No video
IS Audit / IT Audit Interview Question and Answers (with detailed explanation) | Sachin Hissaria
Рет қаралды 7,020
Күн бұрынDear friends/ colleagues, please do not skip any part of the video. Key Question covered in the video along with time stamp: -
0:00 Introduction
1:29 Tell me about yourself ?
05:11 What is audit , why it is important ?? Audit is which Line of defenses ?
13:02 Do your organization use any particular framework for IS Audit? If yes, please provide details.
16:19 What are the key domains for IS or ITGC AUDIT?
20:06 What is RISK?? Tell me about Risk Assessment?? Have you worked on (Risk Control Matrix) RCM??
33:33 How does the auditor select the sample size?
41:11 What controls you will verify for User Termination /Deletion Process?
51:36 You have been assigned an audit to assess the effectiveness of change management process. What should be your area of prime consideration?
01:03:36 Tell me about Audit Report and best finding you noted in previous audit ? How will you write Audit observation ?
01:14:13 How will you explain technical issues to people who lack technical knowledge?
01:20:53 Tell me about a difficult situation you had to face and how you managed to overcome it ?
01:28:01 Importance of Audit Workpaper ? How you will keep proper audit working paper. ?
01:30:53 Information Technology (IT) vs Information System (IS)
01:34:42 Here are the key expectations an interviewer may have for an IS audit role.
Thanks a lot for watching the video. If you like the video do share with your friends and subscribe to my channel. Thank you.
________________________________________________________________________
LinkedIn - / sachin-hissaria
Instagram - / sachin_hissaria
Twitter - / sachin_hissaria
________________________________________________________________________
#ITAudit #isaudit #interview #questionanswer #itgc #aicpa #auditor
IT Audit Question and Answers.
IS Audit Question and Answers.
@soji0174 22 күн бұрын
Good job. This is helpful. Can you provide access to the slide deck?
@MuhammedRishanO 3 ай бұрын
Thank you so much for posting this. I got an offer from EY after preparing by watching this video in Technology Risk Consulting. Much Appreciable content! 🖤
@akashkumbhar1515 23 күн бұрын
Can you provide me your number ? I am struggling with the interviews. Would appreciate your help.
@prashanthkumar4222 22 күн бұрын
What if we noted SOD is not maintained developer and tester is same, as a auditor what action need to be taken?
@chikno69 Ай бұрын
Very well explained..
@mavrickk3887 8 ай бұрын
worth a watch 💯
@Kingboigamer 5 ай бұрын
Respected presenter, you can improve your presentation by refreshing it with more questions. Behavioural interview questions would really help prospective IT Auditors. Also basic general control testing like what is the fundamental requirement in testing the integrity of an application/appliance/product or service? You can ask questions like what controls can I test when I am auditing an application specifically from Data Input perspective? The questions you gave are no doubt really good ones but the interviewer begins simple questions and then goes on to add more serious ones to understand how a prospective employee is.
@sachin-tr4nc 11 ай бұрын
Nice informative video
@avinash1234100 11 ай бұрын
questions i faced - 1. what is D and N sheet ? 2. name a control that is common in logical access and change management ? 3. control objective of operational controls?
@sachinhissaria6512 11 ай бұрын
1. I am not Sure what is full form of D and N sheet but as per my understanding this is related to EOD (End of the Day) and BOD ( Beginning of Day) details are captured. 2."Generic User ID Management" is common control in logical access and change management. In this control we will ensure the ownership has been assigned to each generic IDs. 3. Control objective of operation control is ensure the effectiveness of control. so here you will check controls are working as per the design and activities are consistent with established process and plan. For Example, Monitors Detection Tools for Effective Operation-Management has implemented processes to monitor the effectiveness of detection tools.
@sachinhissaria6512 11 ай бұрын
1. I am not Sure what is full form of D and N sheet but as per my understanding this is related to EOD (End of the Day) and BOD ( Beginning of Day) where EOD/BOD details are captured. 2."Generic User ID Management" is common control in logical access and change management. In this control we will ensure the ownership has been assigned to each generic IDs. 3. Control objective of operation control is ensure the effectiveness of control. so here you will check controls are working as per the design and activities are consistent with established process and plan. For Example, Monitors Detection Tools for Effective Operation-Management has implemented processes to monitor the effectiveness of detection tools.
