IT Audit | Information Risk Management
Information Risk Management
Technology has become an inseparable element in forming business strategies and making crucial business decisions. It is essential that organizations strengthen their line of defense by managing, addressing and mitigating information technology related risks to ensure effective and efficient business operations.
KPMG’s Information Risk Management (IRM) team ably supports and manages IT related risks for our clients ranging from public sector organizations to multinational businesses and emerging technology companies. Our team of experienced professionals is capable of performing effective assessment of IT control environments, analyzing data and control processes as well as assist in managing IT projects.
With the increased importance of technology audit and assessments, IT Audit plays a vital role in understanding IT environments that require remediation and mitigation of risk. Performing detailed assessments or regular health checks to evaluate the effectiveness of IT controls in your organization will encourage more effective utilization of your invested technologies.
We provide third party assurance to outsourcing companies or shared services centers, giving them and their clients comfort over the shared services center’s internal control environment and processing controls. We provide customized services designed to International Standard for Assurance Engagements (ISAE) 3402 as follows:
— ISAE 3402 readiness assistance
— Type 1 ISAE 3402 examination
— Type 2 ISAE 3402 examination
— Local control report transformation into Type 2 ISAE 3402
System Implementation Review
Our team has the expertise to conduct the system implementation review and assess the readiness of your IT projects to provide comfort around the project prior to “Go-live”. Our methodology for early risk identification includes reviewing planned outcomes defined in earlier stages of the project to assess effectiveness of implementation and operations of the outputs and controls (both from system controls and data quality perspectives). Subsequent to the major systems implementation, our team has vast experience in helping organizations to validate the effectiveness of IT controls on their new systems/software.
Project Management Support
Our project managers are competent in both functional and technical knowledge, providing project management support throughout the IT project life cycle from start to finish. This includes project governance compliance, timely reporting of status updates to management, as well as timely delivery of project versus cost at the highest level of quality. Their seasoned experience will help steer benefit maximization from your IT projects.
SOX & ICOFR
We will conduct an analysis of your control processes to identify gaps, deficiencies and improvement areas to implement effective and sustainable remediation plans under Section 404 of the Sarbanes Oxley Act (SOX) for US SEC registrants companies and Internal Controls Over Financial Reporting (ICOFR).
Agreed Upon Procedures
We will carry out specific and in-depth procedures as defined by your management to perform an independent assessment on your IT environment. The engagement is carried out in accordance with International Standard on Related Services. Factual findings from the procedures would help the management to make fact-based decisions and to modify and improve existing procedures to align with your organization’s objectives.