Question 1

Differentiate between internal and external audit objectives and reporting audiences.

Accepted Answer

Internal audits focus on evaluating and improving the effectiveness of risk management, control, and governance processes, reporting primarily to management. External audits aim to provide an independent opinion on the financial statements' accuracy, reporting to shareholders or the public.

Question 2

How does internal audit add strategic value beyond compliance? Provide an example.

Accepted Answer

Internal audit adds strategic value by identifying areas for improvement in business processes, enhancing risk management, and ensuring operational efficiency. For example, an internal audit might reveal inefficiencies in the supply chain, leading to strategic changes that reduce costs and improve delivery times.

Question 3

Can you explain the “Three Lines of Defence” model and how it shapes internal audit's relationship with other assurance functions?

Accepted Answer

The 'Three Lines of Defence' model is a framework for effective risk management and control. The first line involves operational management, responsible for identifying and managing risks. The second line includes risk management and compliance functions, providing oversight and support. The third line is the internal audit, providing independent assurance. Internal audit interacts with the other lines by evaluating their effectiveness and ensuring that risk management processes are functioning as intended.

Question 4

What is the role of an internal audit function in a modern organization?

Accepted Answer

The internal audit function plays a pivotal role in modern organizations by assessing and improving the effectiveness of risk management, control, and governance processes. It ensures compliance with laws and regulations, identifies areas for operational improvement, and provides assurance to stakeholders that the organization is managing its risks effectively.

Question 5

What professional standards and frameworks (e.g., IIA standards, SA, Companies Act, Ind AS, ISO) are most relevant to internal auditors today?

Accepted Answer

Internal auditors today rely heavily on the International Standards for the Professional Practice of Internal Auditing (IIA standards) for guidance on conducting audits. The Standards on Auditing (SA) and the Companies Act provide legal and procedural frameworks for financial audits, while Ind AS offers guidelines on financial reporting. Additionally, ISO standards, such as ISO 31000 for risk management, are increasingly important for comprehensive audits.

Question 6

Describe how you would audit a critical process like Procure-to-Pay (P2P) or Order-to-Cash (O2C). What risks and controls would you focus on?

Accepted Answer

To audit a process like P2P or O2C, I would first map out the entire process to understand the flow of transactions. I would focus on identifying key risks such as fraud, errors in transaction recording, or compliance breaches. For P2P, controls around vendor approval and payment authorization are critical, while for O2C, controls over credit management and revenue recognition are essential. I would evaluate the design and operating effectiveness of these controls through tests of control and substantive procedures.

Question 7

How do you conduct a risk assessment as part of audit planning? What tools or analytics do you employ?

Accepted Answer

In conducting a risk assessment, I start by identifying areas with the highest potential for financial misstatement. I analyze historical data, industry trends, and internal controls to evaluate risk levels. Tools like ACL or IDEA for data analytics help in examining large datasets efficiently, and I employ risk matrices to prioritize audit focus areas.

Question 8

Walk me through your approach to planning an internal audit: from scoping to risk prioritization.

Accepted Answer

My approach begins with defining the audit scope by understanding the business context and objectives. I then conduct a risk assessment to identify potential areas of concern, considering both financial and operational risks. Prioritization is based on the likelihood and impact of these risks, ensuring that the audit focuses on the most critical areas.

Question 9

What is Control Self‑Assessment (CSA), and how would you integrate it into audit planning?

Accepted Answer

Control Self‑Assessment (CSA) is a process where internal controls are evaluated and monitored by the management and staff responsible for them. It enhances accountability and helps identify risks and control weaknesses early. To integrate CSA into audit planning, I would first ensure that CSA results are reviewed during the risk assessment phase, use them to prioritize audit areas, and incorporate CSA findings into audit procedures to focus on significant risk areas.

Question 10

Explain how continuous auditing works and how technology enables it. What would you audit in real time?

Accepted Answer

Continuous auditing is an automated method used to perform control and risk assessments on a more frequent basis. Technology enables it through the use of data analytics, real-time data access, and automated reporting tools, which allow auditors to continuously monitor transactions and controls. In real time, you might audit transactions, compliance with policies, or system access controls to quickly identify and address anomalies.

Question 11

Describe how you select and execute audit testing—sampling, substantive testing, IT controls.

