IT advisory services
IT advisory services
The right technology, implemented properly, appropriately managed and monitored, can lead to significant gains in growth.
The right technology, implemented properly, appropriately managed and monitored, can le...
Managing IT risk and compliance
How KPMG member firms can help
Technology is a key facilitator of rapid global business growth and advancement. It is also a major source of business risk.
Boards and senior executives recognize the importance of technology, but often struggle to understand and manage it effectively. Often, business executives and their IT professionals don’t speak the same language.
This communications gap can lead to misunderstandings and
misaligned expectations and outcomes.
KPMG’s IT Advisory practice can help bridge the communications gap
between business executives and IT professionals. We believe our professionals bring a powerful combination of technical skills and
business experience. The underlying philosophy surrounding our service
portfolio is commitment – we work with clients to help you make the right
commitments and keep them.
Matching our service offerings to client issues and challenges
IT Advisory is KPMG’s business technology assurance and advisory group.
Our service offerings are closely aligned to our client’s business IT lifecycle to
enable focused advisory efforts across the IT spectrum.
1. Business System Controls
KPMG’s Business Systems Controls (BSC) services can help organizations
ensure that adequate systems controls, relating to a major application
implementation, are in place and operating effectively.
2. IT Risks and Controls Assessment
IT Risk and Control Assessment service is a structured approach
to assessing the IT risks faced by an organization and the extent to which
existing controls address those risks.
3. ERP advisory (pre- and post-implementation review)
This service includes:
Performing pre- and post-assessments of the system controls’ design, configuration, access and process.
Reporting controls to remediate a gap in the controls environment effectively.
4. Information Protection and Business Resilience
4-1 Security testing (vulnerability assessment and penetration testing)
KPMG’s Security Testing Services address realistic business and technical
threats. This is achieved using methodologies that make use of
progressive tools and techniques, with a focus on quality-driven testing.
Security testing services include the following :
- Infrastructure penetration testing;
- Application penetration testing;
- Periodic vulnerability assessments;
- Wireless network security testing; and Configuration Review
4-2 Cyber maturity assessment
KPMG’s Cyber Maturity Assessment (CMA) provides an in-depth
review of an organization’s ability to protect its information assets and its
preparedness against cyber-attack.it looks beyond pure technical preparedness against cyber-attack.
It takes a rounded view of people, process and technology to enable clients
to understand their areas of potential vulnerability, to identify and prioritize areas for remediation
and to demonstrate both corporate and operational compliance, turning
information risk to business advantage.
5.Business and Technology Resilience
Business Continuity Management (BCM) helps organizations identify and manage disruption risks and reduce their vulnerability to a wide range of
potentially devastating events.
6. IT Internal Audit
KPMG's IT Internal Audit methodology, helps clients align their
IT Internal Audit capabilities with the strategic and tactical objectives of
their organizations – giving them the means to meet their current and future
needs as they relate to governance, risk, and control over IT resources.
7. Attestation (ISAE 3402)
Assists clients affected by business IT systems, who often need
extra help to satisfy stakeholder expectations. This service offers
assessments to provide comfort to customers and business partners through
seals and distributable reports such as and SSAE16/ISAE 3402.
8. IT Due Diligence
IT Due Diligence (ITDD) provides diagnostic and analytical approach for the assessment of an IT organization, in the context of a business transaction.