IT Audit

In an increasingly complex and evolving world, the importance of the organization's governance, risk management and controls framework has never been greater. As the organization’s operations are changing there are constantly new risks arising that need to be monitored. With the increasing dependency on technology and the constantly arising vulnerabilities to IT systems, IT related risks are critical to manage for any organization. IT Audit is a powerful method for identifying risks related to governance and management of IT, information security and cyber security. IT audits provide assurance that governance and management of IT is delivered efficiently, effectively, securely and in compliance with regulations, to support business goals with acceptable risk levels.

IT audits provide an evaluation of the extent to which IT processes and controls safeguard corporate assets and ensure data integrity, as well as the alignment of IT controls with the organization’s goals and objectives. IT audit also provide assurance regarding the compliance with IT-specific laws, policies, and standards.

How we can help
All IT auditors at Transcendent Group have several years’ experience and a vast majority are CISA certified (Certified Information Systems Auditor) as well as holding other relevant certifications including CIA (Certified Internal Auditor), CISM (Certified Information Security Manager), and CGEIT (Governance of Enterprise IT). We work according to accepted standards and frameworks, including COBIT for IT governance, ISO/IEC 27001 for information security, and NIST/CSF and CIS (Center for Internet Security), controls for cyber security.

Services provided
We evaluate and propose measures to improve the efficiency and effectiveness of risk management, governance, and controls within IT related areas such as:

  • Governance of IT and information security
  • IT security and cyber security
  • Management of access rights
  • Third party assurance reports based on ISAE 3000, ISAE 3402/SOC reports (see further info below)
  • IT development, maintenance and change management
  • IT project management
  • IT operations and resilience
  • IT supplier governance
  • IT compliance (against regulations, standards, and frameworks)
  • Data analytics to provide assurance and insight on high volumes of transactions.
  • Business continuity management and IT disaster recovery
  • IT risk assessment: Support in performing the risk assessment over IT as part of establishing a value-added, risk based internal audit plan for your organization.

In addition to performing IT audits, we also help our customers with training for Internal Auditors on IT audit and IT risks and we also assist in the development of IT audit plans.

Track record
Co-sourcing IT audit expertise
The Swedish Transport Agency faced severe negative attention in the media some years ago related to lacking governance of information security within IT operations. During the last years Transcendent Group has supported the Internal Audit function in their evaluations within these areas. Transcendent Group has participated in the yearly risk assessment by Internal Audit and has performed audits within information security and data protection, several strategic projects, and supported with data analytics competence.

Third party assurance report (ISAE 3000, ISAE 3402 and SOC reports)
We have supported several service organizations in providing independent third-party assurance reports, often according to the ISAE-standard. We see an increased demand for service organizations to provide independent assurance reports to validate sufficient information security controls, including management of personal data. These are often recurring audits and we have been able to support clients during several years with experienced consultants, adding additional value.

International Standards on Assurance Engagements (ISAE)

Third part assurance reports using the International Standard on Assurance Engagements (ISAE). The ISAE3402 report focuses on controls related to the reliability of financial reporting whereas ISAE3000 report focuses on operational security and internal controls.

SOC Reports

Third part assurance reports using the American standard for System and Organization Controls (SOC). The SOC 1 report focuses on controls related to the reliability of financial reporting whereas the SOC 2 report focuses on operational security and internal controls. SOC 2 reports must be based on Trust Services Criteria.

Global and local contact

Do you want to know more? Get in contact with the global contact person, or reach out to your local contact.

Related material

Let's connect

We want to know more about you and your organizations challenge! Get in contact with your local office to find out more about our culture and services.

Contact us