Home > Risk > Time to read a good (practitioner) book

Time to read a good (practitioner) book

Every so often, I get a question about how to advance a practitioner’s career or which of my books they should read.

Others have written good books (for example, Hans Læssøe has just this month published Decide to Succeed, and several other friends have books worth reading), but I am going to try to answer the question about my books. (All of my books are available on Amazon and you can find more details here.)

If you are a ‘risk’ practitioner:

My best-selling World-Class Risk Management should be essential reading for anybody who calls themselves a risk officer, internal auditor, IT auditor, information security professional, or ‘GRC’ practitioner. (There’s a special edition for those in Non-Profits.) The book is on the mandatory reading list for a number of risk management college classes.

I wrote Risk Management in Plain English: A Guide for Executives for both practitioners and the leaders of the organization, including board members. It explains how the ‘risk’ word interferes with productive discussion and practice. My intent was that practitioners who like what I have to say would give copies to executives and board members to frame a constructive discussion.

Making Business Sense of Technology Risk is, again, for all practitioners and not just for those who specialize in technology-related matters. After all, technology is at the heart of what we do and how we do it. The book explains how the frameworks developed by the techies don’t provide business leaders with the information they need to make informed and intelligent decisions for the enterprise, and suggests a better approach. It takes the thinking in World-Class Risk Management to another level.

If you are an internal auditor:

My seminal book, which I recommend to every internal auditor from junior to CAE, is Auditing that Matters. It covers a lot of ground and challenges traditional practice and thinking. Some CAEs have purchased copies for their entire team.

Building on Auditing that Matters is Is Your Internal Audit World-Class. The book contains a sophisticated and detailed maturity model for assessing the quality of your internal audit function.

If you want a more entertaining book, try World-Class Internal Audit: Tales from my Journey. It’s a collection of short stories from my career that led me to the thinking and practices reflected in my books. It has received rave reviews both for its humor and for its insights into what world-class internal auditing is all about.

If you are involved in SOX:

Management’s Guide to Sarbanes-Oxley Section 404: Maximize Value Within Your Organization – 4th Edition, published by the IIA, is considered the best book on how to run a SOX program.

If you want to know about GRC:

I recommend How Good is your GRC? Twelve Questions to Guide Executives, Boards, and Practitioners.

If you go here, you will find more details and also links to Amazon.

I would appreciate your sharing:

  1. Your experiences with my books
  2. Other books you recommend and why
  1. March 18, 2020 at 4:01 AM

    Hi Norman,

    Thank you for mentioning my “Decide to Succeed” The link to Amazon is here:

  2. Bertrand
    March 18, 2020 at 7:44 AM

    My favorites from Norman: Auditing that matters, World-class internal audit. Richard Chambers: Lessons learned on the audit trail, Trusted advisors. JC Paterson: Lean auditing. C Cooper: Extraordinary circumstances. R Brooks: Bean counters (external audit). Enjoy!

  3. Bertrand
    March 18, 2020 at 7:53 AM

    Kate Raworth: Doughnut Economics is also well worth reading (sustainable economics).

  1. April 8, 2020 at 5:18 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: