About the Book
The new edition of a bestseller, Information Technology Control and Audit, Fourth Edition provides a comprehensive and up-to-date overview of IT governance, controls, auditing applications, systems development, and operations. Aligned to and supporting the Control Objectives for Information and Related Technology (COBIT), it examines emerging trend
Table of Contents:
A Foundation For IT Audit and Control. Auditing IT Planning and Organization. IT Acquisition and Implementation. IT Delivery and Support. Advanced Topics.
About the Author :
Frederick Gallegos, MBA, has expertise in IT Audit Education, IS Auditing, Security, and Control of Information Systems; Legal Environment of Information Systems; Local Area and Wide Area Network Security and Controls; Computer Ethics, Management Information Systems, Executive Support Systems, Internet as an Audit Resource. He has more than 35 years of teaching and practical experience in the field, published four books, and authored and coauthored more than 200 articles in the aforementioned subjects. He received his BS and MBA from the California State Polytechnic University, Pomona, California. He has a California Community College Instructor Credential. He taught for the Computer Information Systems Department, College of Business at California State Polytechnic University, Pomona, California, from 1976 to 1996 (part-time) and full-time from 1996 to 2006. After 30 years of teaching, he retired in September 2006 and received the lecturer emeritus status from the university in May 2007. In February 2008, he received the Computer Information Systems (CIS) Lifetime Achievement Award from the CIS Department at Cal Poly, Pomona, California. He continues to maintain contact and provides consulting services with his past undergraduate and graduate students and alumni of the CIS Department's Information Assurance programs from the California State Polytechnic University, Pomona, California.
Before teaching full-time at Cal Poly (1996-2006), Gallegos worked for GAO-Los Angeles Regional Office (1972-1996) and advanced within GAO to serve as manager, Management and Evaluator Support Group. He managed staff involved in Office Automation, Computer Audit Support, Computer Audit, Training, Human Resource Planning and Staffing, Technical Information Retrieval and Security/Facilities Management. He retired from GAO in 1996 with 26 years of federal and military service. He is a recipient of several service awards from GAO, EDP Audit, Control, and Securi
Review :
Information Technology Control and Audit, Fourth Edition is one of a handful of books I think of as a must have reference book on every CIO’s bookshelf or in the IT department library. ... certainly a tremendous reference resource for CIO’s, IT managers of all types and IT auditors who need to be able to crack open a book when dealing with an issue of governance or best practice ideas on setting up IT controls for IT acquisitions. The reasons this book is such a strong reference in those situations is that it aligns to the Control Objectives for Information and Related Technology (COBIT) framework. Which for many people find COBIT to be a better framework than ITIL when designing controls for compliance and doing audit work.... Now I know a lot of CIO’s and senior IT managers might be a bit skeptical that this is a book they should dig into when they have questions or need ideas. But you will find much more credible information in this one book, faster, than you ever will searching for it online.
