When I first received this book for review, I was a bit nervous. I am not an auditor, and have never been one. It is true that I have participated in hundreds of audits across different industries and disciplines, as both a customer and much more frequently, as an advisor, but I never had to put my name to the bottom of an attestation (except, I suppose, for a few PCI self-assessment questionnaires).
In short, I was concerned that I would not be able to properly grasp it, and thus fail to do it justice.
By the time I was done, I found myself with the same concern, but this time, coming from a completely different angle.
Because Steves book is truly a delight. I have worked with hundreds of auditors, and only a couple of them have ever shown the scope and breadth of experience, the desire to go beyond following rote process, and the sheer interest in staying true to the purpose of an audit any audit that Mr. Katzman exhibits in his book.
Steves personal stories shine through, and really help in framing the conversation. The little quips he embeds throughout his writing made me chuckle repeatedly, certainly not what I expected from a book about what is ultimately a rather dry subject matter. The planning chapter alone is worth the price of entry, as first and foremost it does such a great job at reminding all of us why audits exist in the first place.
For me, this work provided a great insight into the mind of an auditor, in a way that I never quite grasped before. That is undoubtedly going to help me in future audits. Considering the way Steve seamlessly transitions between the client and auditor viewpoints, if you are an auditor (the stated target audience for this book), then I cannot imagine how it would fail to help in a mirrored fashion.
I find it fitting to end this review by borrowing Steves own ending words from the book:
"Stay well, stay happy, and stay productive".
-- Barak Engel, CISO and author, Why CISOs Fail The Missing Link in Security Management and How to Fix It When I first received this book for review, I was a bit nervous. I am not an auditor, and have never been one. It is true that I have participated in hundreds of audits across different industries and disciplines, as both a customer and much more frequently, as an advisor, but I never had to put my name to the bottom of an attestation (except, I suppose, for a few PCI self-assessment questionnaires).
In short, I was concerned that I would not be able to properly grasp it, and thus fail to do it justice.
By the time I was done, I found myself with the same concern, but this time, coming from a completely different angle.
Because Steves book is truly a delight. I have worked with hundreds of auditors, and only a couple of them have ever shown the scope and breadth of experience, the desire to go beyond following rote process, and the sheer interest in staying true to the purpose of an audit any audit that Mr. Katzman exhibits in his book.
Steves personal stories shine through, and really help in framing the conversation. The little quips he embeds throughout his writing made me chuckle repeatedly, certainly not what I expected from a book about what is ultimately a rather dry subject matter. The planning chapter alone is worth the price of entry, as first and foremost it does such a great job at reminding all of us why audits exist in the first place.
For me, this work provided a great insight into the mind of an auditor, in a way that I never quite grasped before. That is undoubtedly going to help me in future audits. Considering the way Steve seamlessly transitions between the client and auditor viewpoints, if you are an auditor (the stated target audience for this book), then I cannot imagine how it would fail to help in a mirrored fashion
I find it fitting to end this review by borrowing Steves own ending words from the book:
Stay well, stay happy, and stay productive".
-- Barak Engel, CISO and author, Why CISOs Fail The Missing Link in Security Management and How to Fix It
