KPMG SOC Reporting Benchmarking Report 2024
As the risk landscape evolves, pressures from topics like operational resilience, cyber security, and regulatory compliance only increase. Similarly, the opportunities arising from modern application of automation through to AI to build competitive advantage are abundant. Managing and optimising approach to risk and assurance from these topics is critical.
We’re pleased to share our KPMG Controls Assurance Benchmarking Report. It’s one of the most comprehensive benchmarking exercises we’ve undertaken in the UK for Controls Assurance, in which we’ve analysed over 400 assurance reports across multiple industries to understand key trends and insights. This report covers multiple assurance standards / frameworks, e.g. SOC 1 / 2, ISAE 3402 / SSAE 18, ISAE (UK) 3000 and AAF 01/20.
Why Choose Controls Assurance?
- Do you offer outsourced services, such as technology, payroll, HR or investment management?
- Do you manage large amounts of customer data?
- Are data security, availability, privacy or processing integrity important to your business operations?
- Are you required to demonstrate a strong control environment?
If the answer to any of these questions is ‘yes’, then Controls Assurance could benefit your business.
Benefits of Controls Assurance
Peace of mind: We’ll help you exceed the ever-rising third-party assurance bar.
A risk-aware culture: We’ll help you to enhance staff awareness of risk and controls, and continually drive improvements for you and your customers.
A competitive edge: Controls Assurance puts you on the front foot when bidding to prospective customers.
Customer reassurance: Controls Assurance streamlines the process of meeting due diligence and audit requests – giving confidence to customers and prospects, and reducing audit fatigue.
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia
Our Controls Assurance experience
Our UK team of over 600 specialists issues more than 150 Controls Assurance reports each year – and KPMG produces 2,000-plus reports worldwide.
We work with clients of all shapes and sizes, in sectors including:
- Payment
- HR and payroll
- Financial services (including FinTech)
- Technology
- Public sector
- Health
- Private enterprises
By working with KPMG, you’ll benefit from our many years of working with organisations globally and locally. This experience enables us to tailor our approach to your business’ Controls Assurance requirements, ensuring that your assurance project is a success.
What our clients say
10 out of 10 on our Client Voice Programme Survey
“A highly engaged and knowledgeable team, extremely likely to recommend.”
10 out of 10 on our Client Voice Programme Survey
“I have an excellent working relationship with the engagement team, who go above and beyond our expectations. Any project would be privileged to involve these fine representatives of KPMG.”
Our frameworks
We’re able to provide assurance using one or more of the frameworks below:
SOC 1
ISAE 3402: International framework for internal controls over financial reporting
SSAE 18: US-specific framework for internal controls over financial reporting
SOC 2
Broad applicability to any services where security, confidentiality, availability, processing integrity, and/or privacy are important to customers.
SOC 3
Broad applicability to any service as per SOC 2 but without a detailed report.
AAF 01/20 (replaces AAF 01/06) & AAF 05/20 (replaces 02/07)
UK framework for organisations delivering specific financial services – especially pension management, investment management and related industries.
ISAE 3000
An international standard that can cover financial and operational risks and controls specified by a service provider.