IT Risk & Regulatory Compliance 

KPMG's IT Risk & Regulatory Compliance professionals can help clients align their IT Capabilities with the strategic and tactical objectives of their organizations – giving them the means to meet their current and future needs as they relate to governance, risk and control over IT Resources.

We can provide independent assurance to third parties that systems are operating as designed. They encompass those IT Services that must comply with auditing and attestation standards, such as ISAE 3402 or SAS 70. Our teams deliver assessments that can provide comfort to clients and their business partners through distributable reports.


How we can help


Our services include but are not limited to:


  • IT Attestation (ISAE 3402, SAS 70, SysTrust, WebTrust, ISO 27000)
  • Attestation, certification, reviews, readiness, diagnostics and effectiveness of controls for service and out-/insourcing organizations
  • Attestation and certification of the efficiency of the internal control environment
  • Certifications according to ISO 27000 Standards
  • Environmental Certifications


  • IT Internal Audit & Compliance
  • IT Audit Services

    Assessing technology risks and the controls in place via structured approach.
    Complement the Internal Audit function with highly skilled IT Professionals with specific industry knowledge and use of automated tools.

  • IT Internal Audit Co-/Outsourcing

    Assist and advise management and Internal Auditors through evaluations, Cosourcing or outsourcing and advice regarding governance, risk and control of IT Resources.

  • Continuous Auditing/Monitoring

    Helps enhance organizational value and offers a broad range of potential benefits, which result in more focused time to add value to the business.

  • KOLA, Approva

    Utilizations of tools such as KPMG Online Audit (KOLA) and Approva.

    • IT External Audit & Compliance
    • Assist audit teams in assessing controls risk and in dealing with complex technology topics in support of financial statement audits and integrated audits.


  • IT Outsourcing Attestation and Regulatory Assistance
  • Evaluate risks and controls concerning IT Technical Modeling.

  • Regulatory assessment of concepts and strategies.
  • Assistance in the establishment of regulatory presentations and support documentation.