Review posted at: http://www.securitymanagement.com/library/001756.html

Stepping Through the IS Audit: What to Expect, How to Prepare
By J. L. Bayuk; published by ISACA, 847/590-7486 (phone), www.isaca.org (Web); 142 pages; $45.

Many an executive on a business trip abroad has suffered the embarrassment of making an error in protocol or local custom. The “thumbs up” or “V for victory” gestures that are symbols of approval in the United States may have derogatory meanings elsewhere, for example. By brushing up on local culture in advance, these executives could have saved themselves heartache, embarrassment, and lost business.

Think of the world of the IT audit as a foreign land, where the unique practices and vernacular similarly baffle the uninitiated. Brushing up on the IT audit is key—especially in light of the Sarbanes-Oxley Act—lest executives find themselves adrift in heartache, embarrassment, and lost business brought about by system flaws.

Fortunately, Stepping Through the IS Audit: What to Expect, How to Prepare lives up to its title, providing a densely packed overview of what a nonaudit person needs to know about the audit process. In four well-organized chapters, the reader is led through an IS audit.

After an introductory chapter, follow-up chapters detail audit planning and execution, with a chapter comprising case studies rounding out the work. Also included is a 30-page sample draft audit program, which can be used as a starting point for a real audit.

Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a New York City-based senior security consultant with ThruPoint, Inc. He is a member of ASIS International.