Assessment Services 

From a best practice and quality management perspective it is prudent for corporations to have an assessment review performed of key risk areas. An assessment project is critical especially prior to a major technology change or implementation. The results from the assessment will enable the organization to develop a more targeted, comprehensive risk based action plan.

In addition, for some industries such as health care and banking / financial services there is legislation requiring assessments to be performed on a periodic basis. Due to other priorities and the lack of internal expertise, it may be difficult for organizations to perform these assessments.
Transcendent Group offers various high level or detailed assessment services to organizations to provide:

An independent analysis and report to meet regulatory and business requirements.

A “starting point” or a “baseline” for a given technology area prior to and after a major technology change or implementation.

Transcendent Group offers the following core assessment services to meet your needs:

IT Due Diligence
IT Risk Assessment and Benchmark
IT Audit Services
IT Project Review
Information Security
HIPAA
Business Continuity and Disaster Recovery
Sarbanes-Oxley

IT Due Diligence
When corporations and investment groups decide to acquire a target organization, there is usually a significant amount of due diligence performed over the financial health and overall business soundness of the targeted company. However, often times, there is little effort exerted in the analysis of the IT environment of the targeted organization. Depending on the nature of the acquisition, the IT environment could have a large impact on the deal both from a cost and business perspective.

The goal of our IT Due Diligence services is to help investors gain a clear understanding of the IT environment and associated risks within a targeted company before the investment is completed. In the case with an IT Due Diligence assessment, we will provide a report to both the investment group and the target company outlining the IT environment from many perspectives (high level and detailed) with recommended risk mitigation strategies that both organizations can benefit from. The IT Due Diligence report will both indicate future costs as well as hidden opportunities. This information is beneficial to the investment group because it can be used in the negotiations for the final financial details.

IT Risk Assessment and Benchmark
What kind of a role does technology play in your organization? How dependent are you on your information technology services and data? Do you truly understand your technology risks and how they could impact your organization? What technology opportunities exist in the marketplace that your organization has not taken advantage of? If you do not know the answers to these questions or the management team is not in agreement to these questions, then you are a candidate for an IT Risk Assessment.

Our IT Risk Assessment approach is like no other firm in the market. First, we will work with you by obtaining input from a diverse group of key stakeholders to identify virtually all of your technology risks. A select group of senior management will participate in a workshop in which the risks will be discussed, some may be deleted while new ones potentially added. The workshop will conclude with the participants individually voting to rate each risk item based on “likelihood” and “significance.” The outcome of this process will be a “gross risk map” of your technology risks. We will continue the project by assessing the controls surrounding the risk areas. The resulting “net risk map” will provide the management team with a very clear picture of the highest technology risk items within the corporation. The project will conclude with recommendations and an action plan for the management team to use in properly addressing the highest risk items. The management team, the audit committee, and your Board will be enlightened by the results!

In addition, Transcendent Group has developed an IT benchmarking methodology that is comprehensive and utilizes numerous domestic and international standards. This worldwide methodology assesses key IT processes such as: Logical and Physical Security, Security Administration, Computer Operations, Systems Development, etc. Our final report will provide you with a measuring stick to know how you compare to best practices and/or to other organizations within your industry (industry averages). The benchmark methodology includes well recognized IT standards and guidelines such as COBIT, ITIL, ISO 17799, SANS and FFIEC.

IT Audit Services
Transcendent Group offers a wide range of IT Audit Services which include the following:

  • Individual / Specialized IT Audit Projects (see examples below)
  • Outsourcing / Co-sourcing of the IT Audit Function (see outsourcing services)
  • Develop / Assess IT Audit Plan
  • Assess IT Audit Department / Function

Regardless of the type of engagement performed, all of our IT Audit Services utilize a risk-based approach. The risk based approach is the most efficient and effective way to focus on the key risk areas. In any project, it is prudent to weigh all risks so that the highest risk items are addressed first to allow for an effective use of corporate resources.

