IT Advisory
KPMG's IT Advisory professionals help you manage technology related risks so you can meet your strategic and financial goals. We understand the need to keep pace with technology and take advantage of the tremendous opportunities offered by technological innovation, but we are also aware of the risks involved and the responsibility at the Board level to control those risks.
How we can help?
We deliver a range of services:
Security, Privacy & Continuity Services addresses security issues in enterprise-wide systems and helps pprovide for high availability of IT infrastructure, data and information across an enterprise. Services help clients develop responses to protect information assets and privacy by focusing on the full life cycle model of security, including assessment, architecture, implementation and monitoring. Assessment phase services help clients identify security vulnerabilities, evaluate security controls, and understand the business impact of security and privacy issues. In the architecture phase, Information Security and Continuity helps build/improve a client's security architecture and align security strategy with business objectives. With security systems designed and in place continuity services can help organizations deploy business and technology architectures necessary to help ensure continuous availability of systems and data.
Sourcing Advisory Services
Many leading companies have begun the process of outsourcing non-core activities to external service providers. Sourcing is increasingly becomingly common as companies seek to: decrease costs; gain access to specialized skills and technology; and free resources to focus on core business activities.
While there may be advantages in outsourcing there are also a number of challenges that companies face. KPMG has developed methodologies for the various stages of the sourcing process to help companies understand and successfully execute the various phases of sourcing.
For further information about our services, or if you would like one of our professionals to contact you, please contact us.
How we can help?
We deliver a range of services:
- Information Risk Management (IRM) in External Audit.
- General IT Advisory Services
- Governance & Performance
- IT Internal Audit
- Security, Privacy & Continuity
- IT Attestation
- Business Systems Controls
- IT Project Advisory
- Sourcing Risk
- In the fast moving Information Technology (IT) and e-commerce scenario, it is a constant challenge for companies to balance their business goals and the business risks involved in using or not using technology.
KPMG understands the need to keep pace with technology and take advantage of the tremendous opportunities offered by technological innovation.
IRM in External Audit
IRM in the External Audit, (IRM in the Financial Statement Audit) enables IRM professionals to provide technology risk guidance and assistance to the external audit team.
We focus on the inherent risks posed by technological systems used by our clients to attain their corporate goals.
KPMG's IRM Team can help you identify and manage the associated IT risks by documenting, assessing and testing specific processes and procedures to help you achieve your strategic and financial goals.
We offer the following services:
- Regulatory IT Audits for the Turkish Banking Industry:
Banking Regulation and Supervision Agency (BRSA) initiated IT Audit services to the banks.
BRSA IT Audit services are composed of an IT General Control audit (Based on COBIT), an application controls audit (Per business cycle) and of an evaluation of internal controls over financial reporting. - Support to Financial Audit:
Financial Statement Audit: We support the financial statement audit by understanding and testing IT related controls, entity level controls, IT general controls (e.g., change management) or IT application controls/assertion level controls (e.g., exception report).
Sarbanes-Oxley (SOX) engagements: We perform an integrated audit which is both a SOX engagement and a financial statement audit.
- General IT Advisory Services
- Sarbanes-Oxley (SOX) Advisory:
We offer advisory services for SOX, helping companies with their SOX IT compliance effort. From independent assessment of the client's SOX IT project to full support of the effort including documentation of processes and controls. - IT Due Diligence:
As part of an acquisition and together with finance and tax due diligences, our teams can perform an IT risk analysis of the entity being considered. This can include specific areas of focus as required by the specific transaction. - Consulting areas:
We offer IT risk and control analysis as a stand alone package offering companies a detailed analysis of their IT General controls and areas of weaknesses. We also deliver IT infrastructure related consultancy services.
- IT Internal Audit
As organizations make better use of information technology for operating in real time, information at hand allows them to make better decisions more quickly. But the opportunities create risk surrounding the IT infrastructure that supports these efforts. IT Audit services are designed to consider the host of additional requirements on the external and internal auditing functions to make sure that there are appropriate controls in place that manage the risks and limit exposure.
The primary role of financial auditors is to verify compliance with rules governing financial reporting and to determine whether the company's procedures are adequate. Today, advances in information technology have created integrated systems that offer improved information sharing and distribution of data. The impact on the role of auditors requires an audit of the information technology that supports the organization. An IT Audit focuses on checking the systems that provide the reporting and the data flows through the systems.
As auditing moves into this fast-paced business environment, IT Internal Audit services aim to provide benefits to organizations by minimizing technology risk that enable timely information on operating and financial positions to help improve performance, increase revenue, reduce expenses and ultimately lower audit fees.
