IT Internal Audit

    We advise and assist clients across sectors in their governance programmes, controls transformation and technology audits including IT SOX compliance
    IT Internal Audit

    Strengthen technology audit capabilities

    The changing technology landscape and fast-paced digitisation involving cloud adoption, big data analytics and intelligent automation has led to newer and greater technology risks. KPMG International recently conducted a global survey of 300+ participants from Chief Audit Executives, Audit directors, Vice presidents and Senior Managers belong to internal audit functions and asked them to rank their technology risk areas that they are likely to review in their upcoming audit/assessment cycles. Below is an illustration of the technology risk landscape based on these responses.

    • As is evident from the survey responses, emerging technologies feature highly on this list with cyber, data privacy, cloud security and blockchain all on the agenda. This demands organisations to strengthen their technology audit capabilities, and transform their audit methodologies incorporating analytics and automation for an integrated and continuous review of enterprise risks and controls.

    • Additionally, internal audit function needs to heighten collaboration with other lines of defense and across business units to help organisations enhance their IT audit, IT risk and compliance capabilities thus driving value into the business.

    • The ever-increasing scope and complexity of technology audit impact the organisations due to a shortage of relevant talent. This results in organisations opting for models such as outsourcing or co-sourcing of technology risk capabilities or even using SME support to audit emerging risk areas. The increasing broad spectrum of technology risks also leads to talent requirements in the other two lines of defense to assist in the running of an effective risk management and governance programme.

    • KPMG in India, through the below services, assists global organisations in addressing the above challenges and transforming their internal audit function, strengthening their technology risk governance portfolio enabling them to assist in holistic review of risks and controls:

    IT Internal Audit

    Extending support across the three Lines of Defence

    IT Internal Audit

    Helping clients drive their technology audit capabilities & add value through risk assessment, planning & execution of repeatable, thematic andspecialised audits.
     

    IT SOX

    Helping clients with the design & execution of their IT SOX program. Includes SOX readiness assessments, SOX controls design, SOX transformation programs, management testing etc.

    IT Controls & Governance

    Helping clients drive their tech risk governance & compliance programs across LOD1 & 2. Includes RCSA and other controls testing programs.
     

    Business Operations

    Management's control operations- adherence to existing internal controls framework

    • Tech controls framework design
    • Tech controls transformation
    • Controls target operating model
       

    Support Functions

    Support functions catering to Risk Management, Compliance Monitoring, etc.

    • RCSA
    • SOX testing
    • Risk assessments of financially relevant

    Internal Audit

    Technology Internal Audit

    • Technology audit 
    • Management action plan validation
    • Audit of emerging risk areas
    • Automation of audits
       

    Our offerings

    IT Internal Audit

    KPMG in India helps clients enhance their technology audit capabilities with execution of repeatable, thematic, and specialized audits for their third line of defense

    • Test of design and test of operating effectiveness of IT general controls (ITGCS)
    • Test of design and test of operating effectiveness of IT application controls (ITACS)
    • Platform audits, Network Infrastructure and Cybersecurity Audits
    • Audit of applications hosted on cloud
    • Business Continuity and Planning Audits
    • Technology audits for regulatory compliances
    • Change management and configuration controls review
    Presentation in Multi-Ethnic Office Conference Room. Meeting of Diverse Young Entrepreneurs, Specialists, Talking, Using TV for infographics. Businesspeople Develop e-Commerce Startup.
    People sitting and talking
    • System Interface & Data Integrity controls testing
    • Thematic technology audits
    • Segregation of Duties Review
    • Deep dive process audits
    • IT audit ad-hoc assistance (SME)
    • Data Privacy audits
    • Audit on emerging technologies (Sec Dev Ops/RPA/AI/ML)

    Technology Risk and Control Assessment

    KPMG in India helps clients by performing assessments of IT risks and controls as part of their various technology risk management programs across second line of defense.

