▼
hr payroll adp audit
Retrieves a payroll summary from ADP Workforce Now by company code and pay period, returning gross pay, net pay, tax withholdings, and employee count. Used by audit and HR advisory teams.
naftiko: "0.5"
info:
label: "ADP Payroll Summary Lookup"
description: "Retrieves a payroll summary from ADP Workforce Now by company code and pay period, returning gross pay, net pay, tax withholdings, and employee count. Used by audit and HR advisory teams."
tags:
- hr
- payroll
- adp
- audit
capability:
exposes:
- type: mcp
namespace: payroll-audit
port: 8080
tools:
- name: get-payroll-summary
description: "Look up an ADP payroll summary by company code and pay period."
inputParameters:
- name: company_code
in: body
type: string
description: "The ADP company code."
- name: pay_period
in: body
type: string
description: "The pay period identifier (e.g., 2026-03-15)."
call: "adp.get-payroll"
with:
company_code: "{{company_code}}"
pay_period: "{{pay_period}}"
outputParameters:
- name: gross_pay
type: string
mapping: "$.payrollSummary.grossPay.amount"
- name: net_pay
type: string
mapping: "$.payrollSummary.netPay.amount"
- name: tax_withholdings
type: string
mapping: "$.payrollSummary.taxWithholdings.amount"
- name: employee_count
type: string
mapping: "$.payrollSummary.employeeCount"
consumes:
- type: http
namespace: adp
baseUri: "https://api.adp.com/hr/v2"
authentication:
type: bearer
token: "$secrets.adp_token"
resources:
- name: payroll
path: "/companies/{{company_code}}/payroll-summaries/{{pay_period}}"
inputParameters:
- name: company_code
in: path
- name: pay_period
in: path
operations:
- name: get-payroll
method: GET
Alteryx Analytics Workflow Trigger
▼
analytics alteryx audit data-processing
Triggers an Alteryx Server workflow by workflow ID and returns the job execution status. Used by audit analytics and data teams to run analytical procedures on demand.
naftiko: "0.5"
info:
label: "Alteryx Analytics Workflow Trigger"
description: "Triggers an Alteryx Server workflow by workflow ID and returns the job execution status. Used by audit analytics and data teams to run analytical procedures on demand."
tags:
- analytics
- alteryx
- audit
- data-processing
capability:
exposes:
- type: mcp
namespace: audit-analytics-alteryx
port: 8080
tools:
- name: trigger-alteryx-workflow
description: "Trigger an Alteryx Server workflow, log the execution in Jira, and notify the audit analytics team via Microsoft Teams."
inputParameters:
- name: workflow_id
in: body
type: string
description: "The Alteryx Server workflow ID."
- name: engagement_code
in: body
type: string
description: "The audit engagement code."
- name: analyst_email
in: body
type: string
description: "Email of the requesting analyst."
steps:
- name: run-workflow
type: call
call: "alteryx.run-workflow"
with:
workflow_id: "{{workflow_id}}"
- name: log-execution
type: call
call: "jira.create-issue"
with:
project_key: "AUDITANA"
issue_type: "Task"
summary: "Alteryx workflow {{workflow_id}} executed — {{engagement_code}}"
description: "Job ID: {{run-workflow.id}}. Status: {{run-workflow.status}}. Analyst: {{analyst_email}}."
- name: notify-analyst
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{analyst_email}}"
text: "Alteryx workflow {{workflow_id}} triggered. Job: {{run-workflow.id}}. Status: {{run-workflow.status}}. Jira: {{log-execution.key}}."
consumes:
- type: http
namespace: alteryx
baseUri: "https://alteryx.kpmg.com/api/v3"
authentication:
type: bearer
token: "$secrets.alteryx_token"
resources:
- name: workflows
path: "/workflows/{{workflow_id}}/jobs"
inputParameters:
- name: workflow_id
in: path
operations:
- name: run-workflow
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Alteryx Data Quality Profiling Lookup
▼
data-analytics audit alteryx data-quality
Triggers an Alteryx data quality profiling workflow for a client dataset, returning completeness, uniqueness, and validity metrics for audit evidence.
naftiko: "0.5"
info:
label: "Alteryx Data Quality Profiling Lookup"
description: "Triggers an Alteryx data quality profiling workflow for a client dataset, returning completeness, uniqueness, and validity metrics for audit evidence."
tags:
- data-analytics
- audit
- alteryx
- data-quality
capability:
exposes:
- type: mcp
namespace: data-analytics
port: 8080
tools:
- name: get-data-quality-profile
description: "Trigger an Alteryx data quality profiling job for a specified dataset. Returns completeness, uniqueness, and validity scores."
inputParameters:
- name: workflow_id
in: body
type: string
description: "The Alteryx workflow identifier for data profiling."
- name: dataset_name
in: body
type: string
description: "Name of the client dataset to profile."
call: "alteryx.trigger-workflow"
with:
workflow_id: "{{workflow_id}}"
parameters:
dataset: "{{dataset_name}}"
outputParameters:
- name: completeness_score
type: number
mapping: "$.results.completeness"
- name: uniqueness_score
type: number
mapping: "$.results.uniqueness"
- name: validity_score
type: number
mapping: "$.results.validity"
- name: record_count
type: number
mapping: "$.results.totalRecords"
consumes:
- type: http
namespace: alteryx
baseUri: "https://kpmg.alteryxcloud.com/api/v3"
authentication:
type: bearer
token: "$secrets.alteryx_token"
resources:
- name: workflows
path: "/workflows/{{workflow_id}}/jobs"
inputParameters:
- name: workflow_id
in: path
operations:
- name: trigger-workflow
method: POST
Anti-Money Laundering Transaction Screening
▼
compliance aml financial-crime dow-jones servicenow jira microsoft-teams
Screens a batch of financial transactions against Dow Jones watchlists, logs flagged transactions in ServiceNow for investigation, creates Jira case tasks for compliance analysts, and notifies the AML officer via Microsoft Teams.
naftiko: "0.5"
info:
label: "Anti-Money Laundering Transaction Screening"
description: "Screens a batch of financial transactions against Dow Jones watchlists, logs flagged transactions in ServiceNow for investigation, creates Jira case tasks for compliance analysts, and notifies the AML officer via Microsoft Teams."
tags:
- compliance
- aml
- financial-crime
- dow-jones
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: aml-screening
port: 8080
tools:
- name: screen-transactions
description: "Given a transaction batch ID and AML officer email, screen transactions against Dow Jones, log flagged items in ServiceNow, create Jira investigation tasks, and notify the officer."
inputParameters:
- name: batch_id
in: body
type: string
description: "The transaction batch identifier."
- name: client_entity_id
in: body
type: string
description: "The client entity under screening."
- name: aml_officer_email
in: body
type: string
description: "Email of the AML compliance officer."
steps:
- name: screen-batch
type: call
call: "dowjones.screen-transactions"
with:
batch_id: "{{batch_id}}"
entity_id: "{{client_entity_id}}"
- name: log-flagged-transactions
type: call
call: "servicenow.create-aml-case"
with:
short_description: "AML flags: Batch {{batch_id}} — {{screen-batch.flagged_count}} transactions"
description: "Entity: {{client_entity_id}}. Flagged: {{screen-batch.flagged_count}}. Highest risk: {{screen-batch.max_risk_score}}. Categories: {{screen-batch.categories}}."
assigned_group: "AML_Investigations"
- name: create-investigation-task
type: call
call: "jira.create-issue"
with:
project_key: "AMLOPS"
issue_type: "Task"
summary: "Investigate: AML flags batch {{batch_id}} — {{screen-batch.flagged_count}} hits"
description: "ServiceNow case: {{log-flagged-transactions.number}}. Entity: {{client_entity_id}}. Max risk: {{screen-batch.max_risk_score}}."
- name: notify-officer
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{aml_officer_email}}"
text: "AML Alert: Batch {{batch_id}} flagged {{screen-batch.flagged_count}} transactions. Max risk: {{screen-batch.max_risk_score}}. ServiceNow: {{log-flagged-transactions.number}}. Jira: {{create-investigation-task.key}}."
consumes:
- type: http
namespace: dowjones
baseUri: "https://api.dowjones.com/riskandcompliance/v1"
authentication:
type: bearer
token: "$secrets.dowjones_token"
resources:
- name: transaction-screening
path: "/transactions/screen"
operations:
- name: screen-transactions
method: POST
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: aml-cases
path: "/table/sn_grc_case"
operations:
- name: create-aml-case
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Audit Confirmation Workflow Orchestrator
▼
audit confirmations sharepoint salesforce jira microsoft-teams
Manages audit confirmation workflows by generating confirmation letters in SharePoint, tracking responses in Salesforce, creating follow-up tasks in Jira, and alerting the audit team on non-responses.
naftiko: "0.5"
info:
label: "Audit Confirmation Workflow Orchestrator"
description: "Manages audit confirmation workflows by generating confirmation letters in SharePoint, tracking responses in Salesforce, creating follow-up tasks in Jira, and alerting the audit team on non-responses."
tags:
- audit
- confirmations
- sharepoint
- salesforce
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: confirmations
port: 8080
tools:
- name: manage-confirmations
description: "Manage audit confirmation letter workflow."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: confirmation_type
in: body
type: string
description: "Confirmation type (bank, AR, AP, legal)."
- name: audit_team_email
in: body
type: string
description: "Audit team email."
steps:
- name: generate-letters
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/Confirmations/{{confirmation_type}}"
template: "confirmation_letter_{{confirmation_type}}"
- name: track-responses
type: call
call: "salesforce.get-confirmation-status"
with:
engagement_id: "{{engagement_id}}"
type: "{{confirmation_type}}"
- name: create-followups
type: call
call: "jira.create-issue"
with:
project: "AUDIT"
summary: "Confirmation follow-up: {{engagement_id}} - {{confirmation_type}}"
description: "Sent: {{track-responses.sent_count}}. Received: {{track-responses.received_count}}. Outstanding: {{track-responses.outstanding_count}}."
- name: alert-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{audit_team_email}}"
text: "Confirmation status for {{engagement_id}} ({{confirmation_type}}): {{track-responses.received_count}}/{{track-responses.sent_count}} received. {{track-responses.outstanding_count}} outstanding."
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: confirmations
path: "/sobjects/AuditConfirmation__c"
operations:
- name: get-confirmation-status
method: GET
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Audit Engagement Orchestrator
▼
audit engagement-management servicenow sharepoint jira microsoft-teams
On creation of a new audit engagement in ServiceNow, provisions a SharePoint document library for workpapers, creates a Jira epic for tracking milestones, and notifies the engagement team in Microsoft Teams.
naftiko: "0.5"
info:
label: "Audit Engagement Orchestrator"
description: "On creation of a new audit engagement in ServiceNow, provisions a SharePoint document library for workpapers, creates a Jira epic for tracking milestones, and notifies the engagement team in Microsoft Teams."
tags:
- audit
- engagement-management
- servicenow
- sharepoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: audit-engagement
port: 8080
tools:
- name: provision-audit-engagement
description: "Given an engagement ID, client name, and lead partner email, provision all supporting infrastructure for a new audit engagement across ServiceNow, SharePoint, Jira, and Microsoft Teams."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The unique engagement identifier."
- name: client_name
in: body
type: string
description: "The audit client legal entity name."
- name: lead_partner_email
in: body
type: string
description: "Email of the lead audit partner."
- name: fiscal_year_end
in: body
type: string
description: "Client fiscal year end date in YYYY-MM-DD format."
steps:
- name: create-engagement-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "Audit engagement initiated: {{client_name}} FY {{fiscal_year_end}}"
category: "audit_engagement"
assigned_group: "Audit_Operations"
description: "Engagement {{engagement_id}} for {{client_name}}. Lead partner: {{lead_partner_email}}."
- name: provision-workpaper-library
type: call
call: "sharepoint.create-folder"
with:
site_id: "audit_engagements_site"
folder_path: "Workpapers/{{engagement_id}}_{{client_name}}"
- name: create-audit-epic
type: call
call: "jira.create-issue"
with:
project_key: "AUDIT"
issue_type: "Epic"
summary: "Audit Engagement: {{client_name}} — {{engagement_id}}"
description: "FY End: {{fiscal_year_end}}. Workpapers: {{provision-workpaper-library.url}}"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{lead_partner_email}}"
text: "Audit engagement {{engagement_id}} for {{client_name}} is provisioned. Jira epic: {{create-audit-epic.key}}. Workpapers: {{provision-workpaper-library.url}}. ServiceNow: {{create-engagement-ticket.number}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-folder
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Audit Sampling Automation Pipeline
▼
audit sampling sap azure-databricks sharepoint jira
Automates audit sampling by extracting population data from SAP, applying statistical sampling in Databricks, creating sample workpapers in SharePoint, and assigning review tasks in Jira.
naftiko: "0.5"
info:
label: "Audit Sampling Automation Pipeline"
description: "Automates audit sampling by extracting population data from SAP, applying statistical sampling in Databricks, creating sample workpapers in SharePoint, and assigning review tasks in Jira."
tags:
- audit
- sampling
- sap
- azure-databricks
- sharepoint
- jira
capability:
exposes:
- type: mcp
namespace: audit-sampling
port: 8080
tools:
- name: generate-audit-sample
description: "Generate a statistical audit sample from the client population."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The audit engagement identifier."
- name: population_query
in: body
type: string
description: "SQL query to extract the population."
- name: confidence_level
in: body
type: number
description: "Statistical confidence level (e.g., 95)."
steps:
- name: extract-population
type: call
call: "sap.run-query"
with:
query: "{{population_query}}"
- name: generate-sample
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM population_{{engagement_id}} ORDER BY RAND() LIMIT {{extract-population.sample_size}}"
- name: create-workpaper
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/Sampling"
template: "audit_sample_workpaper"
- name: assign-testing
type: call
call: "jira.create-issue"
with:
project: "AUDIT"
summary: "Sample testing: {{engagement_id}} - {{extract-population.sample_size}} items"
description: "Sample workpaper: {{create-workpaper.url}}. Population: {{extract-population.total_count}}. Sample: {{generate-sample.count}}."
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: queries
path: "/GL_SRV/JournalEntries"
operations:
- name: run-query
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Azure AD Privileged Access Review
▼
security compliance azure-active-directory access-review
Retrieves privileged role assignments from Azure Active Directory for a client tenant, returning user principal names, role names, and assignment expiration dates.
naftiko: "0.5"
info:
label: "Azure AD Privileged Access Review"
description: "Retrieves privileged role assignments from Azure Active Directory for a client tenant, returning user principal names, role names, and assignment expiration dates."
tags:
- security
- compliance
- azure-active-directory
- access-review
capability:
exposes:
- type: mcp
namespace: security-audit
port: 8080
tools:
- name: get-privileged-assignments
description: "Look up privileged role assignments in Azure AD for a client tenant. Returns users, roles, and expiration status."
inputParameters:
- name: tenant_id
in: body
type: string
description: "The Azure AD tenant identifier for the client."
call: "azure-ad.list-privileged-roles"
with:
tenant_id: "{{tenant_id}}"
outputParameters:
- name: assignments
type: array
mapping: "$.value"
items:
- name: user_principal_name
type: string
mapping: "$.principalName"
- name: role_name
type: string
mapping: "$.roleDefinition.displayName"
- name: expires_at
type: string
mapping: "$.scheduleInfo.expiration.endDateTime"
consumes:
- type: http
namespace: azure-ad
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: role-assignments
path: "/roleManagement/directory/roleAssignments"
inputParameters:
- name: tenant_id
in: header
operations:
- name: list-privileged-roles
method: GET
Azure Databricks Job Run Status
▼
data-engineering azure-databricks pipeline
Retrieves the status of an Azure Databricks job run by run ID, returning state, start time, and duration. Used by data engineering and analytics teams for pipeline monitoring.
naftiko: "0.5"
info:
label: "Azure Databricks Job Run Status"
description: "Retrieves the status of an Azure Databricks job run by run ID, returning state, start time, and duration. Used by data engineering and analytics teams for pipeline monitoring."
tags:
- data-engineering
- azure-databricks
- pipeline
capability:
exposes:
- type: mcp
namespace: data-pipeline
port: 8080
tools:
- name: get-databricks-run
description: "Look up an Azure Databricks job run by run ID and notify the data engineering team via Microsoft Teams with the execution results."
inputParameters:
- name: run_id
in: body
type: string
description: "The Databricks job run ID."
- name: data_eng_email
in: body
type: string
description: "Email of the data engineering team lead."
steps:
- name: fetch-run
type: call
call: "databricks.get-run"
with:
run_id: "{{run_id}}"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{data_eng_email}}"
text: "Databricks run {{run_id}}: {{fetch-run.life_cycle_state}} / {{fetch-run.result_state}}. Duration: {{fetch-run.execution_duration}}ms."
consumes:
- type: http
namespace: databricks
baseUri: "https://adb-kpmg.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: runs
path: "/jobs/runs/get?run_id={{run_id}}"
inputParameters:
- name: run_id
in: query
operations:
- name: get-run
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Azure DevOps Pipeline Run Status
▼
devops azure-devops ci-cd
Retrieves the status of an Azure DevOps pipeline run by organization, project, and run ID. Used by technology consulting teams for CI/CD monitoring.
naftiko: "0.5"
info:
label: "Azure DevOps Pipeline Run Status"
description: "Retrieves the status of an Azure DevOps pipeline run by organization, project, and run ID. Used by technology consulting teams for CI/CD monitoring."
tags:
- devops
- azure-devops
- ci-cd
capability:
exposes:
- type: mcp
namespace: devops-pipeline
port: 8080
tools:
- name: get-pipeline-run
description: "Look up an Azure DevOps pipeline run and create a Jira ticket if the run failed."
inputParameters:
- name: organization
in: body
type: string
description: "Azure DevOps organization name."
- name: project
in: body
type: string
description: "Azure DevOps project name."
- name: run_id
in: body
type: string
description: "The pipeline run ID."
- name: dev_lead_email
in: body
type: string
description: "Email of the dev team lead."
steps:
- name: fetch-run
type: call
call: "azdo.get-run"
with:
organization: "{{organization}}"
project: "{{project}}"
run_id: "{{run_id}}"
- name: log-failure
type: call
call: "jira.create-issue"
with:
project_key: "DEVOPS"
issue_type: "Bug"
summary: "Pipeline failure: {{fetch-run.pipeline_name}} run {{run_id}}"
description: "State: {{fetch-run.state}}. Result: {{fetch-run.result}}. Created: {{fetch-run.createdDate}}."
- name: notify-lead
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{dev_lead_email}}"
text: "Pipeline {{fetch-run.pipeline_name}} run {{run_id}}: {{fetch-run.result}}. Jira: {{log-failure.key}}."
consumes:
- type: http
namespace: azdo
baseUri: "https://dev.azure.com/{{organization}}/{{project}}/_apis/pipelines"
authentication:
type: basic
username: ""
password: "$secrets.azdo_pat"
inputParameters:
- name: api-version
in: query
value: "7.1"
resources:
- name: runs
path: "/runs/{{run_id}}"
inputParameters:
- name: organization
in: path
- name: project
in: path
- name: run_id
in: path
operations:
- name: get-run
method: GET
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Azure Key Vault Certificate Expiry Check
▼
security azure-key-vault
Checks SSL certificate expiration dates stored in Azure Key Vault for IT general controls testing.
naftiko: "0.5"
info:
label: "Azure Key Vault Certificate Expiry Check"
description: "Checks SSL certificate expiration dates stored in Azure Key Vault for IT general controls testing."
tags:
- security
- azure-key-vault
capability:
exposes:
- type: mcp
namespace: certificate-management
port: 8080
tools:
- name: check-certificate-expiry
description: "Check certificate expiration status in Azure Key Vault."
inputParameters:
- name: vault_name
in: body
type: string
description: "The Azure Key Vault name."
- name: cert_name
in: body
type: string
description: "The certificate name."
call: "keyvault.get-certificate"
with:
vault_name: "{{vault_name}}"
cert_name: "{{cert_name}}"
outputParameters:
- name: expiry_date
type: string
mapping: "$.attributes.expires"
- name: enabled
type: boolean
mapping: "$.attributes.enabled"
consumes:
- type: http
namespace: keyvault
baseUri: "https://{{vault_name}}.vault.azure.net"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: certificates
path: "/certificates/{{cert_name}}?api-version=7.4"
inputParameters:
- name: cert_name
in: path
operations:
- name: get-certificate
method: GET
Azure Key Vault Secret Retrieval
▼
security azure-key-vault cloud
Retrieves a secret value from Azure Key Vault by secret name. Used by DevOps and cloud advisory teams to validate secret rotation compliance.
naftiko: "0.5"
info:
label: "Azure Key Vault Secret Retrieval"
description: "Retrieves a secret value from Azure Key Vault by secret name. Used by DevOps and cloud advisory teams to validate secret rotation compliance."
tags:
- security
- azure-key-vault
- cloud
capability:
exposes:
- type: mcp
namespace: cloud-security
port: 8080
tools:
- name: get-vault-secret
description: "Retrieve a secret's metadata from Azure Key Vault and log the access event in ServiceNow for compliance tracking."
inputParameters:
- name: vault_name
in: body
type: string
description: "The Azure Key Vault name."
- name: secret_name
in: body
type: string
description: "The secret identifier within the vault."
- name: requestor_email
in: body
type: string
description: "Email of the person requesting the secret audit."
steps:
- name: fetch-secret-metadata
type: call
call: "keyvault.get-secret"
with:
vault_name: "{{vault_name}}"
secret_name: "{{secret_name}}"
- name: log-access
type: call
call: "servicenow.create-task"
with:
short_description: "Key Vault access audit: {{vault_name}}/{{secret_name}}"
description: "Expires: {{fetch-secret-metadata.exp}}. Enabled: {{fetch-secret-metadata.enabled}}. Requestor: {{requestor_email}}."
assigned_group: "Cloud_Security"
consumes:
- type: http
namespace: keyvault
baseUri: "https://{{vault_name}}.vault.azure.net"
authentication:
type: bearer
token: "$secrets.azure_keyvault_token"
inputParameters:
- name: api-version
in: query
value: "7.4"
resources:
- name: secrets
path: "/secrets/{{secret_name}}"
inputParameters:
- name: vault_name
in: path
- name: secret_name
in: path
operations:
- name: get-secret
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST
Azure Synapse Query Runner
▼
analytics azure-synapse
Executes analytical queries against Azure Synapse Analytics data warehouse for financial and audit data analysis.
naftiko: "0.5"
info:
label: "Azure Synapse Query Runner"
description: "Executes analytical queries against Azure Synapse Analytics data warehouse for financial and audit data analysis."
tags:
- analytics
- azure-synapse
capability:
exposes:
- type: mcp
namespace: synapse-analytics
port: 8080
tools:
- name: run-synapse-query
description: "Run an analytical query against Azure Synapse."
inputParameters:
- name: query
in: body
type: string
description: "The SQL query to execute."
