This is a SOX related question. SOX compliance is critical for publicly traded companies because controls are constantly evolving as the company grows and change.
If you have no experience with this, be honest and use your ability to learn quickly and adapt well to change. Mention how compliance changed drastically after ENRON and WorldCom.
If you have experience, then describe the exact change that occurred unless you're prohibited from revealing details due to an NDA agreement.
"At my previous company, we grew too quickly and had a lot of controls created that partially hit a lot of different issues at the time. As the company got better at handling the bigger client load, confidential data, and money coming in, we were able to adjust or reword a lot of controls that made others redundant. When I first started, there were at least ten different controls that all dealt with terminations. After reviewing them, we assembled a team to tackle the controls and limit them for less confusion. After that team devised only three controls to cover all terminations, we retrained the staff in proper control methods and how to successfully audit them."
"As a recent college grad, I haven't had the privilege of updating the controls myself but in my current position, the company I work for just changed a few controls. I can't go into much detail because of the NDA I signed, but we've streamlined the process of training people on the active controls to ensure that the most up-to-date controls are followed, and also gave a detailed explanation to the auditors about the transition to new controls to eliminate questions."
"In my last position, I was the senior Information Security Officer, which meant I oversaw all the internal controls for information security to include finance and IT fields. As our company went through some changes, it became apparent there were holes in our internal controls that had allowed someone to approve a vendor, input the vendor, and approve the invoice for payment. This is a clear SOD issue so we immediately went into action and created a compensating control to disallow that feature. We avoided the possibility that someone could commit fraud by doing so, and the controls have been in place now for ten years with no deficiencies since the controls were placed."