Share with your friends

Information Risk Management

Information Risk Management

The evolution and growth of technology have created a vast number of business opportunities as well as considerable threats as our world today has become borderless and everyone is connected round the clock. It is essential for today’s organizations to balance between the compliance and at the same time manage the information technology related risks.

How we add value
KPMG’s IRM professionals will assist you to assess, manage and remediate IT related risks as well as develop approaches to demonstrate effective IT compliance through governance and controls. It is essential for organizations to balance risks and compliance cost in order to drive sustainable business value.

We are a group of experienced professionals from multi-disciplinary having strong IT technical, business process knowledge as well as industrial expertise ranging from multinational businesses to public sector organizations. The sectors that we involved include oil and gas, power and utilities, financial institutions, manufacturing, pharmaceutical, automation and transportation, technology, telecommunications and e-Commerce. We provide an accurate and independent assessment of your IT control environment and assist in mitigating possible risks in relation to information technology and financial reporting.

Our services
IT Audit

The IT audit has never held a more crucial role. We work closely with financial auditors, internal auditors, management, audit committees and board of directors to fulfill a vital role in assessing and advising the effectiveness of their IT controls surrounding their IT environment and highlight issues that would require urgent remediation. One of the critical core in IT audit is to understand relevant risks affecting the organization and understand how to mitigate these risks with the use of technology. 

IT Assurance
Outsourcing is a growing trend and companies increasingly depend on third-party providers to deliver critical services. Our IRM specialist provides third party assurance to outsourcing companies or shared services center’s clients giving them comfort over their internal control environment and processing controls. KPMG provides customized services designed to International Standard for Assurance Engagements (ISAE) 3402 as follows:

- ISAE 3402 readiness assistance
- Type 1 ISAE 3402 examination
- Type 2 ISAE 3402 examination
- Local control report transformation into Type 2 ISAE 3402

SOX / Internal Control Over Financial Reporting (ICOFR)
We will independently assess the assertion of adequate internal controls under Section 404 of the Sarbanes Oxley Act (SOX) for US SEC registrants companies and ICOFR in accordance with generally accepted assessment standards of ICOFR in Japan (“JSOX audit”). Our team will conduct an analysis of your control processes to identify deficiencies and will work with you to identify and implement remediation plans.

System Implementation Review
Whether your organization is considering implementing a new system or have already done so, conducting a system implementation review will help you achieve the full benefits of your investment. Our IRM team has the expertise to conduct the system implementation review and to assess the readiness of your IT projects in order to provide comfort around the project prior to “Go-live”. We understand it is important for you to have early risk identification after you have invested so much efforts and capital. Our methodology includes the review of the planned outcomes defined in earlier stages of the project to determine whether the controls are in place and operating effectively (both from system controls and data quality perspective).

Project Management Support
We understand the difficulty of getting someone to supervise and monitor the whole project development initiative because the role of a project manager requires substantial initiative and judgment, and collaboration with project team members and key stakeholders at all levels. Our experienced project manager provides project management support throughout the IT project life cycle from initiation until project closure by ensuring project governance is in place, on time project delivery, within budget and of highest level of quality. This includes functional and technical readiness and transfer of knowledge along the way for the benefit of upcoming future exercises. We ensure accurate status updates of deliverables and reporting from project team members to management level.

Cyber Maturity Assessment
In Oct 2016, the Securities Commission Malaysia released the Guidelines on Management of Cyber Risk. This guidelines established the baseline that include the roles and responsibilities of the board of directors and management of the regulated entities in the oversight and management of cyber risk. KPMG’s Cyber Maturity Assessment provides an in-depth review of your organization’s ability to protect information asset and its preparedness against cyber threats. Our experts work with your team and conduct a combination of interviews, workshops, policy and process reviews and technical testing which rapidly identifies current gaps in compliance with the SC’s guidelines. Click here to check out our brochure.

Connect with us


Want to do business with KPMG?


loading image Request for proposal