I took a class on the NSA INFOSEC Assessment Methodology. In this class it goes over a methodology for testing a company's security posture from a broad perspective. We're talking about top level down from physical security to following standard operating procedures to ensuring a company has all the proper policies in place. There are 18 main classes and categories that are looked over and more can be added if need be. I found it difficult to really coordinate all that information between a team.