Information Technology Control and Audit, Third Edition

The headline-grabbing financial scandals of recent years have led to a great urgency regarding organizational governance and security. Information technology is the engine that runs modern organizations, and as such, it must be well-managed and controlled. Organizations and individuals are dependent on network environment technologies, increasing the importance of security and privacy. The field has answered this sense of urgency with advances that have improved the ability to both control the technology and audit the information that is the lifeblood of modern business.

Reflects the Latest Technological Advances

Updated and revised, this third edition of Information Technology Control and Audit continues to present a comprehensive overview for IT professionals and auditors. Aligned to the CobiT control objectives, it provides a fundamental understanding of IT governance, controls, auditing applications, systems development, and operations.

Demonstrating why controls and audits are critical, and defining advances in technology designed to support them, this volume meets the increasing need for audit and control professionals to understand information technology and the controls required to manage this key resource.

A Powerful Primer for the CISA and CGEIT Exams

Supporting and analyzing the CobiT model, this text prepares IT professionals for the CISA and CGEIT exams. With summary sections, exercises, review questions, and references for further readings, it promotes the mastery of the concepts and practical implementation of controls needed to effectively manage information technology resources.

New in the Third Edition:

• Reorganized and expanded to align to the CobiT objectives
• Supports study for both the CISA and CGEIT exams
• Includes chapters on IT financial and sourcing management
• Adds a section on Delivery and Support control objectives
• Includes additional content on audit and control of outsourcing, change management, risk management, and compliance

In addition, the most important point is that it provides some useful appendix like Sample Audit Program and Audit Cases Excercises, it is readily helpful.

It do helps me to enrich myself in MIS techniques and review what I have experienced in the past once I have adopted an audit and control mindset.

The 2nd edition is released and you could refer it as below:
http://www.isaca.org/Template.cfm?Section=bookstore&Template=/Ecommerce/ProductDisplay.cfm&Productid=155


Excellent reference book   July 7, 1999
ABXU@KPMG.COM (USA)
3 out of 3 found this review helpful

This is an excellent book for IT Auditors and IT Security Professionals. There are professional standards that apply to information technology, along with sample audit cases and audit programs which can be used to assist IT auditors in an audit or when drafting a security policy.

With rapid changes of the technology such as the concept of LAN, WAN, MAN, firewall, e-commerce, etc., IT Auditors and IT Security Professionals need to stay current with the changes. Information Technology Control and Audit provides the latest information on auditing new environment, improving information systems security, and maintaining effective control over all computing functions.


All over coverage of IT control and auditing areas!!   December 8, 2005
Xiaodong Yun (Los Angeles, California)
3 out of 3 found this review helpful

As a student who decided to rush into IT control and auditing field, I felt so lucky that i could use this book as my textbook in studying. If you are wandering around many IT auditing books here, I, from the bottom of my heart, positively suggest you choose such a wonderful, understandable book as a friendly partner with you along your future study, career development, or even teaching students. Following is personal conclusions on this book:
1. It is so understandable for entry students or entrence level employees who are doing IT auditing jobs. Reading such a book makes you feel that you are just listening to a class on the spot, so at any time when you have questions, you will so quickly get the answers while you read it.
2. I read some books about IT auditing, but never find a book covering as many areas or topics as this book does. It not only teachs you IT controls and auditings methods and theories, but also gives you detailed directions and genial suggestions on your future career development in IT auditing.
3. There are a lot of references in the book, which will be very helpful for you to search any more recources in studying or working. Both technical or legal recources are provided.
4. It so updated in current auditing field. This is second edition in 2004.
5. The review questions after each chapter are also helpful for readers to refresh memories and in-depth understand the contents.

All in all, this book is knowledgeable, understandable, and updated in IT control and auditing areas.

I hope my review on this book will give you a hand on selecting textbooks.


Useful reference material   February 1, 2007
Carlos Santiago (Virginia, USA)
3 out of 3 found this review helpful

This book has some material relevant to the CISA examination based on the 2003 content areas, although it is not organized or focused as a CISA examination guide. If you are looking for CISA review material for the test, I would strongly suggest to stick with ISACA's combination of review manual and questions CD. I also searched everywhere for study aids for this grueling test and ended up using ISACA's expensive material, but it proved to be the best choice as I passed the Dec 2006 test.

However, as owner of a copy of this book, I assure you that this is an excellent reference of IT management, planning, implementation, risk assessment and control procedures for anyone in the IT business. Most of the material is still relevant as of 2007.



The most valuable IT audit tool   December 2, 1999
Ying Ma (California, U.S)
2 out of 2 found this review helpful

This book is probably the most valuable IT audit tool in terms of providing the user(reader) with guidance in conducting IT audits on informaiton systems, intruducing tools and techniques to solve security and control problems, and explaining the latest professional standards and legislations concerning IT auditing. From the fundamental concepts to best practices, this book covers every thing you want to know about IT audit in system development, network, application and IT operation environments. In addition, a large amount of valuable information, such as information about various professional associations and their standards that apply to information technology, is provided at the end of the book in appendixes. The appendixes also provides case studies, sample audit programs, and glossary that are very helpful to those who are new to IT auditing area. As a student in IT auditing major, I found that following this book is a very effective way to build up knowledge and experience in this area.