Questions

Question 1

13. What do you consider the biggest flaws of cloud applications?
14. How do you ensure to keep your knowledge up to date?
15. What motivates you the most in this job, and what would you like to achieve while
    working as an IT auditor in this company?
16. What are your salary expectations?
17. Do you have any questions?

Answer 1

c

Question 2

What is your experience with auditing computer networks and IT systems?

Question 3

What is the most difficult network security problem that you ever troubleshooted?

Question 4

In your opinion, what role does employee training plays in this job?

Answer 4

Training helps workers understand specifically how they should behave to ensure the physical and mental safety of themselves and their coworkers.

Second, compliance training is an opportunity for employers to spell out all laws, regulations, and safety protocols, thereby minimizing their risk of legal action.

Question 5

If we hire you for this job, what will be the first thing you do as our new IT auditor?

Question 6

How will you explain technical issues to people who lack technical knowledge?

Answer 6

1) Don’t Overcomplicate It. Communicating technical problems will always be a challenge.
2) Use Familiar Analogies.
3) Tackle One-Off Issues Separately.
4) Focus On Role Clarity.
5) Translate Into Their Language.
6) Use Props And Role Playing.
7) Draw Out The Concepts, Then Listen.

Question 7

In your opinion, how has this field evolved in the last five years? What do you consider the most important innovation in the field of network security?

Question 8

How do you feel about traveling to client sites?

Question 9

What are some basic and some advanced measures you will take to protect the network from external threats?

Question 10

In your opinion, what role does internal policies for employees play when it comes to the security of the network?

Answer 10

The goal behind IT Security Policies and Procedures is to address those threats, implement strategies on how to mitigate those threats, and how to recover from threats that have exposed a portion of your organization.

Question 11

How often would you suggest a big company with 100+ computers to do an IT audit?

Question 12

How often does a company conduct an IT audit?

Answer 12

Audits can be performed monthly, quarterly, twice a year, or once a year. It is important to understand the criteria which should be considered before defining an internal audit frequency, as not all processes should be considered on the same timeline.

Answer 13

In my opinion, everything is a question of perception. What seems dangerous for one person can seem completely safe for the next. A star someone tries to reach may be a far-fetched ambition for the masses, but the pioneer sees it just a first step on his journey to eternity… And the same is true about fast-paced working environment. I do not want to brag about my skills, but I consider myself an excellent planner, and my time management is second to none. And though I worked in some corporations that most people would call fast-paced, I didn’t perceive it in the same way. I always managed the workload, even doing something extra, and never had to stay overtime, which was the case for many of my colleagues. And I don’t see why it should be any different in your place, or in any other corporation…

Question 14

Here are the results of an IT audit (they hand you a report from an audit). Based on the observations of the auditors, what steps would you suggest to the management of the company?

Question 15

How do you respond to an audit observation?

Answer 15

You fundamentally have three ways of responding:

1) Agreement and corrective action plan. If you agree with the audit finding, simply say so, then move on with a corrective plan of action.
2) Disagreement. When you disagree with the finding, proceed with caution.
3) No response.

Question 16

Compliance managers have to ensure the rules are followed. How do you handle situations with the employee when you have to tell them that they are violating rules?

Answer 16

In many instances, the compliance manager must play the role as the proverbial “bad guy” when they need to explain to an employee that they are not following the rules. Many employees resent compliance managers because they do not like to be disciplined or reprimanded. You will want to get a sense of the candidate’s skill and tact at dealing with these types of situations since they are invariably difficult. What to look for in an answer:

Evidence of handling difficult situations
Skill in communicating regulatory issues
Dexterity in dealing with hostile and recalcitrant employees

Answer 17

“I try to see things from the employee’s point of view without looking down on them as I explain the rules.

However, I know my job is to protect the integrity and reputation of the company, and I’m fully prepared to do that.”

Question 18

Compliance rules are always changing. What do you do in order to stay informed of developments in your professional area?