Accepted Answer

In selecting audit testing, I start by understanding the audit objectives and the client's business environment. For sampling, I use statistical methods to ensure a representative sample size. Substantive testing is chosen based on risk assessments and materiality. IT controls are tested by evaluating system access controls and data integrity. This approach ensures comprehensive coverage and risk mitigation.

Question 12

What steps do you take when you uncover fraud or a financial irregularity during your audit?

Accepted Answer

When I uncover fraud or a financial irregularity during an audit, I first ensure I thoroughly document the issue with all supporting evidence. Next, I assess the potential impact on financial statements and the organization. Finally, I report the findings to senior management or the audit committee, following the organization's protocol and regulatory requirements.

Question 13

Tell us about a time when you analyzed large amounts of data during an audit. Which tools did you use, and what did you discover?

Accepted Answer

During a financial audit for a large retail client, I analyzed sales and inventory data using Excel and Power BI. By leveraging pivot tables and data visualization, I identified discrepancies in inventory records that indicated potential overstatement of assets. This analysis led to further investigation, revealing process inefficiencies in inventory management that were subsequently addressed.

Question 14

How do you maintain objectivity and independence when under pressure from senior management? Share a specific example.

Accepted Answer

To maintain objectivity, I rely on established facts and data, even when under pressure. For instance, during a financial audit, senior management pressured me to overlook certain discrepancies. I insisted on following protocol, presented my findings with supporting evidence, and suggested corrective actions. This not only upheld my integrity but also improved the company's financial transparency.

Question 15

Describe a challenging audit you led and how you overcame obstacles and resistance.

Accepted Answer

I led an audit of a multinational client facing complex regulatory issues. Resistance arose from local management due to concerns over compliance costs. I facilitated open communication, emphasizing the long-term benefits of compliance and providing training to ease concerns. This collaboration led to a successful audit and improved client relations.

Question 16

Walk me through your audit report process—how do you ensure clarity, relevance, and persuasive findings?

Accepted Answer

I start with a clear understanding of the audit objectives and scope. I gather and analyze data meticulously, ensuring all findings are relevant to the objectives. My reports are structured to highlight key insights and recommendations, using clear language and supporting evidence to persuade stakeholders.

Question 17

How do you handle situations where management disagrees with your recommendations? Provide a real example.

Accepted Answer

In situations where management disagrees with my recommendations, I first ensure I fully understand their perspective. I then present my reasoning clearly, backed by data and analysis, and seek common ground. For example, during a financial review, I recommended budget cuts in a project that management was keen on. I presented data showing declining ROI, and after a series of discussions, we agreed on a phased budget reduction to mitigate risks.

Question 18

How do you follow up to ensure agreed remediation actions are implemented effectively?

Accepted Answer

To ensure effective implementation of agreed remediation actions, I establish a follow-up schedule with clear deadlines and responsibilities. I maintain regular communication with stakeholders to monitor progress and address any obstacles. Once actions are reported as complete, I verify their implementation through reviews or audits to ensure they meet the intended objectives.

Question 19

Describe a time you had to present difficult findings to senior management. How did you manage reactions and gain consensus?

Accepted Answer

In a previous role, I discovered discrepancies in our quarterly financial reports that indicated potential overspending. I prepared a clear presentation that outlined the findings, potential impacts, and proposed solutions. During the meeting, I remained calm and open to feedback, addressing concerns with data-backed responses. By focusing on collaborative solutions, I gained consensus on implementing stricter budget controls.

Question 20

Explain the “5 C’s” of audit findings (Condition, Criteria, Cause, Consequence, Corrective action) with an example.

Accepted Answer

The '5 C’s' of audit findings are a structured way to analyze and report audit outcomes. 'Condition' refers to the current state or issue identified. 'Criteria' are the standards or benchmarks that the condition is compared against. 'Cause' identifies why the issue occurred. 'Consequence' outlines the impact of the issue. 'Corrective action' is the recommended solution. For example, if an audit finds that financial reports are not submitted on time (Condition), the criteria could be the company's policy of monthly submissions. The cause might be understaffing. The consequence could be financial penalties. Corrective action would involve hiring additional staff or optimizing the reporting process.

Question 21

How do you see AI, big data and continuous auditing transforming internal audit? Have you applied any such AI-enabled audits?

