Home > Risk > My new book on Auditing that Matters is available

My new book on Auditing that Matters is available

November 9, 2016 Leave a comment Go to comments

Auditing that matters captures my thinking, expressed here and elsewhere, about how an effective internal audit department can make a huge contribution to the success of an organization.

An internal audit department can provide leadership with the confidence it needs in the people, systems, and organization to lead the enterprise to success.

This book is about:

  • Providing the assurance, advice, and insight that the leaders of the organization need
  • Focusing on the risks and issues that matter to the executive management team and the board
  • Practicing enterprise risk-based auditing
  • Communicating effectively to management and the board what they need to know, when they need to know, in a useful and actionable form
  • Building the team and processes necessary to deliver world-class internal audit services

I have been extraordinarily lucky to have a review panel of leading practitioners. This is what they have to say:

  • This is a timely book for internal auditors who want to accelerate their careers. Norman provides powerful career advice and lessons learned for delivering outstanding customer service in a profession where the performance bar is rising daily as are stakeholder expectations….   I would make it a must read for my team members. – Larry Harrington, CAE at Raytheon and former Chairman of the Board of the IIA
  • “For auditors looking for a book on “Value-added auditing”; this is the edition for you! Norman’s clearly describes the how-to methods for auditing that matters, and this is a must read book for all auditing leaders! – Steve Goepfert, retired CAE of United Airlines and former Chairman of the Board of the IIA


  • Norman has pulled clear, insightful and useful recommendations from his years of experience leading top notch internal audit programs.  This book will prove valuable for new and experienced internal audit professionals. – Patty Miller, retired Deloitte partner and former Chairman of the Board of the Institute of Internal Auditors (IIA)


  • This book is packed with lessons for the internal auditor.  A first class opportunity to learn from the experience of others. – Michael Parkinson, Audit Committee member and member of the IIA’s International Internal Auditing Standards Board


  • This is the best book on the real world of internal auditing that I have read, because it gives numerous examples of practical problems and how best to approach and resolve them. Norman has captured his many years of executive audit experience into an easy to read and highly informative addition to the education of the next generation of internal auditors. – John Fraser, retired CAE and CRO with Hydro One


  • Whenever I felt that I was making progress in this profession it was because of other Internal Audit professionals embracing fully our profession’s motto “progress through sharing” and being generous with their experience, know-how and lessons learned from failures and successes. Norman’s book is a wonderful act of generosity with multiple experiences and ideas shared in thoughtful way for us all to reflect upon and build our own progress. – Dominique Vincenti, CAE at Nordstrom, formerly Chief Officer – Global Internal Audit Practices with the IIA


  • Internal Audit, as explained by one of the world’s leading practitioners, reminds us all of the central importance and function that proper governance plays in a well-run organisation. – Tom McLeod, former CAE at Rio Tinto Group and member of the Board of the IIA (Australia)


The book is available now in most locations on Amazon (I recommend the paperback version rather than the Kindle e-book).

  1. Mike Corcoran
    November 9, 2016 at 6:18 AM

    Congratulations, look forward to the read.

  2. November 12, 2016 at 3:49 AM

    Norman, while I agree with your proposal to use the term, ‘enterprise risk-based internal auditing’, my hope is that this will eventually become as unnecessary as the term, ‘controls-based internal auditing’ would be today.

    I’m therefore coming round to the opinion that, instead of trying to qualify ‘internal audit’ by the addition of words such as ‘risk-based’, we (and especially the IIA) should be working towards pushing out the boundaries of internal audit to include all the objectives of the enterprise. As a start, the Mission Statement and Definition of Internal Auditing are confusing and need combining and rewording. I believe the Core Principles also need rewording because they do not clearly state that the starting point for internal auditing is the whole enterprise and its objectives.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: