IT Audit

In a rapidly evolving digital landscape, having a robust governance, risk management, and controls framework is vital to the success of your organization. As technology continues to shape your operations, it's crucial to stay ahead of new risks that arise. At Transcendent Group, we understand the importance of managing IT-related risks, including information- and cyber security. Our IT assurance services provide objective assurance and insight into your organization's governance and management of technology, ensuring it is delivered efficiently, securely, and in compliance with regulations.

IT Assurance Expertise

Our IT assurance team is comprised of certified information systems auditors (CISA), experienced consultants, and subject matter experts in the field of cyber security. We provide evaluations of your organization’s IT processes and controls to ensure the integrity of your corporate assets and data, as well as the alignment of IT controls with your goals and objectives. Our team also provides assurance of compliance with IT-specific laws, policies, and standards.

We adhere to industry standards and frameworks, including COBIT for IT governance, ISO/IEC 27001 for information security, NIST/CSF, and CIS controls for cyber security. With our deep expertise and certifications, including CIA, CISM, and CGEIT, Transcendent Group is the right partner to support your IT assurance needs.

Services provided
We evaluate and propose measures to improve the efficiency and effectiveness of risk management, governance, and controls within IT related areas such as:

  • Governance of IT and information security
  • IT security and cyber security
  • Management of access rights
  • Third party assurance reports based on ISAE 3000, ISAE 3402/SOC reports (see further info below)
  • IT development, maintenance and change management
  • IT project management
  • IT operations and resilience
  • IT supplier governance
  • IT compliance (against regulations, standards, and frameworks)
  • Data analytics to provide assurance and insight on high volumes of transactions.
  • Business continuity management and IT disaster recovery
  • IT risk assessment: Support in performing the risk assessment over IT as part of establishing a value-added, risk based internal audit plan for your organization.

In addition to performing IT audits, we also help our customers with training for Internal Auditors on IT assurance and IT risks and we also assist in the development of IT assurance plans.

Track record
Co-sourcing IT assurance expertise
The Swedish Transport Agency faced severe negative attention in the media some years ago related to lacking governance of information security within IT operations. During the last years Transcendent Group has supported the Internal Audit function in their evaluations within these areas. Transcendent Group has participated in the yearly risk assessment by Internal Audit and has performed audits within information security and data protection, several strategic projects, and supported with data analytics competence.

Third party assurance report (ISAE 3000, ISAE 3402 and SOC reports)
We have supported several service organizations in providing independent third-party assurance reports, often according to the ISAE-standard. We see an increased demand for service organizations to provide independent assurance reports to validate sufficient information security controls, including management of personal data. These are often recurring audits and we have been able to support clients during several years with experienced consultants, adding additional value.

International Standards on Assurance Engagements (ISAE)

Third part assurance reports using the International Standard on Assurance Engagements (ISAE). The ISAE3402 report focuses on controls related to the reliability of financial reporting whereas ISAE3000 report focuses on operational security and internal controls.

SOC Reports

Third part assurance reports using the American standard for System and Organization Controls (SOC). The SOC 1 report focuses on controls related to the reliability of financial reporting whereas the SOC 2 report focuses on operational security and internal controls. SOC 2 reports must be based on Trust Services Criteria.

Global and local contact

Do you want to know more? Get in contact with the global contact person, or reach out to your local contact.

Related material

Let's connect

We want to know more about you and your organizations challenge! Get in contact with your local office to find out more about our culture and services.

Contact us