Full Job Description
OAI reports to the Administrator of UNDP and is responsible for internal audit and investigations services to UNDP and its affiliated entities. OAI provides independent, objective assurance on the effectiveness of risk management and the effectiveness and adequacy of internal controls.
OAI has a decentralized organisational structure with five Regional Audit Centres (RAC) located in Malaysia, Panama, Senegal, Turkey and South Africa. At the Headquarters level, OAI has the Investigations Section, the Headquarters Audit Section, the Special Advisory Services section, the Information and Communication Technology Audit Section (ICTAS), the Quality Assurance and Policy Unit and the Directorate.
Under the guidance and supervision of the Deputy Director (Audit), OAI, the Chief, ICTAS manages the ICT audit function of OAI. He/she (a) performs ICT audit risk assessments and maintains the ICT audit risk universe of UNDP up-to-date; (b) creates risk-based ICT audit plans in consultation with the relevant stakeholders and the OAI management team; (c) implements comprehensive ICT audits in compliance with relevant Professional Standards; (d) develops and maintains data analytics solutions that informs the work of OAI audit and investigations teams; and (e) manages and supervises the ICT audit services that are delivered by specialized ICT professionals or firms to OAI. He/she develops working relationships with management and stakeholders in order to improve ICT governance, risk management and controls and to promote the effectiveness and efficiency of operations. He/she supervises ICT Audit Specialists. The duties of Chief, ICTAS entail carrying out audit assignments in all UNDP duty stations which may include areas with hardship or hazardous working conditions.
Duties and Responsibilities
As a member of the OAI management team, contribute to new strategic initiatives, and to the continuous improvement of processes and methodologies.
As Chief of the ICTAS, effectively manages the human resources assigned, including; providing support to staff in the achievement of their career goals, ensuring appropriate learning, training and development, and actively participating in planning and assessing staff performance.
2) General accountabilities include:
Achieve the results and outputs for the section, as documented in OAI Annual Work Plan.
Establish and maintain effective quality control over the activities and outputs of the section, to ensure that they conform to professional practices and standards of OAI, the Institute of the Internal Audit and UNDP in general.
Manage within delegated authority, the human, financial and other resources of the section
As the lead for OAI ICT audit approach, perform ICT audit risk assessment as well as update the ICT audit risk universe and ICT audit-related Standard Operating Procedures.
Closely coordinate and consult with the Chiefs of audit units in OAI on ICT risks and related audit procedures in the field and at Headquarters.
Design an ICT audit approach that supports and make a strategic contribution to the evolving ICT needs of the organization.
As an ICT audit team leader, plan, organize, manage, undertake, report on and assume accountability for achieving the ICT audit objectives and results, in accordance with accepted auditing standards, guidance, and OAI internal policy guidelines.
Develop / implement / maintain a data analytics framework for OAI:
Promote use of data analytics within OAI as well as within other related units;
Manage the use of data analytics tools applied on data from Atlas, with quarterly updates of findings shared with OAI Directorate;
Liaise with other UN agencies re potential data analytics solutions.
Assess the team’s overall performance in a participatory manner. Provide direction, guidance to team members ensuring effective team functioning. Follow-up on the implementation status of audit recommendations, and, when applicable, advise the relevant supervisor of problem areas.
Supervise and provide technical guidance to the ICT Audit Specialist in charge of administering and maintaining audit-related software used by OAI staff. This includes a SharePoint-based electronic audit working paper system and a web-based database (developed in-house) for following up on audit reports and recommendations (both developed in-house).
Manage and supervise the services of ICT experts hired by OAI to assist in audits or investigations.
As the need arises, undertake missions to UNDP business units and affiliates’ offices around the world.
3) Strategic partnerships:
Coordinate with central UNDP IT and communication services to stay up-to-date on emerging ICT policies and systems and to exchange lessons learned on related area.
Contribute to ongoing development of professional practices within OAI and stays abreast of developments in the ICT audit field and the internal audit profession generally.
Formulate audit recommendations that strengthen ICT-related strategic thinking in UNDP emphasizing areas on governance, risk, security and corporate controls
4) Client Services:
Assess the adequacy and effectiveness of ICT-related governance, risk management, security and internal controls and compliance with policies and procedures.
