• 1000
  • Do you offer outsourced services, such as technology, payroll, HR or investment management?
  • Do you manage large amounts of customer data?
  • Are data security, availability, privacy or processing integrity important to your business operations?
  • Are you required to demonstrate a strong control environment?

If the answer to any of these questions is ‘yes’, then Controls Assurance could benefit your business.

Benefits of Controls Assurance

Peace of mind: We’ll help you exceed the ever-rising third-party assurance bar. 

A risk-aware culture: We’ll help you to enhance staff awareness of risk and controls, and continually drive improvements for you and your customers.

A competitive edge: Controls Assurance puts you on the front foot when bidding to prospective customers. 

Customer reassurance: Controls Assurance streamlines the process of meeting due diligence and audit requests – giving confidence to customers and prospects, and reducing audit fatigue. 

Connect with us

Our Controls Assurance experience

Our UK team of over 600 specialists issues more than 150 Controls Assurance reports each year – and KPMG produces 2,000-plus reports worldwide.

We work with clients of all shapes and sizes, in sectors including:

By working with KPMG, you’ll benefit from our many years of working with organisations globally and locally. This experience enables us to tailor our approach to your business’ Controls Assurance requirements, ensuring that your assurance project is a success.

What our clients say

10 out of 10 on our Client Voice Programme Survey
“A highly engaged and knowledgeable team, extremely likely to recommend.”

10 out of 10 on our Client Voice Programme Survey
“I have an excellent working relationship with the engagement team, who go above and beyond our expectations. Any project would be privileged to involve these fine representatives of KPMG.” 

Our frameworks

We’re able to provide assurance using one or more of the frameworks below:


ISAE 3402: International framework for internal controls over financial reporting

SSAE 18: US-specific framework for internal controls over financial reporting


Broad applicability to any services where security, confidentiality, availability, processing integrity, and/or privacy are important to customers. 


Broad applicability to any service as per SOC 2 but without a detailed report.

AAF 01/20 (replaces AAF 01/06) & AAF 05/20 (replaces 02/07)

UK framework for organisations delivering specific financial services – especially pension management, investment management and related industries. 

ISAE 3000

An international standard that can cover financial and operational risks and controls specified by a service provider. 

Harmonised assurance

KPMG is the only Big Four firm in the UK accredited by UKAS to provide ISO certifications, e.g. ISO 27001 and 22301. 

Insights for Controls Assurance

Visit pages related to Controls Assurance