Information Risk Management in Internal Audit

Information Risk Management in Internal Audit

KPMG can help clients align their IT Internal Audit capabilities with the strategic and tactical objectives of their organizations

KPMG can help clients align their IT Internal Audit capabilities with the strategic...

Nowadays, there is an increasing demand from management, Audit Committees and regulators for assurance that an organization's information technology processes are adequately controlled, assessed, and aligned with the organization's business objectives. KPMG can help clients align their IT Internal Audit capabilities with the strategic and tactical objectives of their organizations, giving them the means to meet current and future needs relating to governance, risk, and control over IT resources.

How we can help

KPMG’s network of IRM professionals is dedicated to helping our clients manage the technological, operational, security and business issues critical to a controlled IT environment, and offering established methodologies and strategies in the following areas:

  • Authorization, security and data protection 
  • Automated controls in business applications such as banking applications or ERP systems 
  • IT and Corporate Governance and Regulatory Compliance 
  • Project advisory and business continuity

To this end, we:

  • Evaluate internal IT audit functions and provide co-sourcing and outsourcing services 
  • Co-operate with the internal audit function in assessing the IT risks within the organization, and evaluate (against industry standards and IT Control Frameworks such as CobiT) the adequacy and effectiveness of the controls in operation to mitigate those risks 
  • Drive compliance with Sarbanes-Oxley regulation and other regulatory standards such as Data Protection Legislation and Bank of Greece Governor’s Act 2577/2006 
  • Conduct reviews of data processing on behalf of internal auditors 
  • Establish IT internal audit functions that focus on strategic business processes and risks 
  • Provide training for IT internal auditors on controls over new technologies 
  • Provide efficient procedures through the use of specific IT auditing tools 
  • Design internal IT audit programs to enable self-IT audits 
  • Perform reconciliations and recalculations of financial figures using Computer Assisted Audit Techniques (CAATs) 
  • Provide a current risk and process-oriented audit methodology

Key benefits

The IT internal audit approach of KPMG is flexible and can be tailored to clients’ requirements and business environments in order to fill specific skills gaps or perform the entire IT audit function.

In a nutshell, we can offer:

  • Assessment of the IT risks within your organization, and evaluation (against industry standards & IT Control Frameworks such as CobiT) of the adequacy & effectiveness of the controls in operation to mitigate risks. 
  • Assurance on compliance with key regulatory frameworks (e.g. Bank of Greece Governor’s Act 2577/2006, Data Protection Legislation etc.) 
  • Knowledge transfer through specialized Audit training. 
  • Added value to your internal audit process through innovative solutions that address your IT control issues and concerns through the co-sourcing or outsourcing of your IT Internal Audit function.


 

Connect with us