Insights

Fresh thinking and actionable insights that address critical issues your organization faces.

Learn more

Resources

Services

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

View all Alliances

Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more
Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Compliance & accuracy of data and cloud computing control risks

Trends in ICFR Programs

KPMG Future of SOX insights

Download PDF
Share

Managing the Completeness and Accuracy of Data (C&A) continues to be a challenging topic for management, internal control functions and external auditors. At the same time, the increasing use of cloud computing is requiring organizations to reconsider risks, and redesign internal controls to adapt to the new technology environments. In a recent webcast on July 11th, KPMG experts detailed practical ways that companies can use to address C&A and cloud computing internal control risks.

Key Insights:

1

Growing cloud adoption has an impact on SOX (Sarbanes-Oxley) compliance. This requires nuanced controls for user access and change management.

2

The use of third-party services and data necessitates thorough due diligence and monitoring. It is important to understand the allocation of responsibilities between the organization and third parties, as well as the flow of data.

3

The concept of completeness and accuracy of data is challenging for many control owners. Finding an effective and efficient way to perform and document procedures adds complexity.

4

Control design and testing approaches should be differentiated based on the type of reports, such as standard, custom, ad hoc, and spreadsheet reports. This ensures an efficient approach.

5

Identifying Relevant Data Elements (RDEs) within key reports is crucial for an effective and efficient approach to certification and accreditation (C&A).

5 things SOX professionals need to do now:

1

Growing cloud adoption has an impact on SOX (Sarbanes-Oxley) compliance. This requires nuanced controls for user access and change management.

2

The use of third-party services and data necessitates thorough due diligence and monitoring. It is important to understand the allocation of responsibilities between the organization and third parties, as well as the flow of data.

3

The concept of completeness and accuracy of data is challenging for many control owners. Finding an effective and efficient way to perform and document procedures adds complexity.

4

Control design and testing approaches should be differentiated based on the type of reports, such as standard, custom, ad hoc, and spreadsheet reports. This ensures an efficient approach.

5

Identifying Relevant Data Elements (RDEs) within key reports is crucial for an effective and efficient approach to certification and accreditation (C&A).

What percent of the in-scope SOX IT Applications that you audit are leveraging Cloud Computing? – e.g., NetSuite (SaaS), Salesforce (PaaS), Custom applications (IaaS)?

What is the greatest challenge you face with respect to achieving or assessing SOX compliance of a Cloud Solution?

What is the most helpful Cloud feature with respect to achieving or assessing SOX compliance of a Cloud Solution?

How do you keep up-to-date with new Cloud features and developments that impact your SOX environment?

What percent of your key reports are currently benchmarked?

What are your most common IPE (Information Prepared by the Entity) challenges?

How are issues with IPE logic currently being identified in your organization?

Dive into our thinking:

Trends in ICFR Programs: Compliance & accuracy of data and cloud computing control risks

Download PDF

Explore more

The Future of SOX insights
Insight
Webcast Replay Webcast Upcoming Listen Now

The Future of SOX insights

The latest SOX trends and insights organizations need to know about

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now

Trends in ICOFR Programs

Join us for the latest installment of our Future of SOX webcast series as we discuss the top trends that we’re seeing emerging as common themes in internal controls over financial reporting (ICOFR) programs specifically focused around key technology indicators and trends impacting technology and its impact to overall SOX compliance.

Read more

Meet our team

Image of Sue King
Sue King
Partner, Advisory • Offering, Risk Services, KPMG LLP
Read bio
Image of Joe Manusakis
Joe Manusakis
Principal, Technology Risk Management, KPMG US
Read bio
Image of Sue King
Sue King
Partner, Advisory • Offering, Risk Services, KPMG LLP
Read bio
Image of Joe Manusakis
Joe Manusakis
Principal, Technology Risk Management, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline