Organisations are being exposed to more IT related risks which are increasing rapidly due to evolving trends in technology. Companies need to make sure both ‘information’ and ‘technology’ risks are managed.

Emerging technology, fast paced changing IT landscapes and cyber risk have increased the focus on IT risk management. IT risks such as security, outsourcing and disaster recovery are now at the forefront of audit committees and executive boards.

C-suite executives are demanding that their information technology departments provide better insight on IT processes and controls, as well as greater anticipation and management of risks.

Although specific challenges vary across industries and organisations, KPMG has — in its research and engagements — most often found that Information and Technology poses specific risks to an entity’s strategy, operations and internal control, in areas such as:

• Business units’ reliance on old and new systems or programs that are inaccurately processing data, processing inaccurate data, or both 
• Business units’ integration and use of artificial intelligence and process automation
• Legacy system and mobile application interfacing
• Access management and user access 
• Data accuracy and content
• Blockchain capabilties
• Inappropriate manual or automated intervention
• Data loss or destruction, both authorised and unauthorised 
• Misappropriation of assets through inappropriate data changes
• Unauthorised changes to master file data, system configuration or programs 
• Failure to make necessary changes to systems or programs

Today more than ever, technology is a critical enabler of the business. We help companies recognise and responsibly manage the complete universe of risks associated with their technology environment, so they can realise the rewards of the digital age.

• The KPMG IT Risk Management approach is a top down, risk-based and process-focused methodology which utilises our global approach.
• Our approach focuses on understanding your business and its objectives, the risks you face, the relationship between those risks and controls, and your tolerance for risk.
• Our industry insight and experience provide practical recommendations to help companies in continuously improving its IT risk management.
• We suggest defining a detailed phased approach with specific inputs, outputs, tasks / activities, tools and templates to be used. We recognise that different companies have different needs, thus, the phases and activities defined are designed to be customised.

For further information on IT related risk, contact Michael Daughton, Head of Risk & Regulatory, via this form.