Common Interview Questions for CISAs

Are you preparing for an interview soon? Are you preparing to transition to the IS audit profession?

I understand the feeling and let me start by giving a brief about the CISA Certification; CISA is an acronym for Certified Information Systems Auditor an ISACA certification

The?Certified?Information Systems Auditor (CISA) designation is a globally recognized?certification?for IS audit control, assurance, and information security professionals.

……………. All you need to know before you go for any type of interview. See below;

The information in this article is basically gathered from the oral, on-phone, meet-ups and written interviews I have encountered in my previous job search. A number of these interviews were conducted by recruitment agencies, the staff of potential employers (panel), on-phone interviews, LinkedIn exchanges, and oral interactions with potential supervisors, mentors, or employers during social/professional networking events, etc.

Preparing for an interview for an?audit job?is no different from preparing for any other job interview. If you keep in mind a few simple facts, you’ll be able to field any questions shot at you, and create a positive impression on those who’ll be making the hiring decisions for the jobs you’re seeking.

See below questions

Tell us/me about yourself?

Describe an audit process at a glance or describe the audit phases?

Are you comfortable with working for a consultancy firm?

What are your years of experience?

What is your level of practice in Cyber Security?

What is your level of practice in systems/Applications development?

?Are you acquainted with the use of audit software? If yes, which one in particular?

How did you get to know about this job opportunity?

Which year did you join ISACA? How has been you're experience so far?

Are you familiar with the IPPF, ISACA Professional Standards, ISO /IEC Certification especially ISO 27001 standards, ITIL Framework, and other auditing standards?

Are you from an accounting or ICT background? If you are from an accounting background, how are you managing the conversion?

Average Monthly Gross income If in consultancy or entrepreneurship (Indicate N/A if not applicable)?

What is your level of practice in project Management (specifically? IT related projects)?

Why should we hire you?

What is tour revenue target at your current employer?

Are you fully qualified in a professional course or Certification?

Expected Gross Salary?

What is your level of practice in IT Audit?

Are you currently employed?

Have you ever worked in a Financial?Services Institution ?

Take us through the process of auditing a database

Which of the following outlines the overall authority to perform an IS audit? 1. The audit scope with goals and objectives, 2. A request from management to perform an audit, 3. The approved audit charter, 4. The approved audit schedule. Choose the most correct answer and give reasons why?

Define the meaning of the term "audit universe"?

How many years of experience do you have in Audit? Can you perform other audits alongside Systems Audit?

What is your highest academic qualification?

Have you been interviewed in our company before?

Where did you get information on this advert?

Are you currently based? are you willing to relocate?

Describe the difference between the man-in-the-middle attack and social engineering.

Which ISO standards are you most familiar with?

How does your company handle vendor risk management?

Mention the total number of years worked

Do you have the skills to carry out penetration tests and vulnerability assessments?

In your own experience/experience, who should the CISO of an organization report to?

?As an IS Auditor, what would be your main focus when developing a risk-based audit program?

During your audit activities, are the recommendations you issue in your audit report achievable?

In case your audit client fails to implement the recommendations you issued in the report, what do you do?

After auditing an entity, when would you recommend the use of compensating controls?

In your previous work engagements, have you had an opportunity to report directly to the Board?

Describe the difference between man-in-the-middle attack with Social engineering

Have you managed a team of more than five (5) auditors before?

What risks are associated with deploying a core banking system that will be hosted on the cloud?

What would you do if the audit client rejects the findings in the report?

How often are your Acceptable Use Policies reviewed and updated at your current organization?

What are your strengths & weaknesses?

How do you keep motivated at your job?

How do you manage pressure at work?

How conversant are you with Agile audits?

Which Operating System are you more familiar with? (Linux or Ms. Windows)

Discuss your understanding of the Big 4 agenda presidential initiative in brief (This question is applicable to the Kenyan environment)

What is your salary expectation?

What kind of systems have you audited before?

What is your current salary?

What is your understanding of the term “Professional competence”?

How would manage conflict among peers?

You have been involved in the project of commissioning a new application /system to replace the legacy ERP system, what areas would be of your concern to review?

?In a distributed environment, many different devices are used to deliver application services. Mention one (1) factor that has significantly changed in recent years due to the rapid growth of the Internet of Things (IoT).

What would you advise an organization that is in preparation for storing its data and information on the cloud?

In performing a risk-based audit, which risk assessment is completed first by an IS auditor?

As an IS Auditor, identify six (6) IT risks in financial services institutions and recommend their mitigation strategies

Give two (2) important reasons why an audit planning process should be reviewed at periodic intervals.

What constitutes are forensic audit? (in brief)

Which professional body are you affiliated to?

When conducting an audit of client-server database security, as an IS auditor, what should be your major concern?

Where is your passion? Or what motivates you?

What are your hobbies?

When are you available to join our team? or Notice period?

Why do you want to leave your current employer?

Are you willing and able to travel on short notice?

If you meet our CEO, what will you have to tell him concerning the risks surrounding our business?

What are the risks associated with outsourcing IT Services in an organization? List three (3) and suggest their mitigation strategies.

In an organization, who is ultimately responsible for implementing and maintaining an internal control system that leads to the deterrence and/or timely detection of fraud?

During an audit on an organization’s BCP/DRP, which areas will you most likely review?

An IS Auditor should be involved in which of the following; a. observing tests of the disaster recovery plan, b. developing the disaster recovery plan, c. maintaining the disaster recovery plan, d. reviewing the disaster recovery requirements of supplier contracts. Select the best answer and give your opinion.

Would you prefer to work in a team or alone? (either answer, why?)

?Are you aware of the Global Data Protection Regulations (GDPR)? What is your take on PII processing and protection?

Do you have any questions for us (if it's a panel) / for me (if it's a one-on-one interview)?

Always read and re-read the job description to help understand why this vacancy exists in the first place.

In a nutshell, bearing in mind the nature of business and industry where the interviewer is asking/coming from, the answers to the above questions may defer from interviewee to interviewee. However, the most important idea is to refer to the ISACA professional standards and requirements for a CISA designation and also use professional judgment when attempting each query. I hope this article will benefit you during your career growth search.

"In a world full of Auditors, be a CISA"

See how I become CISA Certified https://www.dhirubhai.net/pulse/how-i-became-cisa-certified-veronica-rose-cisa/

?“Together, We Work Smart”

#beingacisatoday

#sharewithV