Interview Guide: Internal Auditors, Risk and Assurance Advisors

The Internal Audit profession has experienced great change over the past years. Gone are the days where verifying numbers and checking financial transactions were key job functions. Today, Internal Audit touches all aspects of an organization’s business. Working constructively with governing bodies and management, Internal Auditors can add value and help move an organization forward.

The structure of the questions found in this guide is competency-based, with consideration of specific audit services (Information Technology, Performance, Program Evaluations etc.) as well as industry-specific needs.

Interview Questions

Initial Questions

1. Identify the types of auditing/advisory work you have done in your career. Check all that apply: Performance/Value for Money Audits; Information Technology Audits; Financial Audits (External); Legislative Auditing (Government - Auditor General); Risk Based Audits; Program Evaluations; Control Risk Self Assessments Investigations (Fraud, Conflict of Interest etc.); Compliance Audits (Compliance with External Legislation); Other (please specify)
2. Describe your audit experience starting with your first role to the present.
3. Can you highlight the type of auditing you enjoyed most and which ones were less appealing? Please explain your answer.
4. Can you explain how you became an internal auditor and why you enjoy it?
5. How does your academic background relate to internal auditing? 
6. Do you have experience working in a unionized environment?
7. What is the largest internal audit group you’ve worked with, and what is the smallest? Which size team did you prefer?
8. How did your previous internal audit functions operate in relation to other groups in the company including Senior Management and the Governing Body [Board]?
9. Did you have obstacles working with any one group, if so, which ones and how did you iron the obstacles out?
10. How was Internal Audit perceived by organizations that you have worked for in the past?
11. What do think the greatest possibilities are for Internal Auditors of the future?
12. What one step would you take to make the Internal Audit function more effective?
13. How could your role in internal audit impact our organization and add value?
14. What are you looking for in this role?

Technical Components

1. Are you familiar with the International Professional Practices Framework [IPPF]?
2. In organizations you have worked for in the past, how well do you think the Internal Audit function measured up?
3. Did you suggest any possible improvement to internal audit operations?
4. Can you describe how you approached each audit assignment? Were you given a program to execute or did you have to work independently to develop your own work plan?
5. Did you conduct audits or advisory functions mostly on your own or were you generally involved with a team doing specific aspects of each audit/advisory engagement?
6. Describe how you would do a work plan risk assessment? Where would you start and how would you go about it?
7. Once you have completed your work plan risk assessment, how would you validate the results?
8. When writing your audit report, what do you think is the most important information to convey on the first page?
9. What computer program or application do you prefer to use for your audit engagements?
10. Have you used any data analytic software? How did you use it and how do you think it added value to the audit?
11. If you had to audit an area in which you had little or no experience, how would you gain the knowledge to plan and complete the audit?
12. Describe a situation when you were faced with a deadline that you couldn't meet. How did you handle it?
13. What do you think of the following statement: “Up to 60% of an audit project is spent on planning the engagement.” Is this too much, too little or just right?
14. How do you keep up to date on emerging risks and issues that could affect the organization you are working for?
15. Describe a situation when you had to learn a large amount of material quickly. How did you handle it?
16. Suppose you arrive for work with a full day planned and by early morning you have two urgent requests that need attention. How would you cope with this?
17. Tell me about the most difficult work problem you ever faced. What steps did you take to tackle it? What were the results?

Speciality Audit Technical Questions

IT AUDIT

1. Please describe your IT audit experience.
2. What reviews have you been involved with and what were some of the key issues you identified?
3. Do you have any experience with IT Governance reviews? If so, what were the outcomes and how did your work provide value?
4. What are the most significant Information Technology risks? Please describe your audit experience with respect to those risks.
5. Do you have any experience using the COBIT Framework? If so, how did you apply it to your audit engagements?
6. Do you have any experience auditing or advising on cybersecurity risk?

RISK ADVISORY SERVICES

1. Have you facilitated a Control Risk Self Assessment workshop? Please discuss how you approached the workshop and whether or not it was successful.
2. Have you worked with management to identify risks as an advisory service? In your experience, does this compromise independence?
3. What limits do you think are appropriate when providing advisory services?

