Thank you so much for posting this. I got an offer from EY after preparing by watching this video in Technology Risk Consulting. Much Appreciable content! 🖤
Respected presenter, you can improve your presentation by refreshing it with more questions. Behavioural interview questions would really help prospective IT Auditors. Also basic general control testing like what is the fundamental requirement in testing the integrity of an application/appliance/product or service? You can ask questions like what controls can I test when I am auditing an application specifically from Data Input perspective? The questions you gave are no doubt really good ones but the interviewer begins simple questions and then goes on to add more serious ones to understand how a prospective employee is.
questions i faced - 1. what is D and N sheet ? 2. name a control that is common in logical access and change management ? 3. control objective of operational controls?
1. I am not Sure what is full form of D and N sheet but as per my understanding this is related to EOD (End of the Day) and BOD ( Beginning of Day) details are captured. 2."Generic User ID Management" is common control in logical access and change management. In this control we will ensure the ownership has been assigned to each generic IDs. 3. Control objective of operation control is ensure the effectiveness of control. so here you will check controls are working as per the design and activities are consistent with established process and plan. For Example, Monitors Detection Tools for Effective Operation-Management has implemented processes to monitor the effectiveness of detection tools.
1. I am not Sure what is full form of D and N sheet but as per my understanding this is related to EOD (End of the Day) and BOD ( Beginning of Day) where EOD/BOD details are captured. 2."Generic User ID Management" is common control in logical access and change management. In this control we will ensure the ownership has been assigned to each generic IDs. 3. Control objective of operation control is ensure the effectiveness of control. so here you will check controls are working as per the design and activities are consistent with established process and plan. For Example, Monitors Detection Tools for Effective Operation-Management has implemented processes to monitor the effectiveness of detection tools.
Despite of not being competent in technology and IT - How can a CA be qualified for such IT audit/ITGC control assessment? Don't you think its unfair - Lets consider would prefer an IT engineer to perform a Financial Audit even though he knows audit criteria and process?
If IT Engineer has CA/CPA/ACCA, he can do financial audit… we CA are gaining IT Knowledge then only we are eligible to perform IT Audit.. for IT Audit CISA/CISM/CISSP is qualification… i hope you have heard about CISA/CISM/CISSP.
@@sachin_hissaria so on the basis of your comment "We CA are gaining IT Knowledge then only we are eligible to perform IT Audit.." here without being qualified as an official Engineer - CAs are allowed to perform IT Audit. Whilst an IT Engineer has to get qualified for CA first then he can perform financial audit. Well CISA/CISM/CISSP are professional certifications not a degree!!!!
@@cryptochanakya9839 where it is written that to perform IT AUDIT engineering is MUST..?? Give me any reference.. Everywhere ask is for certifications… I haven’t said CISA is degree… And no body gives you work if you don’t have relevant skills.. peoples are smarter then you, before giving job they will check your knowledge
@@sachin_hissaria Agree, Well that is the main concern where it is not regulated about this on an institutional levels. Well its always up to an individual to improve their skills but when it comes to compensation CA+CISA gets higher wages then an Eng.+CISA has to get. I just wanted to check your opinion in the context!
@@sachin_hissariaCould you please make a detailed video for ITAC, Business process controls?? Also one question- In change management what should be the next step if we identify that the develper had moved the chnge to production only? Like SOD conflict happens
I don't think so I am gonna pass this paper this time or pass any interview in future!! Somehow I start losing confidence whenever I plan to study for this paper....😥
Thank you so much for posting this. I got an offer from EY after preparing by watching this video in Technology Risk Consulting. Much Appreciable content! 🖤
Can you provide me your number ? I am struggling with the interviews.
Would appreciate your help.
Respected presenter, you can improve your presentation by refreshing it with more questions. Behavioural interview questions would really help prospective IT Auditors. Also basic general control testing like what is the fundamental requirement in testing the integrity of an application/appliance/product or service? You can ask questions like what controls can I test when I am auditing an application specifically from Data Input perspective? The questions you gave are no doubt really good ones but the interviewer begins simple questions and then goes on to add more serious ones to understand how a prospective employee is.
worth a watch 💯
Good job. This is helpful. Can you provide access to the slide deck?
