5 years ago I was asked to help internal auditors with a helpful audit program, so I decided to do some research and purchased this book over the internet.
I am not a professional reviewer, I lack the tactfulness to state my feelings about a book without offending at least the author. Well, here it is in a single statement - do not buy this book! -
It is too expensive for a new auditor and too basic for a seasoned auditor who should know about most of the points made in the book.
First chapter the author felt the urge to explain computers and used the term CPU, a box containing hardware. The original 1946 EDVAC may have been called a CPU. The author continues ..."there are thousands of them" what a joke. and if you keep reading how he explains memory you will start laughing uncontrollably " the more memory you have the more applications you can run" .
There are some good points made and planty of case studies but I ended up using articles I found on the internet for a great audit program based on BS7799.
I would recommend, reading books about ISO 2700x for creating great audits.