- name: database
in: body
type: string
description: "The Synapse database name."
call: "synapse.execute-query"
with:
query: "{{query}}"
database: "{{database}}"
outputParameters:
- name: results
type: array
mapping: "$.results"
- name: row_count
type: integer
mapping: "$.rowCount"
consumes:
- type: http
namespace: synapse
baseUri: "https://kpmg-analytics.sql.azuresynapse.net"
authentication:
type: bearer
token: "$secrets.synapse_token"
resources:
- name: queries
path: "/sql/query"
operations:
- name: execute-query
method: POST
Blockchain Audit Trail Verification
▼
audit blockchain
Verifies blockchain-based audit trails for transaction integrity by querying distributed ledger records and returning verification status.
naftiko: "0.5"
info:
label: "Blockchain Audit Trail Verification"
description: "Verifies blockchain-based audit trails for transaction integrity by querying distributed ledger records and returning verification status."
tags:
- audit
- blockchain
capability:
exposes:
- type: mcp
namespace: blockchain-audit
port: 8080
tools:
- name: verify-audit-trail
description: "Verify a blockchain audit trail by transaction hash."
inputParameters:
- name: transaction_hash
in: body
type: string
description: "The blockchain transaction hash."
call: "blockchain.verify-transaction"
with:
hash: "{{transaction_hash}}"
outputParameters:
- name: verified
type: boolean
mapping: "$.verification.isValid"
- name: timestamp
type: string
mapping: "$.verification.timestamp"
consumes:
- type: http
namespace: blockchain
baseUri: "https://kpmg-ledger.kpmg.com/api/v1"
authentication:
type: bearer
token: "$secrets.blockchain_token"
resources:
- name: transactions
path: "/transactions/{{hash}}/verify"
inputParameters:
- name: hash
in: path
operations:
- name: verify-transaction
method: GET
Business Continuity Advisory Orchestrator
▼
advisory business-continuity confluence azure-databricks sharepoint microsoft-teams
Supports business continuity advisory by assessing client BCP documentation in Confluence, analyzing recovery capabilities in Databricks, and generating gap analysis reports in SharePoint.
naftiko: "0.5"
info:
label: "Business Continuity Advisory Orchestrator"
description: "Supports business continuity advisory by assessing client BCP documentation in Confluence, analyzing recovery capabilities in Databricks, and generating gap analysis reports in SharePoint."
tags:
- advisory
- business-continuity
- confluence
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: bcp-advisory
port: 8080
tools:
- name: assess-business-continuity
description: "Assess a client's business continuity posture."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: advisory_email
in: body
type: string
description: "Advisory team email."
steps:
- name: review-bcp-docs
type: call
call: "confluence.search"
with:
cql: "label = 'bcp' AND label = '{{client_id}}'"
- name: analyze-recovery
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM bcp_assessment WHERE client_id = '{{client_id}}'"
- name: generate-gap-analysis
type: call
call: "sharepoint.create-document"
with:
site_id: "advisory-engagements"
folder_path: "{{client_id}}/BCP"
template: "bcp_gap_analysis"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{advisory_email}}"
text: "BCP assessment for {{client_id}}: {{analyze-recovery.gap_count}} gaps identified. RTO compliance: {{analyze-recovery.rto_compliance}}%. Report: {{generate-gap-analysis.url}}."
consumes:
- type: http
namespace: confluence
baseUri: "https://kpmg.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Checkmarx Code Scan Results
▼
cybersecurity checkmarx
Retrieves static application security testing results from Checkmarx for client security assessment engagements.
naftiko: "0.5"
info:
label: "Checkmarx Code Scan Results"
description: "Retrieves static application security testing results from Checkmarx for client security assessment engagements."
tags:
- cybersecurity
- checkmarx
capability:
exposes:
- type: mcp
namespace: code-security
port: 8080
tools:
- name: get-scan-results
description: "Retrieve Checkmarx SAST scan results by project ID."
inputParameters:
- name: project_id
in: body
type: string
description: "The Checkmarx project identifier."
call: "checkmarx.get-results"
with:
project_id: "{{project_id}}"
outputParameters:
- name: high_severity
type: integer
mapping: "$.results.highSeverity"
- name: medium_severity
type: integer
mapping: "$.results.mediumSeverity"
- name: scan_status
type: string
mapping: "$.status"
consumes:
- type: http
namespace: checkmarx
baseUri: "https://kpmg.checkmarx.net/cxrestapi"
authentication:
type: bearer
token: "$secrets.checkmarx_token"
resources:
- name: scans
path: "/projects/{{project_id}}/lastScan"
inputParameters:
- name: project_id
in: path
operations:
- name: get-results
method: GET
Client Acceptance and Continuance Workflow
▼
risk compliance client-acceptance dow-jones bloomberg salesforce servicenow microsoft-teams
On new client acceptance request, screens the entity in Dow Jones for adverse media, retrieves credit data from Bloomberg, creates the acceptance record in Salesforce, logs a compliance review in ServiceNow, and notifies the risk partner via Microsoft Teams.
naftiko: "0.5"
info:
label: "Client Acceptance and Continuance Workflow"
description: "On new client acceptance request, screens the entity in Dow Jones for adverse media, retrieves credit data from Bloomberg, creates the acceptance record in Salesforce, logs a compliance review in ServiceNow, and notifies the risk partner via Microsoft Teams."
tags:
- risk
- compliance
- client-acceptance
- dow-jones
- bloomberg
- salesforce
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: client-acceptance
port: 8080
tools:
- name: process-client-acceptance
description: "Given a prospective client name and requesting partner email, run DJ screening, pull Bloomberg credit data, create Salesforce account, log in ServiceNow, and notify risk partner."
inputParameters:
- name: client_name
in: body
type: string
description: "Legal name of the prospective client."
- name: country
in: body
type: string
description: "Country of incorporation."
- name: requesting_partner_email
in: body
type: string
description: "Email of the partner requesting client acceptance."
- name: bloomberg_ticker
in: body
type: string
description: "Bloomberg ticker if publicly listed, or empty string."
steps:
- name: screen-entity
type: call
call: "dowjones.screen-entity"
with:
entity_name: "{{client_name}}"
country: "{{country}}"
- name: get-credit-data
type: call
call: "bloomberg.get-credit-risk"
with:
ticker: "{{bloomberg_ticker}}"
- name: create-account
type: call
call: "salesforce.create-account"
with:
name: "{{client_name}}"
billing_country: "{{country}}"
description: "DJ risk score: {{screen-entity.risk_score}}. DJ hits: {{screen-entity.total_hits}}. Credit rating: {{get-credit-data.credit_rating}}."
type: "Prospect"
- name: log-compliance-review
type: call
call: "servicenow.create-compliance-task"
with:
short_description: "Client Acceptance Review: {{client_name}}"
description: "DJ screening: {{screen-entity.total_hits}} hits, score {{screen-entity.risk_score}}. Credit rating: {{get-credit-data.credit_rating}}. Salesforce: {{create-account.id}}."
assigned_group: "Risk_Compliance"
- name: notify-risk-partner
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{requesting_partner_email}}"
text: "Client acceptance for {{client_name}} ({{country}}). DJ risk: {{screen-entity.risk_score}} ({{screen-entity.total_hits}} hits). Credit: {{get-credit-data.credit_rating}}. ServiceNow: {{log-compliance-review.number}}. Salesforce: {{create-account.id}}."
consumes:
- type: http
namespace: dowjones
baseUri: "https://api.dowjones.com/riskandcompliance/v1"
authentication:
type: bearer
token: "$secrets.dowjones_token"
resources:
- name: screening
path: "/screenings"
operations:
- name: screen-entity
method: POST
- type: http
namespace: bloomberg
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/v1"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: credit-data
path: "/data/{{ticker}}/creditRisk"
inputParameters:
- name: ticker
in: path
operations:
- name: get-credit-risk
method: GET
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account"
operations:
- name: create-account
method: POST
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: compliance-tasks
path: "/table/sn_compliance_task"
operations:
- name: create-compliance-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Client Independence Verification Pipeline
▼
independence compliance salesforce workday sharepoint
Verifies auditor independence by checking financial relationships in Salesforce, cross-referencing employee portfolios in Workday, and generating compliance reports in SharePoint.
naftiko: "0.5"
info:
label: "Client Independence Verification Pipeline"
description: "Verifies auditor independence by checking financial relationships in Salesforce, cross-referencing employee portfolios in Workday, and generating compliance reports in SharePoint."
tags:
- independence
- compliance
- salesforce
- workday
- sharepoint
capability:
exposes:
- type: mcp
namespace: independence
port: 8080
tools:
- name: verify-independence
description: "Verify auditor independence for a client engagement."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: employee_id
in: body
type: string
description: "The auditor employee ID."
steps:
- name: check-client-relationships
type: call
call: "salesforce.get-relationships"
with:
client_id: "{{client_id}}"
- name: check-financial-interests
type: call
call: "workday.get-financial-disclosures"
with:
employee_id: "{{employee_id}}"
- name: generate-compliance-report
type: call
call: "sharepoint.create-document"
with:
site_id: "independence"
folder_path: "Verifications/{{client_id}}/{{employee_id}}"
template: "independence_verification"
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: relationships
path: "/sobjects/ClientRelationship__c"
operations:
- name: get-relationships
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-impl.workday.com/ccx/api/v1/kpmg"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: disclosures
path: "/workers/{{employee_id}}/financialDisclosures"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-financial-disclosures
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
Client Proposal Generation Orchestrator
▼
business-development proposals salesforce confluence sharepoint microsoft-teams
Generates client proposals by pulling opportunity data from Salesforce, retrieving methodology templates from Confluence, creating the proposal in SharePoint, and notifying the pursuit team via Teams.
naftiko: "0.5"
info:
label: "Client Proposal Generation Orchestrator"
description: "Generates client proposals by pulling opportunity data from Salesforce, retrieving methodology templates from Confluence, creating the proposal in SharePoint, and notifying the pursuit team via Teams."
tags:
- business-development
- proposals
- salesforce
- confluence
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: proposals
port: 8080
tools:
- name: generate-proposal
description: "Generate a client proposal from opportunity data."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity ID."
- name: service_line
in: body
type: string
description: "The service line (audit, tax, advisory)."
- name: pursuit_lead_email
in: body
type: string
description: "Pursuit lead email."
steps:
- name: get-opportunity
type: call
call: "salesforce.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
- name: get-methodology
type: call
call: "confluence.search"
with:
cql: "label = 'proposal-template' AND label = '{{service_line}}'"
- name: create-proposal
type: call
call: "sharepoint.create-document"
with:
site_id: "proposals"
folder_path: "{{get-opportunity.client_name}}/{{opportunity_id}}"
template: "{{service_line}}_proposal"
- name: notify-pursuit-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{pursuit_lead_email}}"
text: "Proposal generated for {{get-opportunity.client_name}} ({{service_line}}). Estimated value: {{get-opportunity.amount}}. Proposal: {{create-proposal.url}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: confluence
baseUri: "https://kpmg.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Cloud Cost Optimization Pipeline
▼
advisory cloud cost-optimization microsoft-azure sharepoint jira microsoft-teams
Pulls cost data from Microsoft Azure Cost Management, compares against budget thresholds, generates a cost optimization report in SharePoint, creates a Jira optimization task, and alerts the cloud advisory team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Cloud Cost Optimization Pipeline"
description: "Pulls cost data from Microsoft Azure Cost Management, compares against budget thresholds, generates a cost optimization report in SharePoint, creates a Jira optimization task, and alerts the cloud advisory team via Microsoft Teams."
tags:
- advisory
- cloud
- cost-optimization
- microsoft-azure
- sharepoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cloud-cost
port: 8080
tools:
- name: analyze-cloud-costs
description: "Given an Azure subscription ID and billing period, pull cost data, generate a SharePoint report, create Jira task, and notify the advisory team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: billing_period
in: body
type: string
description: "Billing period (YYYY-MM)."
- name: budget_amount
in: body
type: number
description: "Budget threshold in USD."
- name: advisory_lead_email
in: body
type: string
description: "Email of the cloud advisory team lead."
steps:
- name: get-cost-data
type: call
call: "azure-cost.get-usage"
with:
subscription_id: "{{subscription_id}}"
billing_period: "{{billing_period}}"
- name: generate-report
type: call
call: "sharepoint.create-file"
with:
site_id: "cloud_advisory_site"
file_path: "CostReports/Azure_{{subscription_id}}_{{billing_period}}.xlsx"
content: "Azure Cost Report {{billing_period}}. Total: {{get-cost-data.total_cost}} USD. Budget: {{budget_amount}} USD. Top service: {{get-cost-data.top_service}} ({{get-cost-data.top_service_cost}} USD)."
- name: create-optimization-task
type: call
call: "jira.create-issue"
with:
project_key: "CLOUD"
issue_type: "Task"
summary: "Cost optimization: Azure {{subscription_id}} — {{billing_period}}"
description: "Total spend: {{get-cost-data.total_cost}} USD vs budget {{budget_amount}} USD. Top service: {{get-cost-data.top_service}}. Report: {{generate-report.url}}."
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{advisory_lead_email}}"
text: "Azure cost analysis for {{billing_period}}: {{get-cost-data.total_cost}} USD (budget: {{budget_amount}} USD). Top service: {{get-cost-data.top_service}}. Report: {{generate-report.url}}. Jira: {{create-optimization-task.key}}."
consumes:
- type: http
namespace: azure-cost
baseUri: "https://management.azure.com/subscriptions/{{subscription_id}}/providers/Microsoft.CostManagement"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
inputParameters:
- name: api-version
in: query
value: "2023-11-01"
resources:
- name: usage
path: "/query"
inputParameters:
- name: subscription_id
in: path
operations:
- name: get-usage
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Cloud Security Assessment Orchestrator
▼
cybersecurity cloud-security azure-databricks sharepoint microsoft-teams
Assesses client cloud security posture by scanning Azure configurations, checking compliance against CIS benchmarks in Databricks, generating findings reports in SharePoint, and alerting the cyber team.
naftiko: "0.5"
info:
label: "Cloud Security Assessment Orchestrator"
description: "Assesses client cloud security posture by scanning Azure configurations, checking compliance against CIS benchmarks in Databricks, generating findings reports in SharePoint, and alerting the cyber team."
tags:
- cybersecurity
- cloud-security
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cloud-security
port: 8080
tools:
- name: assess-cloud-security
description: "Assess client cloud security posture."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: subscription_id
in: body
type: string
description: "The Azure subscription ID to assess."
- name: cyber_lead_email
in: body
type: string
description: "Cyber engagement lead email."
steps:
- name: scan-configuration
type: call
call: "azure.get-security-score"
with:
subscription_id: "{{subscription_id}}"
- name: check-cis-compliance
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM cis_benchmark_results WHERE subscription_id = '{{subscription_id}}' AND compliance_status = 'FAIL'"
- name: generate-findings
type: call
call: "sharepoint.create-document"
with:
site_id: "cyber-engagements"
folder_path: "{{client_id}}/CloudSecurity/{{subscription_id}}"
template: "cloud_security_assessment"
- name: notify-cyber-lead
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{cyber_lead_email}}"
text: "Cloud security assessment for {{client_id}}: Security score {{scan-configuration.score}}/100. CIS failures: {{check-cis-compliance.fail_count}}. Report: {{generate-findings.url}}."
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com/subscriptions/{{subscription_id}}/providers/Microsoft.Security"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: security
path: "/secureScores/ascScore?api-version=2020-01-01"
operations:
- name: get-security-score
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Compliance Training Assignment Orchestrator
▼
compliance training pluralsight servicenow microsoft-teams workday
When a new compliance training requirement is identified, creates the course assignment in Pluralsight, logs the requirement in ServiceNow, sends the enrollment link via Microsoft Teams, and tracks completion in Workday learning.
naftiko: "0.5"
info:
label: "Compliance Training Assignment Orchestrator"
description: "When a new compliance training requirement is identified, creates the course assignment in Pluralsight, logs the requirement in ServiceNow, sends the enrollment link via Microsoft Teams, and tracks completion in Workday learning."
tags:
- compliance
- training
- pluralsight
- servicenow
- microsoft-teams
- workday
capability:
exposes:
- type: mcp
namespace: compliance-training
port: 8080
tools:
- name: assign-compliance-training
description: "Given a course ID, employee ID, and compliance requirement, assign training in Pluralsight, log in ServiceNow, notify via Teams, and register in Workday learning."
inputParameters:
- name: course_id
in: body
type: string
description: "The Pluralsight course identifier."
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
- name: compliance_requirement
in: body
type: string
description: "The compliance requirement name (e.g., AML Awareness, GDPR, SOX)."
- name: due_date
in: body
type: string
description: "Training completion due date (YYYY-MM-DD)."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: assign-course
type: call
call: "pluralsight.assign-course"
with:
course_id: "{{course_id}}"
user_email: "{{get-employee.work_email}}"
- name: log-requirement
type: call
call: "servicenow.create-task"
with:
short_description: "Compliance training: {{compliance_requirement}} — {{get-employee.full_name}}"
description: "Course: {{course_id}}. Due: {{due_date}}. Enrollment: {{assign-course.enrollment_url}}."
assigned_to: "{{get-employee.work_email}}"
due_date: "{{due_date}}"
- name: notify-employee
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-employee.work_email}}"
text: "Required compliance training: {{compliance_requirement}}. Complete by {{due_date}}. Enroll here: {{assign-course.enrollment_url}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: pluralsight
baseUri: "https://api.pluralsight.com/v1"
authentication:
type: bearer
token: "$secrets.pluralsight_token"
resources:
- name: assignments
path: "/courses/{{course_id}}/assignments"
inputParameters:
- name: course_id
in: path
operations:
- name: assign-course
method: POST
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Confluence Methodology Search
▼
methodology confluence
Searches KPMG methodology documentation in Confluence for audit standards, advisory frameworks, and engagement procedures.
naftiko: "0.5"
info:
label: "Confluence Methodology Search"
description: "Searches KPMG methodology documentation in Confluence for audit standards, advisory frameworks, and engagement procedures."
tags:
- methodology
- confluence
capability:
exposes:
- type: mcp
namespace: methodology
port: 8080
tools:
- name: search-methodology
description: "Search KPMG methodology knowledge base in Confluence."
inputParameters:
- name: search_term
in: body
type: string
description: "The search query."
- name: service_line
in: body
type: string
description: "Service line filter (audit, tax, advisory)."
call: "confluence.search"
with:
cql: "text ~ '{{search_term}}' AND label = '{{service_line}}' AND space = 'METHODOLOGY'"
outputParameters:
- name: results
type: array
mapping: "$.results"
- name: total_size
type: integer
mapping: "$.totalSize"
consumes:
- type: http
namespace: confluence
baseUri: "https://kpmg.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search
method: GET
Consulting Engagement Timesheet Pipeline
▼
consulting time-management workday jira sharepoint microsoft-teams
Pulls approved timesheets from Workday for a consulting engagement, reconciles hours against the Jira project board, updates the project budget tracker in Microsoft Excel via SharePoint, and sends a weekly utilization summary to the engagement manager via Microsoft Teams.
naftiko: "0.5"
info:
label: "Consulting Engagement Timesheet Pipeline"
description: "Pulls approved timesheets from Workday for a consulting engagement, reconciles hours against the Jira project board, updates the project budget tracker in Microsoft Excel via SharePoint, and sends a weekly utilization summary to the engagement manager via Microsoft Teams."
tags:
- consulting
- time-management
- workday
- jira
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: consulting-timesheets
port: 8080
tools:
- name: reconcile-timesheets
description: "Given an engagement code and reporting week, pull Workday timesheets, reconcile against Jira, update SharePoint budget tracker, and notify the engagement manager."
inputParameters:
- name: engagement_code
in: body
type: string
description: "The consulting engagement project code."
- name: week_ending
in: body
type: string
description: "Week ending date (YYYY-MM-DD)."
- name: engagement_manager_email
in: body
type: string
description: "Email of the engagement manager."
steps:
- name: get-timesheets
type: call
call: "workday.get-time-entries"
with:
project_code: "{{engagement_code}}"
week_ending: "{{week_ending}}"
- name: get-jira-logged
type: call
call: "jira.get-project-worklogs"
with:
project_key: "{{engagement_code}}"
since: "{{week_ending}}"
- name: update-budget-tracker
type: call
call: "sharepoint.update-file"
with:
site_id: "consulting_projects_site"
file_path: "BudgetTrackers/{{engagement_code}}_budget.xlsx"
content: "Week: {{week_ending}}. Workday hours: {{get-timesheets.total_hours}}. Jira logged: {{get-jira-logged.total_hours}}. Variance: {{get-timesheets.variance}}."
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{engagement_manager_email}}"
text: "Weekly timesheet reconciliation for {{engagement_code}} (week ending {{week_ending}}). Workday: {{get-timesheets.total_hours}}h. Jira: {{get-jira-logged.total_hours}}h. Budget tracker updated: {{update-budget-tracker.url}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: time-entries
path: "/timeEntries?projectCode={{project_code}}&weekEnding={{week_ending}}"
inputParameters:
- name: project_code
in: query
- name: week_ending
in: query
operations:
- name: get-time-entries
method: GET
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: worklogs
path: "/project/{{project_key}}/worklogs?since={{since}}"
inputParameters:
- name: project_key
in: path
- name: since
in: query
operations:
- name: get-project-worklogs
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: update-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Coupa Invoice Approval Orchestrator
▼
procurement finance coupa workday microsoft-teams servicenow
When a Coupa invoice exceeds the auto-approval threshold, retrieves the invoice details, looks up the approver in Workday, routes the approval request via Microsoft Teams, and logs the exception in ServiceNow.
naftiko: "0.5"
info:
label: "Coupa Invoice Approval Orchestrator"
description: "When a Coupa invoice exceeds the auto-approval threshold, retrieves the invoice details, looks up the approver in Workday, routes the approval request via Microsoft Teams, and logs the exception in ServiceNow."
tags:
- procurement
- finance
- coupa
- workday
- microsoft-teams
- servicenow
capability:
exposes:
- type: mcp
namespace: procurement-invoicing
port: 8080
tools:
- name: route-invoice-approval
description: "Given a Coupa invoice ID and requestor employee ID, retrieve invoice details, resolve approver from Workday, notify via Teams, and log in ServiceNow."
inputParameters:
- name: invoice_id
in: body
type: string
description: "The Coupa invoice identifier."
- name: requestor_employee_id
in: body
type: string
description: "Workday employee ID of the invoice submitter."
steps:
- name: get-invoice
type: call
call: "coupa.get-invoice"
with:
invoice_id: "{{invoice_id}}"
- name: get-requestor
type: call
call: "workday.get-worker"
with:
worker_id: "{{requestor_employee_id}}"
- name: get-approver
type: call
call: "workday.get-worker"
with:
worker_id: "{{get-requestor.manager_id}}"
- name: notify-approver
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-approver.work_email}}"
text: "Invoice Approval Required: Coupa #{{invoice_id}} from {{get-requestor.full_name}}. Supplier: {{get-invoice.supplier_name}}. Amount: {{get-invoice.total_amount}} {{get-invoice.currency}}. Please review in Coupa."
