IT Internal Audit

We advise and assist clients across sectors in their governance programmes, controls transformation and technology audits including IT SOX compliance
IT Internal Audit

Strengthen technology audit capabilities

The changing technology landscape and fast-paced digitisation involving cloud adoption, big data analytics and intelligent automation has led to newer and greater technology risks. KPMG International recently conducted a global survey of 300+ participants from Chief Audit Executives, Audit directors, Vice presidents and Senior Managers belong to internal audit functions and asked them to rank their technology risk areas that they are likely to review in their upcoming audit/assessment cycles. Below is an illustration of the technology risk landscape based on these responses.

  1. As is evident from the survey responses, emerging technologies feature highly on this list with cyber, data privacy, cloud security and blockchain all on the agenda. This demands organisations to strengthen their technology audit capabilities, and transform their audit methodologies incorporating analytics and automation for an integrated and continuous review of enterprise risks and controls.

  2. Additionally, internal audit function needs to heighten collaboration with other lines of defense and across business units to help organisations enhance their IT audit, IT risk and compliance capabilities thus driving value into the business.

  3. The ever-increasing scope and complexity of technology audit impact the organisations due to a shortage of relevant talent. This results in organisations opting for models such as outsourcing or co-sourcing of technology risk capabilities or even using SME support to audit emerging risk areas. The increasing broad spectrum of technology risks also leads to talent requirements in the other two lines of defense to assist in the running of an effective risk management and governance programme.

  4. KPMG in India, through the below services, assists global organisations in addressing the above challenges and transforming their internal audit function, strengthening their technology risk governance portfolio enabling them to assist in holistic review of risks and controls:

IT Internal Audit

Extending support across the three Lines of Defence

IT Internal Audit

Helping clients drive their technology audit capabilities & add value through risk assessment, planning & execution of repeatable, thematic andspecialised audits.
 

IT SOX

Helping clients with the design & execution of their IT SOX program. Includes SOX readiness assessments, SOX controls design, SOX transformation programs, management testing etc.

IT Controls & Governance

Helping clients drive their tech risk governance & compliance programs across LOD1 & 2. Includes RCSA and other controls testing programs.
 

Business Operations

Management's control operations- adherence to existing internal controls framework

  • Tech controls framework design
  • Tech controls transformation
  • Controls target operating model
     

Support Functions

Support functions catering to Risk Management, Compliance Monitoring, etc.

  • RCSA
  • SOX testing
  • Risk assessments of financially relevant

Internal Audit

Technology Internal Audit

  • Technology audit 
  • Management action plan validation
  • Audit of emerging risk areas
  • Automation of audits
     

Our offerings

IT Internal Audit

KPMG in India helps clients enhance their technology audit capabilities with execution of repeatable, thematic, and specialized audits for their third line of defense

  1. Test of design and test of operating effectiveness of IT general controls (ITGCS)
  2. Test of design and test of operating effectiveness of IT application controls (ITACS)
  3. Platform audits, Network Infrastructure and Cybersecurity Audits
  4. Audit of applications hosted on cloud
  5. Business Continuity and Planning Audits
  6. Technology audits for regulatory compliances
  7. Change management and configuration controls review
Presentation in Multi-Ethnic Office Conference Room. Meeting of Diverse Young Entrepreneurs, Specialists, Talking, Using TV for infographics. Businesspeople Develop e-Commerce Startup.
People sitting and talking
  1. System Interface & Data Integrity controls testing
  2. Thematic technology audits
  3. Segregation of Duties Review
  4. Deep dive process audits
  5. IT audit ad-hoc assistance (SME)
  6. Data Privacy audits
  7. Audit on emerging technologies (Sec Dev Ops/RPA/AI/ML)

Technology Risk and Control Assessment

KPMG in India helps clients by performing assessments of IT risks and controls as part of their various technology risk management programs across second line of defense.

  1. Risk & Controls Self-assessment (RCSA)
  2. Tech RCSA results reporting and dashboard
  3. Issue reporting and remediation support for IT risks and controls assessments
  4. IT Risk and control inventory management
  5. Risk Assessments of financially relevant and high-critical applications
  6. Targeted reviews on Open-Source software controls
  7. Cyber Security Reviews and Assessments
three people walking in server room and discussing something

IT SOX Compliance

KPMG in India helps clients with design, execution, transformation, and upliftment of their IT SOX program.

Smiling Indian businesswoman leading corporate meeting with diverse colleagues, coach mentor training employees, discussing project strategy, sharing ideas, business partners negotiation concept
  1. IT SOX Readiness assessment
  2. IT SOX program management
  3. IT SOX ICOFR documentation
  4. IT SOX Testing assistance (including intelligent automation for control testing)
  5. Gap analysis, recommendations and deficiency management
  6. IT SOX Program status reporting

Other ancillary technology risk and governance support

KPMG in India helps clients with data and analytics assistance for controls testing, issue reporting, and automation support for efficient governance.

  1. Assessment of risks related to automation adoption
  2. Assistance with authentication of bots, change management, program and bot monitoring, and overall risk and governance
  3. Automation Policy and Procedure
  4. Algorithm and logic review of RPA bots
  5. Vulnerability assessment
RISK
Young professional it specialist latin hispanic business lady working on laptop pc sitting at desk in modern office space. 30s middle eastern indian woman using computer technology app for work online
  1. Automation of audits (Control testing, documentation)
  2. Dynamic and Agile Auditing
  3. Quality Review of technology audits
  4. Development & ongoing maintenance of IA related tools and applications
  5. Continuous Monitoring & Enhanced Adoption of Data & Analytics

Technology Risk Governance

KPMG in India helps clients by driving their technology risk governance and compliance programs across first and second lines of defense by performing role of a tech risk officer.