FINANCIAL INSTITUTIONS

1. Do you have any experience doing SOX audits? If so, please describe your involvement.
2. What Risk and Control framework do you have experience with when performing SOX reviews?
3. Was the scope of your experience confined to financial reporting controls or did you use frameworks to expand the scope to operation reporting? If so, describe your experience.

PERFORMANCE / VALUE AUDITS

1. Have you done any Value for Money or Performance Audits? Can you describe the work you did and the results?
2. Do you have experience working with a Legislative Audit Function (Auditor General Model)? If so, what level of government was it (Federal, Provincial, Municipal)?
3. Do you follow any methodology or model when performing a performance/value for money/legislative audit (“Yellow Book” Government Audit Standard, INTOSAI Standard)? These audits are usually more prominent in the Public Sector although the Private Sector performs more using the Basel III model (Operational Risk component). Operational auditing is a term used to describe audits that review effectiveness, efficiency and economy of operations.

PROGRAM EVALUATIONS

1. Do you have any experience doing program evaluations? If so, how did you approach the work and was it successful?
2. Did you follow any framework or standard and, if so, what was the one you used and how well did it work?
3. “Program Evaluations should not be done by Internal Auditors.” What do you think about that statement? What are some of the risks of having Internal Auditors perform Program Evaluations?

Personal Competencies

1. Please share your perspective on the statement, "Internal Audit is more an art than a science.”
2. You are auditing a department where employees are unhelpful and consistently delay getting information to you. What would you do?
3. How would you handle an investigation of a trusted accounting employee who made improper journal entries and falsified financial statements?
4. “Communication and audit report writing is the same.” Do you think this is true? Why or why not?
5. How would you respond to a peer who is preventing your team from completing its project?
6. How would you describe your relationship with audit clients? Is it positive or is there resistance?
7. Describe an experience when you had to take charge and get a job done or resolve a difficult situation. What did you do? What happened?
8. Describe a group work situation where you and a co-worker were having trouble getting along with each other. How did you resolve the conflict?
9. Can you describe what strategies you used to build and secure trust with your clients?
10. What techniques did you use to assist management in finding practical solutions for issues identified through audit or advisory activity?

Case Scenarios

SCENARIO 1: A new manager was hired in a department that was resistant to internal audit suggestions. You have been assigned to complete an audit in that department. How would you approach the new manager? How could you convince the new manager that internal audits exist to help improve their operations and not to be the bad guy?

SCENARIO 2: A new entry-level Internal Auditor has been assigned to complete an assignment reviewing employee expenses. They are an entry-level auditor who began with the company only three months ago. On the other hand, you have extensive experience in the area. Currently, your workload takes up all of your available time. How would you go about assisting this person in completing their assignment?

SCENARIO 3: The Internal Audit Department just received a new automated auditing software package. Software training is scheduled in four weeks for the staff. No one has any knowledge of how to use it but the software provides many features that will make documenting easier. The software provides help menus to assist with every function. Your manager has mentioned it would be helpful if everyone could spend some time making themselves familiar with the software. You have just been assigned a new audit project that requires a tremendous amount of documentation and the audit will take approximately six months to complete. Explain how you would go about handling this audit. Would you complete the audit using the old method or attempt to use the new software (Initiative/Computer Skills)?

SCENARIO 4: Being an internal auditor requires a lot of interaction with internal customers. While auditing the commission’s area of the company, you found that the commission’s accounts were not being reconciled and the last date of reconciliation could not be determined. Further review revealed that the commission’s area hired a new manager approximately six months ago and most of the employees had less than one year of experience in the area. As a senior internal auditor having audited the commission’s accounts several times in the past five years, how would you handle this situation? The new manager requests that you train his staff on how to reconcile the accounts. How would you go about accomplishing this?

SCENARIO 5: You are doing a procurement audit where three quotes are required for all temporary help services over $5,000. You find numerous examples of non-compliance with the policy and you raise the issue with management. You are told the policy is onerous and requires a lot of time and work to comply with. The manager explains she is short-staffed and that sometimes emergencies come up making temporary help an urgent matter. In these cases, compliance with the policy is impossible. What further work would you do to analyze this situation? Would you report on the non-compliance issue or would you take a different approach?