IT Internal Audit

Strengthen technology audit capabilities

The changing technology landscape and fast-paced digitisation involving cloud adoption, big data analytics and intelligent automation has led to newer and greater technology risks. KPMG International recently conducted a global survey of 300+ participants from Chief Audit Executives, Audit directors, Vice presidents and Senior Managers belong to internal audit functions and asked them to rank their technology risk areas that they are likely to review in their upcoming audit/assessment cycles. Below is an illustration of the technology risk landscape based on these responses.

As is evident from the survey responses, emerging technologies feature highly on this list with cyber, data privacy, cloud security and blockchain all on the agenda. This demands organisations to strengthen their technology audit capabilities, and transform their audit methodologies incorporating analytics and automation for an integrated and continuous review of enterprise risks and controls.
Additionally, internal audit function needs to heighten collaboration with other lines of defense and across business units to help organisations enhance their IT audit, IT risk and compliance capabilities thus driving value into the business.
The ever-increasing scope and complexity of technology audit impact the organisations due to a shortage of relevant talent. This results in organisations opting for models such as outsourcing or co-sourcing of technology risk capabilities or even using SME support to audit emerging risk areas. The increasing broad spectrum of technology risks also leads to talent requirements in the other two lines of defense to assist in the running of an effective risk management and governance programme.
KPMG in India, through the below services, assists global organisations in addressing the above challenges and transforming their internal audit function, strengthening their technology risk governance portfolio enabling them to assist in holistic review of risks and controls:

Extending support across the three Lines of Defence

IT Internal Audit

Helping clients drive their technology audit capabilities & add value through risk assessment, planning & execution of repeatable, thematic andspecialised audits.

IT SOX

Helping clients with the design & execution of their IT SOX program. Includes SOX readiness assessments, SOX controls design, SOX transformation programs, management testing etc.

IT Controls & Governance

Helping clients drive their tech risk governance & compliance programs across LOD1 & 2. Includes RCSA and other controls testing programs.

Business Operations

Management's control operations- adherence to existing internal controls framework

Tech controls framework design
Tech controls transformation
Controls target operating model

Support Functions

Support functions catering to Risk Management, Compliance Monitoring, etc.

RCSA
SOX testing
Risk assessments of financially relevant

Internal Audit

Technology Internal Audit

Technology audit
Management action plan validation
Audit of emerging risk areas
Automation of audits

Our offerings

IT Internal Audit

KPMG in India helps clients enhance their technology audit capabilities with execution of repeatable, thematic, and specialized audits for their third line of defense

Test of design and test of operating effectiveness of IT general controls (ITGCS)
Test of design and test of operating effectiveness of IT application controls (ITACS)
Platform audits, Network Infrastructure and Cybersecurity Audits
Audit of applications hosted on cloud
Business Continuity and Planning Audits
Technology audits for regulatory compliances
Change management and configuration controls review

Presentation in Multi-Ethnic Office Conference Room. Meeting of Diverse Young Entrepreneurs, Specialists, Talking, Using TV for infographics. Businesspeople Develop e-Commerce Startup.

System Interface & Data Integrity controls testing
Thematic technology audits
Segregation of Duties Review
Deep dive process audits
IT audit ad-hoc assistance (SME)
Data Privacy audits
Audit on emerging technologies (Sec Dev Ops/RPA/AI/ML)

Technology Risk and Control Assessment

KPMG in India helps clients by performing assessments of IT risks and controls as part of their various technology risk management programs across second line of defense.

Risk & Controls Self-assessment (RCSA)
Tech RCSA results reporting and dashboard
Issue reporting and remediation support for IT risks and controls assessments
IT Risk and control inventory management
Risk Assessments of financially relevant and high-critical applications
Targeted reviews on Open-Source software controls
Cyber Security Reviews and Assessments

three people walking in server room and discussing something

IT SOX Compliance

KPMG in India helps clients with design, execution, transformation, and upliftment of their IT SOX program.

Smiling Indian businesswoman leading corporate meeting with diverse colleagues, coach mentor training employees, discussing project strategy, sharing ideas, business partners negotiation concept

IT SOX Readiness assessment
IT SOX program management
IT SOX ICOFR documentation
IT SOX Testing assistance (including intelligent automation for control testing)
Gap analysis, recommendations and deficiency management
IT SOX Program status reporting

Other ancillary technology risk and governance support

KPMG in India helps clients with data and analytics assistance for controls testing, issue reporting, and automation support for efficient governance.