- name: log-exception
type: call
call: "servicenow.create-task"
with:
short_description: "Invoice approval exception: Coupa #{{invoice_id}}"
description: "Supplier: {{get-invoice.supplier_name}}. Amount: {{get-invoice.total_amount}} {{get-invoice.currency}}. Requestor: {{get-requestor.full_name}}. Approver: {{get-approver.full_name}}."
assigned_group: "Accounts_Payable"
consumes:
- type: http
namespace: coupa
baseUri: "https://kpmg.coupahost.com/api"
authentication:
type: bearer
token: "$secrets.coupa_token"
resources:
- name: invoices
path: "/invoices/{{invoice_id}}"
inputParameters:
- name: invoice_id
in: path
operations:
- name: get-invoice
method: GET
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST
Coupa Purchase Order Lookup
▼
procurement coupa
Retrieves purchase order details from Coupa procurement platform, including line items, approval status, and vendor information.
naftiko: "0.5"
info:
label: "Coupa Purchase Order Lookup"
description: "Retrieves purchase order details from Coupa procurement platform, including line items, approval status, and vendor information."
tags:
- procurement
- coupa
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: get-purchase-order
description: "Look up a purchase order in Coupa by PO number."
inputParameters:
- name: po_number
in: body
type: string
description: "The purchase order number."
call: "coupa.get-po"
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: total_amount
type: number
mapping: "$.total"
- name: vendor_name
type: string
mapping: "$.supplier.name"
consumes:
- type: http
namespace: coupa
baseUri: "https://kpmg.coupahost.com/api"
authentication:
type: apiKey
header: "X-COUPA-API-KEY"
key: "$secrets.coupa_api_key"
resources:
- name: purchase-orders
path: "/purchase_orders?po_number={{po_number}}"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
CPE Compliance Tracking Orchestrator
▼
compliance cpe workday jira microsoft-teams
Tracks CPE compliance for audit professionals by pulling completion data from Workday Learning, identifying gaps, creating remediation tasks in Jira, and notifying practice leaders.
naftiko: "0.5"
info:
label: "CPE Compliance Tracking Orchestrator"
description: "Tracks CPE compliance for audit professionals by pulling completion data from Workday Learning, identifying gaps, creating remediation tasks in Jira, and notifying practice leaders."
tags:
- compliance
- cpe
- workday
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cpe-compliance
port: 8080
tools:
- name: track-cpe-compliance
description: "Track CPE compliance status for a practice group."
inputParameters:
- name: practice_group
in: body
type: string
description: "The practice group name."
- name: practice_leader_email
in: body
type: string
description: "Practice leader email."
steps:
- name: get-cpe-status
type: call
call: "workday.get-cpe-report"
with:
practice_group: "{{practice_group}}"
- name: create-remediation-tasks
type: call
call: "jira.create-issues-bulk"
with:
project: "CPE"
issues: "{{get-cpe-status.non_compliant_staff}}"
issue_type: "Task"
- name: notify-leader
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{practice_leader_email}}"
text: "CPE compliance report for {{practice_group}}: {{get-cpe-status.compliant_count}}/{{get-cpe-status.total_count}} compliant. {{create-remediation-tasks.created_count}} remediation tasks created."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl.workday.com/ccx/api/v1/kpmg"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: cpe
path: "/learningCompletions/cpe"
operations:
- name: get-cpe-report
method: GET
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue/bulk"
operations:
- name: create-issues-bulk
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Customs Duty Recovery Pipeline
▼
tax customs azure-databricks sharepoint microsoft-teams
Identifies customs duty recovery opportunities by analyzing import data in Databricks, cross-referencing tariff schedules, generating recovery claims in SharePoint, and notifying the trade advisory team.
naftiko: "0.5"
info:
label: "Customs Duty Recovery Pipeline"
description: "Identifies customs duty recovery opportunities by analyzing import data in Databricks, cross-referencing tariff schedules, generating recovery claims in SharePoint, and notifying the trade advisory team."
tags:
- tax
- customs
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: customs-recovery
port: 8080
tools:
- name: identify-recovery-opportunities
description: "Identify customs duty recovery opportunities for a client."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: trade_advisory_email
in: body
type: string
description: "Trade advisory team email."
steps:
- name: analyze-imports
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM import_duty_analysis WHERE client_id = '{{client_id}}' AND recovery_potential > 0"
- name: generate-claims
type: call
call: "sharepoint.create-document"
with:
site_id: "tax-engagements"
folder_path: "{{client_id}}/CustomsRecovery"
template: "duty_recovery_claim"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{trade_advisory_email}}"
text: "Customs duty recovery for {{client_id}}: {{analyze-imports.recovery_count}} opportunities totaling {{analyze-imports.total_recovery}}. Claims: {{generate-claims.url}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Cybersecurity Vulnerability Assessment Orchestrator
▼
cybersecurity vulnerability-management nessus servicenow jira microsoft-teams
Pulls scan results from Nessus for a target host, creates a ServiceNow security incident for critical findings, assigns remediation in Jira, and alerts the CISO team in Microsoft Teams.
naftiko: "0.5"
info:
label: "Cybersecurity Vulnerability Assessment Orchestrator"
description: "Pulls scan results from Nessus for a target host, creates a ServiceNow security incident for critical findings, assigns remediation in Jira, and alerts the CISO team in Microsoft Teams."
tags:
- cybersecurity
- vulnerability-management
- nessus
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cyber-vuln
port: 8080
tools:
- name: process-vulnerability-scan
description: "Given a Nessus scan ID and host IP, retrieve critical findings, create a ServiceNow security incident, assign Jira remediation, and alert the CISO team."
inputParameters:
- name: scan_id
in: body
type: string
description: "The Nessus scan ID."
- name: host_ip
in: body
type: string
description: "Target host IP address."
- name: ciso_team_email
in: body
type: string
description: "Email of the CISO team distribution list."
steps:
- name: get-scan-results
type: call
call: "nessus.get-scan-results"
with:
scan_id: "{{scan_id}}"
host_ip: "{{host_ip}}"
- name: create-security-incident
type: call
call: "servicenow.create-security-incident"
with:
short_description: "Critical vulnerabilities: {{host_ip}} — {{get-scan-results.critical_count}} findings"
description: "Scan {{scan_id}}. Critical: {{get-scan-results.critical_count}}. High: {{get-scan-results.high_count}}. Top CVE: {{get-scan-results.top_cve}}."
priority: "1"
assigned_group: "Security_Operations"
- name: create-remediation-task
type: call
call: "jira.create-issue"
with:
project_key: "SECOPS"
issue_type: "Bug"
summary: "Remediate: {{get-scan-results.top_cve}} on {{host_ip}}"
description: "Nessus scan {{scan_id}}. Critical findings: {{get-scan-results.critical_count}}. ServiceNow: {{create-security-incident.number}}."
priority: "Highest"
- name: alert-ciso
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{ciso_team_email}}"
text: "CRITICAL: {{get-scan-results.critical_count}} vulnerabilities on {{host_ip}}. Top CVE: {{get-scan-results.top_cve}}. ServiceNow: {{create-security-incident.number}}. Jira: {{create-remediation-task.key}}."
consumes:
- type: http
namespace: nessus
baseUri: "https://nessus.kpmg.com:8834"
authentication:
type: apiKey
key: "$secrets.nessus_api_key"
inputParameters:
- name: X-ApiKeys
in: header
value: "accessKey=$secrets.nessus_access_key;secretKey=$secrets.nessus_secret_key"
resources:
- name: scan-results
path: "/scans/{{scan_id}}/hosts/{{host_ip}}"
inputParameters:
- name: scan_id
in: path
- name: host_ip
in: path
operations:
- name: get-scan-results
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: security-incidents
path: "/table/sn_si_incident"
operations:
- name: create-security-incident
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Data Privacy Impact Assessment Orchestrator
▼
privacy gdpr azure-synapse confluence sharepoint microsoft-teams
Conducts data privacy impact assessments by scanning data flows in Azure Synapse, mapping to GDPR requirements in Confluence, creating assessment reports in SharePoint, and notifying the DPO.
naftiko: "0.5"
info:
label: "Data Privacy Impact Assessment Orchestrator"
description: "Conducts data privacy impact assessments by scanning data flows in Azure Synapse, mapping to GDPR requirements in Confluence, creating assessment reports in SharePoint, and notifying the DPO."
tags:
- privacy
- gdpr
- azure-synapse
- confluence
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: dpia
port: 8080
tools:
- name: conduct-dpia
description: "Conduct a data privacy impact assessment for a client."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: data_process_name
in: body
type: string
description: "Name of the data processing activity."
- name: dpo_email
in: body
type: string
description: "Data Protection Officer email."
steps:
- name: scan-data-flows
type: call
call: "synapse.execute-query"
with:
query: "SELECT * FROM data_flow_catalog WHERE client_id = '{{client_id}}' AND process = '{{data_process_name}}'"
- name: map-gdpr-requirements
type: call
call: "confluence.search"
with:
cql: "label = 'gdpr-requirements' AND text ~ '{{data_process_name}}'"
- name: create-assessment
type: call
call: "sharepoint.create-document"
with:
site_id: "privacy-assessments"
folder_path: "{{client_id}}/DPIA/{{data_process_name}}"
template: "dpia_template"
- name: notify-dpo
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{dpo_email}}"
text: "DPIA completed for {{client_id}} - {{data_process_name}}. Data flows identified: {{scan-data-flows.count}}. Assessment: {{create-assessment.url}}."
consumes:
- type: http
namespace: synapse
baseUri: "https://kpmg-analytics.sql.azuresynapse.net"
authentication:
type: bearer
token: "$secrets.synapse_token"
resources:
- name: queries
path: "/sql/query"
operations:
- name: execute-query
method: POST
- type: http
namespace: confluence
baseUri: "https://kpmg.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Datadog Infrastructure Metrics Lookup
▼
operations monitoring datadog infrastructure
Queries Datadog for infrastructure metrics by host and metric name, returning the latest data point. Used by technology advisory teams for performance assessments.
naftiko: "0.5"
info:
label: "Datadog Infrastructure Metrics Lookup"
description: "Queries Datadog for infrastructure metrics by host and metric name, returning the latest data point. Used by technology advisory teams for performance assessments."
tags:
- operations
- monitoring
- datadog
- infrastructure
capability:
exposes:
- type: mcp
namespace: infra-monitoring
port: 8080
tools:
- name: get-host-metric
description: "Query Datadog for a specific infrastructure metric on a given host and create a ServiceNow incident if the metric exceeds a threshold."
inputParameters:
- name: host_name
in: body
type: string
description: "The hostname to query metrics for."
- name: metric_name
in: body
type: string
description: "The Datadog metric name (e.g., system.cpu.user, system.mem.used)."
- name: ops_team_email
in: body
type: string
description: "Email of the operations team lead."
steps:
- name: fetch-metric
type: call
call: "datadog.query-metric"
with:
host_name: "{{host_name}}"
metric_name: "{{metric_name}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Metric alert: {{metric_name}} on {{host_name}}"
description: "Current value: {{fetch-metric.value}} {{fetch-metric.unit}}. Host: {{host_name}}."
assigned_group: "IT_Operations"
- name: notify-ops
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{ops_team_email}}"
text: "Infrastructure alert: {{metric_name}} on {{host_name}} = {{fetch-metric.value}} {{fetch-metric.unit}}. ServiceNow: {{create-incident.number}}."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
inputParameters:
- name: DD-APPLICATION-KEY
in: header
value: "$secrets.datadog_app_key"
resources:
- name: metrics
path: "/query?query={{metric_name}}{host:{{host_name}}}&from=-3600&to=now"
inputParameters:
- name: host_name
in: query
- name: metric_name
in: query
operations:
- name: query-metric
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Deal Advisory Valuation Pipeline
▼
deal-advisory valuation sap azure-databricks sharepoint microsoft-teams
Supports deal advisory valuations by extracting financial data from SAP, running DCF models in Databricks, generating valuation reports in SharePoint, and notifying the deal team.
naftiko: "0.5"
info:
label: "Deal Advisory Valuation Pipeline"
description: "Supports deal advisory valuations by extracting financial data from SAP, running DCF models in Databricks, generating valuation reports in SharePoint, and notifying the deal team."
tags:
- deal-advisory
- valuation
- sap
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: deal-valuation
port: 8080
tools:
- name: run-valuation
description: "Run a DCF valuation model for a deal advisory engagement."
inputParameters:
- name: target_company_id
in: body
type: string
description: "The target company identifier."
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: deal_team_email
in: body
type: string
description: "Deal team email."
steps:
- name: extract-financials
type: call
call: "sap.get-financial-statements"
with:
company_id: "{{target_company_id}}"
- name: run-dcf-model
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM dcf_valuation WHERE company_id = '{{target_company_id}}' AND engagement_id = '{{engagement_id}}'"
- name: generate-report
type: call
call: "sharepoint.create-document"
with:
site_id: "deal-advisory"
folder_path: "{{engagement_id}}/Valuation/{{target_company_id}}"
template: "valuation_report"
- name: notify-deal-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{deal_team_email}}"
text: "Valuation complete for {{target_company_id}}. Enterprise value range: {{run-dcf-model.ev_low}} - {{run-dcf-model.ev_high}}. Report: {{generate-report.url}}."
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: financials
path: "/FI_SRV/FinancialStatements"
operations:
- name: get-financial-statements
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Digital Transformation Maturity Assessment Pipeline
▼
advisory digital-transformation azure-databricks sharepoint microsoft-teams
Assesses client digital transformation maturity by collecting data from surveys, analyzing capabilities in Databricks, generating maturity scorecards in SharePoint, and presenting to stakeholders.
naftiko: "0.5"
info:
label: "Digital Transformation Maturity Assessment Pipeline"
description: "Assesses client digital transformation maturity by collecting data from surveys, analyzing capabilities in Databricks, generating maturity scorecards in SharePoint, and presenting to stakeholders."
tags:
- advisory
- digital-transformation
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: digital-maturity
port: 8080
tools:
- name: assess-digital-maturity
description: "Assess a client's digital transformation maturity level."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: assessment_date
in: body
type: string
description: "Assessment date."
- name: stakeholder_email
in: body
type: string
description: "Client stakeholder email."
steps:
- name: analyze-maturity
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM digital_maturity_scores WHERE client_id = '{{client_id}}'"
- name: generate-scorecard
type: call
call: "sharepoint.create-document"
with:
site_id: "advisory-engagements"
folder_path: "{{client_id}}/DigitalMaturity/{{assessment_date}}"
template: "maturity_scorecard"
- name: notify-stakeholder
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{stakeholder_email}}"
text: "Digital maturity assessment complete for {{client_id}}. Overall score: {{analyze-maturity.overall_score}}/5. Scorecard: {{generate-scorecard.url}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Elasticsearch Audit Log Search
▼
forensics compliance elasticsearch audit-trail
Queries Elasticsearch for audit trail log entries by index, date range, and search query. Used by forensic and compliance teams for investigation support.
naftiko: "0.5"
info:
label: "Elasticsearch Audit Log Search"
description: "Queries Elasticsearch for audit trail log entries by index, date range, and search query. Used by forensic and compliance teams for investigation support."
tags:
- forensics
- compliance
- elasticsearch
- audit-trail
capability:
exposes:
- type: mcp
namespace: forensic-search
port: 8080
tools:
- name: search-audit-logs
description: "Search Elasticsearch audit trail logs by index and query parameters."
inputParameters:
- name: index_name
in: body
type: string
description: "The Elasticsearch index name."
- name: search_query
in: body
type: string
description: "The Elasticsearch query string."
- name: date_from
in: body
type: string
description: "Start date (YYYY-MM-DD)."
- name: date_to
in: body
type: string
description: "End date (YYYY-MM-DD)."
call: "elasticsearch.search"
with:
index_name: "{{index_name}}"
search_query: "{{search_query}}"
date_from: "{{date_from}}"
date_to: "{{date_to}}"
outputParameters:
- name: total_hits
type: string
mapping: "$.hits.total.value"
- name: results
type: string
mapping: "$.hits.hits"
consumes:
- type: http
namespace: elasticsearch
baseUri: "https://es.kpmg.com:9200"
authentication:
type: basic
username: "$secrets.elasticsearch_user"
password: "$secrets.elasticsearch_password"
resources:
- name: search
path: "/{{index_name}}/_search"
inputParameters:
- name: index_name
in: path
operations:
- name: search
method: POST
Employee Offboarding Orchestrator
▼
hr offboarding workday azure-active-directory servicenow sharepoint jira
When an employee separation is triggered in Workday, disables their Azure AD account, revokes ServiceNow access, archives their SharePoint personal drive, and logs the offboarding in Jira.
naftiko: "0.5"
info:
label: "Employee Offboarding Orchestrator"
description: "When an employee separation is triggered in Workday, disables their Azure AD account, revokes ServiceNow access, archives their SharePoint personal drive, and logs the offboarding in Jira."
tags:
- hr
- offboarding
- workday
- azure-active-directory
- servicenow
- sharepoint
- jira
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: process-offboarding
description: "Given a Workday employee ID and separation date, disable Azure AD, revoke ServiceNow, archive SharePoint drive, and log in Jira."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID."
- name: separation_date
in: body
type: string
description: "Employee separation date in YYYY-MM-DD format."
- name: hr_contact_email
in: body
type: string
description: "Email of the HR contact managing the offboarding."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: disable-ad-account
type: call
call: "azuread.disable-user"
with:
user_principal_name: "{{get-employee.work_email}}"
- name: revoke-snow-access
type: call
call: "servicenow.deactivate-user"
with:
user_name: "{{get-employee.work_email}}"
- name: archive-drive
type: call
call: "sharepoint.move-folder"
with:
site_id: "personal_drives_site"
source_path: "Users/{{get-employee.work_email}}"
dest_path: "Archived/{{get-employee.work_email}}_{{separation_date}}"
- name: log-offboarding
type: call
call: "jira.create-issue"
with:
project_key: "HRIT"
issue_type: "Task"
summary: "Offboarding: {{get-employee.full_name}} — {{separation_date}}"
description: "AD disabled. ServiceNow revoked. SharePoint archived. HR contact: {{hr_contact_email}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_principal_name}}"
inputParameters:
- name: user_principal_name
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: users
path: "/table/sys_user?sysparm_query=user_name={{user_name}}"
inputParameters:
- name: user_name
in: query
operations:
- name: deactivate-user
method: PATCH
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{source_path}}"
inputParameters:
- name: site_id
in: path
- name: source_path
in: path
operations:
- name: move-folder
method: PATCH
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Engagement Budget Variance Pipeline
▼
engagement-management budget workday salesforce microsoft-teams
Monitors engagement budget variances by pulling time entries from Workday, comparing against budgets in Salesforce, generating variance reports, and alerting engagement managers.
naftiko: "0.5"
info:
label: "Engagement Budget Variance Pipeline"
description: "Monitors engagement budget variances by pulling time entries from Workday, comparing against budgets in Salesforce, generating variance reports, and alerting engagement managers."
tags:
- engagement-management
- budget
- workday
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: budget-variance
port: 8080
tools:
- name: check-budget-variance
description: "Check engagement budget variance and alert on overruns."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: manager_email
in: body
type: string
description: "Engagement manager email."
steps:
- name: get-time-entries
type: call
call: "workday.get-engagement-hours"
with:
engagement_id: "{{engagement_id}}"
- name: get-budget
type: call
call: "salesforce.get-engagement-budget"
with:
engagement_id: "{{engagement_id}}"
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{manager_email}}"
text: "Budget variance for {{engagement_id}}: Budget {{get-budget.total_budget}}. Actual: {{get-time-entries.total_cost}}. Variance: {{get-time-entries.variance_percentage}}%. Remaining: {{get-budget.remaining}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl.workday.com/ccx/api/v1/kpmg"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: hours
path: "/engagementHours/{{engagement_id}}"
inputParameters:
- name: engagement_id
in: path
operations:
- name: get-engagement-hours
method: GET
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: budgets
path: "/sobjects/EngagementBudget__c/{{engagement_id}}"
inputParameters:
- name: engagement_id
in: path
operations:
- name: get-engagement-budget
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Engagement Letter Generation Pipeline
▼
advisory engagement-management salesforce sharepoint microsoft-power-automate microsoft-teams
Generates an engagement letter by pulling client data from Salesforce, retrieving the letter template from SharePoint, populating it via Microsoft Power Automate, storing the final version in SharePoint, and sending it for e-signature notification via Microsoft Teams.
naftiko: "0.5"
info:
label: "Engagement Letter Generation Pipeline"
description: "Generates an engagement letter by pulling client data from Salesforce, retrieving the letter template from SharePoint, populating it via Microsoft Power Automate, storing the final version in SharePoint, and sending it for e-signature notification via Microsoft Teams."
tags:
- advisory
- engagement-management
- salesforce
- sharepoint
- microsoft-power-automate
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: engagement-letters
port: 8080
tools:
- name: generate-engagement-letter
description: "Given a Salesforce opportunity ID, generate an engagement letter from template, store in SharePoint, and notify the partner for signature."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "Salesforce opportunity ID."
- name: template_name
in: body
type: string
description: "Engagement letter template name (e.g., audit_standard, tax_advisory, consulting)."
- name: partner_email
in: body
type: string
description: "Email of the signing partner."
steps:
- name: get-opportunity
type: call
call: "salesforce.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
- name: get-template
type: call
call: "sharepoint.get-file"
with:
site_id: "engagement_templates_site"
file_path: "Templates/{{template_name}}.docx"
- name: generate-document
type: call
call: "power-automate.trigger-flow"
with:
flow_id: "engagement_letter_generator"
client_name: "{{get-opportunity.Account.Name}}"
engagement_amount: "{{get-opportunity.Amount}}"
engagement_scope: "{{get-opportunity.Description}}"
template_url: "{{get-template.download_url}}"
- name: notify-partner
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{partner_email}}"
text: "Engagement letter ready for {{get-opportunity.Account.Name}}. Amount: {{get-opportunity.Amount}}. Document: {{generate-document.output_url}}. Please review and sign."
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: get-file
method: GET
- type: http
namespace: power-automate
baseUri: "https://prod-00.westus.logic.azure.com/workflows"
authentication:
type: bearer
token: "$secrets.power_automate_token"
resources:
- name: flows
path: "/{{flow_id}}/triggers/manual/paths/invoke"
inputParameters:
- name: flow_id
in: path
operations:
- name: trigger-flow
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Engagement Quality Review Orchestrator
▼
quality engagement-review salesforce sharepoint jira microsoft-teams
Manages engagement quality reviews by pulling engagement metrics from Salesforce, collecting review documentation from SharePoint, creating review tasks in Jira, and routing for partner sign-off.
naftiko: "0.5"
info:
label: "Engagement Quality Review Orchestrator"
description: "Manages engagement quality reviews by pulling engagement metrics from Salesforce, collecting review documentation from SharePoint, creating review tasks in Jira, and routing for partner sign-off."
tags:
- quality
- engagement-review
- salesforce
- sharepoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: quality-review
port: 8080
tools:
- name: initiate-quality-review
description: "Initiate an engagement quality review process."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: eqr_partner_email
in: body
type: string
description: "EQR partner email."
steps:
- name: get-engagement-data
type: call
call: "salesforce.get-engagement"
with:
engagement_id: "{{engagement_id}}"
- name: collect-workpapers
type: call
call: "sharepoint.get-folder-contents"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}"
- name: create-review-task
type: call
call: "jira.create-issue"
with:
project: "QR"
summary: "EQR: {{get-engagement-data.client_name}} - {{engagement_id}}"
assignee: "{{eqr_partner_email}}"
description: "Engagement files: {{collect-workpapers.file_count}} documents."
- name: notify-partner
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{eqr_partner_email}}"
text: "EQR assigned: {{get-engagement-data.client_name}} ({{engagement_id}}). {{collect-workpapers.file_count}} workpapers to review. Jira: {{create-review-task.key}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: engagements
path: "/sobjects/Engagement__c/{{engagement_id}}"
inputParameters:
- name: engagement_id
in: path
operations:
- name: get-engagement
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: folders
path: "/{{site_id}}/drive/root:/{{folder_path}}:/children"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: get-folder-contents
method: GET
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Engagement Staffing Optimizer Pipeline
▼
resource-management staffing workday salesforce microsoft-teams
Optimizes engagement staffing by pulling availability from Workday, matching skills from Salesforce CRM, creating assignments, and notifying resource managers via Teams.
naftiko: "0.5"
info:
label: "Engagement Staffing Optimizer Pipeline"
description: "Optimizes engagement staffing by pulling availability from Workday, matching skills from Salesforce CRM, creating assignments, and notifying resource managers via Teams."
tags:
- resource-management
- staffing
- workday
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: staffing-optimizer
port: 8080
tools:
- name: optimize-staffing
description: "Optimize engagement staffing based on availability and skills."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: required_skills
in: body
type: string
description: "Required skill set."
