Information Technology Control and Audit, Second Edition

This book has some material relevant to the CISA examination based on the 2003 content areas, although it is not organized or focused as a CISA examination guide. If you are looking for CISA review material for the test, I would strongly suggest to stick with ISACA's combination of review manual and questions CD. I also searched everywhere for study aids for this grueling test and ended up using ISACA's expensive material, but it proved to be the best choice as I passed the Dec 2006 test. However, as owner of a copy of this book, I assure you that this is an excellent reference of IT management, planning, implementation, risk assessment and control procedures for anyone in the IT business. Most of the material is still relevant as of 2007.

As a student who decided to rush into IT control and auditing field, I felt so lucky that i could use this book as my textbook in studying. If you are wandering around many IT auditing books here, I, from the bottom of my heart, positively suggest you choose such a wonderful, understandable book as a friendly partner with you along your future study, career development, or even teaching students. Following is personal conclusions on this book: 1. It is so understandable for entry students or entrence level employees who are doing IT auditing jobs. Reading such a book makes you feel that you are just listening to a class on the spot, so at any time when you have questions, you will so quickly get the answers while you read it. 2. I read some books about IT auditing, but never find a book covering as many areas or topics as this book does. It not only teachs you IT controls and auditings methods and theories, but also gives you detailed directions and genial suggestions on your future career development in IT auditing. 3. There are a lot of references in the book, which will be very helpful for you to search any more recources in studying or working. Both technical or legal recources are provided. 4. It so updated in current auditing field. This is second edition in 2004. 5. The review questions after each chapter are also helpful for readers to refresh memories and in-depth understand the contents. All in all, this book is knowledgeable, understandable, and updated in IT control and auditing areas. I hope my review on this book will give you a hand on selecting textbooks.

I will take CISA on coming Saturday, in fact, this is my reference material, I found that those materials are very comprehensive and it quotes some practical cases and examples to illustrate the concept. Meanwhile, I found that some sample CISA questions are obtained from there, that's reason I persist to complete it.In addition, the most important point is that it provides some useful appendix like Sample Audit Program and Audit Cases Excercises, it is readily helpful.It do helps me to enrich myself in MIS techniques and review what I have experienced in the past once I have adopted an audit and control mindset.The 2nd edition is released and you could refer it as below:http://www.isaca.org/Template.cfm?Section=bookstore & Template=/Ecommerce/ProductDisplay.cfm & Productid=155

This book is probably the most valuable IT audit tool in terms of providing the user(reader) with guidance in conducting IT audits on informaiton systems, intruducing tools and techniques to solve security and control problems, and explaining the latest professional standards and legislations concerning IT auditing. From the fundamental concepts to best practices, this book covers every thing you want to know about IT audit in system development, network, application and IT operation environments. In addition, a large amount of valuable information, such as information about various professional associations and their standards that apply to information technology, is provided at the end of the book in appendixes. The appendixes also provides case studies, sample audit programs, and glossary that are very helpful to those who are new to IT auditing area. As a student in IT auditing major, I found that following this book is a very effective way to build up knowledge and experience in this area.

This is an excellent book for IT Auditors and IT Security Professionals. There are professional standards that apply to information technology, along with sample audit cases and audit programs which can be used to assist IT auditors in an audit or when drafting a security policy.With rapid changes of the technology such as the concept of LAN, WAN, MAN, firewall, e-commerce, etc., IT Auditors and IT Security Professionals need to stay current with the changes. Information Technology Control and Audit provides the latest information on auditing new environment, improving information systems security, and maintaining effective control over all computing functions.