Our IT Audit Services are managed and executed by experienced certified IT Audit professionals with more than 10 years of experience. Examples of IT Audit projects that we provide are listed below:

  • Application Reviews
  • Penetration Reviews
  • IT Project Reviews
  • Pre- and Post Implementation Reviews
  • Disaster Recovery Reviews
  • IT Risk Assessments
  • HIPAA Assessments
  • Data Analysis
  • Outsourcing Reviews
  • Information Security
  • IT Due Diligence

IT Project Review

How do you know a major IT initiative will meet business needs and requirements? Is the project on time and on budget? Has an adequate testing plan be developed? Has security been properly designed? Will documentation be performed?

Reviews over major IT initiatives can be performed either before or after the project is completed. The most effective time to perform the project is before to reduce rework and to provide more timely feedback to project deficiencies.

Regardless, Transcendent Group will perform an overall review of small to major IT project initiatives to ensure business requirements and needs are being met. We will provide your project team with timely feedback to any project deficiencies so they can be addressed immediately.

Information Security
Our Security and Privacy Assessment services include a high-level assessment of all areas and a detailed review of key areas such as privacy, internet connections, internal networks, access control implementations, change management and other processes. After our assessment, you will know the strengths and weaknesses and how you compare to similar organizations and existing standards (ISO, NIST, etc) in the area.

We will assess your current environment, identify root causes and provide recommendations for improvement. In addition, we will assist you to better understand security and privacy requirement for your existing and future business requirements.

Examples of information security and privacy assessment projects include the following:

  • Attack and Penetration
  • ISO27000 Series Assessment
  • Network Security Assessment
  • Privacy Assessment
  • HIPAA Assessment
  • HITRUST Assessment
  • Security Process Assessment
  • Business Continuity Disaster Recovery Assessment

HIPAA
Our HIPAA assessment services can range from a high-level assessment to a detailed assessment. The high-level assessment is comprised of reviewing the current state of the organization’s HIPAA readiness, defining the HIPAA team and plans for future activities. Our detailed assessment service can range from performing a comprehensive assessment of HIPAA impact on the entire organization to performing a more complete inventory of applications, business processes, policies, disaster preparedness, procedures, technical infrastructure, and processes.

In addition, we can perform other HIPAA assessment services based on your needs. This will entail developing a tailor-made project built to your specifications.

Business Continuity and Disaster Recovery
Transcendent Group’s Business Continuity / Disaster Recovery assessment services provides an organization with the answer to a couple of key questions:

  • What is the level of quality with the existing plan (the strengths and weaknesses)?
  • What are the key exposures and the likelihood of recovering from a disaster?

Our professionals utilize internationally recognized business continuity and disaster recovery best practice methodologies to answer the above questions along with helping you develop a clear action plan for either improving your existing plan or developing a plan. We have developed flexible service offerings designed to meet your specific needs. Through our Coaching approach, we will help you determine which business continutity and disaster recovery solution will best fit your organization and situation. Our Coach will empower your existing staff with our business continuity and disaster recovery best practice skills and methodologies to improve your recovery efforts in an outage situation.

Our Business Continuity and Disaster Recovery services include the following main categories:

  • Assessment and Diagnostic Services
  • Design and Implementation Services
  • Testing and Validation Services
  • Outsourcing / Co-sourcing Services

Sarbanes-Oxley Services
Implementing Sections 404 and 302 of the Sarbanes-Oxley Act is not easy and can be one of the most complex projects companies face today.

Businesses are struggling to achieve a balance between cost and compliance and management do not always fully appreciate the implications for them or for their external auditors. Outside the US, practical experience is in short supply and external auditors are very restricted in the help they can offer.

In order to assist organizations with the compliance of this complex and challenging legislation, we provide the following SOX compliance services:

  • Managing SOX projects on a turnkey basis
  • Perform testing of key controls
  • Performing entity level risk assessments
  • Developing detailed SOX project plans
  • Preparing process/application matrices outlining project scope
  • Providing templates that clients can use to document key business processes and internal controls
  • Establishing processes for clients to monitor and test the internal controls
  • Assisting clients in organizing control documentation for external auditors' attestation fieldwork
  • Assist clients in testing of internal controls
  • Providing recommendations that address identified control weaknesses
  • Project management
  • Technical and documentation support
  • Solution design and implementation
  • Change management and training
  • Quality assurance and review
  • Methodology
Cookies ©2008 Transcendent Group All Rights Reserved