- name: resource_manager_email
in: body
type: string
description: "Resource manager email."
steps:
- name: check-availability
type: call
call: "workday.get-available-staff"
with:
skills: "{{required_skills}}"
- name: match-skills
type: call
call: "salesforce.search-professionals"
with:
skills: "{{required_skills}}"
available_ids: "{{check-availability.available_ids}}"
- name: create-assignments
type: call
call: "workday.create-assignments"
with:
engagement_id: "{{engagement_id}}"
staff_ids: "{{match-skills.recommended_staff}}"
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{resource_manager_email}}"
text: "Staffing recommendation for {{engagement_id}}: {{match-skills.match_count}} professionals matched. Assignments created: {{create-assignments.count}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl.workday.com/ccx/api/v1/kpmg"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: staff
path: "/workers/available"
operations:
- name: get-available-staff
method: GET
- name: assignments
path: "/engagementAssignments"
operations:
- name: create-assignments
method: POST
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: professionals
path: "/sobjects/Professional__c"
operations:
- name: search-professionals
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Enterprise Architecture Review Orchestrator
▼
advisory enterprise-architecture sharepoint servicenow microsoft-teams
On request for an architecture review, pulls the current architecture diagram from SharePoint, retrieves infrastructure inventory from ServiceNow CMDB, generates a technology radar summary via Confluence, and notifies the architecture review board via Microsoft Teams.
naftiko: "0.5"
info:
label: "Enterprise Architecture Review Orchestrator"
description: "On request for an architecture review, pulls the current architecture diagram from SharePoint, retrieves infrastructure inventory from ServiceNow CMDB, generates a technology radar summary via Confluence, and notifies the architecture review board via Microsoft Teams."
tags:
- advisory
- enterprise-architecture
- sharepoint
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ea-review
port: 8080
tools:
- name: initiate-architecture-review
description: "Given a client name and review scope, pull SharePoint diagrams, ServiceNow CMDB inventory, and notify the review board."
inputParameters:
- name: client_name
in: body
type: string
description: "The client name for the architecture review."
- name: review_scope
in: body
type: string
description: "Scope of the architecture review (e.g., cloud, application, data)."
- name: sharepoint_site_id
in: body
type: string
description: "SharePoint site ID containing architecture artifacts."
- name: review_board_email
in: body
type: string
description: "Email of the architecture review board lead."
steps:
- name: get-architecture-docs
type: call
call: "sharepoint.list-folder"
with:
site_id: "{{sharepoint_site_id}}"
folder_path: "Architecture/{{client_name}}"
- name: get-cmdb-inventory
type: call
call: "servicenow.get-cmdb-summary"
with:
client_name: "{{client_name}}"
- name: create-review-record
type: call
call: "servicenow.create-change-request"
with:
short_description: "Architecture Review: {{client_name}} — {{review_scope}}"
description: "Scope: {{review_scope}}. CMDB CIs: {{get-cmdb-inventory.ci_count}}. Architecture docs: {{get-architecture-docs.file_count}} files."
assigned_group: "Enterprise_Architecture"
- name: notify-board
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{review_board_email}}"
text: "Architecture Review initiated for {{client_name}} ({{review_scope}}). CMDB CIs: {{get-cmdb-inventory.ci_count}}. Docs: {{get-architecture-docs.file_count}}. ServiceNow: {{create-review-record.number}}."
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: folders
path: "/{{site_id}}/drive/root:/{{folder_path}}:/children"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: list-folder
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: cmdb
path: "/table/cmdb_ci?sysparm_query=company={{client_name}}"
inputParameters:
- name: client_name
in: query
operations:
- name: get-cmdb-summary
method: GET
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
ESG Materiality Assessment Orchestrator
▼
esg materiality azure-databricks sharepoint microsoft-teams
Conducts ESG materiality assessments by collecting stakeholder survey data from Microsoft Forms, analyzing materiality in Databricks, generating assessment reports in SharePoint, and presenting findings via Teams.
naftiko: "0.5"
info:
label: "ESG Materiality Assessment Orchestrator"
description: "Conducts ESG materiality assessments by collecting stakeholder survey data from Microsoft Forms, analyzing materiality in Databricks, generating assessment reports in SharePoint, and presenting findings via Teams."
tags:
- esg
- materiality
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: esg-materiality
port: 8080
tools:
- name: conduct-materiality-assessment
description: "Conduct an ESG materiality assessment for a client."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: assessment_year
in: body
type: string
description: "The assessment year."
- name: engagement_team_email
in: body
type: string
description: "Engagement team email."
steps:
- name: analyze-materiality
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM esg_materiality_scores WHERE client_id = '{{client_id}}' AND year = '{{assessment_year}}' ORDER BY materiality_score DESC"
- name: generate-report
type: call
call: "sharepoint.create-document"
with:
site_id: "esg-advisory"
folder_path: "{{client_id}}/Materiality/{{assessment_year}}"
template: "materiality_assessment"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{engagement_team_email}}"
text: "ESG materiality assessment complete for {{client_id}} ({{assessment_year}}). Top material topics: {{analyze-materiality.top_topics}}. Report: {{generate-report.url}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
ESG Reporting Data Collection Pipeline
▼
advisory esg sustainability sap sharepoint salesforce microsoft-teams
Collects ESG metrics from SAP Sustainability, retrieves carbon footprint data from an external provider, compiles the report in SharePoint, updates the Salesforce engagement record, and notifies the ESG practice lead via Microsoft Teams.
naftiko: "0.5"
info:
label: "ESG Reporting Data Collection Pipeline"
description: "Collects ESG metrics from SAP Sustainability, retrieves carbon footprint data from an external provider, compiles the report in SharePoint, updates the Salesforce engagement record, and notifies the ESG practice lead via Microsoft Teams."
tags:
- advisory
- esg
- sustainability
- sap
- sharepoint
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: esg-reporting
port: 8080
tools:
- name: collect-esg-data
description: "Given a client company code and reporting year, pull SAP sustainability metrics, compile a SharePoint report, update Salesforce, and notify the ESG lead."
inputParameters:
- name: company_code
in: body
type: string
description: "Client SAP company code."
- name: reporting_year
in: body
type: string
description: "ESG reporting year (YYYY)."
- name: salesforce_opportunity_id
in: body
type: string
description: "Salesforce opportunity ID for the ESG engagement."
- name: esg_lead_email
in: body
type: string
description: "Email of the ESG practice lead."
steps:
- name: get-sustainability-data
type: call
call: "sap.get-sustainability-metrics"
with:
company_code: "{{company_code}}"
year: "{{reporting_year}}"
- name: compile-esg-report
type: call
call: "sharepoint.create-file"
with:
site_id: "esg_advisory_site"
file_path: "Reports/{{company_code}}_ESG_{{reporting_year}}.xlsx"
content: "ESG Report {{reporting_year}}. Scope 1: {{get-sustainability-data.scope1_emissions}}. Scope 2: {{get-sustainability-data.scope2_emissions}}. Energy consumption: {{get-sustainability-data.energy_kwh}}."
- name: update-engagement
type: call
call: "salesforce.update-opportunity"
with:
opportunity_id: "{{salesforce_opportunity_id}}"
description: "ESG report compiled for {{reporting_year}}. Report: {{compile-esg-report.url}}"
stage: "Deliverable Complete"
- name: notify-lead
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{esg_lead_email}}"
text: "ESG data collection complete for {{company_code}} ({{reporting_year}}). Scope 1: {{get-sustainability-data.scope1_emissions}} tCO2e. Scope 2: {{get-sustainability-data.scope2_emissions}} tCO2e. Report: {{compile-esg-report.url}}."
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-s4.sap.com/sap/opu/odata/sap/API_SUSTAINABILITY"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
inputParameters:
- name: Accept
in: header
value: "application/json"
resources:
- name: sustainability
path: "/SustainabilityMetricSet?$filter=CompanyCode eq '{{company_code}}' and Year eq '{{year}}'"
inputParameters:
- name: company_code
in: query
- name: year
in: query
operations:
- name: get-sustainability-metrics
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: update-opportunity
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Financial Close Testing Pipeline
▼
audit financial-close sap azure-databricks sharepoint
Tests financial close processes by extracting journal entries from SAP, performing analytics in Databricks, documenting findings in SharePoint, and notifying the audit team.
naftiko: "0.5"
info:
label: "Financial Close Testing Pipeline"
description: "Tests financial close processes by extracting journal entries from SAP, performing analytics in Databricks, documenting findings in SharePoint, and notifying the audit team."
tags:
- audit
- financial-close
- sap
- azure-databricks
- sharepoint
capability:
exposes:
- type: mcp
namespace: close-testing
port: 8080
tools:
- name: test-financial-close
description: "Perform financial close testing procedures."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The audit engagement ID."
- name: period_end
in: body
type: string
description: "Period end date in YYYY-MM-DD format."
steps:
- name: extract-journal-entries
type: call
call: "sap.get-journal-entries"
with:
period_end: "{{period_end}}"
- name: analyze-entries
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM journal_entry_analytics WHERE period_end = '{{period_end}}' AND risk_flag = true"
- name: document-findings
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/CloseTestingResults"
template: "close_testing_workpaper"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: journal-entries
path: "/GL_SRV/JournalEntries"
operations:
- name: get-journal-entries
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
Financial Statement Analytics Pipeline
▼
audit analytics sap azure-databricks power-bi sharepoint microsoft-teams
Extracts financial statement data from SAP, runs analytical procedures through Azure Databricks, generates variance analysis in Power BI, stores the working paper in SharePoint, and alerts the audit senior via Microsoft Teams.
naftiko: "0.5"
info:
label: "Financial Statement Analytics Pipeline"
description: "Extracts financial statement data from SAP, runs analytical procedures through Azure Databricks, generates variance analysis in Power BI, stores the working paper in SharePoint, and alerts the audit senior via Microsoft Teams."
tags:
- audit
- analytics
- sap
- azure-databricks
- power-bi
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: audit-fs-analytics
port: 8080
tools:
- name: run-fs-analytics
description: "Given a company code and fiscal year, extract SAP data, run Databricks analytics, refresh Power BI, save workpaper, and notify the audit senior."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code."
- name: fiscal_year
in: body
type: string
description: "Fiscal year (YYYY)."
- name: audit_senior_email
in: body
type: string
description: "Email of the audit senior."
- name: databricks_job_id
in: body
type: string
description: "Databricks analytics job ID."
- name: powerbi_dataset_id
in: body
type: string
description: "Power BI dataset GUID for the audit dashboard."
steps:
- name: extract-financials
type: call
call: "sap.get-financial-statements"
with:
company_code: "{{company_code}}"
fiscal_year: "{{fiscal_year}}"
- name: run-analytics
type: call
call: "databricks.run-job"
with:
job_id: "{{databricks_job_id}}"
parameters: "{\"company_code\":\"{{company_code}}\",\"fiscal_year\":\"{{fiscal_year}}\"}"
- name: refresh-dashboard
type: call
call: "powerbi.refresh-dataset"
with:
workspace_id: "audit_workspace"
dataset_id: "{{powerbi_dataset_id}}"
- name: save-workpaper
type: call
call: "sharepoint.create-file"
with:
site_id: "audit_engagements_site"
file_path: "Analytics/{{company_code}}_FY{{fiscal_year}}_fs_analytics.xlsx"
- name: notify-senior
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{audit_senior_email}}"
text: "FS analytics complete for {{company_code}} FY{{fiscal_year}}. Databricks job: {{run-analytics.run_id}}. Power BI refreshed. Workpaper: {{save-workpaper.url}}."
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-s4.sap.com/sap/opu/odata/sap/API_FINANCIALSTATEMENT"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
inputParameters:
- name: Accept
in: header
value: "application/json"
resources:
- name: financial-statements
path: "/FinancialStatementSet?$filter=CompanyCode eq '{{company_code}}' and FiscalYear eq '{{fiscal_year}}'"
inputParameters:
- name: company_code
in: query
- name: fiscal_year
in: query
operations:
- name: get-financial-statements
method: GET
- type: http
namespace: databricks
baseUri: "https://adb-kpmg.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Fortify Vulnerability Scan Status
▼
cybersecurity fortify
Retrieves the status and findings summary from Fortify application security scans used in security assessment engagements.
naftiko: "0.5"
info:
label: "Fortify Vulnerability Scan Status"
description: "Retrieves the status and findings summary from Fortify application security scans used in security assessment engagements."
tags:
- cybersecurity
- fortify
capability:
exposes:
- type: mcp
namespace: appsec
port: 8080
tools:
- name: get-fortify-scan
description: "Get Fortify scan status and findings summary."
inputParameters:
- name: application_id
in: body
type: string
description: "The Fortify application identifier."
call: "fortify.get-scan-summary"
with:
application_id: "{{application_id}}"
outputParameters:
- name: critical_count
type: integer
mapping: "$.issueSummary.critical"
- name: high_count
type: integer
mapping: "$.issueSummary.high"
- name: scan_date
type: string
mapping: "$.scanDate"
consumes:
- type: http
namespace: fortify
baseUri: "https://kpmg-fortify.fortify.com/ssc/api/v1"
authentication:
type: bearer
token: "$secrets.fortify_token"
resources:
- name: applications
path: "/projectVersions/{{application_id}}/issueSummaries"
inputParameters:
- name: application_id
in: path
operations:
- name: get-scan-summary
method: GET
Fraud Risk Assessment Pipeline
▼
forensics fraud azure-databricks sharepoint microsoft-teams
Performs fraud risk assessments by analyzing transaction patterns in Databricks, cross-referencing with known fraud indicators, generating risk reports in SharePoint, and alerting the forensics team.
naftiko: "0.5"
info:
label: "Fraud Risk Assessment Pipeline"
description: "Performs fraud risk assessments by analyzing transaction patterns in Databricks, cross-referencing with known fraud indicators, generating risk reports in SharePoint, and alerting the forensics team."
tags:
- forensics
- fraud
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: fraud-assessment
port: 8080
tools:
- name: assess-fraud-risk
description: "Perform a fraud risk assessment on client transaction data."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: analysis_period
in: body
type: string
description: "Analysis period (e.g., 2025-Q4)."
- name: forensics_email
in: body
type: string
description: "Forensics team email."
steps:
- name: analyze-transactions
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM transaction_fraud_indicators WHERE client_id = '{{client_id}}' AND period = '{{analysis_period}}' AND risk_score > 0.8"
- name: generate-risk-report
type: call
call: "sharepoint.create-document"
with:
site_id: "forensics"
folder_path: "{{client_id}}/FraudAssessment/{{analysis_period}}"
template: "fraud_risk_report"
- name: alert-forensics
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{forensics_email}}"
text: "Fraud risk assessment for {{client_id}} ({{analysis_period}}): {{analyze-transactions.high_risk_count}} high-risk transactions identified. Report: {{generate-risk-report.url}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
GDPR Data Subject Access Request Pipeline
▼
compliance gdpr privacy workday salesforce servicenow sharepoint microsoft-teams
On receipt of a DSAR, looks up the data subject in Workday, searches for their data across Salesforce and ServiceNow, compiles a report in SharePoint, and notifies the DPO via Microsoft Teams.
naftiko: "0.5"
info:
label: "GDPR Data Subject Access Request Pipeline"
description: "On receipt of a DSAR, looks up the data subject in Workday, searches for their data across Salesforce and ServiceNow, compiles a report in SharePoint, and notifies the DPO via Microsoft Teams."
tags:
- compliance
- gdpr
- privacy
- workday
- salesforce
- servicenow
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: gdpr-dsar
port: 8080
tools:
- name: process-dsar
description: "Given a data subject email and request ID, search across Workday, Salesforce, and ServiceNow, compile a report in SharePoint, and notify the DPO."
inputParameters:
- name: request_id
in: body
type: string
description: "The DSAR request identifier."
- name: data_subject_email
in: body
type: string
description: "Email of the data subject."
- name: dpo_email
in: body
type: string
description: "Email of the Data Protection Officer."
steps:
- name: search-workday
type: call
call: "workday.search-worker"
with:
email: "{{data_subject_email}}"
- name: search-salesforce
type: call
call: "salesforce.search-contact"
with:
email: "{{data_subject_email}}"
- name: search-servicenow
type: call
call: "servicenow.search-user"
with:
email: "{{data_subject_email}}"
- name: compile-report
type: call
call: "sharepoint.create-file"
with:
site_id: "gdpr_dsar_site"
file_path: "Reports/DSAR_{{request_id}}_{{data_subject_email}}.docx"
content: "DSAR Report {{request_id}}. Subject: {{data_subject_email}}. Workday records: {{search-workday.record_count}}. Salesforce records: {{search-salesforce.record_count}}. ServiceNow records: {{search-servicenow.record_count}}."
- name: notify-dpo
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{dpo_email}}"
text: "DSAR {{request_id}} processed for {{data_subject_email}}. Records found — Workday: {{search-workday.record_count}}, Salesforce: {{search-salesforce.record_count}}, ServiceNow: {{search-servicenow.record_count}}. Report: {{compile-report.url}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers?email={{email}}"
inputParameters:
- name: email
in: query
operations:
- name: search-worker
method: GET
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: contacts
path: "/parameterizedSearch/?q={{email}}&sobject=Contact"
inputParameters:
- name: email
in: query
operations:
- name: search-contact
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: users
path: "/table/sys_user?sysparm_query=email={{email}}"
inputParameters:
- name: email
in: query
operations:
- name: search-user
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Global Mobility Tax Equalization Pipeline
▼
tax global-mobility workday azure-databricks sharepoint
Calculates tax equalization for globally mobile employees by extracting compensation data from Workday, running multi-jurisdiction tax calculations in Databricks, and generating equalization reports.
naftiko: "0.5"
info:
label: "Global Mobility Tax Equalization Pipeline"
description: "Calculates tax equalization for globally mobile employees by extracting compensation data from Workday, running multi-jurisdiction tax calculations in Databricks, and generating equalization reports."
tags:
- tax
- global-mobility
- workday
- azure-databricks
- sharepoint
capability:
exposes:
- type: mcp
namespace: global-mobility
port: 8080
tools:
- name: calculate-tax-equalization
description: "Calculate tax equalization for a mobile employee."
inputParameters:
- name: employee_id
in: body
type: string
description: "The employee ID."
- name: home_country
in: body
type: string
description: "Home country code."
- name: host_country
in: body
type: string
description: "Host country code."
steps:
- name: get-compensation
type: call
call: "workday.get-compensation"
with:
employee_id: "{{employee_id}}"
- name: calculate-equalization
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM tax_equalization WHERE employee_id = '{{employee_id}}' AND home = '{{home_country}}' AND host = '{{host_country}}'"
- name: generate-report
type: call
call: "sharepoint.create-document"
with:
site_id: "global-mobility"
folder_path: "TaxEqualization/{{employee_id}}"
template: "tax_equalization_report"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl.workday.com/ccx/api/v1/kpmg"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: compensation
path: "/workers/{{employee_id}}/compensation"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-compensation
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
Google Cloud Platform Project IAM Lookup
▼
cloud google-cloud-platform iam access-review
Retrieves IAM policy bindings for a Google Cloud Platform project, returning roles and members. Used by cloud advisory teams for access review audits.
naftiko: "0.5"
info:
label: "Google Cloud Platform Project IAM Lookup"
description: "Retrieves IAM policy bindings for a Google Cloud Platform project, returning roles and members. Used by cloud advisory teams for access review audits."
tags:
- cloud
- google-cloud-platform
- iam
- access-review
capability:
exposes:
- type: mcp
namespace: gcp-iam
port: 8080
tools:
- name: get-gcp-iam-policy
description: "Look up IAM policy bindings for a GCP project by project ID."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
call: "gcp.get-iam-policy"
with:
project_id: "{{project_id}}"
outputParameters:
- name: bindings
type: string
mapping: "$.bindings"
- name: etag
type: string
mapping: "$.etag"
consumes:
- type: http
namespace: gcp
baseUri: "https://cloudresourcemanager.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: iam-policies
path: "/projects/{{project_id}}:getIamPolicy"
inputParameters:
- name: project_id
in: path
operations:
- name: get-iam-policy
method: POST
IFRS Conversion Advisory Pipeline
▼
advisory ifrs sap azure-databricks sharepoint
Supports IFRS conversion by extracting GAAP financial data from SAP, running conversion calculations in Databricks, and generating conversion workpapers in SharePoint.
naftiko: "0.5"
info:
label: "IFRS Conversion Advisory Pipeline"
description: "Supports IFRS conversion by extracting GAAP financial data from SAP, running conversion calculations in Databricks, and generating conversion workpapers in SharePoint."
tags:
- advisory
- ifrs
- sap
- azure-databricks
- sharepoint
capability:
exposes:
- type: mcp
namespace: ifrs-conversion
port: 8080
tools:
- name: run-ifrs-conversion
description: "Run IFRS conversion analysis for a client."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: fiscal_year
in: body
type: string
description: "The fiscal year."
steps:
- name: extract-gaap-data
type: call
call: "sap.get-financials"
with:
client_id: "{{client_id}}"
standard: "US-GAAP"
- name: convert-to-ifrs
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM ifrs_conversion WHERE client_id = '{{client_id}}'"
- name: create-workpaper
type: call
call: "sharepoint.create-document"
with:
site_id: "advisory"
folder_path: "{{client_id}}/IFRS/{{fiscal_year}}"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: financials
path: "/FI_SRV/FinancialStatements"
operations:
- name: get-financials
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
Incident Response Retainer Orchestrator
▼
cybersecurity incident-response servicenow confluence sharepoint microsoft-teams
Manages cybersecurity incident response by creating cases in ServiceNow, deploying investigation runbooks from Confluence, collecting evidence in SharePoint, and coordinating the response team via Teams.
naftiko: "0.5"
info:
label: "Incident Response Retainer Orchestrator"
description: "Manages cybersecurity incident response by creating cases in ServiceNow, deploying investigation runbooks from Confluence, collecting evidence in SharePoint, and coordinating the response team via Teams."
tags:
- cybersecurity
- incident-response
- servicenow
- confluence
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: incident-response
port: 8080
tools:
- name: activate-ir
description: "Activate cybersecurity incident response for a retainer client."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: incident_severity
in: body
type: string
description: "Incident severity (P1, P2, P3)."
- name: ir_lead_email
in: body
type: string
description: "IR lead email."
steps:
- name: create-case
type: call
call: "servicenow.create-incident"
with:
short_description: "Cyber IR: {{client_id}} - {{incident_severity}}"
urgency: "1"
- name: get-runbook
type: call
call: "confluence.search"
with:
cql: "label = 'ir-runbook' AND label = '{{incident_severity}}'"
- name: create-evidence-folder
type: call
call: "sharepoint.create-document"
with:
site_id: "cyber-ir"
folder_path: "{{client_id}}/{{create-case.number}}"
- name: mobilize-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{ir_lead_email}}"
text: "IR ACTIVATED: {{client_id}} ({{incident_severity}}). Case: {{create-case.number}}. Runbook: {{get-runbook.url}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: confluence
baseUri: "https://kpmg.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Indirect Tax Recovery Orchestrator
▼
tax finance sap-ariba snowflake compliance
Scans SAP Ariba purchase transactions for recoverable VAT and GST, validates against jurisdiction rules in Snowflake, generates claim documentation, and files recovery requests through the tax portal.
naftiko: "0.5"
info:
label: "Indirect Tax Recovery Orchestrator"
description: "Scans SAP Ariba purchase transactions for recoverable VAT and GST, validates against jurisdiction rules in Snowflake, generates claim documentation, and files recovery requests through the tax portal."
tags:
- tax
- finance
- sap-ariba
- snowflake
- compliance
capability:
exposes:
- type: mcp
namespace: tax-recovery
port: 8080
tools:
- name: process-indirect-tax-recovery
description: "Given a client ID and date range, scan purchase transactions for recoverable indirect taxes, validate eligibility, and generate claim files."
inputParameters:
- name: client_id
in: body
type: string
description: "The client engagement identifier."
