One can easily find information on IT Auditing and IT Governance (ITG) on the web. If you are passionate by the field, chances are that you are already a member of ISACA and well aware of the great value crystallized in the hundreds of articles available from its site.

But if you wish to structure your understanding and dive in just deep enough not to get lost into the specifics while always keeping a clear idea of where you stand in the vast body of knowledge, then I strongly advise you this excellent manual whose third edition reflects a very high maturity level, to use a common ITG concept.

The extensive index and table of content will guide you amongst its 21 chapters and 800+ pages. The synthesis and questions at the end of each chapter will help you focus on the essential information to be remembered from your reading, whether you are preparing for the CISA / CGEIT exams or not.

Impressed by the work done to compile such a valuable reference book and by the limpidness of its content, I give it a maximum rating. It's high price was definitely worth my investment.

I bought this book as an additional material to study for the CISA exam. However it didn't help me with the exam at all. Furthermore, in an attempt to cover many things, it did not cover anything in detail. This book is just an endless recollection of bullet points. On top of that, it misses very sensitive topics like disaster recovery planning.

This book has some material relevant to the CISA examination based on the 2003 content areas, although it is not organized or focused as a CISA examination guide. If you are looking for CISA review material for the test, I would strongly suggest to stick with ISACA's combination of review manual and questions CD. I also searched everywhere for study aids for this grueling test and ended up using ISACA's expensive material, but it proved to be the best choice as I passed the Dec 2006 test.

However, as owner of a copy of this book, I assure you that this is an excellent reference of IT management, planning, implementation, risk assessment and control procedures for anyone in the IT business. Most of the material is still relevant as of 2007.

Audit is not the most exciting topic in the world, but this no fluff book really sets the standard. The care the authors took is obvious from the start, the table of contents is one of the most detailed I have ever seen, it allows the book to be used as a reference.

My favorite chapter was Quality Management, best job of making quality approachable I have seen to date. My least favorite was Project Management, it seemed to lack the application and lean to theory a bit.

I am not an auditor, but as an auditee, this book really helped me understand how they think. Recommended!

This is a huge book but spends no more then 1 page on any topic. In my opinion the authors only have financial audit experience and little understanding of IT controls. This book shows the failure of the 'integrated auditor' as the authors are tyring to be IT auditors with little IT experience. They touch on some very good points in a few instances and, in general, the book is decent. The authors do not know much outside of the CISA, IIA and financial based certifications as they seem to think that the ISSA (Information Systems Security Assoc.) is sponsored by ISC2/CISSP's (it is not). Overall, I have not been impressed with this book.