IT Audit Specialist

Job Description

Background

The Office of Audit and Investigations (OAI) reports to the Administrator and is responsible for internal audit and investigations services to UNDP and its affiliated entities. OAI provides independent, objective assurance on the effectiveness of risk management and the effectiveness and adequacy of internal controls. As part of its assurance work, OAI also supports the annual audit exercise of non-governmental/nationally implemented projects (HACT/NIM projects) in some 150 countries where UNDP operates.

OAI has a decentralized organizational structure with the Directorate, the Investigations Section, the ICT Audit Section (ICTAS), the Headquarters Audit Section and other units located at Headquarters and Regional Audit Centres located in the five regions covered by UNDP (Kuala Lumpur/Malaysia, Pretoria/South Africa, Dakar/Senegal, Panama City/Panama and Istanbul/Turkey). UNDP increasingly relies on information technology and systems (IT) to conduct its business. In response to the increasing mission critical nature of IT to the organization, OAI is strengthening its IT audit capacity.

ICTAS is staffed with a Chief (P-5 level), and three Audit Specialists (P-4 and P-3 levels). The workforce is at times supplemented with contract IT experts.

Position Purpose

The IT Audit Specialist reports to the Chief ICTAS (P5). The primary role of the IT Audit Specialist is to perform comprehensive information systems audits of corporate IT systems, to provide IT audit support to audit teams in OAI, to design and maintain IT systems that support the risk assessments and audit work performed by OAI audit teams, and, on occasions, to assist the Investigations Section of OAI in IT forensic services. At times, the IT Audit Specialist may be required to undertake audit assignments in areas with hardship or hazardous working conditions.

The ICT Audit Section (ICTAS) covers corporate ICT portfolio. The primary role of the IT Audit Specialist is to perform internal audits of ICT systems and to lead in the development of audit tools used by auditors and investigators.

UNDP adopts a portfolio approach to accommodate changing business needs and leverage linkages across interventions to achieve its strategic goals. Therefore, UNDP personnel are expected to work across units, functions, teams, and projects in multidisciplinary teams to enhance and enable horizontal collaboration.

Key Duties and Responsibilities

Ensure Effective General Management
•  Leads the development and maintenance of audit tools including dash boards, artificial intelligence and machine language tools used by auditors and investigators.
•  As a team leader, assumes responsibility and accountability for achieving the objectives of IT audits. This involves:
•  preparation of risk-based audit plans/programmes focusing on IT systems and controls
•  conduct of audit field work
•  preparation and review of working papers
•  preparation of exit meeting notes
•  preparation of draft audit reports, incorporating input from other team membersAssesses the team members' performance in a participatory manner and documents lessons learned
•  Provides direction and guidance to, and coaches team members ensuring effective team functioning.
•  Presents audit results to management.
•  Monitors the status of audit recommendations and appraises adequacy of action taken on audit recommendations.
•  Manages and supervises the services of IT experts occasionally hired by OAI to assist in audits or investigations.
•  Contributes to the development of the ICTAS workplan following a comprehensive risk assessment.
•  Acts as OIC for the ICT Audit Section when necessary. Provision of Effective Client Services
•  Under the overall supervision of the Chief (P5), design and maintain IT systems that support the risk assessment and audit work performed by audit teams in OAI.
•  As a team leader or as a member of an audit team, conducts specific elements of the assignment focusing on IT systems and controls in accordance with the International Standards for Internal Auditing and OAI policies and standard operating procedures.
•  Assesses the adequacy and effectiveness of IT systems, IT controls and risk management.
•  Documents IT-related findings and communicates orally and/or in writing to the business units on their compliance, performance and potential for improvement.
•  Recommends actions to address shortcomings identified, strengthen internal controls and improve business processes.
•  Under the overall supervision of the Chief (P5), conducts special assignments including management reviews, consulting assignments, special audits, and training workshops.
•  Undertakes occasional missions to UNDP offices away from Headquarters, including to areas with hazardous working conditions. Perform other activities as required by the Chief or OAI Director /Deputy Director and facilitate knowledge management
•  Contributes to the ongoing development of professional practices within OAI.
•  Participates in the implementation of his/her personal learning and training development plan.
•  Proposes IT solutions that improve the efficiency and effectiveness of audit activities in OAI.
•  Performs other assignments or tasks as determined by the Chief (P5) or OAI Director and Deputy Director. The incumbent performs other duties within their functional profile as deemed necessary for the efficient functioning of the Office and the Organization.

Competencies

Core competencies:

Achieve Results
•  Set and align challenging, achievable objectives for multiple projects, have lasting impact. Think Innovatively
•  Proactively mitigate potential risks, develop new ideas to solve complex problems. Learn Continuously
•  Create and act on opportunities to expand horizons, diversify experiences. Adapt with Agility
•  Proactively initiate and champion change, manage multiple competing demands. Act with Determination
•  Think beyond immediate task/barriers and take action to achieve greater results. Engage and Partner
•  Political savvy, navigate complex landscape, champion inter-agency collaboration. Enable Diversity and Inclusion
•  Appreciate benefits of diverse workforce and champion inclusivity. Cross-Functional & Technical competencies:

Business Direction and Strategy: System Thinking
•  Ability to use objective problem analysis and judgement to understand how interrelated elements coexist within an overall process or system, and to consider how altering one element can impact on other parts of the system. Business Direction and Strategy: Negotiation and influence
•  Ability to reach an understanding, persuade others, resolve points of difference, gain advantage in the outcome of dialogue, negotiate mutually acceptable solutions through compromise and creates win-win situations. Business Management: Portfolio Management
•  Ability to select, prioritize and control the organization's programmes and projects, in line with strategic objectives and capacity.
•  Ability to balance the implementation of change initiatives and the maintenance of business-as-usual, while optimizing return on investment. Audit & Investigation - Audit: Internal auditing standards, practices, and techniques
•  Knowledge of key notions and concepts, practices, and methodologies of internal auditing (IPPF and Other IIA Standards, COSO). Undertake audit assignments in accordance with international professional standards in respect of operational audits, financial audits, performance audits, project audits and provision of advisory services. Audit & Investigation - Audit: Critical creative and foresight applied to audit and investigations
•  Possess essential critical thinking and foresight capacity to analyse facts to form a judgment. Audit & Investigation - Audit: Performance key concepts and techniques
•  Ability to understand and use various concepts such as efficiency, effectiveness and economy. Audit & Investigation - Audit: Computer Assisted Audit Techniques (CAATs)
•  Proficiency in the use of CAATs (Computer Assisted Audit Tools) such as Electronic working paper software and ACL or IDEA. Required Skills and Experience

Education:
•  Advanced university degree in Computer Science, Accounting, Audit, Business Administration, Public Administration, Finance, or related field is required. OR
•  A first-level university degree (bachelor's degree) in the areas stated above in combination with an additional two years of qualifying experience will be given due consideration in lieu of the advanced university degree.
•  Certified Information Systems Auditor (CISA), or CISSP designation is required.
•  Professional certifications in IT systems and software (SSCP, ISO 27001 Lead Auditor, ISMS or equivalent) are an advantage. Experience:
•  A minimum of 7 years (with master's degree) or 9 years (with bachelor's degree) of professional experience in Information Technology (IT), several of which in IT audit, IT security or IT controls.
•  Working experience in cloud systems including Oracle Fusion Cloud, Microsoft SharePoint, Microsoft Azure or ServiceNow is required click apply for full job details