Share with your friends

IT Assurance Services

IT Assurance Services

Technology is now the lifeblood of most organisations. It brings with it tremendous opportunities as well as considerable threats.

Technology brings with it tremendous opportunities as well as considerable threats.

Our professionals provide independent, jargon-free advice and advanced technology capabilities to help you proactively and reactively manage your technology risks and use the data to its full potential.

We can help provide high levels of assurance and insights in respect of your technology, including:

  • IT internal and external audit services to help achieve high levels of assurance and risk management across the technology environment. Our services commonly include the development of an IT audit plan based on a robust risk and audit needs assessment and the execution of a range of different IT audit reviews, including IT general controls reviews, integrated IT and business process audits, IT risk and controls benchmarking, IT security reviews, IT governance assessments and IT project assurance reviews.
  • IT assessment and benchmarking services. Our proprietary IT Risk Management Benchmarking (ITRMB) and Cobit IT Assessment (CIA) tools allow us to assess the key IT risks and measure the maturity and effectiveness of our clients’ IT controls. We can benchmark each organisation’s IT risk and control environment using a purpose built database, which includes detailed information on over 1,200 peer organisations both in Ireland and abroad. On foot of our reviews, we identify key areas where the inherent risks identified are not being mitigated effectively through the implementation of controls, and we make recommendations to resolve these control gaps.
  • IT attestation and certification to independently verify that organisations have the requisite levels of control and security to meet standards such as SAS 70, ISAE 3402 and ISO 27001. We complete reviews of the design and operating effectiveness of IT controls implemented by our clients in respect of these standards and provide assurance that the requirements of these standards have been met.
  • IT security and business resilience services to help ensure up-to-date protection against, and effective response to, rapidly evolving security threats. We perform IT security reviews for clients who have concerns about the security of their data and systems. Our deep knowledge of international best practice standards such as ISO27001/2, PCI DSS and the UK FSA Report on Data Loss allows us to assess the maturity of our clients’ IT security controls against these standards. We then assist our clients in preparing detailed plans on how to better secure the confidentiality, integrity and availability of their critical data and systems. Our follow-on services in this area include redesign of policies and procedures, performing IT security reviews of key third-party suppliers, and conducting IT penetration tests to assess network security.
  • Data privacy and protection services assisting clients to meet their statutory and regulatory obligations such as those under the Data Protection Act. Our knowledge of data privacy and protection rules, both in Ireland and internationally, allows us to work with our clients to identify relevant areas of non-compliance across the organisation (including where data is being transmitted over international borders). We then identify areas for improvement as the organisations seek to ensure ongoing compliance with relevant statutory and regulatory obligations.
  • IT governance services, including Cobit and ITIL implementation reviews. We typically seek to understand and identify the level of inherent IT risks to which our clients are exposed, and we then identify controls to mitigate those risks. We provide management with practical advice in relation to their IT environment, including recommendations on how to improve their governance of IT, how to improve their mix of IT skills and resources, how to reduce any undue dependence on third parties, how to improve business continuity and IT disaster recovery, and how to formally document and then improve service levels provided by IT teams.
  • ERP systems and controls assisting organisations to verify that system controls relating to ERP applications (SAP, Oracle, JD Edwards etc.) are in place and operating effectively. Our work typically includes a review of key business processes, risks and controls, system security settings and tests of data migration where data has been migrated from legacy systems. We also seek to ensure that appropriate IT automated controls and IT general controls have been implemented on our clients’ ERP systems so that they can reap the benefits of having a more secure IT environment. 

What's in it for you?

  • Proactively review and reduce your risks around the use of IT 
  • Measure the effectiveness of your IT environment against best practice frameworks such as Cobit, and benchmark your performance against peer organisations 
  • Demonstrate compliance with standards such as SAS 70, ISAE 3402 and ISO 27001 to your customers, your auditors, the board etc.
    Significantly reduce the risk of costly and damaging IT security / data privacy and protection breaches 
  • Significantly reduce the risk of interruptions to your business operations through the implementation of appropriate IT disaster recovery and business continuity plans 
  • Have greater confidence in your investment in ERP systems through the implementation of better IT general controls, automated business process controls and IT security controls. In addition, be assured that your data has migrated completely and accurately from your legacy systems onto your new ERP system.


Our team of experienced professionals is uniquely positioned to provide an accurate and independent assessment of whether your IT control environment is adequate to mitigate the inherent technology risks facing your organisation.

Connect with us


Want to do business with KPMG?


loading image Request for proposal