Customer Reviews

Information Technology Control and Audit, Third Edition

5 star:		(81)
4 star:		(9)
3 star:		(3)
2 star:		(1)
1 star:		(2)

 

 

I used this book for my first exposure to IT auditing. I found it was so thick it was difficult to walk away with a solid concept most of the time. I am sure it would make a great deal of sense to a very technical person who understands the ins and outs of networking and firewalls and who is comfortable just opening a new application and picking it a part, but I am a method person. I either need examples to extrapolate from or a step by step to get a deeper understanding. I have a strong business background, so I was able to apply that to application concepts. I just don't think I have had enough implementation experience to make the most of some of the concepts.

As a subject, IT auditing can be difficult to find many good books on. First of all, there really are not that many books on the subject to begin with. Second, the books that do exist are often not written very well. Finally, to compound the problem, IT auditing can be a tough subject to write about in the first place since a lot of it comes down to professional opinion and judgment. That being said, _Information Technology Control and Audit_ largely succeeds in its goal of being a "bible" of sorts in this particular subject area.

Now let us admit first off that the book itself is rather dull and boring looking, so it is not likely to win any awards in graphic design any time soon. The cover is essentially monotone, and the rest of the book is, as well. Additionally, few illustrations are used besides some basic diagrams and tables thrown in every once in a while. In short, I definitely feel as if they could have livened up the presentation of the book a little more.

From a content perspective, though, the book mostly shines as it deals with a wide variety of subjects. Chapters 1 through 3 provide a good foundation for the rest of the book by delving into the history and evolution of IT auditing. Chapter 4 then discusses IT auditing as it relates to IT system development. Chapters 5 through 8 get a little more technical and talk about auditing various IT systems, from applications to networks. Chapters 9 through 13 cover IT auditing from the standpoint of IT operations. Finally, chapters 14 through 17 go into some "emerging issues" in IT auditing, such as the legal environment, security and privacy, career planning and development, and the future of IT auditing.

Overall, the book is well written, although at times it can come off a little dry (probably on account of the subject itself). I appreciated the beginning primer on auditing since that is one of my weaker areas. I also found the emerging issues section to be quite useful and interesting. In reading a book on IT auditing, I don't think that most readers would expect an author to cover such subjects all the time, so they were like icing on the proverbial cake. Along these lines, several helpful appendices are also provided, such as one on professional standards that apply to IT.

Wrapping things up, I would also point out that some of the examples, technology, issues, and terminology (such as Y2K) seem a bit outdated, but I understand that a new edition has come out that might resolve some of these problems. (Note that I am reviewing the first edition.) Otherwise, the book provides a plethora of helpful examples. The author does not just talk about a subject; he usually tries to bring it to life and add realism through the examples.

All in all, this is probably one of the better IT auditing books available right now. Rating: 4 out of 5.

I will take CISA on coming Saturday, in fact, this is my reference material, I found that those materials are very comprehensive and it quotes some practical cases and examples to illustrate the concept. Meanwhile, I found that some sample CISA questions are obtained from there, that's reason I persist to complete it.

In addition, the most important point is that it provides some useful appendix like Sample Audit Program and Audit Cases Excercises, it is readily helpful.

It do helps me to enrich myself in MIS techniques and review what I have experienced in the past once I have adopted an audit and control mindset.

The 2nd edition is released and you could refer it as below:
http://www.isaca.org/Template.cfm?Section=bookstore&Template=/Ecommerce/ProductDisplay.cfm&Productid=155

As a student who decided to rush into IT control and auditing field, I felt so lucky that i could use this book as my textbook in studying. If you are wandering around many IT auditing books here, I, from the bottom of my heart, positively suggest you choose such a wonderful, understandable book as a friendly partner with you along your future study, career development, or even teaching students. Following is personal conclusions on this book:
1. It is so understandable for entry students or entrence level employees who are doing IT auditing jobs. Reading such a book makes you feel that you are just listening to a class on the spot, so at any time when you have questions, you will so quickly get the answers while you read it.
2. I read some books about IT auditing, but never find a book covering as many areas or topics as this book does. It not only teachs you IT controls and auditings methods and theories, but also gives you detailed directions and genial suggestions on your future career development in IT auditing.
3. There are a lot of references in the book, which will be very helpful for you to search any more recources in studying or working. Both technical or legal recources are provided.
4. It so updated in current auditing field. This is second edition in 2004.
5. The review questions after each chapter are also helpful for readers to refresh memories and in-depth understand the contents.