Answer 18

One of the major functions of a compliance manager is how well they can keep themselves informed. The regulatory landscape is continuously changing, and an ill-informed compliance manager can cost your company dearly. You will want to know that the compliance manager tries to keep abreast of new developments in order to help your company stay ahead of the curve and test them on this.

Question 19

“I do not ever view my knowledge as complete and continuously look for opportunities to upgrade my knowledge and skills. I take a proactive approach and devote some time at work to tracking new developments as they arise and identifying potential issues.”

Question 20

First 30 Days

Answer 20

In the first 30 days, we suggest you (a) Review the compliance budget, (b) Meet with leaders from other corporate functions, (c) Review internal documentation and (d) Inventory compliance policies and procedures.The role of the compliance policies is to prevent, detect and remediate any compliance related issue(s) which may arise with the organization, employees and third parties working on behalf of the company. Compliance policies provide a basic set of guidelines for employees and others to follow. Compliance policies should provide general prescriptions and be supplemented by more specific procedures. By establishing what is and what is not acceptable ethical and compliant behavior, a company helps mitigate the risks posed by employees who might not always make the right ethical choices. The key in this first phase is to obtain a full grasp on the basic state of your compliance program and meet with key stakeholders.

Question 21

First 90 Days

Answer 21

In the first 90 days, you should continue your review of key documents and get out on the road. We suggest the following: (a) A worldwide listening tour to engage and educate throughout the organization, (b) Review past data and findings in all risk assessments, hotline reporting data, internal audits, culture surveys, internal investigations or other documents that discuss the state of your compliance program, (c) Begin the process to refine or develop training and delivery, (d) Improve communications from the compliance function to and through the organization and (e) Meet with outside compliance counsel, both those you utilize for investigations and those who focus more on the nuts and bolts work of compliance.

To introduce yourself and the compliance function to the company, we recommend you undertake a minimum two-week Listening Tour, to engage employees with the compliance function and to educate the workforce on the goals and objectives of the program. A listening tour should reach across the world of the company – both geographically and functionally. The goal of the listening tour is to both engage and educate employees.

Question 22

First 180 Days

Answer 22

Here you are still in the learning phase but beginning to move actively move forward. We suggest you (a) Perform a gap analysis of the internal compliance controls, (b) Bring in an outside independent to administer a cultural survey, (c) Work with your Chief Financial Officer (CFO) and their team to review and analyze key financial processes to understand how compliance fits into that framework and (d) Hold a Compliance Retreat.

A gap analysis is mainly a document review or a “show me the proof” type activity, evidence which usually will come in the form of a record or document. During a gap analysis, there is some auditing accomplished, with key stakeholders providing the evidence they may have – or not – for each of the requirements set forth in the relevant internal controls standard. Conversely, by bringing an outside independent integrity consultant, a company is able to garner a broader picture of where its culture exists as, more usually than not, employees are more willing to open up to an independent outsider, rather than someone in their own organization.

Question 23

First Year

Answer 23

In the first 365 days, we suggest that you engage in the following steps: (a) Create a Compliance Center of Excellence and (b) Provide training and coaching for your compliance team so that they can lead with the message of doing business ethically and in compliance.

The development of a Compliance Center of Excellence (CCE) would allow compliance to be more integrated into the overall strategic planning and allow for strategy discussions to stay tuned to the ever-changing risk profile of a company. Moreover, through an interdisciplinary approach, it would bring compliance knowhow to help employees and executives understand that compliance is, in reality, a business process that can easily be incorporated into business unit operating procedures going forward. Finally, you should consider retaining an outside consultant who can work with you, the CCO, and each team member to set up a personalized training and coaching program to help fine tune individual compliance expertise. While it would have a leadership training component, this program is not designed to focus on leadership development but on compliance development.

If you are starting a new CCO position or you want some ideas for ramping up your compliance program, this eBook is the resource for you.