PRELUDE. Introduction. GOALS. The Organization. OPERATIONAL ASSESSMENTS. Operational Auditing. Operational Assessment Planning. Operational Assessment Fieldwork. PUTTING IT ALL TOGETHER. Assessment Reporting. IT and COBIT. Epilogue. Appendices.
Steve Katzman is a retired master sergeant who spent four years in accounting and finance and the rest of his 21-plus-year Air Force career in information technology (IT) and data communication. He has over 35 years of computer and technology experience and 14 years in auditing (internal and external). Mr. Katzman earned a BS degree in management information systems with a focus on business from Central Connecticut State University. He maintained several professional certifications, including CIA, CISA, CRMA, CRISC, and CISSP. During his military career, he held a top-secret security clearance.
When I first received this book for review, I was a bit nervous. I
am not an auditor, and have never been one. It is true that I have
participated in hundreds of audits across different industries and
disciplines, as both a customer and much more frequently, as an
advisor, but I never had to put my name to the bottom of an
attestation (except, I suppose, for a few PCI self-assessment
questionnaires). In short, I was concerned that I would not be able
to properly grasp it, and thus fail to do it justice. By the time I
was done, I found myself with the same concern, but this time,
coming from a completely different angle. Because Steve’s book is
truly a delight. I have worked with hundreds of auditors, and only
a couple of them have ever shown the scope and breadth of
experience, the desire to go beyond following rote process, and the
sheer interest in staying true to the purpose of an audit – any
audit – that Mr. Katzman exhibits in his book. Steve’s personal
stories shine through, and really help in framing the conversation.
The little quips he embeds throughout his writing made me chuckle
repeatedly, certainly not what I expected from a book about what is
ultimately a rather dry subject matter. The planning chapter alone
is worth the price of entry, as first and foremost it does such a
great job at reminding all of us why audits exist in the first
place. For me, this work provided a great insight into the mind of
an auditor, in a way that I never quite grasped before. That is
undoubtedly going to help me in future audits. Considering the way
Steve seamlessly transitions between the client and auditor
viewpoints, if you are an auditor (the stated target audience for
this book), then I cannot imagine how it would fail to help in a
mirrored fashion.I find it fitting to end this review by borrowing
Steve’s own ending words from the book: "Stay well, stay happy, and
stay productive". -- Barak Engel, CISO and author, Why CISOs Fail –
The Missing Link in Security Management and How to Fix It
When I first received this book for review, I was a bit nervous. I
am not an auditor, and have never been one. It is true that I have
participated in hundreds of audits across different industries and
disciplines, as both a customer and much more frequently, as an
advisor, but I never had to put my name to the bottom of an
attestation (except, I suppose, for a few PCI self-assessment
questionnaires). In short, I was concerned that I would not be able
to properly grasp it, and thus fail to do it justice. By the time I
was done, I found myself with the same concern, but this time,
coming from a completely different angle. Because Steve’s book is
truly a delight. I have worked with hundreds of auditors, and only
a couple of them have ever shown the scope and breadth of
experience, the desire to go beyond following rote process, and the
sheer interest in staying true to the purpose of an audit – any
audit – that Mr. Katzman exhibits in his book.Steve’s personal
stories shine through, and really help in framing the conversation.
The little quips he embeds throughout his writing made me chuckle
repeatedly, certainly not what I expected from a book about what is
ultimately a rather dry subject matter. The planning chapter alone
is worth the price of entry, as first and foremost it does such a
great job at reminding all of us why audits exist in the first
place. For me, this work provided a great insight into the mind of
an auditor, in a way that I never quite grasped before. That is
undoubtedly going to help me in future audits. Considering the way
Steve seamlessly transitions between the client and auditor
viewpoints, if you are an auditor (the stated target audience for
this book), then I cannot imagine how it would fail to help in a
mirrored fashionI find it fitting to end this review by borrowing
Steve’s own ending words from the book: Stay well, stay happy, and
stay productive". -- Barak Engel, CISO and author, Why CISOs Fail –
The Missing Link in Security Management and How to Fix It
Ask a Question About this Product More... |