IT Governance

IT Governance

Aligning IT on business needs and taking the right decisions to support the business.

Aligning IT on business needs and taking the right decisions to support the business.

“I cannot imagine any condition which would cause a ship to founder. I cannot conceive of any vital disaster happening to this vessel. Modern shipbuilding has gone beyond that.”
Captain Edward Smith (Captain of the Titanic)


In a business context, the main goal of using information technology in delivering and supporting business processes is usually to generate added value by enhancing the performance and effectiveness of operations. For some, the existing conditions are that it is not possible to earn or even measure a return on investment, and neither the envisaged benefits nor the promised innovation are achieved. In fact, in many companies the hardware and software used is outdated or inadequate. Therefore, it is necessary to consider the strategic importance of IT to ensure compliance with business goals and optimal support for business functions - usually described as IT governance.

An IT governance concept is usually designed to cover the following critical areas:

  • strategic orientation with a focus on business solutions
  • value creation with a focus on the optimisation of expenses and value measurement of IT
  • risk management (since it is in the context of IT assets, it should take disaster recovery and business continuity into account)
  • management of resources, especially knowledge and IT infrastructure


How we can help - our services include, but are not limited to:


  • Information Governance, Privacy, and Confidentiality: Our services include data classification, data flow analysis, data control frameworks, privacy strategy, privacy assessments, and information lifecycle management solutions.
  • Identity and Access Management (IAM): IAM services include strategy specifications, process optimisation, project management, and technology implementation.
  • Business Systems General and Application Controls: Our services provide you with governance, risk and control (GRC) tools, like SAP GRC, reviews of CSI systems, and the migration and implementation of ERP systems.
  • Information Protection, Strategy and Policy: We assist our clients in designing information protection strategies, governance structures, control framework designs, organisational design, policy assessments, and development services.
  • Business, Security, and Technology Assessment: In this context, we provide our clients with security testing (penetration test), security reviews (firewalls, operating systems, and applications), security management, business risk assessments, physical security, and unified IT compliance services.
  • Business and Technology Resilience: We help our clients with business continuity management, disaster recovery planning, crisis management and high availability services. Additionally, the service includes the development, testing, and assessing of BCP/DRP procedures.
  • IT Architecture and Infrastructure: We help clients identify their as-is baseline architecture and establish a to-be target architecture. Furthermore, we provide clients with solution evaluations and implementation/transition planning, as well as policy and service-level definitions and benchmarking.


For queries please contact:

Estefania Rizzo
Director, Audit
Information Risk Management
Phone: +352 22 51 51 7912

Connect with us


Want to do business with KPMG?


loading image Request for proposal