Accepted Answer

AI, big data, and continuous auditing are revolutionizing internal audit by enhancing efficiency and accuracy. AI automates routine tasks and identifies anomalies, while big data analytics provides deeper insights into trends and risks. Continuous auditing allows real-time monitoring of transactions. I have implemented AI-enabled audits, utilizing machine learning algorithms to detect irregularities and streamline audit processes.

Question 22

How do you evaluate IT/general IT controls? Describe your approach in an ERP or cloud environment.

Accepted Answer

To evaluate IT controls in an ERP or cloud environment, I begin by understanding the specific IT framework and policies in place. I then assess user access controls, change management processes, and data security measures. This involves reviewing system configurations, audit logs, and compliance with industry standards. By conducting interviews and walkthroughs with IT personnel, I ensure that the controls are not only documented but also effectively implemented and monitored.

Question 23

Describe an ethics-based or AI governance audit. How would you scope it and what challenges would you anticipate?

Accepted Answer

An ethics-based or AI governance audit involves evaluating the ethical use and governance framework of AI systems. To scope it, I would define the objectives, such as ensuring compliance with ethical guidelines and identifying potential biases. I would anticipate challenges like rapidly evolving AI technologies, lack of established standards, and potential resistance from stakeholders due to perceived threats to innovation.

Question 24

Have you been part of a continuous auditing setup—CDA, CCM or CRMA? Explain its implementation and challenges.

Accepted Answer

Yes, I have been involved in a Continuous Data Auditing (CDA) setup. We implemented real-time monitoring tools to ensure compliance and improve data accuracy. Challenges included integrating new technologies with existing systems and managing the change in workflow for the team. Overcoming these required strong project management and clear communication strategies.

Question 25

What audit tools, ERP systems, or data analytics platforms are you familiar with? Describe how you have used them.

Accepted Answer

I am proficient in using audit tools like ACL and IDEA for data analysis, and ERP systems such as SAP and Oracle for financial management. In my previous role, I used ACL to automate data extraction and analysis, which significantly improved the efficiency of our audit processes. With SAP, I managed financial reporting and streamlined operations by integrating various business functions.

Question 26

What are the key compliance regulations (e.g. Companies Act, Ind AS, SOX, ISO standards) internal audit must ensure are followed?

Accepted Answer

Internal audit must ensure compliance with several key regulations, including the Companies Act for corporate governance, Ind AS for financial reporting, SOX for internal controls over financial reporting, and ISO standards for quality management. These regulations help ensure transparency, accuracy, and reliability in financial statements and operational processes.

Question 27

Tell me about a time someone asked you to ignore or cover up a potential fraud or misstatement. What did you do?

Accepted Answer

In a previous role, a colleague suggested overlooking a discrepancy in the financial reports. I immediately reported the issue to my supervisor and ensured that the discrepancy was properly investigated. Maintaining integrity is crucial in finance, and I believe in transparency and accountability.

Question 28

Describe how you handled pressure or conflict when maintaining audit independence.

Accepted Answer

In a previous audit engagement, I faced pressure from a client to overlook certain discrepancies. I addressed this by firmly adhering to our firm's ethical guidelines and communicated the importance of audit independence to the client. I also sought guidance from my manager to ensure transparency and maintain our professional standards.

Question 29

Describe your experience with fraud risk assessment and how you design an audit to mitigate fraud.

Accepted Answer

In my previous role, I conducted fraud risk assessments by evaluating internal controls and identifying potential fraud indicators. I designed audits by incorporating data analytics to detect anomalies and implemented surprise audits to enhance oversight. Collaboration with management to strengthen controls was also key to mitigating fraud risks.

Question 30

Have you identified a previously unnoticed risk? How did you bring it to management's attention and ensure action?

Accepted Answer

In my previous role, I identified a supply chain risk due to a single supplier dependency. I conducted a thorough analysis, presented a detailed report to management highlighting potential impacts, and recommended diversifying suppliers. Management appreciated the insight and took steps to mitigate the risk, ensuring business continuity.

Question 31

Tell me about a time you provided positive feedback (recognizing what’s working) rather than just highlighting gaps.

Accepted Answer

In a previous role, I noticed a colleague consistently delivering high-quality reports ahead of deadlines. I made it a point to commend their efficiency and attention to detail during a team meeting, which not only boosted their confidence but also set a standard for others. This approach fostered a positive work environment and encouraged others to emulate such practices.