Identify and convincingly communicate with clients, in writing and verbally, to draw attention to ICT-related risks, weaknesses and strengths and to facilitate decision-making.
Provide clients with advice on ICT-related governance, risk management, security, controls and other relevant areas. Document best practices for knowledge sharing.
Provide input and advice on UNDP initiatives in ICT-related systems and controls.
Support OAI management and staff on ICT audit matters. This would include (a) guidance on UNDP ICT policies, systems and controls; (b) guidance on ICT audit policies, procedures and standards, (c) building and/or running queries for data extraction; and (d) occasional ICT forensic services which could include digital data preservation and analysis, database examination and data recovery.
Conduct special assignments on an ad hoc basis including internal audits, management reviews, consulting assignments, and training workshops.
Contribute to and advise on corporate initiatives such as redesign of financial regulations and rules and ICT security policies, design of major automated systems or streamlining UNDP business processes.
5) Other activities:
Contribute to the ongoing development of professional practices within OAI.
Participate in the implementation of his/her personal learning and training development plan.
Lead and/or participate in special projects, supports and cooperates with other OAI and UNDP units, in order to facilitate matrix management, build organizational synergy, and productivity.
Provide timely and accurate input for OAI corporate reporting to the Administrator, Audit Advisory Committee, Oversight Group and Executive Board.
Perform any other tasks requested by the Director or Deputy Director.
Ability to make new and useful ideas work
Ability to persuade others to follow
Ability to improve performance and satisfaction
Ability to listen, adapt, persuade and transform
Ability to get things done
Learning and People Development:
Provide constructive coaching and feedback.
Acts as long-term mentor for others.
Acts on personal learning plan
Building & Sharing Knowledge:
Actively builds deep knowledge in one or more areas.
Makes valuable practice contributions.
Applies existing knowledge to work.
Provides advice & support to others
Motivates and coaches team members
Embraces extra responsibility
Build team morale & consensus
Demonstrates ability to perform and/or manage the following services, in accordance with professional standards:
ICT risk assessment
ICT audit universe
ICT forensic services
IT Technical competencies:
Strong knowledge of Windows operating system. Additional knowledge of Linux and/or Mac an advantage
Strong command of Microsoft office suite, including Power BI. Additional
knowledge of Tableau and/or other data visualization tools an advantage
Strong command of Standard Query Language (SQL)
Good knowledge of Enterprise Resource Planning systems.
Good knowledge of computer assisted audit techniques (ACL or IDEA) and systems for data analytics.
Knowledge of Microsoft SharePoint is desirable
Familiarity with electronic working paper software. Understanding of computer forensic tools such as EnCase, Forensic toolkit (FTK) and/or Autopsy is desirable
Required Skills and Experience
Advanced university degree in Computer Science, Accounting, Audit, Business Administration, Commerce or related field.
A first level degree in combination with a certification as Chartered Accountant or Certified Public Accountant may be accepted in lieu of an advanced degree.
Professional certification in IT systems and software is required such as certification in at least one of the following (CISA, SSCP, ISO 27001 Lead Auditor ISMS, or equivalent)
Additional professional certifications (ACCA, CPA, CIA, CFE) or in accounting are desirable.
A minimum of 10 years of professional experience in IT systems and controls several of which in IT audit or IT forensics..
Familiarity with accounting, internal audit or financial audit is required
Experience in auditing an environment that relies on an enterprise resource planning system is desirable.
Working experience in an International Organization is desirable
Fluency in English is required.
Knowledge of additional United Nations official languages is an advantage.
Important information for US Permanent Residents ('Green Card' holders)
Under US immigration law, acceptance of a staff position with UNDP, an international organization, may have significant implications for US Permanent Residents. UNDP advises applicants for all professional level posts that they must relinquish their US Permanent Resident status and accept a G-4 visa, or have submitted a valid application for US citizenship prior to commencement of employment.
UNDP is not in a position to provide advice or assistance on applying for US citizenship and therefore applicants are advised to seek the advice of competent immigration lawyers regarding any applications.
Applicant information about UNDP rosters
Note: UNDP reserves the right to select one or more candidates from this vacancy announcement. We may also retain applications and consider candidates applying to this post for other similar positions with UNDP at the same grade level and with similar job description, experience and educational requirements.
The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.