The changing technology landscape and fast-paced digitisation involving cloud adoption, big data analytics and intelligent automation has led to newer and greater technology risks. KPMG International recently conducted a global survey of 300+ participants from Chief Audit Executives, Audit directors, Vice presidents and Senior Managers belong to internal audit functions and asked them to rank their technology risk areas that they are likely to review in their upcoming audit/assessment cycles. Below is an illustration of the technology risk landscape based on these responses.
As is evident from the survey responses, emerging technologies feature highly on this list with cyber, data privacy, cloud security and blockchain all on the agenda. This demands organisations to strengthen their technology audit capabilities, and transform their audit methodologies incorporating analytics and automation for an integrated and continuous review of enterprise risks and controls.
Additionally, internal audit function needs to heighten collaboration with other lines of defense and across business units to help organisations enhance their IT audit, IT risk and compliance capabilities thus driving value into the business.
The ever-increasing scope and complexity of technology audit impact the organisations due to a shortage of relevant talent. This results in organisations opting for models such as outsourcing or co-sourcing of technology risk capabilities or even using SME support to audit emerging risk areas. The increasing broad spectrum of technology risks also leads to talent requirements in the other two lines of defense to assist in the running of an effective risk management and governance programme.
KPMG in India, through the below services, assists global organisations in addressing the above challenges and transforming their internal audit function, strengthening their technology risk governance portfolio enabling them to assist in holistic review of risks and controls:
Our Service offerings
Below are the offerings under IT internal audit services across three lines of defense.
- IT internal audit – KPMG in India helps clients’ internal audit function enhance their technology audit capabilities and add value across all stages of audit from planning, execution to reporting and remediation.
- Technology risk and control assessment – KPMG in India assists clients with their various technology risk management programmes across the second line of defense.
- IT SOX compliance – KPMG in India helps clients with their IT SOX programme reducing costs and increasing the effectiveness of the programme.
- Management action plan validation – KPMG in India helps clients’ various technology risk and controls assessment teams and internal audit function with timely closure of issues related to control gaps and elevate their risk profile.
- Technology risk governance – KPMG in India helps clients by driving their technology risk governance and compliance programmes to assist in the organisation remains in a managed state within acceptable risk tolerance limits.
- Other ancillary technology risk and governance support – KPMG in India helps clients with other ad-hoc support for process efficiency, streamlining with the use of but not limited to data and analytics assistance, automation, dashboard etc.
Why KPMG in India?
Accelerators
Global Delivery Model
Team Expertise
Control Testing Skillset
ERP Security | Identity and Access Management | Change Management | Operations Controls | Infrastructure Security | Cloud Application Assessment | Third-Party Risk Management | Business Continuity Management | Disaster Recovery | Patch and Vulnerability Management | Physical Security | Environmental Controls | Mobile device Management | Application Controls | Robotic Process Automation | Network Reviews
Our professionals are certified in industry standards such as CISA, HITRUST, CISM, CRISC, PMP, CISSP, CCSP, AWS, ISO 27001 Lead Auditor, ITIL and many more.
Please note this is an indicative list and not exhaustive list of skillsets
Credentials