Question 32

Explain how internal audit contributes to better governance or strategic decision‑making.

Accepted Answer

Internal audit plays a crucial role in governance by providing independent assurance on risk management, control, and governance processes. It identifies areas of improvement, ensuring that the organization operates efficiently and complies with regulations. By providing insights into risk and control issues, internal audit supports strategic decision-making, helping leaders make informed choices that align with organizational goals.

Question 33

Describe a case where your audit findings were implemented and led to measurable business improvement.

Accepted Answer

In my previous role, I conducted an audit that identified inefficiencies in the inventory management system. I recommended implementing a new software solution to automate stock tracking. After implementation, the company saw a 20% reduction in inventory costs and improved stock accuracy, leading to better cash flow management.

Question 34

How do you quantify or articulate the benefits of your recommendations?

Accepted Answer

I quantify the benefits of my recommendations by first identifying key performance indicators that align with organizational goals. I use financial metrics such as ROI, cost savings, or revenue growth. I then articulate these benefits through clear and concise reports or presentations, ensuring stakeholders understand the strategic value.

Question 35

Share an example where you recommended a process improvement during an audit. How did management respond and what was the outcome?

Accepted Answer

During an audit at a mid-sized firm, I noticed that the manual reconciliation process was prone to errors and time-consuming. I recommended implementing an automated reconciliation software. Management was initially hesitant due to cost concerns, but after presenting a cost-benefit analysis, they approved the change. The outcome was a 30% reduction in reconciliation time and a significant decrease in errors, which increased overall efficiency and accuracy.

Question 36

Which emerging audit risks or trends are top of mind today (e.g., ESG, AI ethics, cyber‑risk)?

Accepted Answer

Emerging audit risks that are top of mind today include environmental, social, and governance (ESG) reporting, AI ethics, and cyber-risk. Companies are increasingly focusing on ESG due to regulatory pressures and stakeholder expectations. AI ethics pose challenges in ensuring algorithmic fairness, while cyber-risk requires robust security measures to protect sensitive data.

Question 37

What internal audit training or certifications have you pursued and why? (e.g., CIA, CRMA)

Accepted Answer

I have pursued the Certified Internal Auditor (CIA) certification because it is globally recognized and enhances my understanding of internal audit processes. Additionally, I completed the Certification in Risk Management Assurance (CRMA) to deepen my skills in risk management and assurance, aligning with my career goal to specialize in these areas.

Question 38

Discuss a recent major regulatory change (e.g. Ind AS update, Companies Act amendment) and its impact on auditing.

Accepted Answer

A recent major regulatory change is the introduction of Ind AS 116, which deals with lease accounting. This standard requires companies to recognize lease liabilities and right-of-use assets on their balance sheets, impacting financial statements significantly. For auditors, this change means increased scrutiny on lease agreements, ensuring compliance with recognition and measurement principles, and verifying the accuracy of disclosures in financial statements.

Question 39

How do you stay current with changes in industry standards, laws, and audit regulations?

Accepted Answer

I stay current by subscribing to industry journals and participating in webinars and workshops. I am also an active member of professional networks like the AICPA, where I engage in discussions and share insights. Additionally, I regularly review updates from regulatory bodies to ensure compliance with the latest standards and regulations.

Question 40

Explain how you ramp up quickly on an unfamiliar industry, business unit, or regulatory domain.

Accepted Answer

I start by conducting thorough research on the industry, including market trends and key players. I then connect with colleagues and industry experts to gain insights and best practices. Finally, I apply this knowledge to my work, ensuring compliance and strategic alignment with industry standards.

Question 41

You discover conflicting data during testing. Management says it’s a reconciliation issue. How do you proceed?

Accepted Answer

Upon discovering conflicting data, I would first verify the source of the discrepancy by reviewing all relevant documentation and data sources. I would then consult with the finance and data teams to ensure a comprehensive understanding of the issue. Once the root cause is identified, I would work collaboratively to implement a reconciliation strategy, ensuring alignment with management's expectations and preventing future occurrences.

Question 42

A business rolls out a new ERP module. How would you audit controls, data migration, and user access?

Accepted Answer

To audit a new ERP module, I would start by evaluating the control environment to ensure it aligns with organizational policies. I would then review the data migration process for accuracy and completeness, verifying that data integrity is maintained. Finally, I would assess user access controls to ensure proper segregation of duties and that access is granted on a need-to-know basis.