- name: start_date
in: body
type: string
description: "Start date in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "End date in YYYY-MM-DD format."
steps:
- name: get-purchase-transactions
type: call
call: "sap-ariba.get-purchase-orders"
with:
client_id: "{{client_id}}"
from: "{{start_date}}"
to: "{{end_date}}"
- name: validate-recovery-rules
type: call
call: "snowflake.run-tax-rule-validation"
with:
transactions: "{{get-purchase-transactions.orders}}"
- name: generate-claim-docs
type: call
call: "sharepoint.upload-document"
with:
library: "TaxRecoveryClaims"
filename: "indirect-tax-claim-{{client_id}}-{{start_date}}.pdf"
data: "{{validate-recovery-rules.claim_data}}"
- name: notify-engagement-team
type: call
call: "msteams.post-message"
with:
channel: "tax-recovery-{{client_id}}"
message: "Indirect tax recovery claim generated: {{validate-recovery-rules.recoverable_amount}} across {{validate-recovery-rules.jurisdiction_count}} jurisdictions."
consumes:
- type: http
namespace: sap-ariba
baseUri: "https://api.ariba.com/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: purchase-orders
path: "/procurement/purchase-orders"
operations:
- name: get-purchase-orders
method: GET
- type: http
namespace: snowflake
baseUri: "https://kpmg.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-tax-rule-validation
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites/kpmg.sharepoint.com"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/drive/items"
operations:
- name: upload-document
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Informatica Data Quality Job Status
▼
data-governance informatica etl data-quality
Retrieves the status of an Informatica Cloud data quality job run, returning execution state, row counts, and error summary. Used by data governance teams for ETL monitoring.
naftiko: "0.5"
info:
label: "Informatica Data Quality Job Status"
description: "Retrieves the status of an Informatica Cloud data quality job run, returning execution state, row counts, and error summary. Used by data governance teams for ETL monitoring."
tags:
- data-governance
- informatica
- etl
- data-quality
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: get-informatica-job-status
description: "Look up an Informatica Cloud data quality job run by run ID."
inputParameters:
- name: run_id
in: body
type: string
description: "The Informatica Cloud job run ID."
call: "informatica.get-activity-run"
with:
run_id: "{{run_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: rows_success
type: string
mapping: "$.successRowsCount"
- name: rows_error
type: string
mapping: "$.errorRowsCount"
- name: start_time
type: string
mapping: "$.startTime"
consumes:
- type: http
namespace: informatica
baseUri: "https://na1.dm-us.informaticacloud.com/saas/api/v2"
authentication:
type: bearer
token: "$secrets.informatica_token"
resources:
- name: activity-runs
path: "/activity/activityMonitor/{{run_id}}"
inputParameters:
- name: run_id
in: path
operations:
- name: get-activity-run
method: GET
Intercompany Transaction Elimination Pipeline
▼
audit finance sap snowflake consolidation
Queries SAP for intercompany receivables and payables, matches offsetting entries in Snowflake, flags unreconciled balances, and posts elimination journal entries for consolidated financial statements.
naftiko: "0.5"
info:
label: "Intercompany Transaction Elimination Pipeline"
description: "Queries SAP for intercompany receivables and payables, matches offsetting entries in Snowflake, flags unreconciled balances, and posts elimination journal entries for consolidated financial statements."
tags:
- audit
- finance
- sap
- snowflake
- consolidation
capability:
exposes:
- type: mcp
namespace: audit-consolidation
port: 8080
tools:
- name: eliminate-intercompany-transactions
description: "Given a reporting period and entity list, retrieve intercompany balances from SAP, match in Snowflake, flag exceptions, and post elimination entries."
inputParameters:
- name: reporting_period
in: body
type: string
description: "Reporting period in YYYY-MM format."
- name: entity_ids
in: body
type: array
description: "List of legal entity IDs to consolidate."
steps:
- name: get-intercompany-balances
type: call
call: "sap.get-intercompany-balances"
with:
period: "{{reporting_period}}"
entities: "{{entity_ids}}"
- name: match-offsetting-entries
type: call
call: "snowflake.run-intercompany-match"
with:
balances: "{{get-intercompany-balances.data}}"
period: "{{reporting_period}}"
- name: flag-exceptions
type: call
call: "servicenow.create-incident"
with:
short_description: "Intercompany reconciliation exceptions for {{reporting_period}}"
description: "Unmatched items: {{match-offsetting-entries.unmatched_count}}"
category: "audit_finding"
- name: post-elimination-entries
type: call
call: "sap.post-journal-entry"
with:
period: "{{reporting_period}}"
entries: "{{match-offsetting-entries.elimination_entries}}"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.s4hana.cloud/api/v1"
authentication:
type: bearer
token: "$secrets.sap_token"
resources:
- name: intercompany
path: "/intercompany/balances"
operations:
- name: get-intercompany-balances
method: GET
- name: journal-entries
path: "/journal-entries"
operations:
- name: post-journal-entry
method: POST
- type: http
namespace: snowflake
baseUri: "https://kpmg.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-intercompany-match
method: POST
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Internal Audit Finding Workflow
▼
internal-audit governance servicenow jira microsoft-teams
When an internal audit finding is identified, creates the finding in ServiceNow GRC, assigns a Jira remediation task to the control owner, and notifies the audit committee distribution list in Microsoft Teams.
naftiko: "0.5"
info:
label: "Internal Audit Finding Workflow"
description: "When an internal audit finding is identified, creates the finding in ServiceNow GRC, assigns a Jira remediation task to the control owner, and notifies the audit committee distribution list in Microsoft Teams."
tags:
- internal-audit
- governance
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: internal-audit
port: 8080
tools:
- name: log-audit-finding
description: "Given finding details, create a ServiceNow GRC finding, assign a Jira remediation task, and notify the audit committee via Microsoft Teams."
inputParameters:
- name: finding_title
in: body
type: string
description: "Title of the audit finding."
- name: finding_description
in: body
type: string
description: "Detailed description of the finding."
- name: severity
in: body
type: string
description: "Finding severity (critical, high, medium, low)."
- name: control_owner_email
in: body
type: string
description: "Email of the control owner responsible for remediation."
- name: audit_committee_channel
in: body
type: string
description: "Microsoft Teams channel ID for the audit committee."
steps:
- name: create-grc-finding
type: call
call: "servicenow.create-finding"
with:
short_description: "{{finding_title}}"
description: "{{finding_description}}"
severity: "{{severity}}"
assigned_to: "{{control_owner_email}}"
- name: create-remediation-task
type: call
call: "jira.create-issue"
with:
project_key: "IAUDIT"
issue_type: "Task"
summary: "Remediate: {{finding_title}}"
description: "Severity: {{severity}}. GRC Finding: {{create-grc-finding.number}}. {{finding_description}}"
assignee: "{{control_owner_email}}"
- name: notify-committee
type: call
call: "msteams.send-channel-message"
with:
channel_id: "{{audit_committee_channel}}"
text: "Internal Audit Finding: {{finding_title}} ({{severity}}). GRC: {{create-grc-finding.number}}. Remediation: {{create-remediation-task.key}}. Owner: {{control_owner_email}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: findings
path: "/table/sn_audit_finding"
operations:
- name: create-finding
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Internal Controls Walkthrough Orchestrator
▼
audit internal-controls confluence sharepoint jira microsoft-teams
Conducts internal controls walkthroughs by extracting process documentation from Confluence, creating testing workpapers in SharePoint, assigning tasks in Jira, and notifying the audit team.
naftiko: "0.5"
info:
label: "Internal Controls Walkthrough Orchestrator"
description: "Conducts internal controls walkthroughs by extracting process documentation from Confluence, creating testing workpapers in SharePoint, assigning tasks in Jira, and notifying the audit team."
tags:
- audit
- internal-controls
- confluence
- sharepoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: controls-walkthrough
port: 8080
tools:
- name: conduct-walkthrough
description: "Conduct an internal controls walkthrough for a client process."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The audit engagement ID."
- name: process_name
in: body
type: string
description: "The business process name."
- name: team_email
in: body
type: string
description: "Audit team email."
steps:
- name: get-process-docs
type: call
call: "confluence.search"
with:
cql: "label = '{{process_name}}' AND space = 'CONTROLS'"
- name: create-testing-workpaper
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/Controls/{{process_name}}"
template: "controls_walkthrough"
- name: assign-testing-tasks
type: call
call: "jira.create-issue"
with:
project: "AUDIT"
summary: "Controls walkthrough: {{process_name}} - {{engagement_id}}"
description: "Process documentation: {{get-process-docs.url}}. Workpaper: {{create-testing-workpaper.url}}."
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{team_email}}"
text: "Controls walkthrough initiated for {{process_name}} on engagement {{engagement_id}}. Workpaper: {{create-testing-workpaper.url}}. Jira: {{assign-testing-tasks.key}}."
consumes:
- type: http
namespace: confluence
baseUri: "https://kpmg.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Inventory Observation Orchestrator
▼
audit inventory sap sharepoint jira
Manages audit inventory observations by extracting book values from SAP, creating observation workpapers in SharePoint, and tracking exceptions in Jira.
naftiko: "0.5"
info:
label: "Inventory Observation Orchestrator"
description: "Manages audit inventory observations by extracting book values from SAP, creating observation workpapers in SharePoint, and tracking exceptions in Jira."
tags:
- audit
- inventory
- sap
- sharepoint
- jira
capability:
exposes:
- type: mcp
namespace: inventory-observation
port: 8080
tools:
- name: manage-observation
description: "Manage audit inventory observation procedures."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: warehouse_location
in: body
type: string
description: "Warehouse location code."
steps:
- name: get-book-values
type: call
call: "sap.get-inventory"
with:
location: "{{warehouse_location}}"
- name: create-workpaper
type: call
call: "sharepoint.create-document"
with:
site_id: "audit"
folder_path: "{{engagement_id}}/Inventory/{{warehouse_location}}"
- name: track-exceptions
type: call
call: "jira.create-issue"
with:
project: "AUDIT"
summary: "Inventory observation: {{engagement_id}} - {{warehouse_location}}"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: inventory
path: "/MM_SRV/InventoryValues"
operations:
- name: get-inventory
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
IT Audit Access Review Orchestrator
▼
it-audit access-review azure-ad servicenow sharepoint microsoft-teams
Conducts IT audit access reviews by extracting user access lists from Azure AD, comparing against authorized roles in ServiceNow, documenting exceptions in SharePoint, and notifying the IT audit team.
naftiko: "0.5"
info:
label: "IT Audit Access Review Orchestrator"
description: "Conducts IT audit access reviews by extracting user access lists from Azure AD, comparing against authorized roles in ServiceNow, documenting exceptions in SharePoint, and notifying the IT audit team."
tags:
- it-audit
- access-review
- azure-ad
- servicenow
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: it-access-review
port: 8080
tools:
- name: conduct-access-review
description: "Conduct an IT audit user access review."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement ID."
- name: application_name
in: body
type: string
description: "The application under review."
- name: it_audit_email
in: body
type: string
description: "IT audit team email."
steps:
- name: extract-access-list
type: call
call: "azuread.get-app-users"
with:
application_name: "{{application_name}}"
- name: compare-authorized-roles
type: call
call: "servicenow.get-authorized-access"
with:
application: "{{application_name}}"
- name: document-exceptions
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/ITControls/AccessReview/{{application_name}}"
template: "access_review_workpaper"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{it_audit_email}}"
text: "Access review for {{application_name}} ({{engagement_id}}): {{extract-access-list.user_count}} users. Exceptions: {{compare-authorized-roles.exception_count}}. Workpaper: {{document-exceptions.url}}."
consumes:
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: app-users
path: "/applications/{{application_name}}/appRoleAssignedTo"
inputParameters:
- name: application_name
in: path
operations:
- name: get-app-users
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: access
path: "/table/sys_user_role"
operations:
- name: get-authorized-access
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
IT General Controls Testing Orchestrator
▼
audit itgc azure-active-directory servicenow sharepoint microsoft-teams
Executes IT general controls testing by pulling access logs from Azure Active Directory, comparing against authorized user lists in ServiceNow, documenting exceptions in SharePoint, and notifying the IT audit lead via Microsoft Teams.
naftiko: "0.5"
info:
label: "IT General Controls Testing Orchestrator"
description: "Executes IT general controls testing by pulling access logs from Azure Active Directory, comparing against authorized user lists in ServiceNow, documenting exceptions in SharePoint, and notifying the IT audit lead via Microsoft Teams."
tags:
- audit
- itgc
- azure-active-directory
- servicenow
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: itgc-testing
port: 8080
tools:
- name: test-access-controls
description: "Given an application name and testing period, pull Azure AD sign-in logs, compare against ServiceNow authorized users, document exceptions, and notify the IT audit lead."
inputParameters:
- name: application_name
in: body
type: string
description: "Name of the application under ITGC testing."
- name: application_id
in: body
type: string
description: "Azure AD application ID."
- name: testing_period_start
in: body
type: string
description: "Testing period start (YYYY-MM-DD)."
- name: testing_period_end
in: body
type: string
description: "Testing period end (YYYY-MM-DD)."
- name: it_audit_lead_email
in: body
type: string
description: "Email of the IT audit lead."
steps:
- name: get-sign-in-logs
type: call
call: "azuread.get-sign-in-logs"
with:
application_id: "{{application_id}}"
date_from: "{{testing_period_start}}"
date_to: "{{testing_period_end}}"
- name: get-authorized-users
type: call
call: "servicenow.get-authorized-users"
with:
application_name: "{{application_name}}"
- name: document-exceptions
type: call
call: "sharepoint.create-file"
with:
site_id: "itgc_testing_site"
file_path: "ITGC/{{application_name}}_access_{{testing_period_start}}_to_{{testing_period_end}}.xlsx"
content: "Application: {{application_name}}. Period: {{testing_period_start}} to {{testing_period_end}}. Sign-ins: {{get-sign-in-logs.total_count}}. Authorized users: {{get-authorized-users.user_count}}. Unauthorized access attempts: {{get-sign-in-logs.unauthorized_count}}."
- name: notify-audit-lead
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{it_audit_lead_email}}"
text: "ITGC access test for {{application_name}} ({{testing_period_start}} to {{testing_period_end}}). Sign-ins: {{get-sign-in-logs.total_count}}. Unauthorized: {{get-sign-in-logs.unauthorized_count}}. Report: {{document-exceptions.url}}."
consumes:
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: sign-in-logs
path: "/auditLogs/signIns?$filter=appId eq '{{application_id}}' and createdDateTime ge {{date_from}} and createdDateTime le {{date_to}}"
inputParameters:
- name: application_id
in: query
- name: date_from
in: query
- name: date_to
in: query
operations:
- name: get-sign-in-logs
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: authorized-users
path: "/table/sys_user_has_role?sysparm_query=role.application={{application_name}}"
inputParameters:
- name: application_name
in: query
operations:
- name: get-authorized-users
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Jira Issue Status Lookup
▼
project-management jira consulting
Retrieves a Jira issue by key, returning summary, status, assignee, and priority. Used by consulting and advisory teams to track project delivery milestones.
naftiko: "0.5"
info:
label: "Jira Issue Status Lookup"
description: "Retrieves a Jira issue by key, returning summary, status, assignee, and priority. Used by consulting and advisory teams to track project delivery milestones."
tags:
- project-management
- jira
- consulting
capability:
exposes:
- type: mcp
namespace: project-tracking
port: 8080
tools:
- name: get-jira-issue
description: "Look up a Jira issue by key and return its current status and assignment."
inputParameters:
- name: issue_key
in: body
type: string
description: "The Jira issue key (e.g., AUDIT-1234)."
call: "jira.get-issue"
with:
issue_key: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
- name: priority
type: string
mapping: "$.fields.priority.name"
consumes:
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: get-issue
method: GET
Lease Accounting ASC 842 Pipeline
▼
audit lease-accounting sap azure-databricks sharepoint
Supports lease accounting under ASC 842 by extracting lease data from SAP, calculating right-of-use assets in Databricks, and generating disclosure workpapers in SharePoint.
naftiko: "0.5"
info:
label: "Lease Accounting ASC 842 Pipeline"
description: "Supports lease accounting under ASC 842 by extracting lease data from SAP, calculating right-of-use assets in Databricks, and generating disclosure workpapers in SharePoint."
tags:
- audit
- lease-accounting
- sap
- azure-databricks
- sharepoint
capability:
exposes:
- type: mcp
namespace: lease-accounting
port: 8080
tools:
- name: analyze-leases
description: "Analyze client leases for ASC 842 compliance."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement ID."
- name: client_id
in: body
type: string
description: "The client ID."
steps:
- name: extract-leases
type: call
call: "sap.get-lease-data"
with:
client_id: "{{client_id}}"
- name: calculate-rou-assets
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM lease_calculations WHERE client_id = '{{client_id}}' AND standard = 'ASC842'"
- name: create-workpaper
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/LeaseAccounting"
template: "asc842_workpaper"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: leases
path: "/RE_SRV/Leases"
operations:
- name: get-lease-data
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
M&A Due Diligence Pipeline
▼
advisory mergers-and-acquisitions due-diligence sharepoint jira bloomberg salesforce microsoft-teams
On deal initiation, creates a SharePoint deal room, provisions Jira tracking board, pulls target company financials from Bloomberg, logs the engagement in Salesforce, and notifies the deal team in Microsoft Teams.
naftiko: "0.5"
info:
label: "M&A Due Diligence Pipeline"
description: "On deal initiation, creates a SharePoint deal room, provisions Jira tracking board, pulls target company financials from Bloomberg, logs the engagement in Salesforce, and notifies the deal team in Microsoft Teams."
tags:
- advisory
- mergers-and-acquisitions
- due-diligence
- sharepoint
- jira
- bloomberg
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ma-advisory
port: 8080
tools:
- name: initiate-due-diligence
description: "Given a target company name and deal lead email, provision deal room, Jira board, pull Bloomberg data, log in Salesforce, and notify team."
inputParameters:
- name: target_company
in: body
type: string
description: "Legal name of the target company."
- name: deal_code
in: body
type: string
description: "Internal deal/project code."
- name: deal_lead_email
in: body
type: string
description: "Email of the deal lead partner."
- name: bloomberg_ticker
in: body
type: string
description: "Bloomberg ticker for the target company."
steps:
- name: create-deal-room
type: call
call: "sharepoint.create-folder"
with:
site_id: "ma_deal_rooms_site"
folder_path: "Deals/{{deal_code}}_{{target_company}}"
- name: create-deal-board
type: call
call: "jira.create-issue"
with:
project_key: "MADEAL"
issue_type: "Epic"
summary: "Due Diligence: {{target_company}} — {{deal_code}}"
description: "Deal room: {{create-deal-room.url}}. Lead: {{deal_lead_email}}."
- name: get-financials
type: call
call: "bloomberg.get-company-financials"
with:
ticker: "{{bloomberg_ticker}}"
- name: log-opportunity
type: call
call: "salesforce.create-opportunity"
with:
name: "M&A Advisory: {{target_company}}"
stage: "Due Diligence"
deal_code: "{{deal_code}}"
description: "Revenue: {{get-financials.revenue}}. EBITDA: {{get-financials.ebitda}}. Deal room: {{create-deal-room.url}}"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{deal_lead_email}}"
text: "Due diligence initiated for {{target_company}} ({{deal_code}}). Revenue: {{get-financials.revenue}}. EBITDA: {{get-financials.ebitda}}. Deal room: {{create-deal-room.url}}. Jira: {{create-deal-board.key}}."
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-folder
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: bloomberg
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/v1"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: company-data
path: "/data/{{ticker}}/financials"
inputParameters:
- name: ticker
in: path
operations:
- name: get-company-financials
method: GET
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: create-opportunity
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Managed Services SLA Monitoring Pipeline
▼
managed-services sla datadog salesforce microsoft-teams
Monitors SLA compliance for managed services engagements by pulling metrics from Datadog, comparing against SLA thresholds in Salesforce, and alerting service managers via Teams.
naftiko: "0.5"
info:
label: "Managed Services SLA Monitoring Pipeline"
description: "Monitors SLA compliance for managed services engagements by pulling metrics from Datadog, comparing against SLA thresholds in Salesforce, and alerting service managers via Teams."
tags:
- managed-services
- sla
- datadog
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sla-monitoring
port: 8080
tools:
- name: monitor-sla-compliance
description: "Monitor SLA compliance for a managed services engagement."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: service_manager_email
in: body
type: string
description: "Service manager email."
steps:
- name: get-metrics
type: call
call: "datadog.get-sla-metrics"
with:
engagement_id: "{{engagement_id}}"
- name: check-thresholds
type: call
call: "salesforce.get-sla-thresholds"
with:
engagement_id: "{{engagement_id}}"
- name: alert-manager
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{service_manager_email}}"
text: "SLA report for {{engagement_id}}: Uptime {{get-metrics.uptime}}%. Breaches: {{get-metrics.breach_count}}."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
operations:
- name: get-sla-metrics
method: GET
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: sla
path: "/sobjects/SLAThreshold__c"
operations:
- name: get-sla-thresholds
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Microsoft Dynamics 365 Customer Lookup
▼
advisory crm microsoft-dynamics client-intelligence
Retrieves a customer account record from Microsoft Dynamics 365 by account ID, returning name, revenue, industry, and primary contact. Used by advisory teams for client intelligence.
naftiko: "0.5"
info:
label: "Microsoft Dynamics 365 Customer Lookup"
description: "Retrieves a customer account record from Microsoft Dynamics 365 by account ID, returning name, revenue, industry, and primary contact. Used by advisory teams for client intelligence."
tags:
- advisory
- crm
- microsoft-dynamics
- client-intelligence
capability:
exposes:
- type: mcp
namespace: crm-dynamics
port: 8080
tools:
- name: get-dynamics-account
description: "Look up a Microsoft Dynamics 365 customer account by ID."
inputParameters:
- name: account_id
in: body
type: string
description: "The Dynamics 365 account GUID."
call: "dynamics.get-account"
with:
account_id: "{{account_id}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: revenue
type: string
mapping: "$.revenue"
- name: industry
type: string
mapping: "$.industrycode@OData.Community.Display.V1.FormattedValue"
- name: primary_contact
type: string
mapping: "$.primarycontactid.fullname"
consumes:
- type: http
namespace: dynamics
baseUri: "https://kpmg.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.dynamics_token"
resources:
- name: accounts
path: "/accounts({{account_id}})"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
Microsoft Dynamics Invoice Lookup
▼
billing microsoft-dynamics
Retrieves client invoice details from Microsoft Dynamics 365, including amount, status, and payment terms.
naftiko: "0.5"
info:
label: "Microsoft Dynamics Invoice Lookup"
description: "Retrieves client invoice details from Microsoft Dynamics 365, including amount, status, and payment terms."
tags:
- billing
- microsoft-dynamics
capability:
exposes:
- type: mcp
namespace: client-billing
port: 8080
tools:
- name: get-invoice
description: "Look up a client invoice by invoice number in Dynamics 365."
inputParameters:
- name: invoice_number
in: body
type: string
description: "The invoice number."
call: "dynamics.get-invoice"
with:
invoice_number: "{{invoice_number}}"
outputParameters:
- name: amount
type: number
mapping: "$.value[0].totalamount"
- name: status
type: string
mapping: "$.value[0].statuscode"
- name: due_date
type: string
mapping: "$.value[0].duedate"
consumes:
- type: http
namespace: dynamics
baseUri: "https://kpmg.api.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.dynamics_token"
resources:
- name: invoices
path: "/invoices?$filter=invoicenumber eq '{{invoice_number}}'"
inputParameters:
- name: invoice_number
in: path
operations:
- name: get-invoice
method: GET
Microsoft Sentinel Security Alert Lookup
▼
cybersecurity microsoft-sentinel security-operations
Retrieves a Microsoft Sentinel security alert by alert ID, returning severity, status, tactics, and affected entities. Used by cybersecurity advisory teams.
naftiko: "0.5"
info:
label: "Microsoft Sentinel Security Alert Lookup"
description: "Retrieves a Microsoft Sentinel security alert by alert ID, returning severity, status, tactics, and affected entities. Used by cybersecurity advisory teams."
tags:
- cybersecurity
- microsoft-sentinel
- security-operations
capability:
exposes:
- type: mcp
namespace: security-sentinel
port: 8080
tools:
- name: get-sentinel-alert
description: "Look up a Microsoft Sentinel security alert by ID and return severity and tactic details."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: workspace_name
in: body
type: string
description: "Log Analytics workspace name."