Governance and Performance
Assisting our clients align their IS function with their business; at the same time balancing risk, performance and cost; is the focus of KPMG’s IS Governance and Performance service line.
Effective IS Governance and Performance helps ensure that business systems deliver value to organizations and that the unique risks inherent in technology are managed through appropriate corporate governance. It also helps ensure that technology is used to support organizations in meeting their compliance requirements.
Business Systems Controls
Business Systems Controls helps organizations design and verify that business process and compliance based-controls are integrated as part of a major application implementation or upgrades are in place and operating effectively. Our professionals use proven tools and methodologies, combined with detailed knowledge of major enterprise resource packages, to help implement targeted, specific and practical responses, allowing our clients to make full use of new technologies. We provide four component services that can be applied at any phase of an implementation and can be delivered individually or in combination:
- Business Process Controls
- Security Controls
- IT Operational Controls
- Data Quality/Integrity Controls
- Potential Client Benefits
- Provides competitive advantage by driving business process and control efficiencies from ERP functionality and related cost reductions.
- Provides optimal security and controls based on relevant business needs.
- Helps minimize costs by integrating controls up front rather than retrofitting controls to an existing system.
- Helps use IT for compliance management and controls monitoring.
- Protects Corporate information during the system conversion process.
IT Attestation Services includes SAS 70, Trust Services (WebTrustc and SysTrust), and other country specific attestation offerings, including the KPMG WebSeal. Statement on Auditing Standards (SAS) No. 70, and other country equivalents, reports on the Processing of Transactions by Service Organizations is primarily used to provide information to auditors of entities that outsource certain functions. On behalf of a service organization that performs outsourcing services, we examine its internal controls and issue a report on the state of those controls. Trust Services includes WebTrust and SysTrust. WebTrust allows KPMG to examine the practices, policies, and procedures of companies doing business on the Internet and to award a KPMG-branded WebTrust seal of approval to those companies that meet defined criteria for business practices disclosures, transaction integrity, and information protection. SysTrust examines a company's systems for overall availability, security, integrity, and maintainability. In a KPMG WebSeal engagement, KPMG evaluates an aspect of an organization's Web site or operations and issues a report or statement testifying to the results of that review. The KPMG logo, or WebSeal, may be added to the organization's Web site and linked to the report that is issued. Processes examined in a WebSeal review include privacy, Web site security, confidentiality, and systems and controls.
IT Project Advisory Services (ITPA)
IT Project Advisory Services can help organizations identify and mitigate the risk of IT project failure and monitor important project milestones. KPMG's project management professionals focus on enhancing the processes surrounding project and program management offices and evaluating project deliverables. Services encompass a full range of project governance and advisory services over the full project lifecycle, from business case through to execution and close out. ITPA focuses on IT projects or those projects with a strong IT or governance element. The vision of ITPA is to be the premier provider of project governance, risk management and advisory services in predominantly the IT project market.
In general, the type of IT Project Advisory assistance that we provide for non-audit clients includes:
- Providing assistance with the development of the Program Management Office (PMO)
- Providing assistance with the development of project management processes
- Providing project management services for non-IT projects, provided client management is responsible for all decisions and judgements
- Providing assistance with the identification of the key business requirements for a project initiative
- Providing assistance during a client’s vendor selection process (subject to certain restrictions)
- Providing project risk assessments and ongoing risk monitoring
Security, Privacy & Continuity Services addresses security issues in enterprise-wide systems and helps pprovide for high availability of IT infrastructure, data and information across an enterprise. Services help clients develop responses to protect information assets and privacy by focusing on the full life cycle model of security, including assessment, architecture, implementation and monitoring. Assessment phase services help clients identify security vulnerabilities, evaluate security controls, and understand the business impact of security and privacy issues. In the architecture phase, Information Security and Continuity helps build/improve a client's security architecture and align security strategy with business objectives. With security systems designed and in place continuity services can help organizations deploy business and technology architectures necessary to help ensure continuous availability of systems and data.
Sourcing Advisory Services
Many leading companies have begun the process of outsourcing non-core activities to external service providers. Sourcing is increasingly becomingly common as companies seek to: decrease costs; gain access to specialized skills and technology; and free resources to focus on core business activities.
While there may be advantages in outsourcing there are also a number of challenges that companies face. KPMG has developed methodologies for the various stages of the sourcing process to help companies understand and successfully execute the various phases of sourcing.
For further information about our services, or if you would like one of our professionals to contact you, please contact us.
© 2010 Akis Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik AŞ, the Turkish member firm of KPMG International, a Swiss cooperative. All rights reserved.