Question 43

A fraud investigation just concluded. You are asked to audit post‑fraud controls and processes. How do you structure your work?

Accepted Answer

To audit post-fraud controls and processes, I would begin by reviewing the findings of the fraud investigation to understand the weaknesses exploited. I would then assess the current controls in place and identify any gaps. Next, I would recommend enhancements to strengthen these controls, focusing on segregation of duties, authorization procedures, and monitoring mechanisms. Finally, I would ensure that staff are trained in the updated processes to prevent future occurrences.

Question 44

Company wants to adopt continuous auditing for finance data. How would you define scope, frequency, and rules?

Accepted Answer

To define the scope for continuous auditing, I would first identify key financial processes and data streams critical to the organization’s objectives. For frequency, I would set intervals based on the risk level and transaction volume, ensuring timely detection of anomalies. In terms of rules, I would establish criteria for data integrity, compliance checks, and exception reporting, ensuring these rules are aligned with regulatory requirements and organizational policies.

Question 45

Auditing an ethics-based AI usage framework across multiple divisions. How would you assess governance and consistency?

Accepted Answer

To assess governance and consistency in an ethics-based AI usage framework, I would first review the existing policies and procedures to ensure they align with ethical standards. Next, I would evaluate the governance structure to confirm that there are clear roles and responsibilities for AI oversight. Finally, I would conduct interviews and audits across divisions to ensure consistent application and identify any discrepancies or areas for improvement.

Question 46

Vendor selection process in P2P: unauthorized approvals and missing documentation. Detail your audit approach.

Accepted Answer

During an audit of the P2P process, I initiated a thorough review of the vendor selection protocols. I identified unauthorized approvals and missing documentation as key issues. My approach included tracing transactions to their origin, interviewing stakeholders, and recommending enhanced controls, such as automated approval workflows and mandatory documentation checks, to prevent future lapses.

Question 47

You’re auditing O2C; you find duplicate billing and control override. Outline your findings and next steps.

Accepted Answer

During the O2C audit, I identified duplicate billing instances and control overrides, which could lead to revenue misstatement. The next steps include quantifying the financial impact, assessing the root cause, and recommending strengthening internal controls to prevent recurrence, such as implementing automated checks and enhancing staff training.

Question 48

You face a tight deadline and limited resources. How do you prioritize audit tasks and ensure coverage?

Accepted Answer

In such situations, I start by assessing the audit tasks based on risk and impact. I prioritize high-risk areas that could significantly affect financial statements. I then allocate resources efficiently, ensuring critical tasks are covered first. Regular communication with the team helps to track progress and make adjustments as needed to meet the deadline.

Question 49

During operational audit, you find inefficiencies leading to financial loss. How do you recommend changes?

Accepted Answer

Upon identifying inefficiencies during an audit, I would first quantify the financial impact and prioritize areas with the highest loss potential. I would then engage with relevant stakeholders to understand root causes and collaboratively develop targeted solutions. Finally, I would recommend implementing process improvements and regular monitoring to mitigate future losses.

Question 50

Coordinating internal audit and external audit on same process. How do you avoid duplication and maximize coverage?

Accepted Answer

To avoid duplication and maximize coverage, it's crucial to establish clear communication and coordination between internal and external audit teams. This can be achieved by sharing audit plans and findings, aligning audit objectives, and scheduling audits to cover different aspects of the process. Regular meetings and updates ensure both teams are informed and can adjust their focus as needed.

Internal Audit Interview Q&A

A. Core Concepts & Role Understanding

Q1: Differentiate between internal and external audit objectives and reporting audiences.

Q2: How does internal audit add strategic value beyond compliance? Provide an example.

Q3: Can you explain the “Three Lines of Defence” model and how it shapes internal audit's relationship with other assurance functions?

Q4: What is the role of an internal audit function in a modern organization?

Q5: What professional standards and frameworks (e.g., IIA standards, SA, Companies Act, Ind AS, ISO) are most relevant to internal auditors today?

B. Risk Assessment & Planning

Q6: Describe how you would audit a critical process like Procure-to-Pay (P2P) or Order-to-Cash (O2C). What risks and controls would you focus on?

Q7: How do you conduct a risk assessment as part of audit planning? What tools or analytics do you employ?

Q8: Walk me through your approach to planning an internal audit: from scoping to risk prioritization.