All in all, this book is knowledgeable, understandable, and updated in IT control and auditing areas.

I hope my review on this book will give you a hand on selecting textbooks.

This book has some material relevant to the CISA examination based on the 2003 content areas, although it is not organized or focused as a CISA examination guide. If you are looking for CISA review material for the test, I would strongly suggest to stick with ISACA's combination of review manual and questions CD. I also searched everywhere for study aids for this grueling test and ended up using ISACA's expensive material, but it proved to be the best choice as I passed the Dec 2006 test.

However, as owner of a copy of this book, I assure you that this is an excellent reference of IT management, planning, implementation, risk assessment and control procedures for anyone in the IT business. Most of the material is still relevant as of 2007.

The text gives a good background of Information Systems Auditing methodology and best practices. Although some of the examples of Computer Auditing Tools and references to Y2k issues are a bit dated, I recommend this text as a must read for anyone deciding to enter into the IS Auditing field and should be on the shelf of any security professional who wishes to understand IS Auditing practices. I look forward to seeing an updated version of ITCA which includes more in-depth discussions about the impact of Sarbanes-Oxley and other sweeping legislation, updated information about tools and security hazards to be on the lookout for in the course of an audit and more emphasis on incorporating CoBIT into auditing plans.

This is an excellent book for IT Auditors and IT Security Professionals. There are professional standards that apply to information technology, along with sample audit cases and audit programs which can be used to assist IT auditors in an audit or when drafting a security policy.

With rapid changes of the technology such as the concept of LAN, WAN, MAN, firewall, e-commerce, etc., IT Auditors and IT Security Professionals need to stay current with the changes. Information Technology Control and Audit provides the latest information on auditing new environment, improving information systems security, and maintaining effective control over all computing functions.

I have no idea why this book continually receives rave reviews. I would give it NO stars if I could. I am an information systems security student, and this is absolutely the worst book I have ever encountered. The authors repeat themselves several times. There are literally several instances in which whole paragraphs were copied word for word in at least three locations. The book gives the impression that IT auditors are nothing but compliance narcs. The book takes over 600 pages to explain WHY auditing is necessary and offers no technical details on HOW to audit. Students who are forced to suffer through a class that uses this text must be forewarned: if your professor uses the review questions at the end of each chapter, do not expect the material covered in the book to help with many of the answers. A book I do recommend that is a much better text and gives much better technical coverage of IT Auditing is Information Security and Auditing in the Digital Age: A Practical and Managerial Perspective by Umar.

This book is probably the most valuable IT audit tool in terms of providing the user(reader) with guidance in conducting IT audits on informaiton systems, intruducing tools and techniques to solve security and control problems, and explaining the latest professional standards and legislations concerning IT auditing. From the fundamental concepts to best practices, this book covers every thing you want to know about IT audit in system development, network, application and IT operation environments. In addition, a large amount of valuable information, such as information about various professional associations and their standards that apply to information technology, is provided at the end of the book in appendixes. The appendixes also provides case studies, sample audit programs, and glossary that are very helpful to those who are new to IT auditing area. As a student in IT auditing major, I found that following this book is a very effective way to build up knowledge and experience in this area.

I am a person with very little knowledge and experience in the IT audit field. Reading this book was fun and explained difficult concepts that require much experience in simple terms.

I recommend this book to future IT audit professionals and those who would like to learn more about the field. The concepts it presents provide a "solid" foundation. Buy this book. It's essential!