@sachinhissaria6512 11 ай бұрын
2. Similarly verification of segregation of duties (SOD) is common control
@harinithota7342 4 күн бұрын
Hi sir ,how to attend your session
@sachinhissaria6512 4 күн бұрын
@@harinithota7342 you can write mail on sachin.hissaria17@gmail.com or connect me on LinkedIn
@nagamalleswararaoedara231 5 ай бұрын
sir, please provide logical, change management and operational controls detail explanation
@sachinhissaria6512 5 ай бұрын
Sure, will make separate video
@user-lb9rt3ng2v 5 ай бұрын
Hi Sachin this helped me more, Could you please tell me how to determine the change population is accurate and complete
@sachinhissaria6512 5 ай бұрын
I will make another video and cover this question…
@shibanidash-fh6bc Ай бұрын
Hi Sachin, how do we do remediation testing incase there are any observerations or defeciencies found during testing
@shibanidash-fh6bc Ай бұрын
Hi Sachin, how do we do remediation testing incase there are any observerations or defeciencies found during testing
@user-co2jr9zc5h 7 ай бұрын
Hi Sachin .. I am not a CA Background can I learn this ITGC Sox Audit or IT Sox Auditor ?
@sachinhissaria6512 7 ай бұрын
Yes brother, you can
@georgiabrown2267 5 ай бұрын
How do you ensure that data population is accurate before you begin any analysis
@user-lb9rt3ng2v 5 ай бұрын
Hey georg did you got the answer to this question? if you have could you please share
@sachinhissaria6512 3 ай бұрын
It will be covered in my next video
@FinvestingJ 11 ай бұрын
I don't think so I am gonna pass this paper this time or pass any interview in future!! Somehow I start losing confidence whenever I plan to study for this paper....😥
@sachinhissaria6512 10 ай бұрын
Don’t give up brother, keep trying
@FinvestingJ 10 ай бұрын
Thank you for motivating me!@@sachinhissaria6512
@cryptochanakya9839 11 ай бұрын
Despite of not being competent in technology and IT - How can a CA be qualified for such IT audit/ITGC control assessment? Don't you think its unfair - Lets consider would prefer an IT engineer to perform a Financial Audit even though he knows audit criteria and process?
@sachinhissaria6512 11 ай бұрын
If IT Engineer has CA/CPA/ACCA, he can do financial audit… we CA are gaining IT Knowledge then only we are eligible to perform IT Audit.. for IT Audit CISA/CISM/CISSP is qualification… i hope you have heard about CISA/CISM/CISSP.
@cryptochanakya9839 11 ай бұрын
@@sachinhissaria6512 so on the basis of your comment "We CA are gaining IT Knowledge then only we are eligible to perform IT Audit.." here without being qualified as an official Engineer - CAs are allowed to perform IT Audit. Whilst an IT Engineer has to get qualified for CA first then he can perform financial audit. Well CISA/CISM/CISSP are professional certifications not a degree!!!!
@sachinhissaria6512 11 ай бұрын
@@cryptochanakya9839 where it is written that to perform IT AUDIT engineering is MUST..?? Give me any reference.. Everywhere ask is for certifications… I haven’t said CISA is degree… And no body gives you work if you don’t have relevant skills.. peoples are smarter then you, before giving job they will check your knowledge
@cryptochanakya9839 11 ай бұрын
@@sachinhissaria6512 Agree, Well that is the main concern where it is not regulated about this on an institutional levels. Well its always up to an individual to improve their skills but when it comes to compensation CA+CISA gets higher wages then an Eng.+CISA has to get. I just wanted to check your opinion in the context!
@nehachandwani1903 2 ай бұрын
@@sachinhissaria6512Could you please make a detailed video for ITAC, Business process controls?? Also one question- In change management what should be the next step if we identify that the develper had moved the chnge to production only? Like SOD conflict happens
@harishsharvan9234 8 ай бұрын
sir what is meant by dr site and tat
@sachinhissaria6512 8 ай бұрын
DR is Disaster Recovery site and TAT is Turn around Time
Sachin Hissaria
Рет қаралды 908
Sachin Hissaria
Рет қаралды 8 М.
Career School
Рет қаралды 39 М.
CA Saab
Рет қаралды 30 М.
Rajiv Talreja
Рет қаралды 1,1 МЛН
Sachin Hissaria
Рет қаралды 126
iZenBridge Consultancy Pvt Ltd.
Рет қаралды 224 М.