Book Review: The Basics of IT Audit


Full Disclosure: I was the Technical Editor for this book. While some may say this makes my opinion biased, I believe this has made me more critical of the finished work.


The Basics of IT Audit: Purposes, Processes, and Practical Information by Stephen Gantz is the latest in "The Basics of" series by Syngress.

It is intended to "provide you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA."

At 270 pages it is one of the longer books in this series and like the others, is intended to provide a high level overview of the subject matter. It begins by explaining the reasoning behind auditing and quickly moves into the different roles and responsibilities that one can expect during an audit engagement. The book dedicates separate chapters for internal and external audit as well a chapter explaining the different types of audits.

It goes on to spend several chapters breaking down the components and life cycle of an audit before delving into the different methodologies and frameworks available (NIST, ISO/IEC, COBIT, etc.). The book ends by providing an overview of Audit-Related Organizations, Standards, and Certifications.

All-in-all The Basics of IT Audit is a good primer for anyone just getting started in IT Audit or students pursuing a degree in IT Assurance. The book also does a great job demystifying the audit process and is recommended for anyone in IT who may be involved in their company's audit process.


Get this book at: Amazon | Syngress