Auditing

I am disappointed about this book. The book is basically written for students who know little about the business/accounting functions. I found the contents are not deep enough, at least not for veterans or accountants.Therefore, if you want a thorough knowledge of the controllership, this is not the one you should read. Try others.

A very practical book for doing controller function in a small-to-large size organization. A good recommended book for controllers.

The book is divided into six parts.The first two parts gives a complete treatise on development of CSA and approaches to CSA. The next two parts deal with practical applications of CSA in private sector organisations and public sector organisations. The fifth part deals with the future of CSA. The authors discuss very valid questions on why CSA is not more widely adopted than it should. The authors have analysed how CSAcan be a useful tool to be usedas part of risk management and corporate governance. The sixth and final part contains various appendices useful to the reader like extracts from the CoCo Report and UK guidance on internal financial control. This book is addressed to both practioneers and students of CSA.

Checklists, though mundane, are a key component of many jobs. They help ensure that key issues aren't overlooked, and they serve as guideposts for anyone auditing the work. This book provides technology managers with a very good preparatory set of details and checklists for their e-commerce infrastructure. The book can also show a corporate auditor what to look for to ensure that appropriate controls are in place.

Throughout its 6 chapters and 225 pages, the book offers a detailed, progressive, and structured approach for performing such audits. The book addresses technology-related issues but doesn't require the auditor to be expert in them. Among topics discussed are physical security, authentication, and passwords; checklists ensure that these features are deployed or configured correctly.

For ensuring that file servers and other elements of the e-commerce infrastructure are protected, this book is an excellent choice.

While many approach the subject of e-commerce control and security from a purely pedagogical, 'those who can't do, teach' perspective, Gordon Smith draws upon his considerable experience in the trenches to pen this logical step-by-step, risk-based approach to the subject. Moreover, the book is written in an easy, conversational style that is easily comprehended by even neophyte auditors, and its packed with audit work programs and checklists that permit practitioners to roll up their sleeves and get down to work immediately. One feature of this book I found particularly enlightening was Mr. Smith's sensible inclusion of supporting operating system and data base-related risks and controls as they relate to the overall e-commerce control environement. Too often these extremely important controls are deleted from scope or not considered at all in favor of engagement cost and time constraints. Experience proves that a partially secured environement is no better than one that is totally unsecured. Having contracted and worked with Mr. Smith and his CanAudit associates in the past, and having personally witnessed his team breaking into systems heretofore considered inpenetrable, I place a great deal of credence in his opinions on the subject of system security, e-commerce-related or otherwise. This book is a must read for anyone interested in the subject of e-commerce security and an invaluable reference tool for the professional IT Auditing practitioner.