Prevention is better than cure. That is certainly true of cyber crime. It is estimated that cyber crime costs Dutch businesses more than €1 billion. For your company, it is important to understand your IT risks. You need to prepare for what could happen. A good risk analysis helps to prevent cyber crime. Moreover, it enables you to comply with any requirements imposed by the regulator. 

Always in control

Your systems hacked, business data in the public domain, customers unable to access your site – all these things can result in losses to your firm running to millions of euros. Naturally, you want to avoid that.

You can do so by establishing a solid foundation in the form of an IT risk and control framework. This assures you of good support and an organisation that functions the way it is supposed to. If the design, construction and functioning of an IT risk and control framework are efficient and correct, you will gain more insight into your processes and risks, fewer conscious/unconscious errors will be made and you will be able to identify points for improvement within the processes. In short, you will be in control of your IT risks.

With the help of our IT risk and control framework, we will make sure you gain control over your processes. It is a complete framework, integrated with the leading standards and laws and regulations (for example, COBIT®, SWIFT, NIST, SOC2®, ISO27001, NEN 7510, the government information security baseline (BIO), DGS, GDPR and more). We take account of the latest updates and changes in different areas such as information security, cyber security and privacy.

On the Assurance Services web page, you will find more information about assurance standards and how our experts apply them in different assignments.

Advisory, Assessments en Assurance

In order to achieve an overall picture, IT Risk in Control offers a number of possible pathways and services in terms of advice, making assessments and providing assurance. These enable you to organise and monitor the control of the risks that are relevant to you and meet the information requirements of the various stakeholders in the area of IT risk management.

  • Advisory: In various areas, we will help you with advice to identify the risks, implement improved security rules and identify and implement important controls. We will also assist you with digitisation and the cultural changes that are needed for implemented controls.
  • Assessments: Are you expecting a visit from the regulator or do you want to implement particular legislation or regulations by means of frameworks? Are you being asked to perform a self-assessment? We will help you identify the risks, analyse the processes, determine the extent of control of the risks and identify the gaps within your processes. In addition, we can help you perform an assessment of your IT policy documents, procedures and controls.
  • Assurance: Do you have customers or other stakeholders who are asking for assurance about the extent of control of information security and cyber security over your product or framework? We can help by providing framework assurance services. 
IT risk in control


We offer you a team with diverse expertise: from data scientists and IT auditors to privacy experts, legal specialists and ethicists. As a result, we can help you with a wide range of issues and questions. In addition, the team has many years of experience in improving frameworks, privacy and cyber. Already an assurance customer? Does KPMG perform your audits for you? If so, there is more we can do for you!

With over 155,000 colleagues in 144 countries, we always have the right expertise on hand to match a specific assignment. Would you like to know what KPMG can do for you in the area of project assurance and project control? Please contact Arno Kroese, senior manager IT Assurance & Advisory.

Find out how KPMG can help you and your business

Request for Quotation (RFP)