Driven by stronger regulation and increasingly digital and complex business processes on the one hand, but also new technological possibilities on the other, companies are faced with the challenge of making their (ERP) systems and the data generated in them usable in order to effectively and efficiently counter risks and optimally manage the associated formal GRC processes. In addition to solutions in the basic IT area (IT General Controls), the focus is on procedural controls in the areas of ICS, compliance and risk management.

In this area, we offer various technical solutions with which you can fulfil your professional requirements

AI in Control

With the increasing complexity and criticality of the use of algorithmic or model-based systems - especially in connection with self-learning artificial intelligence systems - the requirements for transparency, traceability and controllability of these systems are also increasing. With AI in Control, KPMG offers an approach that both supports the auditing of an individual system or process and allows the development of company-wide AI governance. With the latter, the entire life cycle of such a system can be monitored or audited retrospectively.

To this end, AI in Control combines elements of the classic IT audit based on the framework of COBIT5, which has been expanded to include AI-specific elements, with expertise on best practice in the implementation of data science projects and the operation of intelligent systems.

Audit & Certification Automation

Examinations and certifications are often characterised by a high manual share in the execution of the examination steps and the preparation of results. For this purpose, we have developed various methodologies that support us in these activities. For example, we have solutions with which we can easily extract relevant data and document attachments from ERP systems or carry out necessary comparisons using suitable data analysis procedures and thus prepare audit-relevant results more quickly and efficiently.

In particular, IT system audits with a focus on the allocation of authorisations or the completeness of migration procedures used in the event of a system change can thus not only be made more efficient, but also more targeted and faster. Furthermore, we have suitable solutions to ensure the secure exchange of data during an audit and to track the audit steps and status on a common platform. This enables transparency and a more efficient approach to findings (especially in multi-audit approaches). This can prevent redundant documentation.

Continuous Controls Monitoring

The challenges of our customers are manifold and affect the organisation, the processes and the system landscape in equal measure. In the process, companies find themselves caught between increasing efficiency (performance) and minimising risks (compliance) at the same time. Often, both performance and compliance controls are carried out and checked manually. This causes a high time and manual effort; in addition, the controls often take place with a very long delay.

By means of fully automated system and process monitoring and evaluation procedures, we create maximum transparency. Through the almost instantaneous evaluation, we avoid risks due to controls that are carried out too late or excessive process costs that would arise if the process were not intervened in time.

Any anomalies are displayed directly to the responsible employees via workflows and can be processed and documented immediately.

If required, we make our solution available on the KPMG Cloud Platform. This relieves the burden on your own IT infrastructure and the corresponding IT staff.

Especially as auditors, KPMG has many years of experience in advising on GRC topics in the area of audit. We combine this knowledge with new technologies that benefit you as a company. Here you can draw on a broad catalogue of already existing methodologies. These can then be parameterised to your individual requirements.

We are also happy to support you in the further or new development of your individual GRC solutions.