New Zealand

Information Risk Management in the External Audit 

KPMG's Information Risk Management in the External Audit team have a thorough and deep understanding of our client’s use of IT and the risks technology can bring to the client, and to the audit. This is gained through KPMG's Audit Methodology (KAM).

Contact us

Souella Cumming

Souella Cumming

Lead Partner - IARCS, Partner - Government

+64 4 816 4519

How KPMG can help


  • Assisting audit teams to conduct an efficient and effective audit by identifying and focusing on the major technology related risk areas affecting a client's processes.
  • Ensuring that the client understands how technology-related risk can impact their financial statements.
  • Providing a gap analysis, risk profiles, business diagnostics and performance improvement suggestions.
  • Helping Audit teams determine whether the client's information systems are providing reliable information for substantive audit procedures.
  • Assisting the Audit team in determining whether the client's information systems are providing reliable information for audit procedures, decision-making and external reporting.
Why information risk management mattters
Technology is often the most important enabler of business processes, but it can present significant risks to the achievement of business objectives. For example, disruption of systems can have a greater impact where customers and business partners interact with a client’s systems on a real-time basis.
In an increasingly technology driven world, business opportunities bring with them the associated risks in using that technology in a safe and secure way. As such, technology risks are now business risks and a pervasive component of business strategy.
Technology changes the way we have to audit. Increasingly, manual evidence of control no longer exists. Where audit evidence is solely electronic, gaining sufficient evidence requires specialised knowledge and techniques. Understanding and assessing the controls in technology take on greater importance for reducing audit risk.
It places emphasis on the understanding of business processes, which are often dependent on and enabled by technology. As the key enabler of these processes, IT presents an additional set of business risks and controls to be considered.