Technology Risk Consulting | KPMG | CA

Technology Risk Consulting

Technology Risk Consulting

Learn more about our services and how we can help you.


Related content

cyber security it hacking circuts

Business Resilience

KPMG's Business Resilience services help clients establish and sustain business resilience in the event of disasters or other serious events. Our approach incorporates a full lifecycle approach, which includes assessment, architecture, implementation, crisis/disaster event simulation, testing and monitoring services to establish and sustain business resilience. Specific services include:

  • Business Impact Assessment
  • Business Continuity Planning
  • Disaster Recovery Planning

Business Systems Controls and IT Project Advisory

KPMG's Business Systems Controls and IT Project Advisory services help clients to successfully plan, execute and monitor major IT programs/projects and significant application systems, and to identify and manage the associated risks. We provide services throughout the project and system lifecycle, from strategy and planning, through requirements definition, vendor/solution sourcing, design, implementation, conversion, operation, stabilization, enhancement, monitoring and audit. Our services help to achieve key business objectives for the programs/projects/systems and prevent or resolve associated costs and problems. Our services in the Business Systems Controls and IT Project Advisory areas include:

  • Program/Project Risk Management
  • Business Systems Controls Design and Evaluation
  • Quality Assurance/Independent Verification & Validation
  • Real-time System Implementation Audit/Assessment and Monitoring
  • IT Project/System Recovery, Stabilization and Improvement

GRC Technology

KPMG's Governance, Risk and Compliance (GRC) Technology services helps clients establish the technology needed to support their GRC processes. This includes help creating the ROI value proposition, selecting GRC software vendors, implementing GRC software and assessing opportunities for broader GRC convergence through automation.

Our GRC Technology services help provide:

  • Strategic benefits through monitoring capabilities such as dashboards and macro-level analysis to support client efforts to achieve enterprise assurance
  • Tactical benefits through supporting streamlined GRC management by providing a repository and work flow enablement for documents, business processes, policies, control objectives and risks
  • Operational benefits through providing configurable controls monitoring, access controls/ segregation of duties (SOD) analysis, automation of access authorization, periodic attestation of system privileges and transaction analysis

Information Governance

KPMG's Information Governance services assists clients with the development of a wide-ranging strategy to understand and classify enterprise data and map appropriate controls to help protect the confidentiality, integrity and availability of this data both within and outside the company's boundaries.

Our professionals help clients gain business value from information resources by implementing effective and efficient controls that strive to improve the integrity and security of critical business data. Our clients can gain from increased confidence in the quality of the underlying data, reduced risks of data leaks and regulatory non-compliance, lower costs related to errors and litigation, and improved organizational efficiency from less wasted time.

Information Technology Risk Management (ITRM)

Leveraging the principles and techniques of Enterprise Risk Management in the context of client technology environments, KPMG's ITRM professionals help clients establish, improve and sustain effective information technology risk management processes, including assistance with identification, assessment, design, implementation, mitigation, management and IT compliance testing. Our methods can help transform how companies view and manage IT risk through end-to-end ITRM design and improvement based upon industry-wide practices and trends.

Our team also helps management govern and manage risks, controls and compliance with respect to a range of specific and emerging technologies, including the cloud, mobile and connected devices, social media and any other next generation technologies they are considering implementing or operating.

Our services help companies transform ITRM by:

  • Proactively building integrated capabilities to identify and manage strategic, regulatory and emerging technology risks
  • Helping design methods to reduce the associated operational costs through sustainable, repeatable and insightful process

IT Governance

Effective IT governance integrates and institutionalizes good practices in IT leadership, organizational structures and processes to help ensure information technology resources support and extend the company's strategies and objectives. KPMG's IT Governance advisory services help clients:

  • Establish conditions that allow IT management to operate effectively
  • Get the most value from the IT function and IT resources
  • Satisfy quality, fiduciary and security requirements
  • Understand and manage key IT risks (see IT Risk Management services)

IT Internal Audit

KPMG's IT Internal Audit services professionals offer strategic sourcing of IT internal audit services, which help to enable organizations to assemble value-added internal audit teams that know the organization, industry and emerging technologies and bring the differentiated skills and tools to execute efficiently and effectively. Our professionals are engaged throughout all components and phases of the audit, from strategic analysis through risk assessment, plan development and reporting. They help audit teams understand IT risks and the impact they can have on the business.

Systems Assurance/IT Attestation

KPMG's Systems Assurance / IT Attestation services comprise of a globally accredited network of professionals who provide a range of systems assurance services to help companies address assurance requirements for in-house or third-party provided services, systems and processes. Examples include:

  • Service Organization Control 1 reports (SOC 1 reports) – service organization assurance reports on achievement of specified control objectives for outsourced services/systems, based on Canadian CSAE 3416 standards and/or equivalent US and international standards
  • Trust services reports on achievement of trust services principles per defined criteria for security and any (or none/all) of confidentiality, availability, processing integrity and privacy, for outsourced (SOC 2 and SOC 3 service organization controls reports) or in-house systems
  • Agreed upon procedures engagements – performance of specific agreed upon procedures and reporting of the results 
  • Other specialized assurance reports – a range of other specialized assurance reports to address unique client needs

Connect with us


Request for proposal