IT Audit And Compliance Specialist Interview Preparation Guide
Download PDF

IT Audit & Compliance Specialist based Frequently Asked Questions by expert members with experience as IT Audit & Compliance Specialist. These questions and answers will help you strengthen your technical skills, prepare for the new job test and quickly revise the concepts

35 IT Audit & Compliance Specialist Questions and Answers:

1 :: Tell Me About Your Experience as a Compliance Officer?

Be prepared to discuss your previous compliance experience. If you do not have previous experience as a compliance officer, perhaps because you are switching careers, discuss transferable skills. Keith Darcy, executive director of the Ethics & Compliance Officers Association says that "the most important skills include leadership, writing, public speaking, ethical decision-making, communications and training and instructional design." He goes on to say, "compliance officers should also possess a high degree of courage and integrity due to the confidential nature of the job."

2 :: What Constitutes an Effective Compliance Program?

Under the United States Sentencing Commission Compliance Recommendations, (§8B2.1(5) (C) of the United States Sentencing Commission Guidelines), an effective compliance program means an organization has taken appropriate steps to ensure laws, rules and regulations are complied with and ethical conduct among employees is promoted. This question tests your knowledge of the requirements of the law governing effective compliance programs.

3 :: What should happen to someone who violates the company's code of conduct and/or compliance policies?

This is a modified "behavioral analysis" question. If your candidate suggests a response that minimizes consequences, this could indicate an ethical tone that's incompatible with your organization.


Speak about specifics that relate to the position you are applying for. If you do not have specific experience, get as close as you can.

If you are being asked this question from your employer then you can explain your experience. Tell the employer what responsibilities you were performing during your job. You can tell what programs you developed and what modules you worked on. What were your achievements regarding different programs.

I have been working with computers since 2001. I also have a degree in network support/computer repair. I have built my last 3 computers, have work with Dell as an employee. So I have around 15 years experience working with computers.

5 :: How would you audit, say, a "lawn mowing" process? Give me a process map where you would start and end your audit of lawn mowng?

An auditor does not necessarily need to be a shoe polisher to audit shoe polishing. The same applies to lawn mowing. Candidates often panic when they hear a question about auditing a process that they are not familiar with. A true feature of a true auditor is the ability to identify risks associated with the process.

Every process that requires auditing has common elements, be it lawn mowing or petrochemical refining. For example, the common features across multiple processes might be:

► Preparedness / Planning / Scheduling. Processes have to be properly planned in terms of resources, capacity, scope and timing.
► Efficiency and Effectiveness - attempts to minimizing costs and optimizing materials. Doing things rationally and technically right.
► Quality - doing things right from the first time with minimal waste, plus, fitness and conformance to specifications of a final output/product including tolerance for defects.
► Technology - equipment and tools being physically and technically fit, tidy, clean and ready.
► People - right people must do the job.
► Safety - maximum alertness to hazards, their risks, deficiencies, and damage to people, equipment/materials and surroundings.
► Rules - legal requirements, operational procedures, organizational policies and codes.
► Cost-benefit. Is this process needed, do we get maximum benefit out of the costs we incur. Is it financially viable?
► Correctness - are all above things being done correctly and accurately?
► Fraud - are there opportunities, reasons and justification for thefts, burglary, misappropriation and embezzlement?
► Others - You name it.

6 :: Tell us What Do You Know About Us?

This is a general question and could be asked of any applicant irrespective of the industry. Be prepared to answer it well. As a first step, take the time to research the company at which you are interviewing. Do not miss this opportunity to make a good impression by showing how knowledgeable you are about the company's operations.

7 :: What are the compliance and ethics issues you frequently face in your current job?

Your candidate has already dealt with some kind of C&E issues on the job - unless he or she hasn't been paying attention. Always ask this question because it highlights issues the candidate might have been unaware of or had not fully appreciated. A compliance officer is supposed to constantly assess risk, so find out what issues they had to deal with as a way to determine their risk management style.

Furthermore, this question can help assess how well the candidate applies corporate policies in the context of their role, and it can highlight the effectiveness (or lack thereof) of whatever training they have had.

Thirdly, this question can give you an idea of how sophisticated the compliance program is in their current organization and can indicate how directly they are involved in implementing it.

Note: Interviewees frequently struggle with this question. Prod them with an obvious example of a challenge they may have faced.

9 :: What are the compliance- and/or ethics-related challenges you face most frequently in your current role?

This question provides information on several important aspects of a compliance program. First, it may highlight risks that the compliance officer was unaware of or didn't fully appreciate (risk assessment). Second, it assesses how well employees are able to apply corporate policies in the context of their role (policy comprehension/retention and training effectiveness). Third, it reiterates and reinforces the employee's understanding of risks and policies specific to them (training). Interviewees frequently struggle with this question initially and the interviewer may need to provide an obvious example of such a challenge to help the interviewee get started (i.e. gift policy, etc).


Try to include improvement activities that relate to the job. A wide variety of activities can be mentioned as positive self-improvement. Have some good ones handy to mention.

Employers look for applicants who are goal-oriented. Show a desire for continuous learning by listing hobbies non-work related. Regardless of what hobbies you choose to showcase, remember that the goal is to prove self-sufficiency, time management, and motivation.

Everyone should learn from his mistake. I always try to consult my mistakes with my kith and kin especially with elderly and experienced person.

I enrolled myself into a course useful for the next version of our current project. I attended seminars on personal development and managerial skills improvement.