KPMG's IT Attestation practice helps organisations satisfy third-party risk and compliance assurance requirements and demonstrate the integrity of their control environments. As the trend in outsourcing and offshoring continues to expand, user organisations will continue to seek increased levels of assurance over the integrity of service organisations’ control environments. In addition, with the recent introduction of new regulatory and compliance requirements, many organisations are struggling to understand, react to, and respond to the implications of these standards.

Our globally accredited team provides clients with reports on controls that are likely to be relevant to user organisations' internal controls over financial reporting. Additionally, our service includes reports on security, availability, processing integrity, confidentiality, and privacy by using test service principles and agreed-upon report standards. We provide actionable insights to help organisations to enhance their internal control environment, reduce business operation interruptions resulting from multiple audits, and further assist companies by providing them with transparent controls-related information for themselves and their stakeholders.

How we can help - our services include, but are not limited to:

• IT Attestation: attestation, certification, reviews, readiness, diagnostics, and effectiveness of controls for service and in-/outsourcing organisations; attestation and certification of the efficiency of the internal control environment; certifications according to ISO 27000 Standards; ISAE 3402, SysTrust, WebTrust, and Environmental Certifications
• IT Internal Audit and Compliance
• IT Audit Services: assessing technological risks and the controls in place via our structured approach; providing specific industry knowledge and the use of automated tools; complementing our clients within their Internal Audit function
• IT Internal Audit Co-/Outsourcing: we assist management and internal auditors through evaluations, co-sourcing or outsourcing, and advice regarding the governance, risk, and control of IT resources.
• Continuous Auditing/Monitoring: this service helps enhance organisational value and offers a broad range of potential benefits, which can result in more time focused on value-adding activities.
• KOLA, Approval: utilisation of tools such as KPMG Online Audit (KOLA) and Approval
• IT External Audit and Compliance: we assist audit teams in assessing control risks and in dealing with complex technology topics in support of financial statement audits and integrated audits.
• IT Outsourcing Attestation and Regulatory Assistance: evaluating risks and controls concerning IT technical modeling; providing clients with a regulatory assessment of concepts and strategies; providing assistance in the establishment of regulatory presentations and support documentation.

For queries please contact:

Estefania Rizzo
Director, Audit
Information Risk Management
E-mail: estefania.rizzo@kpmg.lu
Phone: +352 22 51 51 7912