- name: alert_id
in: body
type: string
description: "The Sentinel alert ID."
call: "sentinel.get-alert"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
workspace_name: "{{workspace_name}}"
alert_id: "{{alert_id}}"
outputParameters:
- name: severity
type: string
mapping: "$.properties.severity"
- name: status
type: string
mapping: "$.properties.status"
- name: tactics
type: string
mapping: "$.properties.tactics"
- name: alert_display_name
type: string
mapping: "$.properties.alertDisplayName"
consumes:
- type: http
namespace: sentinel
baseUri: "https://management.azure.com/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.OperationalInsights/workspaces/{{workspace_name}}/providers/Microsoft.SecurityInsights"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
inputParameters:
- name: api-version
in: query
value: "2023-11-01"
resources:
- name: alerts
path: "/incidents/{{alert_id}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: workspace_name
in: path
- name: alert_id
in: path
operations:
- name: get-alert
method: GET
MuleSoft API Analytics Lookup
▼
integration mulesoft api-management analytics
Retrieves API analytics from MuleSoft Anypoint Platform for a given API and environment, returning request counts, error rates, and average latency. Used by technology advisory teams.
naftiko: "0.5"
info:
label: "MuleSoft API Analytics Lookup"
description: "Retrieves API analytics from MuleSoft Anypoint Platform for a given API and environment, returning request counts, error rates, and average latency. Used by technology advisory teams."
tags:
- integration
- mulesoft
- api-management
- analytics
capability:
exposes:
- type: mcp
namespace: api-analytics
port: 8080
tools:
- name: get-api-analytics
description: "Look up MuleSoft Anypoint API analytics by organization, environment, and API ID."
inputParameters:
- name: org_id
in: body
type: string
description: "MuleSoft Anypoint organization ID."
- name: environment_id
in: body
type: string
description: "Target environment ID."
- name: api_id
in: body
type: string
description: "The API instance ID."
call: "mulesoft.get-analytics"
with:
org_id: "{{org_id}}"
environment_id: "{{environment_id}}"
api_id: "{{api_id}}"
outputParameters:
- name: total_requests
type: string
mapping: "$.total"
- name: error_count
type: string
mapping: "$.errors"
- name: avg_latency_ms
type: string
mapping: "$.averageResponseTime"
consumes:
- type: http
namespace: mulesoft
baseUri: "https://anypoint.mulesoft.com/analytics/1.0"
authentication:
type: bearer
token: "$secrets.mulesoft_token"
resources:
- name: analytics
path: "/{{org_id}}/environments/{{environment_id}}/apis/{{api_id}}/events"
inputParameters:
- name: org_id
in: path
- name: environment_id
in: path
- name: api_id
in: path
operations:
- name: get-analytics
method: GET
MuleSoft API Gateway Health Check
▼
integration mulesoft
Checks the health and performance status of APIs managed through the MuleSoft API gateway, returning uptime and error rates.
naftiko: "0.5"
info:
label: "MuleSoft API Gateway Health Check"
description: "Checks the health and performance status of APIs managed through the MuleSoft API gateway, returning uptime and error rates."
tags:
- integration
- mulesoft
capability:
exposes:
- type: mcp
namespace: api-health
port: 8080
tools:
- name: check-api-health
description: "Check the health status of a MuleSoft-managed API."
inputParameters:
- name: api_id
in: body
type: string
description: "The MuleSoft API identifier."
call: "mulesoft.get-api-status"
with:
api_id: "{{api_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: uptime_percentage
type: number
mapping: "$.metrics.uptime"
- name: error_rate
type: number
mapping: "$.metrics.errorRate"
consumes:
- type: http
namespace: mulesoft
baseUri: "https://anypoint.mulesoft.com/apiplatform/repository/v2"
authentication:
type: bearer
token: "$secrets.mulesoft_token"
resources:
- name: apis
path: "/organizations/kpmg/apis/{{api_id}}/status"
inputParameters:
- name: api_id
in: path
operations:
- name: get-api-status
method: GET
Nessus Vulnerability Report Lookup
▼
cybersecurity nessus
Retrieves vulnerability assessment scan results from Nessus for infrastructure security engagements.
naftiko: "0.5"
info:
label: "Nessus Vulnerability Report Lookup"
description: "Retrieves vulnerability assessment scan results from Nessus for infrastructure security engagements."
tags:
- cybersecurity
- nessus
capability:
exposes:
- type: mcp
namespace: vuln-assessment
port: 8080
tools:
- name: get-nessus-report
description: "Retrieve Nessus vulnerability scan report by scan ID."
inputParameters:
- name: scan_id
in: body
type: string
description: "The Nessus scan identifier."
call: "nessus.get-report"
with:
scan_id: "{{scan_id}}"
outputParameters:
- name: critical
type: integer
mapping: "$.hosts[0].critical"
- name: high
type: integer
mapping: "$.hosts[0].high"
- name: total_hosts
type: integer
mapping: "$.hostcount"
consumes:
- type: http
namespace: nessus
baseUri: "https://kpmg-nessus.kpmg.com:8834"
authentication:
type: apiKey
header: "X-ApiKeys"
key: "$secrets.nessus_api_keys"
resources:
- name: scans
path: "/scans/{{scan_id}}"
inputParameters:
- name: scan_id
in: path
operations:
- name: get-report
method: GET
Oracle Cloud Financials Journal Entry Lookup
▼
finance oracle-cloud general-ledger journal-entry
Retrieves an Oracle Cloud Financials journal entry by batch name and ledger, returning status, total debits, total credits, and posting date.
naftiko: "0.5"
info:
label: "Oracle Cloud Financials Journal Entry Lookup"
description: "Retrieves an Oracle Cloud Financials journal entry by batch name and ledger, returning status, total debits, total credits, and posting date."
tags:
- finance
- oracle-cloud
- general-ledger
- journal-entry
capability:
exposes:
- type: mcp
namespace: oracle-finance
port: 8080
tools:
- name: get-journal-entry
description: "Look up an Oracle Cloud Financials journal entry by batch name and ledger ID, then store the result in SharePoint for audit evidence."
inputParameters:
- name: batch_name
in: body
type: string
description: "The journal batch name."
- name: ledger_id
in: body
type: string
description: "The Oracle ledger identifier."
- name: engagement_id
in: body
type: string
description: "The audit engagement ID for filing."
steps:
- name: fetch-journal
type: call
call: "oracle.get-journal"
with:
batch_name: "{{batch_name}}"
ledger_id: "{{ledger_id}}"
- name: store-evidence
type: call
call: "sharepoint.create-file"
with:
site_id: "audit_engagements_site"
file_path: "Evidence/{{engagement_id}}/JE_{{batch_name}}.json"
content: "Batch: {{batch_name}}. Status: {{fetch-journal.Status}}. Debits: {{fetch-journal.TotalEnteredDebitAmount}}. Credits: {{fetch-journal.TotalEnteredCreditAmount}}. Posted: {{fetch-journal.PostingDate}}."
consumes:
- type: http
namespace: oracle
baseUri: "https://kpmg.oraclecloud.com/fscmRestApi/resources/v2"
authentication:
type: basic
username: "$secrets.oracle_user"
password: "$secrets.oracle_password"
resources:
- name: journals
path: "/journalBatches?q=BatchName='{{batch_name}}';LedgerId={{ledger_id}}"
inputParameters:
- name: batch_name
in: query
- name: ledger_id
in: query
operations:
- name: get-journal
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
Palo Alto Network Threat Feed
▼
cybersecurity palo-alto-networks
Queries Palo Alto Networks threat intelligence feeds for indicators of compromise during cybersecurity assessments.
naftiko: "0.5"
info:
label: "Palo Alto Network Threat Feed"
description: "Queries Palo Alto Networks threat intelligence feeds for indicators of compromise during cybersecurity assessments."
tags:
- cybersecurity
- palo-alto-networks
capability:
exposes:
- type: mcp
namespace: threat-intel
port: 8080
tools:
- name: query-threat-feed
description: "Query threat intelligence for an indicator of compromise."
inputParameters:
- name: indicator
in: body
type: string
description: "The IOC to query (IP, domain, hash)."
- name: indicator_type
in: body
type: string
description: "Type of indicator (ip, domain, filehash)."
call: "paloalto.get-threat-intel"
with:
indicator: "{{indicator}}"
type: "{{indicator_type}}"
outputParameters:
- name: threat_score
type: integer
mapping: "$.verdict.score"
- name: classification
type: string
mapping: "$.verdict.classification"
consumes:
- type: http
namespace: paloalto
baseUri: "https://autofocus.paloaltonetworks.com/api/v1.0"
authentication:
type: apiKey
header: "apiKey"
key: "$secrets.paloalto_api_key"
resources:
- name: indicators
path: "/samples/search"
operations:
- name: get-threat-intel
method: POST
Palo Alto Networks Firewall Rule Audit
▼
cybersecurity palo-alto-networks firewall audit
Retrieves firewall security rules from Palo Alto Networks Panorama by device group, returning rule names, source/destination zones, and actions. Used by cybersecurity advisory teams for firewall policy audits.
naftiko: "0.5"
info:
label: "Palo Alto Networks Firewall Rule Audit"
description: "Retrieves firewall security rules from Palo Alto Networks Panorama by device group, returning rule names, source/destination zones, and actions. Used by cybersecurity advisory teams for firewall policy audits."
tags:
- cybersecurity
- palo-alto-networks
- firewall
- audit
capability:
exposes:
- type: mcp
namespace: firewall-audit
port: 8080
tools:
- name: get-firewall-rules
description: "Retrieve security rules from Palo Alto Panorama for a specified device group."
inputParameters:
- name: device_group
in: body
type: string
description: "The Panorama device group name."
call: "panorama.get-security-rules"
with:
device_group: "{{device_group}}"
outputParameters:
- name: rules
type: string
mapping: "$.result.entry"
- name: rule_count
type: string
mapping: "$.result.@count"
consumes:
- type: http
namespace: panorama
baseUri: "https://panorama.kpmg.com/restapi/v10.2"
authentication:
type: apiKey
key: "$secrets.panorama_api_key"
inputParameters:
- name: X-PAN-KEY
in: header
value: "$secrets.panorama_api_key"
resources:
- name: security-rules
path: "/Policies/SecurityRules?location=device-group&device-group={{device_group}}"
inputParameters:
- name: device_group
in: query
operations:
- name: get-security-rules
method: GET
Penetration Test Report Orchestrator
▼
cybersecurity penetration-testing nessus sharepoint jira microsoft-teams
Compiles penetration testing results from Nessus and Burp Suite, generates findings reports in SharePoint, creates remediation tasks in Jira, and notifies the client engagement lead.
naftiko: "0.5"
info:
label: "Penetration Test Report Orchestrator"
description: "Compiles penetration testing results from Nessus and Burp Suite, generates findings reports in SharePoint, creates remediation tasks in Jira, and notifies the client engagement lead."
tags:
- cybersecurity
- penetration-testing
- nessus
- sharepoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: pentest-reporting
port: 8080
tools:
- name: compile-pentest-report
description: "Compile penetration test findings into a client report."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement identifier."
- name: scan_id
in: body
type: string
description: "The Nessus scan ID."
- name: lead_email
in: body
type: string
description: "Engagement lead email."
steps:
- name: get-scan-results
type: call
call: "nessus.get-report"
with:
scan_id: "{{scan_id}}"
- name: create-report
type: call
call: "sharepoint.create-document"
with:
site_id: "cyber-engagements"
folder_path: "{{engagement_id}}/PenTestResults"
template: "pentest_report"
- name: create-remediation-tasks
type: call
call: "jira.create-issue"
with:
project: "CYBER"
summary: "Remediation plan: {{engagement_id}} - {{get-scan-results.critical}} critical findings"
description: "Report: {{create-report.url}}. Critical: {{get-scan-results.critical}}. High: {{get-scan-results.high}}."
- name: notify-lead
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{lead_email}}"
text: "Pentest report ready for {{engagement_id}}. Critical: {{get-scan-results.critical}}, High: {{get-scan-results.high}}. Report: {{create-report.url}}."
consumes:
- type: http
namespace: nessus
baseUri: "https://kpmg-nessus.kpmg.com:8834"
authentication:
type: apiKey
header: "X-ApiKeys"
key: "$secrets.nessus_api_keys"
resources:
- name: scans
path: "/scans/{{scan_id}}"
inputParameters:
- name: scan_id
in: path
operations:
- name: get-report
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Power BI Audit Dashboard Refresh
▼
audit analytics power-bi reporting
Triggers a Power BI dataset refresh for the specified audit analytics dashboard and returns the refresh status.
naftiko: "0.5"
info:
label: "Power BI Audit Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for the specified audit analytics dashboard and returns the refresh status."
tags:
- audit
- analytics
- power-bi
- reporting
capability:
exposes:
- type: mcp
namespace: audit-analytics
port: 8080
tools:
- name: refresh-audit-dashboard
description: "Trigger a Power BI dataset refresh for an audit analytics workspace and notify the audit team via Microsoft Teams when initiated."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace GUID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset GUID."
- name: audit_team_email
in: body
type: string
description: "Email of the audit team lead."
steps:
- name: trigger-refresh
type: call
call: "powerbi.refresh-dataset"
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{audit_team_email}}"
text: "Power BI audit dashboard refresh initiated. Dataset: {{dataset_id}}. Status: {{trigger-refresh.status}}."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Qlik Sense Dashboard Data Export
▼
analytics qlik-sense
Exports data from Qlik Sense analytical dashboards used for audit analytics and financial statement analysis.
naftiko: "0.5"
info:
label: "Qlik Sense Dashboard Data Export"
description: "Exports data from Qlik Sense analytical dashboards used for audit analytics and financial statement analysis."
tags:
- analytics
- qlik-sense
capability:
exposes:
- type: mcp
namespace: qlik-analytics
port: 8080
tools:
- name: export-dashboard-data
description: "Export data from a Qlik Sense dashboard by app ID."
inputParameters:
- name: app_id
in: body
type: string
description: "The Qlik Sense app identifier."
- name: object_id
in: body
type: string
description: "The visualization object ID."
call: "qlik.export-data"
with:
app_id: "{{app_id}}"
object_id: "{{object_id}}"
outputParameters:
- name: data
type: array
mapping: "$.qDataPages[0].qMatrix"
consumes:
- type: http
namespace: qlik
baseUri: "https://kpmg-qlik.qlikcloud.com/api/v1"
authentication:
type: bearer
token: "$secrets.qlik_token"
resources:
- name: apps
path: "/apps/{{app_id}}/objects/{{object_id}}/data"
inputParameters:
- name: app_id
in: path
- name: object_id
in: path
operations:
- name: export-data
method: GET
Regulatory Change Impact Orchestrator
▼
compliance regulatory bloomberg jira servicenow microsoft-teams sharepoint
When a new regulatory update is detected in Bloomberg Law, creates a Jira ticket for impact analysis, updates the compliance register in ServiceNow, posts an alert to the regulatory affairs team in Microsoft Teams, and stores the bulletin in SharePoint.
naftiko: "0.5"
info:
label: "Regulatory Change Impact Orchestrator"
description: "When a new regulatory update is detected in Bloomberg Law, creates a Jira ticket for impact analysis, updates the compliance register in ServiceNow, posts an alert to the regulatory affairs team in Microsoft Teams, and stores the bulletin in SharePoint."
tags:
- compliance
- regulatory
- bloomberg
- jira
- servicenow
- microsoft-teams
- sharepoint
capability:
exposes:
- type: mcp
namespace: regulatory-monitoring
port: 8080
tools:
- name: process-regulatory-change
description: "Given a Bloomberg Law alert ID and regulation domain, retrieve the update, create a Jira impact ticket, update the ServiceNow compliance register, store in SharePoint, and notify the regulatory team."
inputParameters:
- name: alert_id
in: body
type: string
description: "Bloomberg Law alert identifier."
- name: regulation_domain
in: body
type: string
description: "Domain of regulation (e.g., banking, insurance, securities, tax)."
- name: compliance_team_channel
in: body
type: string
description: "Microsoft Teams channel webhook URL for the compliance team."
steps:
- name: get-alert
type: call
call: "bloomberg-law.get-alert"
with:
alert_id: "{{alert_id}}"
- name: create-impact-ticket
type: call
call: "jira.create-issue"
with:
project_key: "COMPLY"
issue_type: "Task"
summary: "Regulatory Change: {{get-alert.title}} — {{regulation_domain}}"
description: "Effective date: {{get-alert.effective_date}}. Jurisdiction: {{get-alert.jurisdiction}}. Summary: {{get-alert.summary}}"
- name: update-register
type: call
call: "servicenow.create-compliance-record"
with:
regulation_name: "{{get-alert.title}}"
domain: "{{regulation_domain}}"
effective_date: "{{get-alert.effective_date}}"
jira_reference: "{{create-impact-ticket.key}}"
- name: store-bulletin
type: call
call: "sharepoint.create-file"
with:
site_id: "regulatory_updates_site"
file_path: "Bulletins/{{regulation_domain}}/{{get-alert.title}}_{{get-alert.effective_date}}.pdf"
- name: notify-team
type: call
call: "msteams.post-webhook"
with:
webhook_url: "{{compliance_team_channel}}"
text: "Regulatory Change Alert: {{get-alert.title}} ({{regulation_domain}}). Effective: {{get-alert.effective_date}}. Jira: {{create-impact-ticket.key}}. Bulletin: {{store-bulletin.url}}."
consumes:
- type: http
namespace: bloomberg-law
baseUri: "https://api.bloomberglaw.com/v2"
authentication:
type: bearer
token: "$secrets.bloomberg_law_token"
resources:
- name: alerts
path: "/alerts/{{alert_id}}"
inputParameters:
- name: alert_id
in: path
operations:
- name: get-alert
method: GET
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: compliance
path: "/table/sn_compliance_policy"
operations:
- name: create-compliance-record
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: webhooks
path: "/teams/{{webhook_url}}"
inputParameters:
- name: webhook_url
in: path
operations:
- name: post-webhook
method: POST
Regulatory Filing Deadline Tracker Pipeline
▼
compliance regulatory salesforce jira microsoft-teams
Tracks regulatory filing deadlines by pulling client engagements from Salesforce, checking deadlines in Jira, and sending upcoming deadline alerts via Teams and email.
naftiko: "0.5"
info:
label: "Regulatory Filing Deadline Tracker Pipeline"
description: "Tracks regulatory filing deadlines by pulling client engagements from Salesforce, checking deadlines in Jira, and sending upcoming deadline alerts via Teams and email."
tags:
- compliance
- regulatory
- salesforce
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: filing-deadlines
port: 8080
tools:
- name: check-filing-deadlines
description: "Check upcoming regulatory filing deadlines for a client."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: days_ahead
in: body
type: integer
description: "Number of days to look ahead."
- name: engagement_team_email
in: body
type: string
description: "Engagement team email."
steps:
- name: get-client-filings
type: call
call: "salesforce.get-filing-schedule"
with:
client_id: "{{client_id}}"
- name: check-task-status
type: call
call: "jira.search-issues"
with:
jql: "project = TAX AND client = '{{client_id}}' AND dueDate <= '{{days_ahead}}d'"
- name: send-deadline-alert
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{engagement_team_email}}"
text: "Filing deadline alert for {{client_id}}: {{check-task-status.total}} filings due within {{days_ahead}} days. {{check-task-status.overdue_count}} are overdue."
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: filings
path: "/sobjects/FilingSchedule__c"
operations:
- name: get-filing-schedule
method: GET
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Revenue Recognition Testing Pipeline
▼
audit revenue-recognition sap azure-databricks sharepoint
Tests revenue recognition compliance by extracting contract data from SAP, analyzing recognition patterns in Databricks, and documenting testing results in SharePoint.
naftiko: "0.5"
info:
label: "Revenue Recognition Testing Pipeline"
description: "Tests revenue recognition compliance by extracting contract data from SAP, analyzing recognition patterns in Databricks, and documenting testing results in SharePoint."
tags:
- audit
- revenue-recognition
- sap
- azure-databricks
- sharepoint
capability:
exposes:
- type: mcp
namespace: revenue-testing
port: 8080
tools:
- name: test-revenue-recognition
description: "Test client revenue recognition against ASC 606 requirements."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The engagement ID."
- name: fiscal_year
in: body
type: string
description: "The fiscal year under audit."
steps:
- name: extract-contracts
type: call
call: "sap.get-contracts"
with:
fiscal_year: "{{fiscal_year}}"
- name: analyze-recognition
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM revenue_recognition_analysis WHERE fiscal_year = '{{fiscal_year}}' AND variance_flag = true"
- name: create-workpaper
type: call
call: "sharepoint.create-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/RevenueRecognition"
template: "asc606_testing_workpaper"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: contracts
path: "/SD_SRV/SalesContracts"
operations:
- name: get-contracts
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
Risk Assessment Orchestrator
▼
risk compliance aml servicenow salesforce microsoft-teams dow-jones
On initiation of a new client risk assessment, creates a ServiceNow risk record, pulls entity data from Salesforce, runs a Dow Jones adverse media screening, and posts summary findings to the engagement team channel in Microsoft Teams.
naftiko: "0.5"
info:
label: "Risk Assessment Orchestrator"
description: "On initiation of a new client risk assessment, creates a ServiceNow risk record, pulls entity data from Salesforce, runs a Dow Jones adverse media screening, and posts summary findings to the engagement team channel in Microsoft Teams."
tags:
- risk
- compliance
- aml
- servicenow
- salesforce
- microsoft-teams
- dow-jones
capability:
exposes:
- type: mcp
namespace: risk-assessment
port: 8080
tools:
- name: initiate-risk-assessment
description: "Given a client Salesforce account ID and engagement lead email, pull client data, screen against Dow Jones, create a ServiceNow risk record, and alert the engagement team."
inputParameters:
- name: salesforce_account_id
in: body
type: string
description: "The Salesforce account ID for the client entity."
