This position is located in the Internal Audit Division (IAD), Office of Internal Oversight Services (OIOS) in New York. Assignments are undertaken in the area of information technology and operations. The auditor reports to the Chief, ICT Audit Section.
The Office of Internal Oversight Services is the internal oversight body of the United Nations (UN) and assists the Secretary-General in fulfilling his oversight responsibilities in respect of the resources and staff of the Organization through the provision of audit, investigation, inspection and evaluation services.
The Auditor will be responsible for the following duties:
•Lead audits/special reviews pertaining to large and complex information and communications technology (ICT) environments
•Assess client business processes, information systems and internal controls, and perform advanced data analytics using technology-based audit techniques
•Identify and allocate tasks, coordinate/monitor work, control audit/assignment resources, consolidate results, etc.
•Prepare risk-based audits/reviews, plan/programme in accordance with OIOS standards
•Supervise and coach staff throughout the audit/review to ensure conformity with OIOS standards in all the phases of the audit process
•Empower and challenge more junior staff to actively participate in the management of the audit/review
•Document, evaluate and test systems and controls to determine their adequacy and effectiveness, ensuring: (i) compliance with policies and procedures; (ii) accomplishment of management's objectives; (iii) reliability and integrity of information; (iv) economical use of resources; and (v) safeguarding of assets
•Prepare working papers for review by the Chief of Section
•Develop and discuss findings, agree on recommendations and timelines for corrective action with responsible officer of operations audited, and monitor the implementation status of
•Draft audit/assignment reports for Organization-wide consumption, including senior management and the General Assembly
•Prepare presentations using available technology tools (e.g., PowerPoint)
•Make presentations of audit results to senior management of IAD and senior management of the operation audited
•Monitor the status of audit recommendations
•Appraise adequacy of follow-up action taken on audit findings and recommendations
•Maintain and update audit programmes
•Monitor information standards and guidelines, including test paradigms
•Keep abreast of emerging technologies in ICT and develop audit plans and tests to evaluate the related risks pertaining to the application of such technologies
•Participate in the preparation of the audit workplan
•Identify training needs, develop training programmes and materials, and conduct workshops with respect to auditing approaches and techniques
•Evaluate staff performance; perform management review of work performed by assistant auditors, prior to the review by the Chief of Section
•Perform other related duties as determined by the Chief of Section
Professionalism: Exercises due professional care by considering the: extent of work needed to achieve the audit plan; relative complexity, materiality, or significance of matters to which assurance procedures are applied; adequacy and effectiveness of risk management, control, and governance processes, probability of significant errors, irregularities, or non-compliance; and cost of assurance in relation to potential benefits. Ability to identify issues, formulate opinions and present conclusions and recommendations. Demonstrates professional competence and has the knowledge of auditing standards and practices, risk assessment, and applicable financial rules and procedures. Is alert to significant risks that might affect objectives, operations, or resources. Has knowledge of specialized IT audit applications, such as IDEA, ACL, and TeamMate. Shows pride in work and in achievements; is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work.
Communication: Speaks and writes clearly and effectively; listens to others, correctly interprets messages from others and responds appropriately; asks questions to clarify, and exhibits interest in having two-way communication; tailors language, tone, style and format to match audience; demonstrates openness in sharing information and keeping people informed.
Teamwork: Works collaboratively with colleagues to achieve Organizational goals; solicits input by genuinely valuing others’ ideas and expertise; is willing to learn from others; places team agenda before personal agenda; supports and acts in accordance with final group decision, even when such decisions may not entirely reflect own position; shares credit for team accomplishments and accepts joint responsibility for team shortcomings.
Education: Advanced university degree (Master's degree or equivalent) in business administration, finance, accounting, information systems, or related field. A first-level university degree in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree. Certification as a Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), Chartered Accountant (CA), Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE), or Certified Information Systems Security Professional (CISSP) equivalent is desirable.
A minimum of seven years of progressively responsible professional experience in audit, finance, accounting, administration, statistics, computer science, or related area is required.
Experience in ICT auditing, including hands-on experience in auditing ERP systems, ICT operations, cloud computing and cybersecurity, is required.
Experience in data analytics, developing queries/scripts, and using various data analytics software and visualization tools, such as SQL, Python, and Power BI, is required.
Experience in using vulnerability assessment tools, such as Nessus and Nmap, is desirable.
English and French are the working languages of the United Nations Secretariat. For this post, fluency in English is required. Knowledge of another official language of the United Nations is desirable.
Evaluation of qualified applicants may include an assessment exercise and a competency based interview.
This post is financed by the Support Account for Peacekeeping Operations. Appointment or assignment against this position is for an initial period of one year. The appointment, or assignment, and renewal thereof are subject to the availability of the post or funds, budgetary approval, or extension of the mandate.
The United Nations Secretariat is committed to achieving 50/50 gender balance in its staff. Female candidates are strongly encouraged to apply for this position. Staff members appointed to the current position are required to submit a financial disclosure statement upon assignment or appointment and annually thereafter.
Staff members are subject to the authority of the Secretary-General and to assignment by him or her. In this context, all staff are expected to move periodically to new functions in their careers in accordance with established rules and procedures.
At the United Nations, the paramount consideration in the recruitment and employment of staff is the necessity of securing the highest standards of efficiency, competence and integrity, with due regard to geographic diversity. All employment decisions are made on the basis of qualifications and organizational needs. The United Nations is committed to creating a diverse and inclusive environment of mutual respect. The United Nations recruits and employs staff regardless of gender identity, sexual orientation, race, religious, cultural and ethnic backgrounds or disabilities. Reasonable accommodation for applicants with disabilities may be provided to support participation in the recruitment process when requested and indicated in the application.