1. Walk me through how you would assess a client’s overall risk management framework. What components would you review, and how would you structure your assessment?
2. A financial-services client is concerned that their internal controls over key processes are not effective. How would you plan and execute a controls review or SOX-style testing engagement?
3. Describe a time you worked on a project with incomplete, unstructured, or conflicting data. How did you ensure your analysis was still reliable and defensible?
4. How do regulatory expectations in Canada (e.g., OSFI guidelines, Basel concepts, IFRS, SOX if applicable) influence risk and control design for financial institutions? Give a concrete example.
5. If you identified a significant control weakness or emerging risk during fieldwork — and the client pushed back — how would you communicate the finding and manage the relationship?
6. Imagine a client has multiple risk reports across business units that are inconsistent and not comparable. How would you approach redesigning a standardized risk reporting framework?