    • Risk & Controls Self-assessment (RCSA)
    • Tech RCSA results reporting and dashboard
    • Issue reporting and remediation support for IT risks and controls assessments
    • IT Risk and control inventory management
    • Risk Assessments of financially relevant and high-critical applications
    • Targeted reviews on Open-Source software controls
    • Cyber Security Reviews and Assessments
    three people walking in server room and discussing something

    IT SOX Compliance

    KPMG in India helps clients with design, execution, transformation, and upliftment of their IT SOX program.

    Smiling Indian businesswoman leading corporate meeting with diverse colleagues, coach mentor training employees, discussing project strategy, sharing ideas, business partners negotiation concept
    • IT SOX Readiness assessment
    • IT SOX program management
    • IT SOX ICOFR documentation
    • IT SOX Testing assistance (including intelligent automation for control testing)
    • Gap analysis, recommendations and deficiency management
    • IT SOX Program status reporting

    Other ancillary technology risk and governance support

    KPMG in India helps clients with data and analytics assistance for controls testing, issue reporting, and automation support for efficient governance.

    • Assessment of risks related to automation adoption
    • Assistance with authentication of bots, change management, program and bot monitoring, and overall risk and governance
    • Automation Policy and Procedure
    • Algorithm and logic review of RPA bots
    • Vulnerability assessment
    RISK
    Young professional it specialist latin hispanic business lady working on laptop pc sitting at desk in modern office space. 30s middle eastern indian woman using computer technology app for work online
    • Automation of audits (Control testing, documentation)
    • Dynamic and Agile Auditing
    • Quality Review of technology audits
    • Development & ongoing maintenance of IA related tools and applications
    • Continuous Monitoring & Enhanced Adoption of Data & Analytics

    Technology Risk Governance

    KPMG in India helps clients by driving their technology risk governance and compliance programs across first and second lines of defense by performing role of a tech risk officer.

    • Divisional risk oversight
    • Implementing policies and framework for IT risk management
    • Facilitating risk and control assessments for audit critical assets
    • IT control framework reviews
    • Coordinating issue remediation activities across technology control assessments
    • Tech Controls Framework design
    • Tech Controls transformation
    • Controls Target Operating Model
    cheerful and curly indian man in headphones and yellow jumper holding coffee to go and looking at laptop near microphones and radio host writing in notebook near smartphone on table in radio studio

    Management Action Plan Validation

    KPMG in India helps clients' various technology risk and controls assessment teams and IA function by establishing a centralized team for validation and closure of management action plans for critical assessment and audit findings.

    Businessman and businesswoman colleague using laptop and digital tablet working and discussion business plan at office building. Corporate business people partnership and teamwork meeting concept.
    • Review of open issues and action plans
    • Walkthroughs with issue owners for evidence gathering
    • Test of design and implementation of agreed remediation actions
    • Action plan validation documentation
    • Validation and Closure status reporting

    Why KPMG in India?

    Our differentiators

    How can it help you?

    Accelerators

    Control catalogues, templates, domain expertise. lechnology alliances, Innovation and agile ways of working across technology risk ecosystem

    Our accelerators such as risks and controls inventory, customised templates, assessments guidance, innovation, automation expertise, agile delivery, strong alliances, domain knowledge and transformation initiatives help bring in overall program efficiency and effective governance.

    Delivery Model

    Well-established track record of delivering various internal audit, nsks and controls assessment and compliance engagements across multiple industry sectors

    Working with multiple sector clients, KPMG in India has consistently delivered quality engagements, assisted its clients with upliftment and alignment of their control assessment and audit programs to local and international regulations and standards resulting in efficient technology risk governance.

    Team Expertise

    Skilled professionals with diverse range of degrees and certifications relevant to technology risk domain

    We have large number of professionals with relevant expenence across India focused on skiliset of control testing, controls audits, risk assessments, cyber security, cloud control audits, IT audits, IT application controls testing, IT risk and compliance and IT automation. Our professionals are certified in industry standards such as CISA, CISM, CRISC, PMP, CISSP, CCSP, AWS, ISO 27001 Lead Auditor, ITIL, etc.

