IT auditors review current company guidelines, evaluate system processes, and help redefine and improve technical systems. IT auditors review network hardware, software, and any processes used by employees to ensure the highest level of quality and security when it comes to software and hardware deployment. If you decide to jump into this career, here are some interview questions you might run across in your job search.

1. What is an RFC?

A: A “request for change” or RFC is the process of documenting changes to the network. RFCs allow you to have each department involved, so if their systems are changed, they are aware of the changes and approve them. RFCs are usually stored in software that keeps track of each manager’s approval.

2. What type of systems should be audited?

A: In most cases, all systems should be audited for security and uptime. But, you can answer this question with specifics such as the database because it holds the company data and servers because they run the company software.

3. Have you worked in a virtualized environment?

A: This question asks you if you’ve worked with virtual servers. Most companies use virtualization to maximize resources. You can mention any server virtualization software such as VMware or desktop software for end users such as XenDesk.

4. What is the most difficult part of auditing for you?

A: This is a personal question, but you can name any difficult process you find a challenge when auditing. You can find that working with change in the environment is difficult to avoid bugs or adding more process to an existing application.

5. Describe the most difficult auditing procedure you’ve implemented.

A: This question tests your leadership skills, because most auditors need to control the change management process to take control of issues that the company has with its systems.

6. What is change management?

A: Change management is the organization or group of people who manage any changes that occur on the network. Change management ensures that any bugs are dealt with, and major system outages are quickly handled, and any future changes are approved by each department.

7. What types of RFC or change management software have you used?

A: Most companies use internal software applications, but you can name some popular change management tools. For instance, with Microsoft .NET applications, you could mention TFS for software change control and how you manage it as an auditor.

8. What do you do if a rollout goes wrong?

A: Sometimes, mistakes happen when IT submit changes. There should be a rollback plan in place when a change fails. This rollback process should also be documented.

9. How do you manage system major incidents?

A: Major incidents are when critical systems get hit with issues and users are unable to access software or hardware. Each auditor handles these systems differently, but you must indicate that you want to document incidents while making the process easy for managers to quickly fix issues.

10. How do you ask developers to document changes?

A: software changes are inevitable on a network. Answer this question with change management solutions you use to document and make changes with software but keep backups for rollbacks.

Have you been having trouble setting yourself apart from other candidates in your auditing interviews? If so, you should consider looking into the CISA (Certified Information Security Auditor) certification to set yourself apart from the crowd. Fill out the form below for a course syllabus and pricing information on our instructor lead, live online and self paced training options.

Ethical Hacking Training – Resources (InfoSec)