Q9: What is Control Self‑Assessment (CSA), and how would you integrate it into audit planning?

Q10: Explain how continuous auditing works and how technology enables it. What would you audit in real time?

C. Execution & Fieldwork

Q11: Describe how you select and execute audit testing—sampling, substantive testing, IT controls.

Q12: What steps do you take when you uncover fraud or a financial irregularity during your audit?

Q13: Tell us about a time when you analyzed large amounts of data during an audit. Which tools did you use, and what did you discover?

Q14: How do you maintain objectivity and independence when under pressure from senior management? Share a specific example.

Q15: Describe a challenging audit you led and how you overcame obstacles and resistance.

D. Reporting & Communication

Q16: Walk me through your audit report process—how do you ensure clarity, relevance, and persuasive findings?

Q17: How do you handle situations where management disagrees with your recommendations? Provide a real example.

Q18: How do you follow up to ensure agreed remediation actions are implemented effectively?

Q19: Describe a time you had to present difficult findings to senior management. How did you manage reactions and gain consensus?

Q20: Explain the “5 C’s” of audit findings (Condition, Criteria, Cause, Consequence, Corrective action) with an example.

E. Tools, Technology & Analytics

Q21: How do you see AI, big data and continuous auditing transforming internal audit? Have you applied any such AI-enabled audits?

Q22: How do you evaluate IT/general IT controls? Describe your approach in an ERP or cloud environment.

Q23: Describe an ethics-based or AI governance audit. How would you scope it and what challenges would you anticipate?

Q24: Have you been part of a continuous auditing setup—CDA, CCM or CRMA? Explain its implementation and challenges.

Q25: What audit tools, ERP systems, or data analytics platforms are you familiar with? Describe how you have used them.

F. Compliance, Fraud & Ethics

Q26: What are the key compliance regulations (e.g. Companies Act, Ind AS, SOX, ISO standards) internal audit must ensure are followed?

Q27: Tell me about a time someone asked you to ignore or cover up a potential fraud or misstatement. What did you do?

Q28: Describe how you handled pressure or conflict when maintaining audit independence.

Q29: Describe your experience with fraud risk assessment and how you design an audit to mitigate fraud.

Q30: Have you identified a previously unnoticed risk? How did you bring it to management's attention and ensure action?

G. Process Improvement & Value Add

Q31: Tell me about a time you provided positive feedback (recognizing what’s working) rather than just highlighting gaps.

Q32: Explain how internal audit contributes to better governance or strategic decision‑making.

Q33: Describe a case where your audit findings were implemented and led to measurable business improvement.

Q34: How do you quantify or articulate the benefits of your recommendations?

Q35: Share an example where you recommended a process improvement during an audit. How did management respond and what was the outcome?

H. Industry Knowledge & Continuous Learning

Q36: Which emerging audit risks or trends are top of mind today (e.g., ESG, AI ethics, cyber‑risk)?

Q37: What internal audit training or certifications have you pursued and why? (e.g., CIA, CRMA)

Q38: Discuss a recent major regulatory change (e.g. Ind AS update, Companies Act amendment) and its impact on auditing.

Q39: How do you stay current with changes in industry standards, laws, and audit regulations?

Q40: Explain how you ramp up quickly on an unfamiliar industry, business unit, or regulatory domain.

I. Behavioral & Situational Questions

Q41: You discover conflicting data during testing. Management says it’s a reconciliation issue. How do you proceed?

Q42: A business rolls out a new ERP module. How would you audit controls, data migration, and user access?

Q43: A fraud investigation just concluded. You are asked to audit post‑fraud controls and processes. How do you structure your work?

Q44: Company wants to adopt continuous auditing for finance data. How would you define scope, frequency, and rules?

Q45: Auditing an ethics-based AI usage framework across multiple divisions. How would you assess governance and consistency?

Q46: Vendor selection process in P2P: unauthorized approvals and missing documentation. Detail your audit approach.

Q47: You’re auditing O2C; you find duplicate billing and control override. Outline your findings and next steps.

Q48: You face a tight deadline and limited resources. How do you prioritize audit tasks and ensure coverage?

Q49: During operational audit, you find inefficiencies leading to financial loss. How do you recommend changes?

Q50: Coordinating internal audit and external audit on same process. How do you avoid duplication and maximize coverage?