The IT Risk Management Benchmarking (ITRMB) application provides guidance for KPMG engagement teams when assisting clients in assessing IT risk and control environments in either an Advisory or Audit capacity.
The ITRMB application assists the engagement teams in conducting these assessments by documenting the risks involved, the controls in place and the assessment of control effectiveness. The final output of the application will depend on the nature of the engagement. For Advisory engagements, the output of the application will be control assessment information benchmarked according to other assessments within the application. For Audit engagements, the output will be a generated IT General Controls Program consistent with the KPMG Audit Methodology.
For this toolkit, a combination of Qubus and WebQubus has been used. Qubus has been distributed among KPMG engagement teams who often cannot connect to the internet on a client's site. However, when they return to the office, they can upload their findings (i.e., the completed questionnaires) to the central ITRMB database. Once a manager has approved the answers, they become available for anonymous benchmarking reports. The image below shows an example diagram used in the reports: a client receives information about his own results compared to those of (a selection of) the population in the ITRMB database.