  1. Divisional risk oversight
  2. Implementing policies and framework for IT risk management
  3. Facilitating risk and control assessments for audit critical assets
  4. IT control framework reviews
  5. Coordinating issue remediation activities across technology control assessments
  6. Tech Controls Framework design
  7. Tech Controls transformation
  8. Controls Target Operating Model
cheerful and curly indian man in headphones and yellow jumper holding coffee to go and looking at laptop near microphones and radio host writing in notebook near smartphone on table in radio studio

Management Action Plan Validation

KPMG in India helps clients' various technology risk and controls assessment teams and IA function by establishing a centralized team for validation and closure of management action plans for critical assessment and audit findings.

Businessman and businesswoman colleague using laptop and digital tablet working and discussion business plan at office building. Corporate business people partnership and teamwork meeting concept.
  1. Review of open issues and action plans
  2. Walkthroughs with issue owners for evidence gathering
  3. Test of design and implementation of agreed remediation actions
  4. Action plan validation documentation
  5. Validation and Closure status reporting

Why KPMG in India?

Our differentiators

How can it help you?

Accelerators

Control catalogues, templates, domain expertise. lechnology alliances, Innovation and agile ways of working across technology risk ecosystem

Our accelerators such as risks and controls inventory, customised templates, assessments guidance, innovation, automation expertise, agile delivery, strong alliances, domain knowledge and transformation initiatives help bring in overall program efficiency and effective governance.

Delivery Model

Well-established track record of delivering various internal audit, nsks and controls assessment and compliance engagements across multiple industry sectors

Working with multiple sector clients, KPMG in India has consistently delivered quality engagements, assisted its clients with upliftment and alignment of their control assessment and audit programs to local and international regulations and standards resulting in efficient technology risk governance.

Team Expertise

Skilled professionals with diverse range of degrees and certifications relevant to technology risk domain

We have large number of professionals with relevant expenence across India focused on skiliset of control testing, controls audits, risk assessments, cyber security, cloud control audits, IT audits, IT application controls testing, IT risk and compliance and IT automation. Our professionals are certified in industry standards such as CISA, CISM, CRISC, PMP, CISSP, CCSP, AWS, ISO 27001 Lead Auditor, ITIL, etc.

Accelerators

  1. Control catalogue and templates
  2. Adoption of data and analytics
  3. Strong understanding of global regulatory and compliance landscape
  4. Dedicated domain and Subject Matter Expert
  5. Agile Delivery
  1. Risk and control matrices
  2. Contemporary, best-in-class technology/tools/ strategic alliances
  3. Transformation and Maturity assessments
  4. Access to multidisciplinary team providing unified view of risk
  5. Innovation and Automation in Audit

Global Delivery Model

A network of Technology Audit professionals with deep subject matter expertise across India allows KPMG in India to deliver internal audit, technology risks and controls assessments, IT governance and compliance audits, IT automation capabilities for clients across their three lines of defense.

Managed Services

KPMG in India responsible for planning, execution, reporting, quality review, building process efficiencies and continuous Improvement for the client engagement(s).

Key Delivery expertise

Access to repository of pre-built automation units that can be rapidly deployed or tailored to address specific use cases to drive efficiency.

 

Staff Augmentation

KPMG in India responsible for providing SME resources to client management for execution of the client engagement(s).

Key Delivery expertise

Access to large number of domain and subject matter experts helping clients with internal audits, SOX programs, compliance reviews, risk and controls assessments, risk management, control audits, automation, data analytics, IT governance, control optimisation and agile delivery.

Hybrid

KPMG in India responsible for providing flexibility to client management to opt for both managed services and staff augmentation approaches depending upon specific audit and compliance review areas.

Key Delivery expertise

Access to KPMG proprietary tools and technology with insights, alerting and reporting mechanisms.

 

Team Expertise

Control Testing Skillset

ERP Security | Identity and Access Management | Change Management | Operations Controls | Infrastructure Security | Cloud Application Assessment | Third-Party Risk Management | Business Continuity Management | Disaster Recovery | Patch and Vulnerability Management | Physical Security | Environmental Controls | Mobile device Management | Application Controls | Robotic Process Automation | Network Reviews

Our professionals are certified in industry standards such as CISA, HITRUST, CISM, CRISC, PMP, CISSP, CCSP, AWS, ISO 27001 Lead Auditor, ITIL and many more.

Please note this is an indicative list and not exhaustive list of skillsets

Credentials

American multinational investment bank and financial services company

Internal Audit and Management Action Plan Validation support for business and technology areas

 

American multinational financial services firm

Internal Audit and S0X testing support for business and technology areas


 

UK Based Retail and Commercial Bank

Intemal Audit support for business and technology areas



 

American multinational investment bank and financial services company

Risk and Control Self- Assessment (RCSA) support for tech nak and control profile

 

American multinational investment bank and financial services company

Issue closure validation support for Intermal Audit function

British multinational oil and gas company

IT Sox controls lesting and transformation support

 

Swiss Investment bank and financial services company

 IT Sox controls testing support

American Retail company

IT Sox controls testing support

 

British multinational oll and gas company

Various technology risk assessments support

American multinational Investment bank and financial services company 

Managed Services of Thematic IT Audits and Management Action Plan Validation support

Our Insights

Trailblazing digital frontiers

Global IT internal audit outlook
Global audit outlook

KPMG 2024 CEO Outlook

125 CEOs in India share their views on geopolitics, return-to-office, ESG and generative AI

CEO Outlook

Top risks forecast

Bottom lines for business in 2024 and beyond.
drop-boat-abstract

Meet our team

Anil KV

Global IT Internal Audit Leader, KPMG International, and Partner

KPMG in India

Deepak Gupta

Partner

KPMG in India


Connect with us

Contact our specialists for more information

connect with us