Join Africa's fastest growing career community!


“46 interview questions I’ve encountered in my job search,” Veronica Rose, certified Information Systems Auditor and Author.

The most common interview questions for Certified Information Systems Auditor (CISA). 

Article Preview Image

The most common interview questions for Certified Information Systems Auditor (CISA). 

Let me start by giving a brief about the CISA certifcation; CISA is an acronym for Certified Information Systems Auditor, an ISACA certification. The Certified Information Systems Auditor (CISA) designation is a globally recognized certification for IS audit control, assurance and information security professionals.

The information in this article is basically gathered from the oral, on-phone, meet-ups and written interviews I have encountered in my previous job search.

1. Tell us/me about yourself?

2. Describe an audit process at a glance or describe the audit phases?

3. Are you comfortable with working for a consultacy firm?

4. What are your years of experience?

5. Are you acquainted with the use of audit software? If yes, which one in particular?

6. How did you get know about this job opportunity?

7. Which year did you join ISACA? How has been your experience so far?

8. Are you familiar with the International Professional Practices Framework (IPPF), ISACA Professional Standards, ISO/ IEC Certification especially ISO 27001 standards, ITIL Framework and other auditing standards?

9. Are you from an accounting or ICT background? If you are from an accounting background, how are you managing the conversion?

10. Why should we hire you?

11. Which of the following outlines the overall authority to perform an IS audit?

A) The audit scope with goals and objectives.

B) A request from management to perform an audit.

C) The approved audit charter.

D) The approved audit schedule. Choose the most correct answer and give reasons why?

12. Define the meaning of the term "audit universe"?

13. As an IS Auditor, what would be your main focus when developing a risk-based audit program?

14. During your audit activities, are the recommendations you issue in your audit report achievable?

15. In case your audit client fails to implement the recommendations you issued in the report, what do you do?

16. After auditing an entity, when would you recommend use of compensating controls?

17. What risks are associated with deploying of a core banking system that will be hosted on cloud?

18. What would you do if the audit client rejects the findings in the report?

19. What are your strengths & weaknesses?

20. How do you manage pressure at work?

21. Which Operating System are you more familiar with (Linux or Ms Windows)?

22. Discuss your understanding of the Big 4 Agenda presidential initiative in brief (This question is applicable to the Kenyan environment). 

23. What is your salary expectation?

24. What is your current salary?

25. What is your understanding of the term “Professional competence”?

26. How would you manage conflict among peers?

27. You have been involved in the project of commissioning a new application/system to replace the legacy ERP system, what areas would be of your concern to review?

28. In a distributed environment, many different devices are used to deliver application services. Mention one factor that has significantly changed in recent years due to the rapid growth of the Internet of Things (IoT).

29. What would you advise an organisation that is in preparations to storing their data and information on cloud?

30. In performing a risk-based audit, which risk assessment is completed first by an IS auditor?

31. As an IS Auditor, identify six IT risks in financial service institutions and recommend their mitigation strategies.

32. Give two important reasons why an audit planning process should be reviewed at periodic intervals.

33. What constitutes a forensic audit? (in brief).

34. Which professional body are you affiliated to?

35. When conducting an audit of a client-server database security, as an IS auditor, what should be your major concern?

36. Where is your passion? Or what motivates you?

37. What are your hobbies?

38. When are you available to join our team?

39. Are you willing and able to travel on short notice?

40. What are the risks associated with outsourcing IT Services in an organisation? List three and suggest their mitigation strategies.

41. In an organisation, who is ultimately responsible for implementing and maintaining an internal control system that leads to the deterrence and/or timely detection of fraud?

42. During an audit on an organisation’s Business Continuity Plan or Disaster Recovery Plans (BCP or DRP) which areas will you most likely review?

43. Which of the following areas should an IS Auditor be involved in?

A) Observing tests of the disaster recovery plan,

B) Developing the disaster recovery plan,

C) Maintaining the disaster recovery plan,

D) Reviewing the disaster recovery requirements of supplier contracts.

44. Would you prefer to work in a team or alone? (either answer, why?)

45. Are you aware of the Global Data Protection Regulations (GDPR)? What is your take on PII processing and protection?

46. Do you have any questions for us/me?

In a nutshell, bearing in mind the nature of business and industry where the interviewer is asking or coming from, the answers to the above questions may differ from one interviewee to another. However, the most important idea is to refer to the ISACA professional standards and requirements for a CISA designation and also use of professional judgement when answering. I hope this article will benefit you during your job search.

 “Together, We Work Smart”


This article was originally published on here by Veronica Rose, a certified Information Systems Auditor and an Author. 


Written by

Kelvin Mokaya

Give a like!


Sign in to read comments and engage with the Fuzu community.

Login or Create a Free Account