One of our primary goals at is to empower information systems auditors with the tools and skills necessary to perform useful audits for organizations. We are not just talking about paperwork reviews. Instead we want to help auditors to assess the technology systems an organization is using in a real way. Let’s not just ask questions to check off a checklist, let’s ask real questions and perform real tests that will measure the organization’s appropriate use of technology.

To that end we have created a number of free resources to help auditors to achieve that goal. These resources are meant to practically help auditors to perform their reviews, learn about trends in the audit industry, even help prepare them for certification exams. For a complete list of resources, please check our our Subscriptions as well. But we hope that these free resources will assist you in your audit efforts.

5 Crucial Questions

While not full audit checklists, that is generally reserved for subscribers to our Subscriptions pages, we do still want to provide audit help to practitioners in the field. The 5 Crucial Questions series are a series of simple audit checklists which emphasize the most crucial controls an auditor should discover when auditing a particular scope. In this series we try to answer the question “What are the most important control questions to consider when auditing (Microsoft Active Directory, Unix File Servers, Perimeter Firewalls, etc?” While certainly these would not be the only controls to consider during an audit, we hope they can at least provide a baseline of minimum questions to consider during such a review.

Course References

One of the audit focused activities that we engage in at is education. Many of the classes we teach are delivered via conferences sponsored by the SANS Institute. The course references we provide on this page are meant to be tools for students in those classes – both before and after they attend an event. Students looking to familiarize themselves with the content in a given class are encouraged to read through these references prior to arriving in class to help them to take advantage of their time in the classroom. In addition, as students leave class and are looking for a way to refresh themselves on the material presented in class, we hope that these resources will be a good reminder of everything that was learned in class. One page is dedicated to each of the the classes we teach in this format.


In addition to teaching full classes, we often times give presentations to industry groups. Sometimes these presentations are delivered to industry events such as SANS Institute conferences, RSA conferences, HIMSS, and others. Other times these presentations are given as free webcasts or as briefings to companies or government agencies. Often times at the conclusion of these presentations we are asked to provide a copy of the presentation for students to think about later or share with coworkers. Utilizing SlideShare as a delivery mechanism, these pages are dedicated to providing a copy of the presentations we deliver.

Certification Practice Tests

Many of the visitors to the website are also interested in preparing for various certification exams. In the audit field, one of the more common exams that we hear about students taking is ISACA’s Certified Information Systems Auditor (CISA) exam. This exam is generally considered a benchmark for hiring information systems auditors. To help these visitors, we have developed an exam bank of practice test questions to help students in their preparation for the exam which are completely free!

Reading List

We also get numerous requests for recommended books to read for casual reading or research purposes. Some of these books are meant to educate and some of them are more for fun. In either case these are books we would recommend that you check out if you have a few free minutes to spare. In fact, drop us a note if you have other recommendations that you think visitors to the site would enjoy. To share we are using Amazon’s Shelfari system. This makes it easier for us to create the queue and share resources with you in a timely manner.

Audit Blogs

Like everyone, the content authors at also likes to pontificate on issues and trends in the industry or about current events. Sometimes they even like to post new practical techniques for auditing a particular audit scope. The Audit Blogs that are hosted here are a free resource to students interested in keeping up on the latest trends or simply learning new tricks. Most all of our freshest audit content first arrives here.