Information Risk Management in External Audit

Information Risk Management in External Audit

Our professionals provide assurance for the security of information systems and minimizing error and fraud risks

Our professionals provide assurance for the security of information systems...

Organizations depend on IT for complete and accurate financial reporting and external auditors, in their turn, rely on IT systems and controls for an efficient and effective audit.

KPMG’s IT Audit team work with the following parties to help them achieve their objectives:

Clients: To reassure shareholder interest that the IT function supports the business and is sufficiently controlled

Auditors: To ensure IT audit objectives are identified, tested and reported efficiently in line with KAM guidelines

IRM in External Audit team assists the audit team by providing assurance that the systems and applications used for the financial statements reporting are securely controlled and the related risks of error and fraud are minimized.

Our services are outlined below:

  • Support the entity level fraud risk assessment and the audit planning process to properly take account of IT risks and controls 
  • Document and understand complex processes and controls using specific industry and technical experience 
  • Support the audit team to help identify the key controls within a client’s business 
  • Assess the design and effectiveness of IT general controls and application controls 
  • Support the substantive testing phase of the audit by:
    – Confirming the accuracy of financial consolidations using an automated tool
    – Testing data migrations when a new financial system is implemented
    – Using Computer Assisted Audit Techniques (CAATs) to provide audit assurance by testing large portions of the population

Potential benefits

  • Robust audit opinions by KPMG: By properly addressing the IT risks faced by our client we, as a firm, are thoroughly assessing the financial statement impact of our client’s business. 
  • An efficient financial audit: By relying on IT and application controls the amount of substantive testing on the audit can be reduced over routine transactions. The audit team can then focus on non-routine transactions in other complex areas. 
  • Identification of key business risks and controls: By utilizing the experience we have built up from advisory engagements, we assist the audit team with the understanding of complex ERP systems and specific industry processes (e.g. telecoms) in order to quickly identify key controls and understand where risks are most likely to exist. 
  • Escalation of IT issues to the Audit Committee and other senior management: Often IT issues are not understood by the Board and other senior management and our findings can raise the IT agenda in order to help make improvements.

Connect with us