Book Review: Information Technology Control and Audit Fourth Edition

Information Technology Control and Audit Fourth EditionInformation Technology Control and Audit, Fourth Edition is one of a handful of books I think of as a must have reference book on every CIO’s bookshelf or in the IT department library. Now in its fourth edition, Information Technology Control and Audit by Senft, Gallegos and Davis is just one of the books that makes you want to use a capital ‘B’ when you say it because of its heft.

Information Technology Control and Audit is certainly a tremendous reference resource for CIO’s, IT managers of all types and IT auditors who need to be able to crack open a book when dealing with an issue of governance or best practice ideas on setting up IT controls for IT acquisitions.

The reasons this book is such a strong reference in those situations is that it aligns to the Control Objectives for Information and Related Technology (COBIT) framework. Which for many people find COBIT to be a better framework than ITIL when designing controls for compliance and doing audit work.

CIO’s, IT managers and IT auditors aren’t the only ones that will find Information Technology Control and Audit incredibly useful. CISO’s, security professionals, as well as anyone studying for the Certified Information Systems Auditor (CISA) exam will definitely benefit from the sample questions and exercises at the end of each chapter.

Information Technology Control and Audit is divided into five sections:

  1. A Foundation for IT Audit and Control
  2. Auditing IT Planning and Organization
  3. IT Acquisition and Implementation
  4. IT Delivery and Support
  5. Advanced Topics (Virtual Environments & ERP)

Organizing the book this way, along with a very detailed table of contents and index, makes it very easy to find and focus on specific issues or interests you have at the moment. At almost 720 pages including the five appendices it may only be the kind of book that is read front-to-back by CISA test candidates.

Now I know a lot of CIO’s and senior IT managers might be a bit skeptical that this is a book they should dig into when they have questions or need ideas. But you will find much more credible information in this one book, faster, than you ever will searching for it online.

In fact, if more CIO’s would read the Auditing IT Planning and Organization they would come away with a more objective view of IT Governance, Strategy and Standards, Risk Management, Process and Quality Management, and Financial Management. For many CIO’s or senior IT directors, the investment in these chapters alone might very well save you your job someday and make life with the auditors a little easier.

So not only do I recommend Information Technology Control and Audit, Fourth Edition for the reasons I have already shared, but I also recommend it so that you will also pass it along to your management team who will benefit from reading about Service Desk and Problem Management and Virtual Infrastructure Security and Risks and each of the other chapters related to every aspect of IT operations and management.

You might even consider using the 26 chapters as the framework for leading a weekly IT manager professional development series so that everyone can slowly digest the material and benefit from group discussion of the potential take-aways. My only advise on that is to not pass your copy around if you don’t want everyone putting dog-ears on the more useful pages.

This entry was posted in CIO Job, IT Risk Management, Reviews and tagged , , , , , , , . Bookmark the permalink.

2 Responses to Book Review: Information Technology Control and Audit Fourth Edition

  1. Omie says:

    I’m glad that you’ve emphasized the relevance of the book to individuals outside of IT audit roles. With a title like “…control and audit”, it’s easy to conclude that it’s a book for auditors. However, the reality is that IT managers, CIOs, CISOs, etc. make key decisions, and therefore requires quality information about control design and auditability, often before the auditor gets involved.

  2. The Higher Ed CIO says:

    Omie – I appreciate that you noticed. Certainly my previous roles supporting IT compliance for various IT organizations and as an IT auditor have shape my view that IT can benefit from looking at their processes and decision making models from the perspective of an auditor and and a mindset of ‘control’.

Comments are closed.