Time to read a good (practitioner) book


Every so often, I get a question about how to advance a practitioner’s career or which of my books they should read.

Others have written good books (for example, Hans Læssøe has just this month published Decide to Succeed, and several other friends have books worth reading), but I am going to try to answer the question about my books. (All of my books are available on Amazon and you can find more details here.)

If you are a ‘risk’ practitioner:

My best-selling World-Class Risk Management should be essential reading for anybody who calls themselves a risk officer, internal auditor, IT auditor, information security professional, or ‘GRC’ practitioner. (There’s a special edition for those in Non-Profits.) The book is on the mandatory reading list for a number of risk management college classes.

I wrote Risk Management in Plain English: A Guide for Executives for both practitioners and the leaders of the organization, including board members. It explains how the ‘risk’ word interferes with productive discussion and practice. My intent was that practitioners who like what I have to say would give copies to executives and board members to frame a constructive discussion.

Making Business Sense of Technology Risk is, again, for all practitioners and not just for those who specialize in…
