Auditor Interview Questions & Answers

Sample Answer

During an inventory audit at a manufacturing client, I identified that slow-moving inventory worth $3.2M wasn't being written down per their policy. Management argued the items were still sellable. I pulled sales data for the past 24 months showing zero movement, compared their aging categories to industry standards, and referenced ASC 330 guidance on NRV measurement. I presented my analysis in a meeting with the controller and CFO, walking through each data point. They acknowledged the issue and agreed to a $2.4M write-down. The key was having irrefutable data -- not just citing the standard, but showing them their own data pointed to the same conclusion.

Sample Answer

A client's accounts receivable had a large balance from a related party with unusual terms -- no interest, no maturity date. Management called it a 'working capital advance.' I asked for supporting documentation: board approval, a formal agreement, and evidence of repayment ability. Management was annoyed and said it was 'just how they do business.' I persisted, and when I finally received the related party's financials, they showed negative net worth and no ability to repay. This was effectively a disguised dividend, not a receivable. We reclassified it and the finding became a significant deficiency in internal controls. If I'd accepted the initial explanation, we'd have missed a material misstatement.

Sample Answer

Our team was spending 120 hours annually on substantive testing of accounts payable by manually vouching a sample of invoices. I analyzed three years of AP data and found that 92% of transactions by volume (though only 40% by dollar value) were below $5,000 and had a near-zero error rate historically. I proposed a risk-based approach: full substantive testing on transactions above $5,000 and analytical procedures for the rest, supplemented by automated three-way match testing using ACL. The partner approved. We reduced AP testing hours from 120 to 55 while actually increasing coverage of high-risk items. The approach was adopted across 6 similar engagements in our practice.

Sample Answer

I was assigned to a client whose controller openly resented the audit process and was unresponsive to information requests. Instead of escalating immediately, I scheduled a 30-minute meeting to understand her priorities and pain points. She was frustrated because previous audit teams sent disorganized request lists with vague descriptions. I restructured our information request into a detailed tracker with specific descriptions, file format preferences, and realistic deadlines. I also offered to pull certain items directly from their system rather than asking her team to prepare exports. Response time improved from 2 weeks to 3 days. By the end of the engagement, she told the partner it was the smoothest audit she'd experienced.

Sample Answer

Audit risk equals inherent risk times control risk times detection risk. Inherent risk is the susceptibility of an assertion to material misstatement absent controls -- complex transactions like derivatives have higher inherent risk than simple cash accounts. Control risk is the risk that the client's internal controls fail to prevent or detect a misstatement. Detection risk is the risk that our audit procedures fail to detect a material misstatement. We control detection risk through the nature, timing, and extent of our procedures. In practice, I assess inherent and control risk at the assertion level for each significant account. Where inherent and control risks are high, I set detection risk low, meaning more extensive substantive testing: larger sample sizes, more detailed analytical procedures, and testing closer to year-end. This risk-based approach focuses audit effort where misstatements are most likely.

Sample Answer

Materiality is the threshold above which a misstatement could influence the economic decisions of financial statement users. I determine it using a benchmark appropriate to the entity: typically 1-2% of total revenue, 5% of pre-tax income, or 1% of total assets. The choice depends on what metric users focus on. For a loss-making company, I'd use revenue or assets rather than income. I also set performance materiality -- typically 50-75% of overall materiality -- which is the amount used to plan testing for individual accounts. This provides a buffer to account for undetected misstatements. Trivially small misstatements below the clearly trivial threshold are not accumulated. Materiality is a judgment, not a formula -- I consider both quantitative size and qualitative factors like whether a misstatement masks a trend or violates a covenant.

Sample Answer

These are three severity levels of internal control deficiencies. A deficiency exists when a control is designed or operating ineffectively, but the likelihood and magnitude of a potential misstatement are low. A significant deficiency is more severe -- it's a deficiency or combination of deficiencies that is less severe than a material weakness but important enough to merit attention by those charged with governance. A material weakness is a deficiency, or combination of deficiencies, such that there is a reasonable possibility that a material misstatement won't be prevented or detected on a timely basis. Material weaknesses must be disclosed in the audit report and the company's annual filing. The distinction matters enormously: a material weakness in a public company triggers SOX reporting requirements and can affect stock price and regulatory scrutiny.

Sample Answer

I select the controls to test based on my risk assessment -- key controls that address significant risks get tested. For each control, I determine the nature of testing: inquiry alone is insufficient; I combine it with observation, inspection, or reperformance. I set sample sizes based on the frequency of the control: annual controls require testing of the single occurrence, monthly controls need a sample of several months, daily controls require larger samples (typically 25-60 items depending on the standard). I evaluate each deviation: is it an isolated instance or evidence of a systematic breakdown? I consider compensating controls if a key control fails. Testing timing matters too -- for SOX audits, I need evidence that controls operated effectively throughout the reporting period, not just at year-end. I document my conclusion on operating effectiveness for each control tested.

Sample Answer

I follow a precise protocol. First, I do not confront management directly -- that could cause evidence destruction. I immediately inform the engagement partner, who has the authority to determine next steps. We expand our procedures to understand the scope: additional testing, forensic analysis of journal entries, review of related party transactions. We communicate with those charged with governance (the audit committee) -- our obligation is to them, not management, when fraud is suspected. We assess the impact on our audit opinion and consider whether we can continue the engagement. We may need to consult with legal counsel about our reporting obligations, including potential SAR filings for financial institutions. Every step is documented meticulously. Professional standards (AS 2401, SAS 99) provide specific guidance for responding to identified fraud risk factors.

Sample Answer

A verbal waiver is insufficient for audit evidence. I'd request written documentation of the waiver from the lender, not from management -- management can tell me they have a waiver, but I need third-party confirmation. Without a written waiver, the covenant violation must be disclosed in the financial statements, and the debt may need to be reclassified as current since the lender could technically demand repayment. I'd discuss the disclosure and classification requirements with management, referencing ASC 470-10. If management resists, I escalate to the engagement partner. This is a common scenario where management pressure conflicts with accurate financial reporting -- the audit opinion depends on proper classification and disclosure regardless of what management believes the lender's intentions are.

Sample Answer

I'd have a direct, private conversation to understand what's causing the delay. Is it a knowledge gap, unclear expectations, or a scope issue I underestimated? I'd review their work in progress to assess quality -- sometimes slowness means thoroughness, which is better than fast and wrong. If it's a knowledge gap, I'd spend time coaching them through the methodology for one section, then let them apply it independently to the rest. If expectations were unclear, that's on me as the senior, and I'd provide more structured guidance. I'd adjust the engagement timeline if needed and communicate any deadline risk to the manager early -- not the day before the deadline. Developing junior team members is part of the job, and it's more efficient to invest in training than to redo their work.

Sample Answer

This is an independence and objectivity concern that I'd flag immediately to the engagement partner and the firm's independence team. I'd document the control weakness objectively, just as I would for any client. My audit opinion cannot be influenced by the firm's consulting relationship -- that would violate independence requirements under PCAOB and SEC rules. The engagement partner would need to assess whether the consulting engagement created or contributed to the control weakness, which could create a self-review threat to independence. If there's a genuine independence issue, the firm may need to bring in a different team to evaluate the specific area, or in extreme cases, consider the impact on our ability to continue as auditors. I'd document my findings without any reference to the consulting relationship and let the independence team handle the conflict assessment.