Skip to content

Book Review: Say What!? Communicate with Tact and Impact: What to Say to Get Results at Any Point in an Audit

Say What!? Communicate with Tact and Impact: What to Say to Get Results at Any Point in an Audit. By Ann M. Butera. Routledge,; 208 pages; $37.56.0123-book-review-say-what.jpg

For those in information security and risk who want to speak to their executive and board members in a non-technical manner, Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones is an absolute must-read. Freund and Jones show how risk professionals should speak to executives in a manner that can ensure they will be heard and not confuse listeners with technobabble.

While their approach focuses on data and information, what about the necessary soft skills needed to connect with audiences? In Say What!? Communicate with Tact and Impact: What to Say to Get Results at Any Point in an Audit, Ann Butera has written a helpful guide that assists the reader with the communication methods to ensure their issues are heard.

One of the critical points Butera makes is that if someone wants to be heard by senior managers or organizational leadership, he or she must take on the role of a trusted advisor. This is important because you need to be perceived as a trusted advisor by others if you want them to feel comfortable discussing tough situations with you. From a practical perspective, if you were being audited, you would not want to discuss some of the topics unless you trusted the person you were speaking with.

An audit—by its very nature—can be a confrontational experience. The auditor often must state things that others may not want to be heard or will be denied. But for auditors to be successful, they have to know how to interact with the other side. The book is a quick read that provides readers with techniques they can use to get that done.

Say What!? focuses on the interpersonal skills that the auditor needs to have to develop a relationship with their clients, show how to engage them in positive discussions, and ensure they will be heard. Butera provides numerous examples and case studies to show these strategies’ real-world usage.

An audit can be confrontational, but it doesn’t have to be. Auditors who want to have their words taken to heart will find Say What!? Communicate with Tact and Impact a helpful resource to ensure that their audit report is just not filed away.

Reviewer: Ben Rothke, CISSP, CISM, CISA, is a New York City-based senior information security manager with Tapad and has more than 20 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design and implementation of systems security, encryption, cryptography, and security policy development. Rothke wrote Computer Security: 20 Things Every Employee Should Know.