The IT auditors from KPMG have a broad knowledge of IT management processes, IT systems and various IT frameworks, and are affiliated to the professional association for IT auditors in the Netherlands (NOREA). Among other things, we advise on the control of IT systems (including the General IT Controls), control of business processes, the configuration of your IT organisation, the control of IT projects, information security and privacy. We can support you with risk analyses and setting up the appropriate control measures in order to cover these risks. Naturally we also perform IT audits based on risk analyses of common frameworks, providing sharp and objective evaluations.
Depending on your wishes as a client, these IT audits can result in a report of findings or in formal assurance reports in accordance with the guidelines of the NBA or NOREA. For example, ISAE 3402 reports (or SOC1), COS3000 reports or SOC2 reports. The formal assurance reports come with an evaluation that can also be communicated to third parties, for example customers to whom you supply IT services. We work with all common IT platforms and IT systems, for example, SAP, Axapta, Navision, Oracle, etc. Our IT auditors have hands-on experience with these systems and therefore know the vulnerabilities that need to be borne in mind. Thanks to their IT audit methodology and IT audit experience, they are in a position to evaluate any IT system, even custom-built systems.
We are familiar with all the common frameworks and IT audits such as ISO27001/27002 (information security), PCI/DSS audits, DIGID audits, SUAG audits, privacy audits, continuity audits, IT project audits, post-implementation scans, data migration audits, audits of privileges within IT systems and so on.