Information Technology Control and Audit, Second Edition [Hardcover]

Sandra Senft (Author), Frederick Gallegos (Author), Daniel P. Manson (Author), Carol Gonzales (Author)

Book Description

ISBN-10: 0849320321 | ISBN-13: 978-0849320323 | Publication Date: March 26, 2004 | Edition: 2

Information Technology Control and Audit, Second Edition is an excellent introductory textbook for IT auditing. It covers a wide range of topics in the field including the audit process, the legal environment of IT auditing, security and privacy, and much more.

This textbook first examines the foundation of IT audit and control, discussing what IT auditing involves and the guidance provided by organizations in dealing with control and auditability issues. It then analyzes the process of audit and review, explores IT governance and control, and discusses the CobiT framework and steps that align IT decisions with business strategy. This volume examines project management processes that ensure that projects are controlled from inception through integration.

It continues by addressing auditing IT acquisition and implementation, describing risks and controls as related to the life cycle of application systems. It highlights the purchase and installation of new systems, as well as change management. The next section examines the auditing of IT operations in both standalone and global environments, covering types of IT operation, issues related to specific platforms, risk and control assessment, and audit methods and support tools.

The textbook concludes with a review of emerging issues, providing undergraduate and graduate students with a thorough overview of a topic critical to organizational security and integrity.

Editorial Reviews

About the Author

California State Polytechnic University, Pomona, USA California University, Pomona, USA --This text refers to an alternate Hardcover edition.

Product Details

• Hardcover: 720 pages
• Publisher: Auerbach Publications; 2 edition (March 26, 2004)
• Language: English
• ISBN-10: 0849320321
• ISBN-13: 978-0849320323
• Product Dimensions: 9.5 x 6.6 x 2 inches
• Shipping Weight: 3 pounds
• Average Customer Review: 4.7 out of 5 stars  See all reviews (96 customer reviews)
• Amazon Best Sellers Rank: #1,362,862 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

8 of 8 people found the following review helpful:

3.0 out of 5 stars Not for the faint of heart, December 3, 2002

By A Customer

This review is from: Information Technology Control and Audit (Hardcover)

I used this book for my first exposure to IT auditing. I found it was so thick it was difficult to walk away with a solid concept most of the time. I am sure it would make a great deal of sense to a very technical person who understands the ins and outs of networking and firewalls and who is comfortable just opening a new application and picking it a part, but I am a method person. I either need examples to extrapolate from or a step by step to get a deeper understanding. I have a strong business background, so I was able to apply that to application concepts. I just don't think I have had enough implementation experience to make the most of some of the concepts.

11 of 12 people found the following review helpful:

4.0 out of 5 stars One of the Better IT Auditing Books, June 3, 2005

By 

Jackson Stephens "Creative Genius" (Salt Lake City, UT, USA) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Information Technology Control and Audit, Second Edition (Hardcover)

As a subject, IT auditing can be difficult to find many good books on. First of all, there really are not that many books on the subject to begin with. Second, the books that do exist are often not written very well. Finally, to compound the problem, IT auditing can be a tough subject to write about in the first place since a lot of it comes down to professional opinion and judgment. That being said, _Information Technology Control and Audit_ largely succeeds in its goal of being a "bible" of sorts in this particular subject area.

Now let us admit first off that the book itself is rather dull and boring looking, so it is not likely to win any awards in graphic design any time soon. The cover is essentially monotone, and the rest of the book is, as well. Additionally, few illustrations are used besides some basic diagrams and tables thrown in every once in a while. In short, I definitely feel as if they could have livened up the presentation of the book a little more.

From a content perspective, though, the book mostly shines as it deals with a wide variety of subjects. Chapters 1 through 3 provide a good foundation for the rest of the book by delving into the history and evolution of IT auditing. Chapter 4 then discusses IT auditing as it relates to IT system development. Chapters 5 through 8 get a little more technical and talk about auditing various IT systems, from applications to networks. Chapters 9 through 13 cover IT auditing from the standpoint of IT operations. Finally, chapters 14 through 17 go into some "emerging issues" in IT auditing, such as the legal environment, security and privacy, career planning and development, and the future of IT auditing.

Overall, the book is well written, although at times it can come off a little dry (probably on account of the subject itself). I appreciated the beginning primer on auditing since that is one of my weaker areas. I also found the emerging issues section to be quite useful and interesting. In reading a book on IT auditing, I don't think that most readers would expect an author to cover such subjects all the time, so they were like icing on the proverbial cake. Along these lines, several helpful appendices are also provided, such as one on professional standards that apply to IT.

Wrapping things up, I would also point out that some of the examples, technology, issues, and terminology (such as Y2K) seem a bit outdated, but I understand that a new edition has come out that might resolve some of these problems. (Note that I am reviewing the first edition.) Otherwise, the book provides a plethora of helpful examples. The author does not just talk about a subject; he usually tries to bring it to life and add realism through the examples.

All in all, this is probably one of the better IT auditing books available right now. Rating: 4 out of 5.

11 of 12 people found the following review helpful:

5.0 out of 5 stars Excellent Book For Audit and Control, June 6, 2004

By 

Anthony Lai Cheuk Tung "Anthony LAI, CISSP, C... (Hong Kong SAR) - See all my reviews

This review is from: Information Technology Control and Audit (Hardcover)

I will take CISA on coming Saturday, in fact, this is my reference material, I found that those materials are very comprehensive and it quotes some practical cases and examples to illustrate the concept. Meanwhile, I found that some sample CISA questions are obtained from there, that's reason I persist to complete it.

In addition, the most important point is that it provides some useful appendix like Sample Audit Program and Audit Cases Excercises, it is readily helpful.

It do helps me to enrich myself in MIS techniques and review what I have experienced in the past once I have adopted an audit and control mindset.

The 2nd edition is released and you could refer it as below:
http://www.isaca.org/Template.cfm?Section=bookstore&Template=/Ecommerce/ProductDisplay.cfm&Productid=155