Assessment of risks related to automation adoption
Assistance with authentication of bots, change management, program and bot monitoring, and overall risk and governance
Automation Policy and Procedure
Algorithm and logic review of RPA bots
Vulnerability assessment

Young professional it specialist latin hispanic business lady working on laptop pc sitting at desk in modern office space. 30s middle eastern indian woman using computer technology app for work online

Automation of audits (Control testing, documentation)
Dynamic and Agile Auditing
Quality Review of technology audits
Development & ongoing maintenance of IA related tools and applications
Continuous Monitoring & Enhanced Adoption of Data & Analytics

Technology Risk Governance

KPMG in India helps clients by driving their technology risk governance and compliance programs across first and second lines of defense by performing role of a tech risk officer.

Divisional risk oversight
Implementing policies and framework for IT risk management
Facilitating risk and control assessments for audit critical assets
IT control framework reviews
Coordinating issue remediation activities across technology control assessments
Tech Controls Framework design
Tech Controls transformation
Controls Target Operating Model

cheerful and curly indian man in headphones and yellow jumper holding coffee to go and looking at laptop near microphones and radio host writing in notebook near smartphone on table in radio studio

Management Action Plan Validation

KPMG in India helps clients' various technology risk and controls assessment teams and IA function by establishing a centralized team for validation and closure of management action plans for critical assessment and audit findings.

Businessman and businesswoman colleague using laptop and digital tablet working and discussion business plan at office building. Corporate business people partnership and teamwork meeting concept.

Review of open issues and action plans
Walkthroughs with issue owners for evidence gathering
Test of design and implementation of agreed remediation actions
Action plan validation documentation
Validation and Closure status reporting

Why KPMG in India?

Our differentiators

How can it help you?

Accelerators

Control catalogues, templates, domain expertise. lechnology alliances, Innovation and agile ways of working across technology risk ecosystem

Our accelerators such as risks and controls inventory, customised templates, assessments guidance, innovation, automation expertise, agile delivery, strong alliances, domain knowledge and transformation initiatives help bring in overall program efficiency and effective governance.

Delivery Model

Well-established track record of delivering various internal audit, nsks and controls assessment and compliance engagements across multiple industry sectors

Working with multiple sector clients, KPMG in India has consistently delivered quality engagements, assisted its clients with upliftment and alignment of their control assessment and audit programs to local and international regulations and standards resulting in efficient technology risk governance.

Team Expertise

Skilled professionals with diverse range of degrees and certifications relevant to technology risk domain

We have large number of professionals with relevant expenence across India focused on skiliset of control testing, controls audits, risk assessments, cyber security, cloud control audits, IT audits, IT application controls testing, IT risk and compliance and IT automation. Our professionals are certified in industry standards such as CISA, CISM, CRISC, PMP, CISSP, CCSP, AWS, ISO 27001 Lead Auditor, ITIL, etc.

Accelerators

Control catalogue and templates
Adoption of data and analytics
Strong understanding of global regulatory and compliance landscape
Dedicated domain and Subject Matter Expert
Agile Delivery

Risk and control matrices
Contemporary, best-in-class technology/tools/ strategic alliances
Transformation and Maturity assessments
Access to multidisciplinary team providing unified view of risk
Innovation and Automation in Audit

Global Delivery Model

A network of Technology Audit professionals with deep subject matter expertise across India allows KPMG in India to deliver internal audit, technology risks and controls assessments, IT governance and compliance audits, IT automation capabilities for clients across their three lines of defense.

Managed Services

KPMG in India responsible for planning, execution, reporting, quality review, building process efficiencies and continuous Improvement for the client engagement(s).

Key Delivery expertise

Access to repository of pre-built automation units that can be rapidly deployed or tailored to address specific use cases to drive efficiency.

Staff Augmentation

KPMG in India responsible for providing SME resources to client management for execution of the client engagement(s).

Key Delivery expertise

Access to large number of domain and subject matter experts helping clients with internal audits, SOX programs, compliance reviews, risk and controls assessments, risk management, control audits, automation, data analytics, IT governance, control optimisation and agile delivery.

Hybrid

KPMG in India responsible for providing flexibility to client management to opt for both managed services and staff augmentation approaches depending upon specific audit and compliance review areas.

Key Delivery expertise

Access to KPMG proprietary tools and technology with insights, alerting and reporting mechanisms.

Team Expertise

Control Testing Skillset

Our professionals are certified in industry standards such as CISA, HITRUST, CISM, CRISC, PMP, CISSP, CCSP, AWS, ISO 27001 Lead Auditor, ITIL and many more.

Please note this is an indicative list and not exhaustive list of skillsets