IT Audit Behavioral Questions Flashcards
Technical Skills
I have experience in working with Microsoft, and with database I’ve worked with Oracle and SQL servers as well as TeamMate for documenting work papers. I also have Network security experience as well as using a number amount of scanning tools including Nessus and AlertLogic. I create audit program and visit NIST website to see new vulnerabilities to stay up to date.
Give me an example of when you had to complete multiple problems at the same time? What was your approach?
I usually prioritize my time based on level of importance. I was testing change management controls for maintenance of system recently implemented as well as testing UAR on privacy audit, so make sure to test the controls of the audits who’s end date was sooner. By doing that, I was able to prioritize my task and get both audits done by their audit end date.
Give me an example of a time when you developed a new or different solution to a problem? What feedback did you receive on how it was working?
I was conducting an audit and was needing to implement controls that were not already in place. So I recommended that management updated their policies and procedures to include these controls. They agreed to my recommendation and a start date was set to begin to operate the controls. We did an audit almost a year later and the controls implemented were indeed designed appropriately and operating effectively.
When relationships with internal/external individuals have gotten difficult, what have you done to understand the situation?
I was the liaison and contact person during SOX performing audit readiness and the external auditor that I was in communication with was very brash and condescending via email. I decided to pick up the phone and give him a call for some insight and clarification and he turned out to be the nicest person ever. That taught me that although email is the primary form of communication, it is good to pick up the phone to call someone every now and then.
Tell me about a time you had to work as part of a team to achieve an objecting. How did you approach this?
I was working on a integrated audit and was in communication with the operational team. I was ensured to setup status meetings in that time, we went over the work done, discussed any issues, and reached a compromise before discussing with the auditee in the status meeting.
Give me an example of when you had to work in “crisis mode”
My team was conducting an audit and two of the four auditors quit, so me and the remaining auditor split the task and took on the controls to be tested of the auditors that left. Although there was a lot of overtime put into the project, we both kept a positive attitude. We hired a new Auditor in the time that came on and helped reduce our load.
Has there been a recent example of when you have had to roll up your sleeves and get into the details?
During an audit, our lead auditor went on maternity leave so I took on a lead responsibilities. I had 2-3 auditors below me and I assigned them controls to test as well as review their work with provided comments and feedback. I lead the kickoff meeting, the walkthrough meeting, and our lead returned from leave before the end of the audit to coordinate the exit meeting.
Please describe your experience with developing and preparing reports, position and issue papers, presentations and communicate materials?
Report preparation is a huge part of my daily responsibility as an IT auditor. Based from my recommendations, I prepare a report highlighting the control gaps. Without accurate reports, risks and threats cannot be remediate and there would be no means for management and stakeholders to make informed decisions. With these daily reports, I issue papers and forward these papers to the parties concerned and retained copies of these papers.