Managing risk is about more than protecting value. Rather, it is about creating value through viewing risk management and internal audit as a lever for enhancing efficiency, effectiveness,  innovation, building credibility and achieving sustainable growth. However, the constant changes in the environment and the increased speed and complexity of related risks, make it challenging for many organizations to keep an overview and adequately act upon the risks and opportunities facing.

Our Enterprise risk & assurance team supports organizations to set-up and improve their risk management, governance, business processes and controls to provide confidence that an organization’s risks and opportunities are being appropriately managed, and in line with the expectations of decision makers.

Our teams work hand-in-hand to bring integrated, multidisciplinary and cross-functional knowledge and skill sets in order to support you in the set-up, enhancement and execution of your internal audits, enterprise risk management programs (including business continuity and crisis management), and risk and controls management.


kpmg risk services divider



Helping your organization to address the increasing expectations on the efficiency and effectiveness of your processes and operations (including related risks and internal controls) by providing assurance on the effectiveness of your processes and formulate concrete recommendations on how to improve processes and “gain control.” As a strategic business partner for organizations, we also monitor internal audit functions so that they are more relevant, add value and remain future-proof.

Internal audit strategic sourcing & internal control


Co- or outsourcing

Helping your organization to establish a well-staffed internal audit function that is flexible and appropriate to meet your (changing) needs.

  • Setting up an internal audit department;
  • Training and on-the-job coaching of internal auditors;
  • Outsourcing of the internal audit function or specific internal audits.
IC gap analysis

Analysis and evaluation of your business processes in order to sufficiently mitigate key risks within operational processes.

  • IC optimization
  • Design of internal control frameworks
  • IC gap analysis
Expert audit

Conducting specific audits for which your department may lack the knowledge, by involving subject matter experts from other competence areas. Amongst others:

  • IT security audits
  • Innovation audits
  • Sustainability audits
  • GDPR audits
  • Fraud Risk Management audits
  • HR audits
  • Strategic audits
  • Culture audits

Internal audit transformation


Quality review

Execution of a quality assurance review (QAR) of the internal audit department in line with International Professional Practices of the IIA.

  • External QAR assessments
  • Evaluation effectiveness of Audit Committee
  • Internal audit maturity assessment (IA/CM framework)
Data analytics enabled IA

Guide internal audit functions through the optimal use of data and technology in their processes, as well as in the execution of audits.

  • Data-analytics routines for testing
  • Continuous risk assessment for dynamic audit planning
  • Working paper automation
Strategi alignment

Support your internal audit functions to make them more future-proof and add value for your key stakeholders.

  • Internal audit maturity assessment
  • Stakeholder needs analysis
  • Agile/lean auditing
  • Internal audit strategic workshops
kpmg risk services divider


Enterprise risk management

Managing risk is not about compliance and box ticking. It is a critical process that can underpin an organization's long-term growth, value and sustainability.

The enterprise risk management team helps you take an integrated approach by linking strategy and risk management, identifying and assessing strategic, organizational and operational-critical risks, evaluating and implementing Enterprise Risk Management (ERM) frameworks, processes and functions.

Risk identification & assessment

Helping you to identify, assess and prioritize your significant strategic and operational risks:

  • Assessment of framework and process
  • Evaluation scales
  • Holistic view on the risk and opportunity landscape
  • Overview of key risks
  • Dynamic risk assessment (DRA)
  • Training on risk identification & assessment
Risk governance

Helping you to support risk management with proper governance and process:

  • ERM maturity assessment
  • Governance assessment
  • Design and implementation of risk management framework and process
  • Training on risk management and internal controls
Risk strategy & appetite

Helping you to align (emerging) risk with your strategic priorities:

  • Assessment of the link between risk strategy and appetite
  • Signals of changes assessment
  • Risk appetite definition & implementation
  • Development of KRI
Risk culture

Helping you to put in place, improve and embed risk culture in your organization:

  • Risk culture assessment
  • Risk culture thermometer
  • Design, implement and monitor action plans to implement, improve and embed risk culture
  • Design, implement and monitor behavioral change management journey
  • Training on risk culture
Risk reporting & insight

Helping you to bring risk information into your decision-making process:

  • Assessment and implementation of GRC tools
  • Dashboard creation
  • Design and implement a risk reporting framework and process
Risk management & monitoring

Helping you to adequately manage and monitor your risks:

  • Design, implement and monitor action plans on key risks (quick-wins and long-terms actions)
  • Design and implement a risk monitoring framework and process
  • Quick-wins analysis
  • Deep dives on key risks