Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Compliance & accuracy of data and cloud computing control risks

Trends in ICFR Programs

KPMG Future of SOX insights

Download PDF
Share

Managing the Completeness and Accuracy of Data (C&A) continues to be a challenging topic for management, internal control functions and external auditors. At the same time, the increasing use of cloud computing is requiring organizations to reconsider risks, and redesign internal controls to adapt to the new technology environments. In a recent webcast on July 11th, KPMG experts detailed practical ways that companies can use to address C&A and cloud computing internal control risks.

Key Insights:

1

Growing cloud adoption has an impact on SOX (Sarbanes-Oxley) compliance. This requires nuanced controls for user access and change management.

2

The use of third-party services and data necessitates thorough due diligence and monitoring. It is important to understand the allocation of responsibilities between the organization and third parties, as well as the flow of data.

3

The concept of completeness and accuracy of data is challenging for many control owners. Finding an effective and efficient way to perform and document procedures adds complexity.

4

Control design and testing approaches should be differentiated based on the type of reports, such as standard, custom, ad hoc, and spreadsheet reports. This ensures an efficient approach.

5

Identifying Relevant Data Elements (RDEs) within key reports is crucial for an effective and efficient approach to certification and accreditation (C&A).

5 things SOX professionals need to do now:

1

Growing cloud adoption has an impact on SOX (Sarbanes-Oxley) compliance. This requires nuanced controls for user access and change management.

2

The use of third-party services and data necessitates thorough due diligence and monitoring. It is important to understand the allocation of responsibilities between the organization and third parties, as well as the flow of data.

3

The concept of completeness and accuracy of data is challenging for many control owners. Finding an effective and efficient way to perform and document procedures adds complexity.

4

Control design and testing approaches should be differentiated based on the type of reports, such as standard, custom, ad hoc, and spreadsheet reports. This ensures an efficient approach.

5

Identifying Relevant Data Elements (RDEs) within key reports is crucial for an effective and efficient approach to certification and accreditation (C&A).

What percent of the in-scope SOX IT Applications that you audit are leveraging Cloud Computing? – e.g., NetSuite (SaaS), Salesforce (PaaS), Custom applications (IaaS)?

What is the greatest challenge you face with respect to achieving or assessing SOX compliance of a Cloud Solution?

What is the most helpful Cloud feature with respect to achieving or assessing SOX compliance of a Cloud Solution?

How do you keep up-to-date with new Cloud features and developments that impact your SOX environment?

What percent of your key reports are currently benchmarked?

What are your most common IPE (Information Prepared by the Entity) challenges?

How are issues with IPE logic currently being identified in your organization?

Dive into our thinking:

Trends in ICFR Programs: Compliance & accuracy of data and cloud computing control risks

Download PDF

Explore more

The Future of SOX insights
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

The Future of SOX insights

The latest SOX trends and insights organizations need to know about

Read more

Meet our team

Image of Sue King
Sue King
Partner, Advisory • Offering, Risk Services, KPMG LLP
Read bio
Image of Joe Manusakis
Joe Manusakis
Principal, Technology Risk Management, KPMG US
Read bio
Image of Sue King
Sue King
Partner, Advisory • Offering, Risk Services, KPMG LLP
Read bio
Image of Joe Manusakis
Joe Manusakis
Principal, Technology Risk Management, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline