Technology is a key facilitator of rapid global business growth and advancement.  It is also a major source of business risk. 

Boards and senior executives recognize the importance of technology, but often struggle to understand and manage it effectively. Often, business executives and their IT professionals don’t speak the same language. 

This communications gap can lead to misunderstandings and misaligned expectations and outcomes.

KPMG’s IT Advisory practice can help bridge the communications gap between business executives and IT professionals. We believe our professionals bring a powerful combination of technical skills and business experience. The underlying philosophy surrounding our service portfolio is commitment – we work with clients to help you make the right commitments and keep them.

Matching our service offerings to client issues  and challenges

IT Advisory is KPMG’s business technology assurance and advisory group. 

Our service offerings are closely aligned to our client’s business IT lifecycle to

enable focused advisory efforts across the IT spectrum.

1. Business System Controls  

KPMG’s Business Systems Controls (BSC) services can help organizations ensure that adequate systems controls, relating to a major application implementation, are in place and operating effectively.2. IT Risks and Controls Assessment   

IT Risk and Control Assessment service is a structured approach to assessing the IT risks faced by an organization and the extent to which existing controls address those risks.3. ERP advisory (pre- and post-implementation review)

This service includes:   Performing pre- and post-assessments of the system controls’ design, configuration, access and process. Reporting controls to remediate a gap in the controls environment effectively.4. Information Protection and Business Resilience

4-1 Security testing (vulnerability assessment and penetration testing)   KPMG’s Security Testing Services address realistic business and technical threats.  This is achieved using methodologies that make use of progressive tools and techniques, with a focus on quality-driven testing. Security testing services include the following :

• Infrastructure penetration testing;
• Application penetration testing;
• Periodic vulnerability assessments; 
• Wireless network security testing; and Configuration Review

4-2 Cyber maturity assessment   KPMG’s Cyber Maturity Assessment (CMA) provides an in-depth review of an organization’s ability to protect its information assets and its preparedness against cyber-attack.it looks beyond pure technical preparedness against cyber-attack. It takes a rounded view of people, process and technology to enable clients to understand their areas of potential vulnerability, to identify and prioritize areas for remediation and to demonstrate both corporate and operational compliance, turning information risk to business advantage.

5.Business and Technology Resilience   Business Continuity Management (BCM) helps organizations identify and manage disruption risks and reduce their vulnerability to a wide range of potentially devastating events.

6. IT Internal Audit   KPMG's IT Internal Audit methodology, helps clients align their IT Internal Audit capabilities with the strategic and tactical objectives of their organizations – giving them the means to meet their current and future needs as they relate to governance, risk, and control over IT resources.

7. Attestation (ISAE 3402)   Assists clients affected by business IT systems, who often need extra help to satisfy stakeholder expectations. This service offers assessments to provide comfort to customers and business partners through seals and distributable reports such as and SSAE16/ISAE 3402.

8. IT Due Diligence   IT Due Diligence (ITDD) provides diagnostic and analytical approach for the assessment of an IT organization, in the context of a business transaction.