What if we noted SOD is not maintained developer and tester is same, as a auditor what action need to be taken?
Nice informative video
Very well explained..
Hi Sachin .. I am not a CA Background can I learn this ITGC Sox Audit or IT Sox Auditor ?
Yes brother, you can
questions i faced - 1. what is D and N sheet ?
2. name a control that is common in logical access and change management ?
3. control objective of operational controls?
1. I am not Sure what is full form of D and N sheet but as per my understanding this is related to EOD (End of the Day) and BOD ( Beginning of Day) details are captured.
2."Generic User ID Management" is common control in logical access and change management. In this control we will ensure the ownership has been assigned to each generic IDs.
3. Control objective of operation control is ensure the effectiveness of control. so here you will check controls are working as per the design and activities are consistent with established process and plan. For Example, Monitors Detection Tools for Effective Operation-Management has implemented processes to monitor the effectiveness of detection tools.
1. I am not Sure what is full form of D and N sheet but as per my understanding this is related to EOD (End of the Day) and BOD ( Beginning of Day) where EOD/BOD details are captured.
2."Generic User ID Management" is common control in logical access and change management. In this control we will ensure the ownership has been assigned to each generic IDs.
3. Control objective of operation control is ensure the effectiveness of control. so here you will check controls are working as per the design and activities are consistent with established process and plan. For Example, Monitors Detection Tools for Effective Operation-Management has implemented processes to monitor the effectiveness of detection tools.
2. Similarly verification of segregation of duties (SOD) is common control
How do you ensure that data population is accurate before you begin any analysis
Hey georg did you got the answer to this question? if you have could you please share
It will be covered in my next video
sir, please provide logical, change management and operational controls detail explanation
Sure, will make separate video
sir what is meant by dr site and tat
DR is Disaster Recovery site and TAT is Turn around Time
Hi Sachin this helped me more, Could you please tell me how to determine the change population is accurate and complete
I will make another video and cover this question…
Hi Sachin, how do we do remediation testing incase there are any observerations or defeciencies found during testing
Hi Sachin, how do we do remediation testing incase there are any observerations or defeciencies found during testing
Hi sir ,how to attend your session
@@harinithota7342 you can write mail on sachin.hissaria17@gmail.com or connect me on LinkedIn
Despite of not being competent in technology and IT - How can a CA be qualified for such IT audit/ITGC control assessment? Don't you think its unfair - Lets consider would prefer an IT engineer to perform a Financial Audit even though he knows audit criteria and process?
If IT Engineer has CA/CPA/ACCA, he can do financial audit… we CA are gaining IT Knowledge then only we are eligible to perform IT Audit.. for IT Audit CISA/CISM/CISSP is qualification… i hope you have heard about CISA/CISM/CISSP.
@@sachin_hissaria so on the basis of your comment "We CA are gaining IT Knowledge then only we are eligible to perform IT Audit.." here without being qualified as an official Engineer - CAs are allowed to perform IT Audit. Whilst an IT Engineer has to get qualified for CA first then he can perform financial audit. Well CISA/CISM/CISSP are professional certifications not a degree!!!!
@@cryptochanakya9839 where it is written that to perform IT AUDIT engineering is MUST..?? Give me any reference..
Everywhere ask is for certifications…
I haven’t said CISA is degree…
And no body gives you work if you don’t have relevant skills.. peoples are smarter then you, before giving job they will check your knowledge
@@sachin_hissaria Agree, Well that is the main concern where it is not regulated about this on an institutional levels. Well its always up to an individual to improve their skills but when it comes to compensation CA+CISA gets higher wages then an Eng.+CISA has to get. I just wanted to check your opinion in the context!
@@sachin_hissariaCould you please make a detailed video for ITAC, Business process controls?? Also one question- In change management what should be the next step if we identify that the develper had moved the chnge to production only? Like SOD conflict happens
I don't think so I am gonna pass this paper this time or pass any interview in future!! Somehow I start losing confidence whenever I plan to study for this paper....😥
Don’t give up brother, keep trying
Thank you for motivating me!@@sachin_hissaria