This is one of the worst written and ill-conceived book. Author knows very little about current trends in information systems. An average well-informed reader would know more about information systems than the author without reading a single page of this book. Author's style is old school, orthodox and boring. Maybe his military background is making him approach everything in a disciplined way without curiously questioning how and why. No examples, no case studies discussed. Way too generic, confusing and useless work. I wasted my money as this was a textbook for the course I took in IT auditing. My suggestion to readers is to explore other references in IT auditing on amazon.

Amazon is not allowing me to go lower than one star. I will give it a one star since it is 568 stupid pages bound between two paperboards! IT auditing is relatively a new field and this book is a bogus opportunistic attempt to cash on the new buzz word "IT auditing".

Frankly, I'm surprised that this book made it to publication. It has too many shortcomings. I'll cover one.

Among other shortcomings, the authors could improve on their writing by including topic sentences in paragraphs. To illustrate, consider the following first sentence in a paragraph:

"The result of natural disasters, such as fires, floods, wind, and earthquakes, are usually catastrophic to the computer center and information systems, even though the probability of such an occurrence is remote."

Based on this topic sentence you would think the subsequent sentences would expound on natural disasters and touch on the frequency of occurrence. Although the paragraph started on topic it quickly faded to discussions on human-made disasters and system failures. These should have been topics for separate paragraphs.


If this is the best available on the topic then I believe an opportunity exists for others to make some money on a better book. The "bar is low" with this book.

I would be interested to hear other comments. My comments are from the eyes of a student who is currently using this disappointing textbook. It is one of the worst textbooks I've encountered in my student career.

I use this book as the basic text in my university course on computer auditing for CA's (CPA's to you south of the 49th) because it is the best text out of a bad lot. At times, Hall is concise and to the point. On occasion, for example in ch's 8 and 9 when he describes the audit of a receivables and a payables systems, his advice is detailed and valuable. Most of the time, though, he wanders into side issues in too much depth, ignores the concepts of risk and control, provides superficial advice and examples on CAAT's (despite the inclusion of the ACL disk, which, although stripped down, is worth the price of admission) and is just too thin on practical discussions of auditing in an EDP environment.