IT Audit

Background
IT audits provide an evaluation of the extent to which IT processes and controls safeguard corporate assets and ensure data integrity, as well as the alignment of IT controls with the organization’s goals and objectives. IT audit also provide assurance regarding the compliance with IT-specific laws, policies, and standards.

How we can help
All IT auditors at Transcendent Group have several years’ experience and a vast majority are CISA certified (Certified Information Systems Auditor) as well as holding other relevant certifications including CIA (Certified Internal Auditor), CISM (Certified Information Security Manager), and CGEIT (Governance of Enterprise IT). We work according to accepted standards and frameworks, including COBIT for IT governance, ISO/IEC 27001 for information security, and NIST/CSF and CIS (Center for Internet Security), controls for cyber security.

Services provided
We evaluate and propose measures to improve the efficiency and effectiveness of risk management, governance, and controls within IT related areas such as:

• Governance of IT and information security
• IT security and cyber security
• Management of access rights
• Third party assurance reports based on ISAE 3000, ISAE 3402/SOC reports (see further info below)
• IT development, maintenance and change management
• IT project management
• IT operations and resilience
• IT supplier governance
• IT compliance (against regulations, standards, and frameworks)
• Data analytics to provide assurance and insight on high volumes of transactions.
• Business continuity management and IT disaster recovery
• IT risk assessment: Support in performing the risk assessment over IT as part of establishing a value-added, risk based internal audit plan for your organization.

In addition to performing IT audits, we also help our customers with training for Internal Auditors on IT audit and IT risks and we also assist in the development of IT audit plans.

Track record
Co-sourcing IT audit expertise
The Swedish Transport Agency faced severe negative attention in the media some years ago related to lacking governance of information security within IT operations. During the last years Transcendent Group has supported the Internal Audit function in their evaluations within these areas. Transcendent Group has participated in the yearly risk assessment by Internal Audit and has performed audits within information security and data protection, several strategic projects, and supported with data analytics competence.

Third party assurance report (ISAE 3000, ISAE 3402 and SOC reports)
We have supported several service organizations in providing independent third-party assurance reports, often according to the ISAE-standard. We see an increased demand for service organizations to provide independent assurance reports to validate sufficient information security controls, including management of personal data. These are often recurring audits and we have been able to support clients during several years with experienced consultants, adding additional value.

International Standards on Assurance Engagements (ISAE)

Third part assurance reports using the International Standard on Assurance Engagements (ISAE). The ISAE3402 report focuses on controls related to the reliability of financial reporting whereas ISAE3000 report focuses on operational security and internal controls.

SOC Reports

Third part assurance reports using the American standard for System and Organization Controls (SOC). The SOC 1 report focuses on controls related to the reliability of financial reporting whereas the SOC 2 report focuses on operational security and internal controls. SOC 2 reports must be based on Trust Services Criteria.