Interview Questions for an IT Auditor Job
The role of an IT Auditor within an organisation is to maintain the security of the company’s IT systems, ensuring they are efficient and cost effective. They must maintain the firm’s internal controls, records and data as well as to help organisations operate within the law to guarantee they’re not in breach of compliance and regulatory standards.
When it comes to the types of questions an individual can expect upon applying for IT Audit jobs, CareersinAudit.com sat down with Lee Hine, Director for APac Corporate Governance at KPP Search, to get his insights on what candidates can expect.
The likelihood is that the interviewer will start with questions aimed at getting a good sense of a candidate’s technical background. Questions around certain controls within a tech environment, networks, routers and so on.
The purpose of these questions is to get a sense of a candidate’s technical background, as well as their understanding around IT governance, IT general controls and IT risk management. This is your chance to demonstrate the way you evaluate IT and your examination of it in relation to IT risk and IT control frameworks.
Other questions will be focused on drawing out whether a candidate is right for the role in question as there are so many different specialisations within IT Audit, including cyber security, IT General Controls and applications, infrastructure or data. So, the interviewer is hoping to see where a candidate fits best within the business as well as getting an idea of the types of technologies they’ve had exposure to. This could be directed at the different types of environments you’ve had experience with, such as Linux and UNIX or it could be broader in terms of the networks and databases you’ve worked on.
In this day and age employers are definitely looking for individuals who are more technically competent and SME specialised rather than being IT generalists.
The next thing interviewers will want to assess is a candidate’s soft skills, as well as their ability to cast a helicopter view across the business as a whole, which could prompt more situational questions:
How do you face off to senior executives?
How do you deal with stressful situations?
What is your tactic for delivering negative feedback to the business or to a colleague?
If you encounter a difficult stakeholder, how would you go in and manage their expectations?
You will also be asked questions regarding your communication skills, specifically when it comes to relaying information to non-IT people. They want to see that you’re comfortable breaking down the technicalities of IT into layman’s terms in order to make it accessible to those non-technical people both at board level and elsewhere in the business.
Tell us about a project you’ve worked on.
A lot of IT Audit shops will run audits as projects which may lead to questions around specific ones you’ve worked on and other questions around project management.
Tell me about a technical problem you’ve encountered.
This is your opportunity to talk about an issue you’ve gone in to evaluate and how you’ve interacted with a non-IT user, built that relationship in order to identify the problem and worked with them to resolve it.
Moving on from soft skills, the interviewer will likely want to broach a candidate’s awareness of risk and controls. The line of questioning may be centred on databases for instance:
What types of controls would you be looking for?
Where do you think the weaknesses might be? What about areas of resilience?
Are there any security or compliance issues based on that?
Candidates really need to show how well they can evaluate these issues. It’s about providing enough detail so that you cover all the relevant points an employer would be looking for, while also contextualising your answers within the broader scope of the business's needs. You need to show industry awareness beyond your technical qualifications.
Why do you want to work in IT Audit?
Some candidates may be coming from the Big Four, which is a fairly classical move into IT Audit, though of course other people will be coming from different backgrounds and disciplines, so the interviewer is going to want to understand the motivation behind your chosen career.
IT Audit is different to business audit, for the latter you need to be an SME in a particular area. If you’ve been working in manufacturing for 10 years, it would be very difficult for you to move into banking audits for instance. However, as an IT auditor perhaps within the cyber security space conducting third party assessments looking at cloud security and so on, though that is a very specialist area, you would have an easier transition between industries. Overall, the important thing an interviewer will be looking for is valid and researched reasons for wanting to work in that industry.
What is your perception of IT Audit, specifically with regards to this business?
This is where you can demonstrate that you’ve done your homework on the company and explain how you see the role of IT Audit and its subsequent benefit to the business. This can also lead onto a discussion around where you see your career in IT Audit progressing, whether that’s moving up the ladder of IT Audit itself or using it as a platform to move into another area of the business.
Where do you see your career going in the next 3-5 years?
The interviewer doesn't expect you to know exactly where your career is going to go, but they do want to understand your ambition. Having a clear vision for your own professional development is reassuring for your potential employer and certainly helps them better place you within the business and collaborate in order to create value both for your personal progression and for the business itself.