Amid the changing dynamics of the marketplace, a trend towards outsourcing has been emerging, especially over the past 4-6 years. Corporations globally are seeking strategic and competitive advantages by outsourcing their non-core service offerings. Whether this is to take advantage of specialized competencies, to reduce costs by outsourcing to lower-cost locations, or to release the management of non-strategic services, these businesses recognize the importance of understanding the control environment of their service providers, as well as their own. Our IT Attestation professionals provide independent assurance to these organizations, through distributable reports such as SysTrust, SAS70 / ISAE 3402.

KPMG’s IT Advisors examine organization’s or service organization’s control objectives and control activities, typically over information technology and related business processes and deliver assessments that can provide comfort to clients and their business partners that systems are operating as designed. They encompass those IT services that must comply with auditing standards and assurance frameworks, such as the IFAC, AICPA SAS 70 or ISAE 3402. KPMG’s IT Advisory Services practice also provides industry specific insight and understanding into complex IT environments.

How we can help

Our services include but are not limited to:

• Assurance engagements other than audits or reviews of historical financial information (IFAC 3000)
• Assurance or attestation engagements that result in reports on the processing of transactions by service organizations (IFAC 3402, SAS 70)
• Trust Services in accordance with AICPA and CICA standards
• Security and other certification (IFAC 3000)
• Agreed-upon procedures (IFAC 4400)

Especially for SAS 70, KPMG is a global leader in delivering such services. Our professionals have extensive knowledge and experience in delivering SAS 70 services. KPMG has developed a globally consistent methodology and an automated SAS 70 engagement management tool to assist with increasing the efficiency of SAS 70 engagement delivery and reporting. Worldwide, KPMG conducts approximately 35 percent of SAS 70 audits and around half the SAS 70 audits of Fortune 1,000 software companies.

Potential benefits

Our services can help in your preparation for the SAS 70 and the ISAE 3402 auditing and assurance processes and reports. We can help you identify the relevant business process controls and supporting IT process controls, as well as demonstrating effective IT regulatory compliance and achieve:

• Improved IT risk management
• Independent audit opinions and assurance
• More effective communication of IT-related issues to management and the board
• Enhanced relationships with regulators and stakeholders

In turn, the recipients of your services and their auditors can rely on our work.