- name: engagement_lead_email
in: body
type: string
description: "UPN of the engagement lead."
- name: risk_category
in: body
type: string
description: "Risk category (e.g., financial_crime, sanctions, pep)."
steps:
- name: get-client
type: call
call: "salesforce.get-account"
with:
account_id: "{{salesforce_account_id}}"
- name: screen-entity
type: call
call: "dowjones.screen-entity"
with:
entity_name: "{{get-client.Name}}"
country: "{{get-client.BillingCountry}}"
- name: create-risk-record
type: call
call: "servicenow.create-risk"
with:
short_description: "Risk Assessment: {{get-client.Name}} — {{risk_category}}"
description: "DJ screening hits: {{screen-entity.total_hits}}. Category: {{risk_category}}. Country: {{get-client.BillingCountry}}."
risk_score: "{{screen-entity.risk_score}}"
assigned_group: "Risk_Advisory"
- name: notify-lead
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{engagement_lead_email}}"
text: "Risk Assessment initiated for {{get-client.Name}}. DJ hits: {{screen-entity.total_hits}}. Risk score: {{screen-entity.risk_score}}. ServiceNow: {{create-risk-record.number}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
- type: http
namespace: dowjones
baseUri: "https://api.dowjones.com/riskandcompliance/v1"
authentication:
type: bearer
token: "$secrets.dowjones_token"
resources:
- name: screening
path: "/screenings"
operations:
- name: screen-entity
method: POST
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: risk-records
path: "/table/sn_risk_risk"
operations:
- name: create-risk
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Robotic Process Automation Monitoring Orchestrator
▼
consulting rpa microsoft-power-automate servicenow jira microsoft-teams
Monitors Microsoft Power Automate flow runs for a consulting engagement, detects failures, creates ServiceNow incidents for failed runs, assigns remediation in Jira, and alerts the RPA team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Robotic Process Automation Monitoring Orchestrator"
description: "Monitors Microsoft Power Automate flow runs for a consulting engagement, detects failures, creates ServiceNow incidents for failed runs, assigns remediation in Jira, and alerts the RPA team via Microsoft Teams."
tags:
- consulting
- rpa
- microsoft-power-automate
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: rpa-monitoring
port: 8080
tools:
- name: monitor-rpa-failures
description: "Given a Power Automate flow ID and monitoring window, check for failures, create ServiceNow incidents, assign Jira tasks, and alert the RPA team."
inputParameters:
- name: flow_id
in: body
type: string
description: "The Power Automate flow identifier."
- name: environment_id
in: body
type: string
description: "The Power Platform environment ID."
- name: rpa_team_email
in: body
type: string
description: "Email of the RPA support team lead."
steps:
- name: get-flow-runs
type: call
call: "power-automate.get-flow-runs"
with:
flow_id: "{{flow_id}}"
environment_id: "{{environment_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "RPA failure: Flow {{flow_id}} — {{get-flow-runs.failed_count}} failures"
description: "Environment: {{environment_id}}. Failed runs: {{get-flow-runs.failed_count}}. Last failure: {{get-flow-runs.last_failure_message}}."
priority: "2"
assigned_group: "RPA_Support"
- name: create-remediation
type: call
call: "jira.create-issue"
with:
project_key: "RPA"
issue_type: "Bug"
summary: "Fix: Power Automate flow {{flow_id}} failures"
description: "ServiceNow: {{create-incident.number}}. Failed: {{get-flow-runs.failed_count}}. Error: {{get-flow-runs.last_failure_message}}."
- name: alert-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{rpa_team_email}}"
text: "RPA Alert: Flow {{flow_id}} has {{get-flow-runs.failed_count}} failures. Error: {{get-flow-runs.last_failure_message}}. ServiceNow: {{create-incident.number}}. Jira: {{create-remediation.key}}."
consumes:
- type: http
namespace: power-automate
baseUri: "https://api.flow.microsoft.com/providers/Microsoft.ProcessSimple/environments/{{environment_id}}"
authentication:
type: bearer
token: "$secrets.power_automate_token"
resources:
- name: flow-runs
path: "/flows/{{flow_id}}/runs?$filter=status eq 'Failed'"
inputParameters:
- name: flow_id
in: path
- name: environment_id
in: path
operations:
- name: get-flow-runs
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Salesforce Client Opportunity Lookup
▼
sales advisory salesforce pipeline
Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and account name. Used by advisory partners to check pipeline status.
naftiko: "0.5"
info:
label: "Salesforce Client Opportunity Lookup"
description: "Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and account name. Used by advisory partners to check pipeline status."
tags:
- sales
- advisory
- salesforce
- pipeline
capability:
exposes:
- type: mcp
namespace: advisory-pipeline
port: 8080
tools:
- name: get-opportunity
description: "Look up a Salesforce opportunity by ID and return its current stage and deal details."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity record ID."
call: "salesforce.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
outputParameters:
- name: stage
type: string
mapping: "$.StageName"
- name: amount
type: string
mapping: "$.Amount"
- name: close_date
type: string
mapping: "$.CloseDate"
- name: account_name
type: string
mapping: "$.Account.Name"
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
Sanctions Screening Pipeline
▼
compliance sanctions salesforce azure-databricks sharepoint microsoft-teams
Screens entities against global sanctions lists by querying client data from Salesforce, running screening in Databricks, documenting results in SharePoint, and alerting compliance.
naftiko: "0.5"
info:
label: "Sanctions Screening Pipeline"
description: "Screens entities against global sanctions lists by querying client data from Salesforce, running screening in Databricks, documenting results in SharePoint, and alerting compliance."
tags:
- compliance
- sanctions
- salesforce
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sanctions-screening
port: 8080
tools:
- name: screen-entity
description: "Screen an entity against global sanctions lists."
inputParameters:
- name: entity_name
in: body
type: string
description: "The entity name to screen."
- name: engagement_id
in: body
type: string
description: "The engagement ID."
- name: compliance_email
in: body
type: string
description: "Compliance team email."
steps:
- name: get-entity-data
type: call
call: "salesforce.get-client-entity"
with:
entity_name: "{{entity_name}}"
- name: run-screening
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM sanctions_screening WHERE entity_name LIKE '%{{entity_name}}%'"
- name: document-results
type: call
call: "sharepoint.create-document"
with:
site_id: "compliance"
folder_path: "SanctionsScreening/{{engagement_id}}/{{entity_name}}"
template: "sanctions_screening_result"
- name: alert-compliance
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{compliance_email}}"
text: "Sanctions screening for {{entity_name}} ({{engagement_id}}): {{run-screening.match_count}} potential matches. Results: {{document-results.url}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://kpmg.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: clients
path: "/sobjects/Account"
operations:
- name: get-client-entity
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Ariba Procurement Requisition Lookup
▼
procurement sap-ariba spend-management
Retrieves a SAP Ariba procurement requisition by ID, returning status, requestor, total amount, and approval chain. Used by procurement advisory teams.
naftiko: "0.5"
info:
label: "SAP Ariba Procurement Requisition Lookup"
description: "Retrieves a SAP Ariba procurement requisition by ID, returning status, requestor, total amount, and approval chain. Used by procurement advisory teams."
tags:
- procurement
- sap-ariba
- spend-management
capability:
exposes:
- type: mcp
namespace: procurement-ariba
port: 8080
tools:
- name: get-ariba-requisition
description: "Look up a SAP Ariba requisition by ID and return its status and details."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The SAP Ariba requisition identifier."
call: "ariba.get-requisition"
with:
requisition_id: "{{requisition_id}}"
outputParameters:
- name: status
type: string
mapping: "$.StatusString"
- name: requestor
type: string
mapping: "$.Requester.Name"
- name: total_amount
type: string
mapping: "$.TotalCost.Amount"
- name: currency
type: string
mapping: "$.TotalCost.Currency"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/purchase-req/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: requisitions
path: "/requisitions/{{requisition_id}}"
inputParameters:
- name: requisition_id
in: path
operations:
- name: get-requisition
method: GET
SAP Ariba Supplier Qualification Lookup
▼
procurement sap-ariba
Looks up supplier qualification status and risk ratings from SAP Ariba for procurement compliance assessments.
naftiko: "0.5"
info:
label: "SAP Ariba Supplier Qualification Lookup"
description: "Looks up supplier qualification status and risk ratings from SAP Ariba for procurement compliance assessments."
tags:
- procurement
- sap-ariba
capability:
exposes:
- type: mcp
namespace: supplier-qualification
port: 8080
tools:
- name: get-supplier-qualification
description: "Check supplier qualification status in SAP Ariba."
inputParameters:
- name: supplier_id
in: body
type: string
description: "The SAP Ariba supplier ID."
call: "ariba.get-qualification"
with:
supplier_id: "{{supplier_id}}"
outputParameters:
- name: qualification_status
type: string
mapping: "$.supplier.qualificationStatus"
- name: risk_rating
type: string
mapping: "$.supplier.riskRating"
- name: last_assessment_date
type: string
mapping: "$.supplier.lastAssessmentDate"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier-management/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: suppliers
path: "/suppliers/{{supplier_id}}/qualification"
inputParameters:
- name: supplier_id
in: path
operations:
- name: get-qualification
method: GET
SAP Fixed Asset Depreciation Lookup
▼
audit finance sap fixed-assets
Retrieves fixed asset depreciation schedules from SAP for a given company code and fiscal year, returning asset descriptions, acquisition values, accumulated depreciation, and net book values.
naftiko: "0.5"
info:
label: "SAP Fixed Asset Depreciation Lookup"
description: "Retrieves fixed asset depreciation schedules from SAP for a given company code and fiscal year, returning asset descriptions, acquisition values, accumulated depreciation, and net book values."
tags:
- audit
- finance
- sap
- fixed-assets
capability:
exposes:
- type: mcp
namespace: audit-assets
port: 8080
tools:
- name: get-asset-depreciation
description: "Look up fixed asset depreciation data from SAP by company code and fiscal year. Returns asset details, acquisition cost, and net book value."
inputParameters:
- name: company_code
in: body
type: string
description: "The SAP company code for the client entity."
- name: fiscal_year
in: body
type: string
description: "The fiscal year in YYYY format."
call: "sap.get-fixed-assets"
with:
company_code: "{{company_code}}"
fiscal_year: "{{fiscal_year}}"
outputParameters:
- name: assets
type: array
mapping: "$.data"
items:
- name: asset_number
type: string
mapping: "$.assetNumber"
- name: description
type: string
mapping: "$.description"
- name: acquisition_value
type: number
mapping: "$.acquisitionValue"
- name: accumulated_depreciation
type: number
mapping: "$.accumulatedDepreciation"
- name: net_book_value
type: number
mapping: "$.netBookValue"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.s4hana.cloud/api/v1"
authentication:
type: bearer
token: "$secrets.sap_token"
resources:
- name: fixed-assets
path: "/fixed-assets"
inputParameters:
- name: company_code
in: query
- name: fiscal_year
in: query
operations:
- name: get-fixed-assets
method: GET
SAP General Ledger Balance Lookup
▼
audit finance sap general-ledger
Retrieves the general ledger account balance from SAP S/4HANA for a given company code, fiscal year, and GL account number. Used by audit and finance teams to validate trial balance figures.
naftiko: "0.5"
info:
label: "SAP General Ledger Balance Lookup"
description: "Retrieves the general ledger account balance from SAP S/4HANA for a given company code, fiscal year, and GL account number. Used by audit and finance teams to validate trial balance figures."
tags:
- audit
- finance
- sap
- general-ledger
capability:
exposes:
- type: mcp
namespace: audit-gl
port: 8080
tools:
- name: get-gl-balance
description: "Look up a SAP S/4HANA general ledger account balance by company code, fiscal year, and GL account number, and log the inquiry in ServiceNow for audit trail purposes."
inputParameters:
- name: company_code
in: body
type: string
description: "The SAP company code (4-digit)."
- name: fiscal_year
in: body
type: string
description: "The fiscal year (YYYY)."
- name: gl_account
in: body
type: string
description: "The GL account number (10-digit)."
- name: auditor_email
in: body
type: string
description: "Email of the requesting auditor."
steps:
- name: fetch-balance
type: call
call: "sap.get-gl-balance"
with:
company_code: "{{company_code}}"
fiscal_year: "{{fiscal_year}}"
gl_account: "{{gl_account}}"
- name: log-inquiry
type: call
call: "servicenow.create-task"
with:
short_description: "GL balance inquiry: {{company_code}}/{{gl_account}} FY{{fiscal_year}}"
description: "Balance: {{fetch-balance.EndingBalance}} {{fetch-balance.TransactionCurrency}}. Auditor: {{auditor_email}}."
assigned_group: "Audit_Operations"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-s4.sap.com/sap/opu/odata/sap/API_GLACCOUNTBALANCE"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
inputParameters:
- name: Accept
in: header
value: "application/json"
- name: sap-client
in: header
value: "100"
resources:
- name: gl-balances
path: "/GLAccountBalanceSet(CompanyCode='{{company_code}}',FiscalYear='{{fiscal_year}}',GLAccount='{{gl_account}}')"
inputParameters:
- name: company_code
in: path
- name: fiscal_year
in: path
- name: gl_account
in: path
operations:
- name: get-gl-balance
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST
SAP HANA Database Health Check
▼
infrastructure sap-hana database health-check
Queries SAP HANA system overview for a given SID, returning memory utilization, disk usage, and active connections. Used by technology advisory teams for infrastructure assessments.
naftiko: "0.5"
info:
label: "SAP HANA Database Health Check"
description: "Queries SAP HANA system overview for a given SID, returning memory utilization, disk usage, and active connections. Used by technology advisory teams for infrastructure assessments."
tags:
- infrastructure
- sap-hana
- database
- health-check
capability:
exposes:
- type: mcp
namespace: sap-hana-ops
port: 8080
tools:
- name: get-hana-health
description: "Look up SAP HANA system health by SID and return key metrics."
inputParameters:
- name: hana_host
in: body
type: string
description: "The SAP HANA host address."
- name: sid
in: body
type: string
description: "The SAP HANA system ID."
call: "hana.get-system-overview"
with:
hana_host: "{{hana_host}}"
sid: "{{sid}}"
outputParameters:
- name: memory_used_pct
type: string
mapping: "$.memoryUsedPercent"
- name: disk_used_pct
type: string
mapping: "$.diskUsedPercent"
- name: active_connections
type: string
mapping: "$.activeConnections"
- name: version
type: string
mapping: "$.version"
consumes:
- type: http
namespace: hana
baseUri: "https://{{hana_host}}:8443/api/v1"
authentication:
type: basic
username: "$secrets.hana_user"
password: "$secrets.hana_password"
resources:
- name: system-overview
path: "/systems/{{sid}}/overview"
inputParameters:
- name: hana_host
in: path
- name: sid
in: path
operations:
- name: get-system-overview
method: GET
ServiceNow Incident Lookup
▼
operations servicenow incident-management
Retrieves a ServiceNow incident by number, returning priority, assignment group, state, and short description. Used by IT operations and advisory teams for incident triage.
naftiko: "0.5"
info:
label: "ServiceNow Incident Lookup"
description: "Retrieves a ServiceNow incident by number, returning priority, assignment group, state, and short description. Used by IT operations and advisory teams for incident triage."
tags:
- operations
- servicenow
- incident-management
capability:
exposes:
- type: mcp
namespace: it-operations
port: 8080
tools:
- name: get-incident
description: "Look up a ServiceNow incident by number and return its current state and assignment details."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.result.state"
- name: priority
type: string
mapping: "$.result.priority"
- name: assigned_to
type: string
mapping: "$.result.assigned_to.display_value"
- name: short_description
type: string
mapping: "$.result.short_description"
consumes:
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident?sysparm_query=number={{incident_number}}"
inputParameters:
- name: incident_number
in: query
operations:
- name: get-incident
method: GET
SharePoint Audit Workpaper Retrieval
▼
audit sharepoint
Retrieves audit workpapers and supporting documentation from SharePoint document libraries organized by engagement.
naftiko: "0.5"
info:
label: "SharePoint Audit Workpaper Retrieval"
description: "Retrieves audit workpapers and supporting documentation from SharePoint document libraries organized by engagement."
tags:
- audit
- sharepoint
capability:
exposes:
- type: mcp
namespace: audit-workpapers
port: 8080
tools:
- name: get-workpaper
description: "Retrieve an audit workpaper from SharePoint by engagement and document ID."
inputParameters:
- name: engagement_id
in: body
type: string
description: "The audit engagement identifier."
- name: document_name
in: body
type: string
description: "The workpaper document name."
call: "sharepoint.get-document"
with:
site_id: "audit-engagements"
folder_path: "{{engagement_id}}/Workpapers/{{document_name}}"
outputParameters:
- name: download_url
type: string
mapping: "$.@microsoft.graph.downloadUrl"
- name: last_modified
type: string
mapping: "$.lastModifiedDateTime"
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/audit-engagements/drive/root:/{{folder_path}}"
inputParameters:
- name: folder_path
in: path
operations:
- name: get-document
method: GET
SOX Compliance Testing Orchestrator
▼
audit sox compliance servicenow sap sharepoint microsoft-teams
Executes SOX control testing by pulling control evidence from ServiceNow GRC, validating against SAP transaction logs, documenting test results in SharePoint, and notifying the SOX coordinator via Microsoft Teams.
naftiko: "0.5"
info:
label: "SOX Compliance Testing Orchestrator"
description: "Executes SOX control testing by pulling control evidence from ServiceNow GRC, validating against SAP transaction logs, documenting test results in SharePoint, and notifying the SOX coordinator via Microsoft Teams."
tags:
- audit
- sox
- compliance
- servicenow
- sap
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sox-testing
port: 8080
tools:
- name: execute-sox-test
description: "Given a control ID and testing period, pull evidence from ServiceNow GRC, validate against SAP, document in SharePoint, and notify the coordinator."
inputParameters:
- name: control_id
in: body
type: string
description: "The ServiceNow GRC control identifier."
- name: testing_period_start
in: body
type: string
description: "Testing period start date (YYYY-MM-DD)."
- name: testing_period_end
in: body
type: string
description: "Testing period end date (YYYY-MM-DD)."
- name: coordinator_email
in: body
type: string
description: "Email of the SOX testing coordinator."
steps:
- name: get-control-evidence
type: call
call: "servicenow.get-control"
with:
control_id: "{{control_id}}"
- name: get-sap-transactions
type: call
call: "sap.get-transaction-log"
with:
control_id: "{{control_id}}"
date_from: "{{testing_period_start}}"
date_to: "{{testing_period_end}}"
- name: save-test-results
type: call
call: "sharepoint.create-file"
with:
site_id: "sox_testing_site"
file_path: "TestResults/{{control_id}}_{{testing_period_start}}_to_{{testing_period_end}}.xlsx"
content: "Control: {{get-control-evidence.control_name}}. Transactions tested: {{get-sap-transactions.count}}. Exceptions: {{get-sap-transactions.exceptions}}."
- name: notify-coordinator
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{coordinator_email}}"
text: "SOX test complete for {{get-control-evidence.control_name}} ({{control_id}}). Period: {{testing_period_start}} to {{testing_period_end}}. Transactions: {{get-sap-transactions.count}}. Exceptions: {{get-sap-transactions.exceptions}}. Results: {{save-test-results.url}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: controls
path: "/table/sn_compliance_control/{{control_id}}"
inputParameters:
- name: control_id
in: path
operations:
- name: get-control
method: GET
- type: http
namespace: sap
baseUri: "https://kpmg-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
inputParameters:
- name: Accept
in: header
value: "application/json"
resources:
- name: transaction-logs
path: "/JournalEntrySet?$filter=PostingDate ge datetime'{{date_from}}' and PostingDate le datetime'{{date_to}}'"
inputParameters:
- name: date_from
in: query
- name: date_to
in: query
operations:
- name: get-transaction-log
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Supply Chain Risk Advisory Pipeline
▼
advisory supply-chain-risk azure-databricks sharepoint microsoft-teams
Assesses client supply chain risk by analyzing supplier data in Databricks, cross-referencing geopolitical risk indicators, generating risk reports in SharePoint, and briefing the advisory team.
naftiko: "0.5"
info:
label: "Supply Chain Risk Advisory Pipeline"
description: "Assesses client supply chain risk by analyzing supplier data in Databricks, cross-referencing geopolitical risk indicators, generating risk reports in SharePoint, and briefing the advisory team."
tags:
- advisory
- supply-chain-risk
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: supply-chain-risk
port: 8080
tools:
- name: assess-supply-chain-risk
description: "Assess a client's supply chain risk profile."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: advisory_lead_email
in: body
type: string
description: "Advisory lead email."
steps:
- name: analyze-suppliers
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM supply_chain_risk WHERE client_id = '{{client_id}}' ORDER BY risk_score DESC"
- name: generate-risk-report
type: call
call: "sharepoint.create-document"
with:
site_id: "advisory-engagements"
folder_path: "{{client_id}}/SupplyChainRisk"
template: "supply_chain_risk_report"
- name: brief-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{advisory_lead_email}}"
text: "Supply chain risk assessment for {{client_id}}: {{analyze-suppliers.high_risk_count}} high-risk suppliers identified out of {{analyze-suppliers.total_suppliers}}. Report: {{generate-risk-report.url}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Tableau Workbook Data Extract Refresh
▼
analytics tableau reporting data-refresh
Triggers a data extract refresh for a specified Tableau workbook on Tableau Server. Used by analytics teams to ensure audit and advisory dashboards have current data.
naftiko: "0.5"
info:
label: "Tableau Workbook Data Extract Refresh"
description: "Triggers a data extract refresh for a specified Tableau workbook on Tableau Server. Used by analytics teams to ensure audit and advisory dashboards have current data."
tags:
- analytics
- tableau
- reporting
- data-refresh
capability:
exposes:
- type: mcp
namespace: analytics-refresh
port: 8080
tools:
- name: refresh-tableau-extract
description: "Trigger a Tableau Server data extract refresh for a given site and workbook."
inputParameters:
- name: site_id
in: body
type: string
description: "The Tableau Server site ID."
- name: workbook_id
in: body
type: string
description: "The Tableau workbook LUID."
call: "tableau.refresh-workbook"
with:
site_id: "{{site_id}}"
workbook_id: "{{workbook_id}}"
outputParameters:
- name: job_id
type: string
mapping: "$.job.id"
- name: status
type: string
mapping: "$.job.status"
consumes:
- type: http
namespace: tableau
baseUri: "https://tableau.kpmg.com/api/3.19"
authentication:
type: bearer
token: "$secrets.tableau_token"
resources:
- name: workbook-refresh
path: "/sites/{{site_id}}/workbooks/{{workbook_id}}/refresh"
inputParameters:
- name: site_id
in: path
- name: workbook_id
in: path
operations:
- name: refresh-workbook
method: POST
Tax Filing Status Tracker
▼
tax compliance thomson-reuters filing-status
Queries the Thomson Reuters ONESOURCE tax engine for a client entity filing status by jurisdiction and tax year, returning compliance deadlines and submission state.
naftiko: "0.5"
info:
label: "Tax Filing Status Tracker"
description: "Queries the Thomson Reuters ONESOURCE tax engine for a client entity filing status by jurisdiction and tax year, returning compliance deadlines and submission state."
tags:
- tax
- compliance
- thomson-reuters
- filing-status
capability:
exposes:
- type: mcp
namespace: tax-filing
port: 8080
tools:
- name: get-filing-status
description: "Look up a tax filing status by client entity ID, jurisdiction code, and tax year from Thomson Reuters ONESOURCE, and notify the tax manager via Microsoft Teams if the filing is overdue."
inputParameters:
- name: entity_id
in: body
type: string
description: "The client entity identifier in ONESOURCE."
