KPMG has developed and applied its own approach to the execution of IT audit projects, which is specifically adjusted to the needs of our clients.
KPMG has developed and applied its own approach to the execution of IT audit projects.
Why is it important?
The success of modern organisations, in all markets and industries, is increasingly dependent on information technology. But along with the benefits, there are threats and risks that can lead to significant financial and reputational losses. An IT audit is one of the tools that can help organisations to manage those threats and risks and ensure efficient use of their resources. An IT audit provides an objective assessment of an organisation’s IT environment and infrastructure, and its policies and procedures and their relevance to the organisation's goals and generally accepted practices and industry standards.
How we can help
KPMG has developed and applied its own approach to the execution of IT audit projects, which is specifically adjusted to the needs of each organisation, to industry standards and legal and regulatory requirements. Our methodology focuses on the analysis of existing risks to key processes, from a technological and business perspective, to deliver targeted, practical audit results. We compare existing practices and processes with generally accepted standards, to identify opportunities to increase process efficiency and reduce the risks associated with IT usage, and develop recommendations to address any shortcomings identified.
What we do
- We assist organisations to identify the highest risk IT areas, to respond to those risks in a timely manner and reduce them to an acceptable level.
- We conduct a maturity and compliance assessment of current processes and control procedures against generally accepted standards and best practice, such as ISO 27001 and COBIT.
- We deliver IT processes and systems audit services as part of audit engagements conducted by our clients own internal audit units, including for mandatory audits (e.g. ISMS for banking institutions).
- We conduct an independent review of project results on the implementation of information systems.
What you get
Our clients receive a report detailing any shortcomings identified, related risks and our recommendations. The report contains both a general description of the audit results for senior management and more detailed information for sector specialists. We also provide assistance to leadership teams to help them identify priority risk mitigation measures and outline the critical paths for their implementation.