—The Higher Ed CIORead the full review at: http://blog.thehigheredcio.com/2012/10/09/book-review-information-technology-control-and-audit-fourth-edition/#ixzz2TaAb6hMh
Praise for Its Bestselling Predecessor:
I've been extremely pleased with the textbook. It is the only IT Audit textbook that is representative of how IT auditors actually scope and perform their work. The layout of the book follows the most logical learning progression for a new IT auditor, starting with the understanding of general IT controls prior to teaching application controls. Many other textbooks I reviewed did not follow this logical progression and I found students not fully understanding how application controls are reliant upon the general controls. Information and Technology Control and Audit lays out the logical control reliance to afford students the ability to understand this concept. This has given my students a head start in their respective IT audit roles … .—Rick Savarese, CISA, Vice President of Information Technology and CSO at ECFMG; MIS/Accounting Professor, University of Delaware
Prior to becoming a professor I worked for Ernst & Young as a Senior Manager in the Information Technology Audit area for 8 years. I have found this text to be an invaluable asset in teaching my IT Audit classes for the past 5 years. The chapter contents, illustrations, cases, and appendices bring the real world into my classroom making my students ready for their first Information Technology Audit interview and job!—Professor Edward Moskal, Computer & Information Sciences Department, Saint Peter's College
I currently teach a class on IT auditing and I have been using Sandra Senft and Frederick Gallegos' Information Technology Control and Audit textbook in my classroom since the Fall of 2009. In my experience, I have found that students have benefitted greatly from the book; I have been able to incorporate many of the topics from the book in my classroom discussions. The book provides a solid foundation in terms of the evolution of IT auditing, including many current drivers such as the changing regulatory and compliance landscape. The book then delves into the process of performing an IT audit, including the use of clear references to our audit standards. Students are then introduced to many technical IT audit topics such as application development, information security and IT operations and support. Throughout, the authors do a nice job of referencing COBIT and other IT risk and control frameworks. Overall, the book is an excellent resource for individuals interested in learning about the profession of IT auditing and compliance.—Jim Enstrom, Adjunct Professor/Lecturer, DePaul University
Information Technology Control and Audit, Fourth Edition is one of a handful of books I think of as a must have reference book on every CIO’s bookshelf or in the IT department library. ... certainly a tremendous reference resource for CIO’s, IT managers of all types and IT auditors who need to be able to crack open a book when dealing with an issue of governance or best practice ideas on setting up IT controls for IT acquisitions. The reasons this book is such a strong reference in those situations is that it aligns to the Control Objectives for Information and Related Technology (COBIT) framework. Which for many people find COBIT to be a better framework than ITIL when designing controls for compliance and doing audit work.... Now I know a lot of CIO’s and senior IT managers might be a bit skeptical that this is a book they should dig into when they have questions or need ideas. But you will find much more credible information in this one book, faster, than you ever will searching for it online.
—The Higher Ed CIORead the full review at: http://blog.thehigheredcio.com/2012/10/09/book-review-information-technology-control-and-audit-fourth-edition/#ixzz2TaAb6hMh
Praise for its Bestselling Predecessor:
I've been extremely pleased with the textbook. It is the only IT Audit textbook that is representative of how IT auditors actually scope and perform their work. The layout of the book follows the most logical learning progression for a new IT auditor, starting with the understanding of general IT controls prior to teaching application controls. Many other textbooks I reviewed did not follow this logical progression and I found students not fully understanding how application controls are reliant upon the general controls. Information and Technology Control and Audit lays out the logical control reliance to afford students the ability to understand this concept. This has given my students a head start in their respective IT audit roles … .—Rick Savarese, CISA, Vice President of Information Technology and CSO at ECFMG; MIS/Accounting Professor, University of Delaware
Prior to becoming a professor I worked for Ernst & Young as a Senior Manager in the Information Technology Audit area for 8 years. I have found this text to be an invaluable asset in teaching my IT Audit classes for the past 5 years. The chapter contents, illustrations, cases, and appendices bring the real world into my classroom making my students ready for their first Information Technology Audit interview and job!—Professor Edward Moskal, Computer & Information Sciences Department, Saint Peter's College
I currently teach a class on IT auditing and I have been using Sandra Senft and Frederick Gallegos' Information Technology Control and Audit textbook in my classroom since the Fall of 2009. In my experience, I have found that students have benefitted greatly from the book; I have been able to incorporate many of the topics from the book in my classroom discussions. The book provides a solid foundation in terms of the evolution of IT auditing, including many current drivers such as the changing regulatory and compliance landscape. The book then delves into the process of performing an IT audit, including the use of clear references to our audit standards. Students are then introduced to many technical IT audit topics such as application development, information security and IT operations and support. Throughout, the authors do a nice job of referencing COBIT and other IT risk and control frameworks. Overall, the book is an excellent resource for individuals interested in learning about the profession of IT auditing and compliance.—Jim Enstrom, Adjunct Professor/Lecturer, DePaul University
