Information Systems Control Journal, Volume 2, 2000

Book Review

Effective Use of Teams for IT Audits

By Martin A. Krist
Reviewed by Sarathy Emani, CISA

As the title implies, the author recommends audit management practices by establishing guidelines for the audit teams to follow. Through the course of the book, the author encourages empowerment of the auditors by offering them the resources needed for completing the assignment. Several work papers are presented as models for the audit teams, while soft copies of the templates are supplied through the CD accompaniment to the book. Before the author delves far into his subject matter, he sets his parameters for self-assessing the audit teams' effectiveness. This is followed by highlights of team performances in organizations that have hierarchical and total quality management cultures, recommending a move from the former to the latter.

Another section describes how to use teams for process improvement, by first establishing a quality improvement infrastructure and then incorporating an eight-step quality improvement process. In many other text books, the discussion ends and the involvement of audit teams ceases after audit findings are reported to management. This book is different from the others since it recommends steps for using audit teams for process improvement. In my view, it is this step that adds value to the audit function in the eyes of senior management.

There is also a chapter that gives tips on selecting a team leader, creating team synergy and building and managing teams. There are more than 20 work papers that are highly useful to audit teams at different phases of audits. The strength of this book is in the depth to which each of the topics is covered and supporting templates and checklists given. I view the book as being useful to the audit teams from individual team members to management level for effectively planning and executing audits.

Sarathy Emani, CISA
has a graduate degree in Electronics and Telecommunications from JNT University and a post-graduate degree in Industrial Engineering from the National Institute for Training in Industrial Engineering (NITIE), Bombay. He also has completed the necessary training requirements to be an Assessor of Quality Systems for ISO 9001, from PE Batalas, UK and is a trained professional for SEI/CMM assessment. He has completed training requirements in SPICE (Software Process Improvement and Capability dEtermination).

For two years he worked as management and systems consultant with SB Billimoria & Co, Bombay and later joined Tata Consultancy Services as software consultant. During his tenure of about twelve years with TCS, he worked with several clients in India and abroad from countries including Bahrain, the USA, Malaysia and Japan. His primary areas of responsibilities are handling software projects, quality assurance, systems audit and ISO internal audit.

Currently he is the head of the Process and Quality Management Board at Cognizant Technology Solutions, plays a vital role as site coordinator for SEI/CMM Level 4 assessment and is the management representative for ISO 9001 certification. PQMB constitutes several focus groups such as Software Engineering Process Group (SEPG), Software Quality Assurance Group (SQAG), Software Configuration Control Board (SCCB), Software Testing Group (STG), and Process and Quality Tools Group (PQTG).

His portfolio also comprises President of Information Technology Auditors' Association, India; steering committee member for the Chennai Chapter of SPIN (Software Process Improvement Network) and core committee membership for SEPG, India. In addition, he is a member of the ISACA Publications Committee for 1999-2000.

Ordering information for this book can be found in the Bookstore.