IT audits provide an evaluation of the extent to which IT processes and controls safeguard corporate assets and ensure data integrity, as well as the alignment of IT controls with the organization’s goals and objectives. IT audit also provide assurance regarding the compliance with IT-specific laws, policies, and standards.
How we can help
All IT auditors at Transcendent Group have several years’ experience and a vast majority are CISA certified (Certified Information Systems Auditor) as well as holding other relevant certifications including CIA (Certified Internal Auditor), CISM (Certified Information Security Manager), and CGEIT (Governance of Enterprise IT). We work according to accepted standards and frameworks, including COBIT for IT governance, ISO/IEC 27001 for information security, and NIST/CSF and CIS (Center for Internet Security), controls for cyber security.
We evaluate and propose measures to improve the efficiency and effectiveness of risk management, governance, and controls within IT related areas such as:
In addition to performing IT audits, we also help our customers with training for Internal Auditors on IT audit and IT risks and we also assist in the development of IT audit plans.
Co-sourcing IT audit expertise
The Swedish Transport Agency faced severe negative attention in the media some years ago related to lacking governance of information security within IT operations. During the last years Transcendent Group has supported the Internal Audit function in their evaluations within these areas. Transcendent Group has participated in the yearly risk assessment by Internal Audit and has performed audits within information security and data protection, several strategic projects, and supported with data analytics competence.
Third party assurance report (ISAE 3000, ISAE 3402 and SOC reports)
We have supported several service organizations in providing independent third-party assurance reports, often according to the ISAE-standard. We see an increased demand for service organizations to provide independent assurance reports to validate sufficient information security controls, including management of personal data. These are often recurring audits and we have been able to support clients during several years with experienced consultants, adding additional value.
Third part assurance reports using the International Standard on Assurance Engagements (ISAE). The ISAE3402 report focuses on controls related to the reliability of financial reporting whereas ISAE3000 report focuses on operational security and internal controls.
Third part assurance reports using the American standard for System and Organization Controls (SOC). The SOC 1 report focuses on controls related to the reliability of financial reporting whereas the SOC 2 report focuses on operational security and internal controls. SOC 2 reports must be based on Trust Services Criteria.
We want to know more about you and your organizations challenge! Get in contact with your local office to find out more about our culture and services.Contact us