Information Technology Control and Audit, Second Edition (Hardcover)

by Frederick Gallegos (Author), Daniel P. Manson (Author), Sandra Senft (Author), Carol Gonzales (Author) "Much has changed in the world since the first edition..." (more)
Key Phrases: applicable workpapers, reckless destructive trespass, authorization value sets, Boca Raton, Auerbach Publishers, United States (more...)

Editorial Reviews

Review
The book is very useful for beginners as well as practitioners…[It] is well written and presented. Its practical implementation in the country of origin of the authors (USA) should provide resiliency to IT security in the emerging cyberworld.
- Information Systems Control Journal, Vol. 4, 2005

The book is very useful for beginners as well as practitioners…[It] is well written and presented. Its practical implementation in the country of origin of the authors (USA) should provide resiliency to IT security in the emerging cyberworld.
- Information Systems Control Journal, Vol. 4, 2005

Product Description
Text provides an introduction to IT auditing, covering topics such as the audit process, the legal environment of IT auditing, security and privacy, and more. For professional reference and for students. Includes review questions, chapter exercises, answers, references, and index. Previous edition: c1999. DLC: Information technology--Auditing--Handbooks, manuals, etc.

See all Editorial Reviews

Product Details

• Hardcover: 720 pages
• Publisher: Auerbach Publications; 2 edition (March 26, 2004)
• Language: English
• ISBN-10: 0849320321
• ISBN-13: 978-0849320323
• Product Dimensions: 9.5 x 6.6 x 2 inches
• Shipping Weight: 3 pounds
• Average Customer Review: 4.8 out of 5 stars See all reviews (92 customer reviews)
• Amazon.com Sales Rank: #622,559 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

10 of 11 people found the following review helpful:

5.0 out of 5 stars Excellent Book For Audit and Control, June 6, 2004

By	Anthony Lai Cheuk Tung "Anthony LAI, CISSP, C... (Hong Kong SAR) - See all my reviews

This review is from: Information Technology Control and Audit (Hardcover)

I will take CISA on coming Saturday, in fact, this is my reference material, I found that those materials are very comprehensive and it quotes some practical cases and examples to illustrate the concept. Meanwhile, I found that some sample CISA questions are obtained from there, that's reason I persist to complete it.

In addition, the most important point is that it provides some useful appendix like Sample Audit Program and Audit Cases Excercises, it is readily helpful.

It do helps me to enrich myself in MIS techniques and review what I have experienced in the past once I have adopted an audit and control mindset.

The 2nd edition is released and you could refer it as below:
http://www.isaca.org/Template.cfm?Section=bookstore&Template=/Ecommerce/ProductDisplay.cfm&Productid=155

6 of 6 people found the following review helpful:

4.0 out of 5 stars One of the Better IT Auditing Books, June 3, 2005

By	Jackson Stephens "Creative Genius" (Salt Lake City, UT, USA) - See all my reviews (REAL NAME)

As a subject, IT auditing can be difficult to find many good books on. First of all, there really are not that many books on the subject to begin with. Second, the books that do exist are often not written very well. Finally, to compound the problem, IT auditing can be a tough subject to write about in the first place since a lot of it comes down to professional opinion and judgment. That being said, _Information Technology Control and Audit_ largely succeeds in its goal of being a "bible" of sorts in this particular subject area.

Now let us admit first off that the book itself is rather dull and boring looking, so it is not likely to win any awards in graphic design any time soon. The cover is essentially monotone, and the rest of the book is, as well. Additionally, few illustrations are used besides some basic diagrams and tables thrown in every once in a while. In short, I definitely feel as if they could have livened up the presentation of the book a little more.

From a content perspective, though, the book mostly shines as it deals with a wide variety of subjects. Chapters 1 through 3 provide a good foundation for the rest of the book by delving into the history and evolution of IT auditing. Chapter 4 then discusses IT auditing as it relates to IT system development. Chapters 5 through 8 get a little more technical and talk about auditing various IT systems, from applications to networks. Chapters 9 through 13 cover IT auditing from the standpoint of IT operations. Finally, chapters 14 through 17 go into some "emerging issues" in IT auditing, such as the legal environment, security and privacy, career planning and development, and the future of IT auditing.

Overall, the book is well written, although at times it can come off a little dry (probably on account of the subject itself). I appreciated the beginning primer on auditing since that is one of my weaker areas. I also found the emerging issues section to be quite useful and interesting. In reading a book on IT auditing, I don't think that most readers would expect an author to cover such subjects all the time, so they were like icing on the proverbial cake. Along these lines, several helpful appendices are also provided, such as one on professional standards that apply to IT.

Wrapping things up, I would also point out that some of the examples, technology, issues, and terminology (such as Y2K) seem a bit outdated, but I understand that a new edition has come out that might resolve some of these problems. (Note that I am reviewing the first edition.) Otherwise, the book provides a plethora of helpful examples. The author does not just talk about a subject; he usually tries to bring it to life and add realism through the examples.

All in all, this is probably one of the better IT auditing books available right now. Rating: 4 out of 5.

3 of 3 people found the following review helpful:

5.0 out of 5 stars Useful reference material, February 1, 2007

By	Carlos Santiago (Virginia, USA) - See all my reviews (REAL NAME)

This book has some material relevant to the CISA examination based on the 2003 content areas, although it is not organized or focused as a CISA examination guide. If you are looking for CISA review material for the test, I would strongly suggest to stick with ISACA's combination of review manual and questions CD. I also searched everywhere for study aids for this grueling test and ended up using ISACA's expensive material, but it proved to be the best choice as I passed the Dec 2006 test.

However, as owner of a copy of this book, I assure you that this is an excellent reference of IT management, planning, implementation, risk assessment and control procedures for anyone in the IT business. Most of the material is still relevant as of 2007.