- name: jurisdiction
in: body
type: string
description: "Tax jurisdiction code (e.g., US-FED, US-NY, UK)."
- name: tax_year
in: body
type: string
description: "The tax year (YYYY)."
- name: tax_manager_email
in: body
type: string
description: "Email of the tax manager to notify."
steps:
- name: fetch-filing
type: call
call: "onesource.get-filing"
with:
entity_id: "{{entity_id}}"
jurisdiction: "{{jurisdiction}}"
tax_year: "{{tax_year}}"
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{tax_manager_email}}"
text: "Filing status for {{entity_id}} ({{jurisdiction}} TY{{tax_year}}): {{fetch-filing.status}}. Due: {{fetch-filing.dueDate}}. Extension: {{fetch-filing.extensionDate}}."
consumes:
- type: http
namespace: onesource
baseUri: "https://api.tax.thomsonreuters.com/onesource/v2"
authentication:
type: bearer
token: "$secrets.onesource_token"
resources:
- name: filings
path: "/entities/{{entity_id}}/filings?jurisdiction={{jurisdiction}}&taxYear={{tax_year}}"
inputParameters:
- name: entity_id
in: path
- name: jurisdiction
in: query
- name: tax_year
in: query
operations:
- name: get-filing
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Tax Provision Calculation Pipeline
▼
tax provision sap thomson-reuters sharepoint microsoft-teams
Pulls trial balance data from SAP, runs the tax provision calculation in Thomson Reuters ONESOURCE, stores the provision workpaper in SharePoint, and notifies the tax senior manager via Microsoft Teams.
naftiko: "0.5"
info:
label: "Tax Provision Calculation Pipeline"
description: "Pulls trial balance data from SAP, runs the tax provision calculation in Thomson Reuters ONESOURCE, stores the provision workpaper in SharePoint, and notifies the tax senior manager via Microsoft Teams."
tags:
- tax
- provision
- sap
- thomson-reuters
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: tax-provision
port: 8080
tools:
- name: calculate-tax-provision
description: "Given a company code, fiscal year, and period, pull SAP trial balance, run ONESOURCE provision, store workpaper in SharePoint, and notify the tax senior manager."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code."
- name: fiscal_year
in: body
type: string
description: "Fiscal year (YYYY)."
- name: period
in: body
type: string
description: "Fiscal period (e.g., Q1, Q2, Q3, Q4, FY)."
- name: tax_manager_email
in: body
type: string
description: "Email of the tax senior manager."
steps:
- name: get-trial-balance
type: call
call: "sap.get-trial-balance"
with:
company_code: "{{company_code}}"
fiscal_year: "{{fiscal_year}}"
period: "{{period}}"
- name: run-provision
type: call
call: "onesource.calculate-provision"
with:
entity_code: "{{company_code}}"
fiscal_year: "{{fiscal_year}}"
period: "{{period}}"
pretax_income: "{{get-trial-balance.pretax_income}}"
- name: store-workpaper
type: call
call: "sharepoint.create-file"
with:
site_id: "tax_provisions_site"
file_path: "Provisions/{{company_code}}_{{fiscal_year}}_{{period}}_provision.xlsx"
content: "Entity: {{company_code}}. Period: {{period}} FY{{fiscal_year}}. Pretax income: {{get-trial-balance.pretax_income}}. Current provision: {{run-provision.current_tax}}. Deferred provision: {{run-provision.deferred_tax}}. ETR: {{run-provision.effective_tax_rate}}."
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{tax_manager_email}}"
text: "Tax provision for {{company_code}} {{period}} FY{{fiscal_year}} complete. Current: {{run-provision.current_tax}}. Deferred: {{run-provision.deferred_tax}}. ETR: {{run-provision.effective_tax_rate}}. Workpaper: {{store-workpaper.url}}."
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-s4.sap.com/sap/opu/odata/sap/API_TRIALBALANCE"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
inputParameters:
- name: Accept
in: header
value: "application/json"
- name: sap-client
in: header
value: "100"
resources:
- name: trial-balance
path: "/TrialBalanceSet?$filter=CompanyCode eq '{{company_code}}' and FiscalYear eq '{{fiscal_year}}'"
inputParameters:
- name: company_code
in: query
- name: fiscal_year
in: query
operations:
- name: get-trial-balance
method: GET
- type: http
namespace: onesource
baseUri: "https://api.tax.thomsonreuters.com/onesource/v2"
authentication:
type: bearer
token: "$secrets.onesource_token"
resources:
- name: provisions
path: "/provisions/calculate"
operations:
- name: calculate-provision
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Tax Return Preparation Orchestrator
▼
tax preparation sap azure-databricks sharepoint microsoft-teams
Orchestrates tax return preparation by extracting client financial data from SAP, running tax calculations in Databricks, generating draft returns in SharePoint, and notifying the engagement team via Teams.
naftiko: "0.5"
info:
label: "Tax Return Preparation Orchestrator"
description: "Orchestrates tax return preparation by extracting client financial data from SAP, running tax calculations in Databricks, generating draft returns in SharePoint, and notifying the engagement team via Teams."
tags:
- tax
- preparation
- sap
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: tax-preparation
port: 8080
tools:
- name: prepare-tax-return
description: "Orchestrate tax return preparation workflow."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: tax_year
in: body
type: string
description: "The tax year."
- name: engagement_manager_email
in: body
type: string
description: "Engagement manager email."
steps:
- name: extract-financials
type: call
call: "sap.get-trial-balance"
with:
client_id: "{{client_id}}"
fiscal_year: "{{tax_year}}"
- name: calculate-tax
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM tax_calculation WHERE client_id = '{{client_id}}' AND tax_year = '{{tax_year}}'"
- name: generate-draft
type: call
call: "sharepoint.create-document"
with:
site_id: "tax-engagements"
folder_path: "{{client_id}}/{{tax_year}}/Returns"
template: "tax_return_draft"
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{engagement_manager_email}}"
text: "Tax return draft ready for {{client_id}} ({{tax_year}}). Taxable income: {{calculate-tax.taxable_income}}. Draft: {{generate-draft.url}}."
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: trial-balance
path: "/GL_SRV/TrialBalance"
operations:
- name: get-trial-balance
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Terraform Cloud Workspace Status
▼
cloud terraform infrastructure-as-code governance
Retrieves the latest run status for a Terraform Cloud workspace, returning plan status, resource changes, and run ID. Used by cloud advisory teams for infrastructure-as-code governance.
naftiko: "0.5"
info:
label: "Terraform Cloud Workspace Status"
description: "Retrieves the latest run status for a Terraform Cloud workspace, returning plan status, resource changes, and run ID. Used by cloud advisory teams for infrastructure-as-code governance."
tags:
- cloud
- terraform
- infrastructure-as-code
- governance
capability:
exposes:
- type: mcp
namespace: iac-governance
port: 8080
tools:
- name: get-terraform-run
description: "Look up the latest Terraform Cloud run for a workspace and log any resource destructions in ServiceNow for governance review."
inputParameters:
- name: organization
in: body
type: string
description: "Terraform Cloud organization name."
- name: workspace_name
in: body
type: string
description: "Terraform Cloud workspace name."
- name: cloud_ops_email
in: body
type: string
description: "Email of the cloud operations lead."
steps:
- name: fetch-run
type: call
call: "terraform.get-latest-run"
with:
organization: "{{organization}}"
workspace_name: "{{workspace_name}}"
- name: log-governance
type: call
call: "servicenow.create-change-request"
with:
short_description: "IaC run: {{workspace_name}} — {{fetch-run.status}}"
description: "Run: {{fetch-run.id}}. Additions: {{fetch-run.resource-additions}}. Destructions: {{fetch-run.resource-destructions}}."
assigned_group: "Cloud_Governance"
- name: notify-ops
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{cloud_ops_email}}"
text: "Terraform run {{fetch-run.id}} ({{workspace_name}}): {{fetch-run.status}}. Adds: {{fetch-run.resource-additions}}. Destroys: {{fetch-run.resource-destructions}}. ServiceNow: {{log-governance.number}}."
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/{{organization}}/workspaces/{{workspace_name}}/runs?page[size]=1"
inputParameters:
- name: organization
in: path
- name: workspace_name
in: path
operations:
- name: get-latest-run
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Third-Party Risk Management Orchestrator
▼
risk vendor-management third-party-risk dow-jones box servicenow jira microsoft-teams
On vendor onboarding, screens the vendor in Dow Jones, retrieves their SOC 2 report from Box, creates a risk assessment in ServiceNow GRC, assigns a review task in Jira, and notifies the procurement team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Third-Party Risk Management Orchestrator"
description: "On vendor onboarding, screens the vendor in Dow Jones, retrieves their SOC 2 report from Box, creates a risk assessment in ServiceNow GRC, assigns a review task in Jira, and notifies the procurement team via Microsoft Teams."
tags:
- risk
- vendor-management
- third-party-risk
- dow-jones
- box
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: tprm
port: 8080
tools:
- name: onboard-vendor-risk
description: "Given a vendor name and procurement contact, screen in DJ, retrieve SOC 2 from Box, create ServiceNow risk assessment, Jira review task, and notify procurement."
inputParameters:
- name: vendor_name
in: body
type: string
description: "Legal name of the vendor."
- name: vendor_country
in: body
type: string
description: "Vendor country of incorporation."
- name: soc2_folder_id
in: body
type: string
description: "Box folder ID containing vendor SOC 2 reports."
- name: procurement_contact_email
in: body
type: string
description: "Email of the procurement contact."
steps:
- name: screen-vendor
type: call
call: "dowjones.screen-entity"
with:
entity_name: "{{vendor_name}}"
country: "{{vendor_country}}"
- name: get-soc2-report
type: call
call: "box.get-folder-items"
with:
folder_id: "{{soc2_folder_id}}"
- name: create-risk-assessment
type: call
call: "servicenow.create-vendor-risk"
with:
short_description: "TPRM Assessment: {{vendor_name}}"
description: "DJ risk score: {{screen-vendor.risk_score}}. DJ hits: {{screen-vendor.total_hits}}. SOC 2 files: {{get-soc2-report.file_count}}. Country: {{vendor_country}}."
assigned_group: "Third_Party_Risk"
- name: create-review-task
type: call
call: "jira.create-issue"
with:
project_key: "TPRM"
issue_type: "Task"
summary: "Review: {{vendor_name}} TPRM Assessment"
description: "ServiceNow: {{create-risk-assessment.number}}. DJ score: {{screen-vendor.risk_score}}. SOC 2 available: {{get-soc2-report.file_count}} files."
- name: notify-procurement
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{procurement_contact_email}}"
text: "TPRM initiated for {{vendor_name}} ({{vendor_country}}). DJ risk: {{screen-vendor.risk_score}}. SOC 2 reports: {{get-soc2-report.file_count}}. ServiceNow: {{create-risk-assessment.number}}. Jira: {{create-review-task.key}}."
consumes:
- type: http
namespace: dowjones
baseUri: "https://api.dowjones.com/riskandcompliance/v1"
authentication:
type: bearer
token: "$secrets.dowjones_token"
resources:
- name: screening
path: "/screenings"
operations:
- name: screen-entity
method: POST
- type: http
namespace: box
baseUri: "https://api.box.com/2.0"
authentication:
type: bearer
token: "$secrets.box_token"
resources:
- name: folders
path: "/folders/{{folder_id}}/items"
inputParameters:
- name: folder_id
in: path
operations:
- name: get-folder-items
method: GET
- type: http
namespace: servicenow
baseUri: "https://kpmg.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: vendor-risk
path: "/table/sn_risk_risk"
operations:
- name: create-vendor-risk
method: POST
- type: http
namespace: jira
baseUri: "https://kpmg.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Transfer Pricing Benchmarking Pipeline
▼
tax transfer-pricing sap azure-databricks sharepoint
Conducts transfer pricing benchmarking by extracting intercompany transactions from SAP, running comparability analysis in Databricks, and generating documentation in SharePoint.
naftiko: "0.5"
info:
label: "Transfer Pricing Benchmarking Pipeline"
description: "Conducts transfer pricing benchmarking by extracting intercompany transactions from SAP, running comparability analysis in Databricks, and generating documentation in SharePoint."
tags:
- tax
- transfer-pricing
- sap
- azure-databricks
- sharepoint
capability:
exposes:
- type: mcp
namespace: transfer-pricing
port: 8080
tools:
- name: run-benchmarking
description: "Run transfer pricing benchmarking analysis."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: fiscal_year
in: body
type: string
description: "The fiscal year."
steps:
- name: extract-intercompany
type: call
call: "sap.get-intercompany-transactions"
with:
client_id: "{{client_id}}"
fiscal_year: "{{fiscal_year}}"
- name: run-comparability
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM tp_benchmarking WHERE client_id = '{{client_id}}' AND fiscal_year = '{{fiscal_year}}'"
- name: generate-documentation
type: call
call: "sharepoint.create-document"
with:
site_id: "tax-engagements"
folder_path: "{{client_id}}/TransferPricing/{{fiscal_year}}"
template: "tp_benchmarking_report"
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-sap.kpmg.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: intercompany
path: "/FI_SRV/IntercompanyTransactions"
operations:
- name: get-intercompany-transactions
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
Transfer Pricing Document Generator
▼
tax transfer-pricing sap bloomberg sharepoint microsoft-teams
Pulls intercompany transaction data from SAP, retrieves comparable benchmarking from Bloomberg, generates a transfer pricing memo in SharePoint, and notifies the tax partner via Microsoft Teams.
naftiko: "0.5"
info:
label: "Transfer Pricing Document Generator"
description: "Pulls intercompany transaction data from SAP, retrieves comparable benchmarking from Bloomberg, generates a transfer pricing memo in SharePoint, and notifies the tax partner via Microsoft Teams."
tags:
- tax
- transfer-pricing
- sap
- bloomberg
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: transfer-pricing
port: 8080
tools:
- name: generate-tp-documentation
description: "Given a company code and fiscal year, retrieve SAP intercompany data, pull Bloomberg comparables, create the TP memo in SharePoint, and notify the tax partner."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code for the tested party."
- name: fiscal_year
in: body
type: string
description: "The fiscal year (YYYY)."
- name: transaction_type
in: body
type: string
description: "Intercompany transaction type (e.g., services, tangible_goods, royalties)."
- name: tax_partner_email
in: body
type: string
description: "Email of the responsible tax partner."
steps:
- name: get-ic-transactions
type: call
call: "sap.get-ic-transactions"
with:
company_code: "{{company_code}}"
fiscal_year: "{{fiscal_year}}"
transaction_type: "{{transaction_type}}"
- name: get-comparables
type: call
call: "bloomberg.search-comparables"
with:
industry: "{{get-ic-transactions.industry_code}}"
transaction_type: "{{transaction_type}}"
region: "{{get-ic-transactions.region}}"
- name: create-tp-memo
type: call
call: "sharepoint.create-file"
with:
site_id: "tax_transfer_pricing_site"
file_path: "TP_Memos/{{company_code}}_FY{{fiscal_year}}_{{transaction_type}}.docx"
content: "Transfer Pricing Documentation — {{company_code}} FY{{fiscal_year}}. IC volume: {{get-ic-transactions.total_amount}}. Arm's length range: {{get-comparables.interquartile_range}}."
- name: notify-partner
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{tax_partner_email}}"
text: "TP memo generated for {{company_code}} FY{{fiscal_year}} ({{transaction_type}}). IC volume: {{get-ic-transactions.total_amount}}. Comparables range: {{get-comparables.interquartile_range}}. Document: {{create-tp-memo.url}}."
consumes:
- type: http
namespace: sap
baseUri: "https://kpmg-s4.sap.com/sap/opu/odata/sap/API_INTERCOMPANY_TRANSACTIONS"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
inputParameters:
- name: Accept
in: header
value: "application/json"
- name: sap-client
in: header
value: "100"
resources:
- name: ic-transactions
path: "/ICTransactionSet?$filter=CompanyCode eq '{{company_code}}' and FiscalYear eq '{{fiscal_year}}'"
inputParameters:
- name: company_code
in: query
- name: fiscal_year
in: query
- name: transaction_type
in: query
operations:
- name: get-ic-transactions
method: GET
- type: http
namespace: bloomberg
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/v1"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: comparables
path: "/fieldLists"
operations:
- name: search-comparables
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Vendor Risk Assessment Orchestrator
▼
advisory vendor-risk sap-ariba azure-databricks sharepoint microsoft-teams
Assesses vendor risk by pulling vendor data from SAP Ariba, analyzing risk indicators in Databricks, creating assessment reports in SharePoint, and notifying the advisory team.
naftiko: "0.5"
info:
label: "Vendor Risk Assessment Orchestrator"
description: "Assesses vendor risk by pulling vendor data from SAP Ariba, analyzing risk indicators in Databricks, creating assessment reports in SharePoint, and notifying the advisory team."
tags:
- advisory
- vendor-risk
- sap-ariba
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: vendor-risk
port: 8080
tools:
- name: assess-vendor-risk
description: "Assess vendor risk for a client engagement."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: vendor_id
in: body
type: string
description: "The vendor ID."
- name: advisory_email
in: body
type: string
description: "Advisory team email."
steps:
- name: get-vendor-data
type: call
call: "ariba.get-vendor"
with:
vendor_id: "{{vendor_id}}"
- name: analyze-risk
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM vendor_risk WHERE vendor_id = '{{vendor_id}}'"
- name: create-assessment
type: call
call: "sharepoint.create-document"
with:
site_id: "advisory"
folder_path: "{{client_id}}/VendorRisk/{{vendor_id}}"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{advisory_email}}"
text: "Vendor risk for {{vendor_id}}: Score {{analyze-risk.risk_score}}/10. Report: {{create-assessment.url}}."
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier-management/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/suppliers/{{vendor_id}}"
inputParameters:
- name: vendor_id
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Workday Compensation Report Lookup
▼
hr compensation workday
Retrieves a compensation report for a Workday worker by ID, returning base salary, bonus, total compensation, and pay grade. Used by HR advisory and audit teams.
naftiko: "0.5"
info:
label: "Workday Compensation Report Lookup"
description: "Retrieves a compensation report for a Workday worker by ID, returning base salary, bonus, total compensation, and pay grade. Used by HR advisory and audit teams."
tags:
- hr
- compensation
- workday
capability:
exposes:
- type: mcp
namespace: hr-compensation
port: 8080
tools:
- name: get-compensation
description: "Look up a Workday employee compensation details by worker ID."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-compensation"
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: base_salary
type: string
mapping: "$.baseSalary"
- name: bonus_target
type: string
mapping: "$.bonusTarget"
- name: total_compensation
type: string
mapping: "$.totalCompensation"
- name: pay_grade
type: string
mapping: "$.payGrade"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: compensation
path: "/workers/{{worker_id}}/compensation"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-compensation
method: GET
Workday Employee Profile Lookup
▼
hr workday employee-data
Retrieves a Workday employee profile by worker ID, returning full name, department, cost center, manager, and job title. Used across audit, tax, and advisory for engagement staffing.
naftiko: "0.5"
info:
label: "Workday Employee Profile Lookup"
description: "Retrieves a Workday employee profile by worker ID, returning full name, department, cost center, manager, and job title. Used across audit, tax, and advisory for engagement staffing."
tags:
- hr
- workday
- employee-data
capability:
exposes:
- type: mcp
namespace: hr-directory
port: 8080
tools:
- name: get-employee-profile
description: "Look up a Workday employee profile by worker ID."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-worker"
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.fullName"
- name: department
type: string
mapping: "$.department"
- name: cost_center
type: string
mapping: "$.costCenter"
- name: manager_name
type: string
mapping: "$.manager.fullName"
- name: job_title
type: string
mapping: "$.jobTitle"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
Workday Learning Completion Lookup
▼
training workday
Retrieves employee training and CPE completion records from Workday Learning for compliance tracking.
naftiko: "0.5"
info:
label: "Workday Learning Completion Lookup"
description: "Retrieves employee training and CPE completion records from Workday Learning for compliance tracking."
tags:
- training
- workday
capability:
exposes:
- type: mcp
namespace: learning
port: 8080
tools:
- name: get-learning-completions
description: "Look up training completions for an employee by ID."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
call: "workday.get-completions"
with:
employee_id: "{{employee_id}}"
outputParameters:
- name: completions
type: array
mapping: "$.learningCompletions"
- name: total_cpe_hours
type: number
mapping: "$.totalCPEHours"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl.workday.com/ccx/api/v1/kpmg"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: learning
path: "/workers/{{employee_id}}/learningCompletions"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-completions
method: GET
Workday Utilization Rate Lookup
▼
hr finance workday utilization
Retrieves staff utilization rates from Workday for a given practice area and time period, returning billable hours, total hours, and utilization percentage.
naftiko: "0.5"
info:
label: "Workday Utilization Rate Lookup"
description: "Retrieves staff utilization rates from Workday for a given practice area and time period, returning billable hours, total hours, and utilization percentage."
tags:
- hr
- finance
- workday
- utilization
capability:
exposes:
- type: mcp
namespace: workforce-analytics
port: 8080
tools:
- name: get-utilization-rate
description: "Look up utilization rates by practice and period from Workday. Returns billable hours, total hours, and utilization percentage."
inputParameters:
- name: practice_area
in: body
type: string
description: "The KPMG practice area code (e.g., audit, tax, advisory)."
- name: period
in: body
type: string
description: "Reporting period in YYYY-MM format."
call: "workday.get-utilization"
with:
practice: "{{practice_area}}"
period: "{{period}}"
outputParameters:
- name: billable_hours
type: number
mapping: "$.billableHours"
- name: total_hours
type: number
mapping: "$.totalHours"
- name: utilization_pct
type: number
mapping: "$.utilizationPercentage"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: utilization
path: "/kpmg/utilization"
inputParameters:
- name: practice
in: query
- name: period
in: query
operations:
- name: get-utilization
method: GET
Workforce Transformation Assessment Pipeline
▼
advisory workforce azure-databricks sharepoint microsoft-teams
Assesses client workforce transformation by analyzing HR data in Databricks, generating assessment reports in SharePoint, and presenting to stakeholders via Teams.
naftiko: "0.5"
info:
label: "Workforce Transformation Assessment Pipeline"
description: "Assesses client workforce transformation by analyzing HR data in Databricks, generating assessment reports in SharePoint, and presenting to stakeholders via Teams."
tags:
- advisory
- workforce
- azure-databricks
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: workforce-transformation
port: 8080
tools:
- name: assess-workforce
description: "Assess workforce transformation readiness."
inputParameters:
- name: client_id
in: body
type: string
description: "The client identifier."
- name: advisory_email
in: body
type: string
description: "Advisory team email."
steps:
- name: analyze-workforce
type: call
call: "databricks.run-query"
with:
query: "SELECT * FROM workforce_assessment WHERE client_id = '{{client_id}}'"
- name: generate-report
type: call
call: "sharepoint.create-document"
with:
site_id: "advisory"
folder_path: "{{client_id}}/Workforce"
- name: notify-team
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{advisory_email}}"
text: "Workforce assessment for {{client_id}}: Readiness {{analyze-workforce.score}}/10. Report: {{generate-report.url}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://kpmg-analytics.azuredatabricks.net/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: sql-queries
path: "/sql/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST