IT Advisory 

We assist our clients in identifying managing and mitigating IT-related risks. We provide assurance for technology enabled business processes such as SAS 70, WebTrust and Systrust. Core service offerings include information security assessments, ERP systems controls reviews and IT internal audit.


Our services are structured into three categories:


Delivering business value from IT

IS Governance
- Implementation of leading edge governance
- Standards and policies development (e.g., ITIL, COBIT)

Protecting and securing critical information assets

Information Protection and Business Resilience
Identification of cost savings opportunities in managing information protection programs while improving risk management and service levels
- Business and IT resilience strategies for business continuity, disaster recovery, and crisis management
- Information protection frameworks to increase efficiency and decrease costs of managing complex compliance efforts
- Improvements in identity access and management processes and technologies

Demonstrating effective IT regulatory compliance

Attestation Services and Internal Audit
IT internal audit
- Audits of third-party services providers (SAS 70)
- IT Sarbanes-Oxley or China's Basic Standard on Internal Controls advice, documentation, and testing
- Preparation assistance for certification to industry standards (e.g., ISO17799, BS15000)
- IPO preparation (e.g. PN21)
- Regulatory compliance
- Risk-based external audit support



Service brochure

Service brochure

This brochure introduces the IT Advisory services offered by KPMG China.


Get in touch with KPMG China



Subscribe to receive email alerts or e-Newsletters from KPMG China when new updates are available.



Contact us

Submit an enquiry

Submit an enquiry about our services, industry practices, or get in touch with one of our professionals.