1. Explain me what type of audits have you done?
You should know how to respond to this based on the job description and whether the position requires experience doing financial audits, operational audits or something else
2. Tell me do you have knowledge of accounting standards?
First, answer whether you have knowledge of accounting standards such as Generally Accepted Accounting Principles – GAAP – and Sarbanes-Oxley,”. “Then explain the depth of your knowledge, how it applies to the role and how you stay up-to-date.
3. Tell me what are you biggest weaknesses?
You can say, ‘I've never done the monthly close, SEC reporting or Sarbanes-Oxley on my own, but I've supported that,'”. All accountants and financial analysts should know their skills and shortcomings – understand your strengths and what gaps you may have, what you can or cannot do.
4. Explain me are open-source projects more or less secure than proprietary ones?
The answer to this question is often very telling about a given candidate. It shows
1) whether or not they know what they're talking about in terms of development, and
2) it really illustrates the maturity of the individual (a common theme among my questions).
My main goal here is to get them to show me pros and cons for each. If I just get the “many eyes” regurgitation then I'll know he's read Slashdot and not much else. And if I just get the “people in China can put anything in the kernel” routine then I'll know he's not so good at looking at the complete picture.
The ideal answer involves the size of the project, how many developers are working on it (and what their backgrounds are), and most importantly - quality control. In short, there's no way to tell the quality of a project simply by knowing that it's either open-source or proprietary. There are many examples of horribly insecure applications that came from both camps.
5. Do you know rainbow tables?
Look for a thorough answer regarding overall password attacks and how rainbow tables make them faster.
6. What are your first three steps when securing a Linux server?
Their list isn't key here (unless it's bad); the key is to not get panic.
7. Explain me what exactly is Cross Site Scripting?
You'd be amazed at how many security people don't know even the basics of this immensely important topic. We're looking for them to say anything regarding an attacker getting a victim to run script content (usually JavaScript) within their browser.
ISACA is the international body that certifies information system auditors, security managers and other related roles.
9. Tell me have you been able to detect insurance fraud in the past?
It has only come up a couple times in my experience, but there have been instances where I discovered fraud in a claim. Once, someone filed an insurance claim because their car had been stolen. After working with law enforcement, we discovered the vehicle was only a few miles away. Apparently, the car owner was just trying to get some quick cash and thought this was the easiest way to get it. Criminal charges were ultimately placed against them.
10. Tell us what have you done to enhance your knowledge recently?
I attended a conference last month where I learned some incredibly useful information related to handling auto insurance claims. However, I view every case that comes across my desk as a learning opportunity. Every case is different and requires a little something different than the last one. For example, I learned early on how important eyewitness testimony can be when it comes to determining a claim for an automotive accident.
11. Tell me do you have experience doing/handling X, Y and Z?
There is nothing that you can't do,”. “When asked about walking through your resume, recite accomplishments that tie into the job description.
“Make notes at the top of your page or notebook as to your strengths [that are relevant] for the position,”. “You're better off to say ‘My experience is limited in XYZ but I do know ABC.' Don't give them a reason not to hire you.
If you're truly interested in a role, your enthusiasm can make up for a few skills gaps. Say you don't hit 10 out of 10 prerequisite skills or types of experience, but maybe you hit eight out of 10, which is often good enough.
On the other two, find a way to highlight elements of your background that related tangentially to overcome the missing bullet points
12. Explain a time when you helped reduce costs?
The answer to this question will tell whether you strictly stick to your accounting job duties, or whether you have gone above and beyond by identifying solutions for the greater good of the company
13. Explain me how do you change your DNS settings in Linux/Windows?
Here you're looking for a quick comeback for any position that will involve system administration (see system security). If they don't know how to change their DNS server in the two most popular operating systems in the world, then you're likely working with someone very junior or otherwise highly abstracted from the real world.
14. Explain me what kind of network do you have at home?
Good answers here are anything that shows you he's a computer/technology/security enthusiast and not just someone looking for a paycheck. So if he's got multiple systems running multiple operating systems you're probably in good shape. What you don't want to hear is, “I get enough computers when I'm at work…” I've yet to meet a serious security guy who doesn't have a considerable home network–or at least access to one, even if it's not at home.
15. Tell me how does HTTP handle state?
It doesn't, of course. Not natively. Good answers are things like “cookies”, but the best answer is that cookies are a hack to make up for the fact that HTTP doesn't do it itself.
16. What is a CISA and is it really an international certification?
A CISA is a Certified Information System Auditor and yes, CISA's are recognized and employed all around the world.
Every accountant needs to be detail-oriented, but what else is needed is the discipline to check again. I always double check to ensure everything is in order. In addition, having technical savvy helps, and I stay current with the newest software and apps that makes tracking details and finding irregularities easier.
18. Explain me are you comfortable traveling to meet clients?
I am certainly comfortable traveling in order to acquire information to process a claim. However, if need be, then I also feel perfectly comfortable talking to people over the phone to gather more material.
19. Tell us what are your long-term career goals?
I am interested in finding a position where I can refine my accounting skills in my work with government agencies and non-profits. I feel there is a particular benefit to society in my work as a government auditor, and I would like to continue making that contribution.
20. Do you know what is an IT auditor? What do they do?
An IT auditor is an audit professional with special MIS knowledge who works with companies to assess the risks associated with their IT applications and then determines if the company has adequate controls in place to manage that risk. IT auditors may work for a public accounting firm (external audit) or for the company itself (internal audit).
This is a fun one, as it requires them to set some ground rules. Desired answers are things like, “Did we already implement nonces?”, or, “That depends on whether we already have controls in place…” Undesired answers are things like checking referrer headers, or wild panic.
22. Explain me who do you look up to within the field of Information Security? Why?
A standard question type. All we're looking for here is to see if they pay attention to the industry leaders, and to possibly glean some more insight into how they approach security. If they name a bunch of hackers/criminals that'll tell you one thing, and if they name a few of the pioneers that'll say another. If they don't know anyone in Security, we'll consider closely what position you're hiring them for. Hopefully it isn't a junior position.
23. Tell me in terms of culture, what environment do you see yourself succeeding in?
Some hiring managers are looking for a candidate who works well in a team, others for someone who works well independently, but all the better if you can demonstrate that you can do both.
You have to understand the particular role to highlight how you would perform, because hiring managers want a candidate to be the right fit. A lot of it is what value can you add to the business beyond technical skills.
24. Explain me which enterprise resource planning (ERP) systems have you used?
Most professionals, especially those with experience working for medium to large organizations, should have an answer for this. You must be master of Excel. A response might include any of the following: Hyperion, Microsoft Dynamics GP or Oracle Enterprise Manager.
For entry-level candidates, it's an opportunity to turn this into a discussion of finance certifications and future training possibilities.
25. Tell me what methods have you used for estimating bad debt?
This question can open a conversation about the ways you've approached this routine process with previous employers.
Your answer can reveal the level of understanding of the methods most commonly used and could open a dialogue about how the company you are interviewing with handles this
