KPMG’s Internal Audit, Risk and Compliance Services (IARCS) are aimed at setting up a company’s internal audit, risk and compliance functions such that they meet its needs, independently reviewing its key risks while also ensuring the long-term efficiency and effectiveness of its control frameworks in order to meet the needs of the various stakeholders. 

The IARCS team relies on its extensive experience in successfully providing support to both national and international companies, the application of proven methodologies and approaches, a global network of specialists as well as comparisons between industry-specific benchmarks and best practices. 


KPMG's internal audit, risk & compliance expertise

  • Providing advisory services for the design, implementation and transformation of internal audit functions
  • Managing internal audit functions within the scope of co-sourcing and outsourcing contracts
  • Performing independent reviews of the internal audit function based on IIA standards (quality review of internal auditing based on key professional principles, e.g. International Professional Practices Framework (IPPF))
  • Designing, implementing and reviewing risk management systems (in accordance with ISO 31000)
  • Developing, implementing and reviewing compliance management systems (in accordance with IDW 980)
  • Providing advisory services on the development, documentation, transformation and organization of sustainable internal control systems (ICS under Swiss law and SOX on the basis of COSO 2013)
  • Developing and implementing a sustainable corporate governance model (coordinated assurance)
  • Carrying out ISAE 3000 assurance engagements

Publications & Thought Leadership

As the business and regulatory environment continues to evolve, organizations face emerging risks that challenge traditional strategies and assumptions. In this environment, resilience, adaptability and promptness are the key to organizational survival.

We have compiled the most important articles and publications on the topic for you below.


Internal Audit Governance

Chief Audit Executives (CAE) are facing growing pressure to address potential challenges that impact the good corporate governance of their internal audit functions. An "adequate" duration time for an CAE to act as head of the IA function has been questioned by an increasing number of audit committee heads, while the past two years of tackling the challenges of COVID-19 have demonstrated that IA was not always well positioned to support the organization. 


Internal Audit Focus

CAE must make sure that their assurance mandate provides added value to the organization and those charged with governance (i.e. AC). As such the CAE needs to anticipate potential emerging risks that might disrupt the organization's economic development but at the same time also make him-/herself aware what the key stakeholders expect. 


Internal Audit Execution

Ensuring that the internal audit function acts in a productive way and in line with the expectations of the major stakeholders is a CAE's key responsibility. The challenges brought by the pandemic have given rise to alternative approaches to executing assurance related audit missions.

New ways of auditing such as "remote" or "agile" auditing have developed in order to make the process more efficient and effective while at the same time addressing constraints regarding time, travel or availability of auditees. These three position papers address the new or alternative approaches to auditing and explain how to compile an audit report that provides insights and has an impact on key stakeholders.