EY Technology Risk Consultant Interview (TECHNICAL QUESTIONS)
Single-Sign On
- A method of authenticating that allows users to log in to multiple applications and systems using a single set of credentials, such as a username and password. - Commonly used in enterprise environments to provide employees with seamless access to a range of business applications and systems.
What is Artificial Intelligence and the risk of Ai?
- AI refers to the ability of machines and computer systems to perform tasks that would typically require human intelligence, such as problem-solving, decision-making, and natural language processing. AI technologies include machine learning and robotics - Risk of AI: - Job displacements because jobs are being replaced, - Privacy and security because AI can analyze personal data, - Unethical use of AI in the wrong hands
Types of IT General Controls
- Access Controls: These controls ensure that only authorized users can access IT systems and applications, and that access rights are granted based on a need-to-know basis. - Change Management Controls: These controls ensure that changes to IT systems and applications are authorized, tested, and implemented in a controlled and documented manner. - Incident Management Controls: These controls ensure that incidents and security breaches are identified, reported, and responded to in a timely and effective manner. - Backup and Recovery Controls: These controls ensure that data is backed up regularly, and that recovery processes are in place in case of system failures or disasters.
What is segregation of duties and why is it important?
- An internal control that involves dividing responsibilities for a process or transaction among multiple people to reduce the risk of fraud or errors. - Ensures the integrity and reliability of financial reportings
What are external audits?
- External audits are independent assessments of a company's financial statements/operations to ensure they are reliable, unbiased by an external auditor. - Figures out if compliance with Generally Accepted Accounting Principles and regulations. After done, they provide information to investors and lenders so they can access the financial health of the company
Why Risk Advisory?
- I have always been intrigued in risk management and helping corporations identify the potential risks and pitfalls that could occur in the foreseeable future - I have experience as a consulting extern at PwC and was able to professionally interact with clients in order to look for areas of improvements while analyzing their investment landscapes using consulting and risk frameworks. - The client had an app and I helped assess the potential risks of the app as it pertains to the user experience and making sure there are backup and recovery controls on the app
What is the audit process and what is the end goal?
- The audit process is the systematic examination financial statements, accounting records, and internal controls. - The end goal of an audit is to provide an opinion on the accuracy and reliability of the financial statements and to identify any material weaknesses or deficiencies in the company's accounting practices or internal controls
What are the types of cloud and the risk of cloud?
- The types of cloud: Private, Public, Community, and Hybrid - Risk: The disclosure of information accessed to an unauthorized party (Data Breaches, Data Loss, Data Leakage)
Case Study Method
1. Understand the problem: 2. Assess the risk: 3. Identify the ROOT CAUSE: 4. Develop a plan of action: Ensure that the plan of action addresses both short-term and long-term solutions. 5. Communicate the plan:
Technology in the financial industry?
Benefits such as improved security, speed, convenience, coverage, and customer experience. Ex. Digital Banking and cryptocurrency
What is your experience with IT General Controls?
I have done research on IT General Controls and always practice the Back Up and Recovery Controls on my Iphone - As a PwC Consulting Extern, I used risk frameworks to ensure that the client I was paired with had necessary Backup and Recovery controls in case of a system failure
Risk Strategy and Assessment
Organizations grow and generate value through a series of strategic business decisions — decisions that require taking risks. Identifying, managing and responding to these risks well position an organization to grow and remain successful.
Can you please tell me about IT general controls?
Provide a great foundation and framework for IT systems and operations to have access to data that is accurate and reliable. Helps protect against potential risk such as data loss, data breaches, and unauthorized access to data. This helps companies and organizations make well-informed decisions in order to maximize profit and generate value.
Use SWOT analysis for Case Studies
Strengths Weaknesses Opportunities Threats