    Accelerators

    • Control catalogue and templates
    • Adoption of data and analytics
    • Strong understanding of global regulatory and compliance landscape
    • Dedicated domain and Subject Matter Expert
    • Agile Delivery
    • Risk and control matrices
    • Contemporary, best-in-class technology/tools/ strategic alliances
    • Transformation and Maturity assessments
    • Access to multidisciplinary team providing unified view of risk
    • Innovation and Automation in Audit

    Global Delivery Model

    A network of Technology Audit professionals with deep subject matter expertise across India allows KPMG in India to deliver internal audit, technology risks and controls assessments, IT governance and compliance audits, IT automation capabilities for clients across their three lines of defense.

    Managed Services

    KPMG in India responsible for planning, execution, reporting, quality review, building process efficiencies and continuous Improvement for the client engagement(s).

    Key Delivery expertise

    Access to repository of pre-built automation units that can be rapidly deployed or tailored to address specific use cases to drive efficiency.

     

    Staff Augmentation

    KPMG in India responsible for providing SME resources to client management for execution of the client engagement(s).

    Key Delivery expertise

    Access to large number of domain and subject matter experts helping clients with internal audits, SOX programs, compliance reviews, risk and controls assessments, risk management, control audits, automation, data analytics, IT governance, control optimisation and agile delivery.

    Hybrid

    KPMG in India responsible for providing flexibility to client management to opt for both managed services and staff augmentation approaches depending upon specific audit and compliance review areas.

    Key Delivery expertise

    Access to KPMG proprietary tools and technology with insights, alerting and reporting mechanisms.

     

    Team Expertise

    Control Testing Skillset

    ERP Security | Identity and Access Management | Change Management | Operations Controls | Infrastructure Security | Cloud Application Assessment | Third-Party Risk Management | Business Continuity Management | Disaster Recovery | Patch and Vulnerability Management | Physical Security | Environmental Controls | Mobile device Management | Application Controls | Robotic Process Automation | Network Reviews

    Our professionals are certified in industry standards such as CISA, HITRUST, CISM, CRISC, PMP, CISSP, CCSP, AWS, ISO 27001 Lead Auditor, ITIL and many more.

    Please note this is an indicative list and not exhaustive list of skillsets

    Credentials

    American multinational investment bank and financial services company

    Internal Audit and Management Action Plan Validation support for business and technology areas

     

    American multinational financial services firm

    Internal Audit and S0X testing support for business and technology areas


     

    UK Based Retail and Commercial Bank

    Intemal Audit support for business and technology areas



     

    American multinational investment bank and financial services company

    Risk and Control Self- Assessment (RCSA) support for tech nak and control profile

     

    American multinational investment bank and financial services company

    Issue closure validation support for Intermal Audit function

    British multinational oil and gas company

    IT Sox controls lesting and transformation support

     

    Swiss Investment bank and financial services company

     IT Sox controls testing support

    American Retail company

    IT Sox controls testing support

     

    British multinational oll and gas company

    Various technology risk assessments support

    American multinational Investment bank and financial services company 

    Managed Services of Thematic IT Audits and Management Action Plan Validation support

    Our Insights

    Trailblazing digital frontiers

    Global IT internal audit outlook
    Global audit outlook

    KPMG 2024 CEO Outlook

    125 CEOs in India share their views on geopolitics, return-to-office, ESG and generative AI

    CEO Outlook

    Top risks forecast

    Bottom lines for business in 2024 and beyond.
    drop-boat-abstract

    Meet our team

    Anil KV

    Global IT Internal Audit Leader, KPMG International, and Partner

    KPMG in India

    Deepak Gupta

    Partner

    KPMG in India


    Connect with us

    Contact our specialists for more information

    connect with us