Reviewed by Gail Michaelson, CISA, PMP, SSGB—This book is a primer on how fraud works and how to prevent, detect and prosecute it.

Reviewed by Vishnu Kanhere, Ph.D., CISA, CISM, AICWA, CFE, FCA—This book provides an overview of industry practices and a practical guide to IT risk management frameworks, methodologies and techniques.

By S. Ramanathan, CISA, CISSP—The subject of this article is to present a more fundamental approach to GRC and to suggest the most appropriate methodology to make the exercise sustainable.

By Arvind Mehta, CISA, C-EH, ISO 27001 LA—The right approach to identify the exact scope and extent of testing for Sarbanes-Oxley ITGC is to perform a detailed risk assessment focused on the risks associated with each general control process area.

By Tarak Modi, CISA, CISSP, PMP—This article looks at how FISMA and its family of key NIST SPs are changing to meet the challenges posed by increasingly elusive hackers who are using better and more sophisticated tools and techniques.

By Vítor Prisca, CISM, CGEIT, and Manuel Moreira, CISA, IPMA Level C: Certified Project Manager—This article presents an effective methodological approach to implement and sustain the COBIT PO9 "Assess and manage IT risks" process.

By Sachidanandam Sakthivel, Ph.D.—This article discusses the risk factors for RV, suggests methods to manage RV to reduce project risks, and relates RV and its management to various control objectives in COBIT.

By Loic Jegousse, CISA, CISM—This article explores the concepts of a risk management model in the context of change management to IT systems, and their ramifications with respect to system life cycle controls.

By Dan Wilhelms—SMEs are not required to demonstrate compliance to outside auditors or to the government. So how does an organization decide whether the benefits of implementing a second-generation GRC solution outweigh the cost?

By Rajesh Kapur, CISA, FIETE, MIE—BSC has the potential to oversee the mechanism of converting a long-term strategic plan into sets of immediately doable activities.

Robert Schperberg, CISM, EnCEP, Chevron’s global IT forensics investigations lead

With Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, SSCP, ISO 27001 LA—By being clinical and dispassionate, with no personal agenda, auditors serve the best interests of their employers and their profession.

If the sheriff is the CISO, the mayor is the risk manager.

By Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CMA, CPA—To mitigate the risks associated with access control, it is necessary to identify the risks associated with access controls and to assess the level of those risks.

Get an up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques.