Internal Audit Manager (Outsourced and Co-sourced Internal Audit Services), P-4, TA, Office of Internal Audit and Investigations (OIAI), Nairobi, Kenya #129074 [364 days]

UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential.

Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone.

And we never give up.

For every child, hope

The Office of Internal Audit and Investigations (OIAI) provides independent and objective assurance and advisory services designed to add value and improve the operations of UNICEF. It helps UNICEF accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management and control processes. OIAI’s annual work plan covers a wide range of UNICEF’s activities implemented at Headquarters and field locations throughout the world.

To learn more about our work, please follow this link.

How can you make a difference?

The purpose of the Manager of Out/Co-source Internal Audit Services to facilitate, oversee, and coordinate implementation of the Information Communication and Technology (ICT) audit strategy, assess ICT risks and controls across UNICEF’s ICT landscape, and manage the execution of ICT audit engagements.

Key Accountabilities

1. ICT Audit Strategy and Plan:

          Under the supervision and guidance of Chief Audit, the Manager of Out/Co-source Internal Audit Services will:

• Develop and update OIAI’s ICT audit strategy and plan, ensuring that these focus on significant risks and there is strong business case for the Deputy/Director of OIAI to identify and allocate the require resources to execute the plan and strategy.
• Develop and maintain a pool/roster of subject matter experts (both external and internal to UNICEF) to support the execution of OIAI ICT audit strategy and plan.
• Develop tools and guidance that would be used by OIAI staff to assess ICT-related risks of their respective engagements as well as obtain adequate assurance on the design adequacy and operating effectiveness of ICT controls.
• Manage ICT audits in highly technical areas of current/emerging technologies, including artificial intelligence, technology for development initiatives, various cloud environments, IT service operation, IT infrastructure, cybersecurity, privacy, and related processes.

2. Vendor Selection:

           Under the supervision and guidance of Chief Audit, the Manager of Out/Co-source Internal Audit Services will:

• Develop Terms of Reference (ToR) or tasks orders that would be used to hire subject matter experts.
• Obtain and process OIAI staff input pertaining to ToRs.
• Promptly process Supply Division’s queries on ToRs that OIAI provides to them.
• Work closely with OIAI Administrative Unit to ensure ToRs are promptly provided to the Supply Division and the Supply Division promptly issues requests for proposals (RFPs) accurately reflecting contents of the ToRs.
• Promptly process and address queries from potential vendors in respect of the RFP.
• Lead technical evaluations of bids, develop drafts of technical evaluation reports, process inputs from evaluation team members and provide the report to the Supply Division.
• Based on the results of technical and financial evaluations of bids, advice the Deputy/Director of OIAI on the suitable vendors to select.
• Work with the Supply Division and the Legal Office to process waivers requests and amicably resolve matters raised by potential awardees in respect of any general terms and conditions of UNICEF contracts.

3. Engagement and Vendor Management

           The Manager of Out/Co-source Internal Audit Services will facilitate, oversee, and coordinate execution of ICT engagements by consultants hired by OIAI,                 ensuring that:

• The consultants are adequately briefed about relevant UNICEF structures, strategic objectives and priorities, initiatives, operations, etc. before they direct begin to directly engage auditees to manage risk of audit fatigue and build rapport and increase the likelihood of a productive working relationship with the auditee.
• The consultants have prompt access to relevant auditees’ staff, documents, and systems.
• UNICEF-unique contexts are accurately considered in planning, executing, and reporting in respect of the out/co-sourced engagement.
• Relevant OIAI standards and procedures and/or relevant professional standards are adhered to.
• Auditees and OIAI’s views are appropriately reflected in the planning, execution and reporting in respect of the out/co-sourced engagement.
• The consultant’s engagement scope, objectives are aligned with the relevant ToR or task order and proposed methodology and approach support achievement of the engagement objectives.
• The consultant maintains accurate records of meetings and other interactions with auditee by participating in key meetings that they have with auditees.
• Milestones in the engagement plan approved by OIAI are effectively monitored to increase scope for their achievement.
• OIAI reporting format and templates are utilized.
• The performance of the consultants is effectively monitored and evaluated in compliance with relevant UNICEF policies and procedures.

4. Engagement Workpapers and Monitoring of Actions

           The Manager of Out/Co-source Internal Audit Services will ensure:

• Working papers of the consultants are uploaded in OIAI Audit Management System, TeamMate+ and cross-referenced to engagement report.
• Agreed actions and recommendations are accurately recorded in OIAI Audit Management System, TeamMate+.
• Implementation of agreed actions and recommendations are promptly monitored, evidence of implementation provided by auditees is evaluated and OIAI Audit Management System, TeamMate+ is promptly and accurately updated in respect of the implementation status of the recommendations. 

5. Innovation, Knowledge Management and Capacity Development

• Contribute to OIAI’s risk-based work planning activities, development of professional internal audit policies, procedures, and change initiatives.
• Participate in professional development activities, and other activities as required.

 To qualify as an advocate for every child you will have…

• • An advanced university degree (Master’s degree or equivalent) in business administration, finance, economics, accounting, risk management, information technology, or another related field is required. Certification as a Certified Internal Auditor (CIA), Certified Public Accountant (CPA), Chartered Accountant (CA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP) or equivalent may be accepted in lieu of an advanced university degree.
  • At least eight years of progressively responsible relevant professional experience in internal, external auditing, ICT auditing, or managing the development, rollout, and support of ICT services is required.
  • Fluency in English is required. A working knowledge of another UN language is an advantage.
  • Ability to navigate through a complex ICT landscape and assess key ICT risks is required.
  • Experience in developing and executing ICT audit strategy is required.
  • Good relationship management skills – managing relationships with vendors is required.
  • Broad based ICT audit technical skill sets is required (e.g., IT Governance, staffing and operational structure, software development and deployment, artificial intelligence, technology for development initiatives, good knowledge of cloud environments such as Azure or AWS, IT service operations, Response and Recovery mechanisms, IT infrastructure, cybersecurity, privacy, and related processes.)
  • Good knowledge of commonly used ICT audit frameworks and methodologies (e.g., COBIT, NIST, ISO 27001, ITIL etc.) is required.
  • High level of proficiency and good experience in managing ICT audits and assessing ICT risks is required.
  • Good experience managing ICT audit consultants, vendors and staff is required.
  • Experience in managing the development, rollout, and support of ICT services is desirable.
  • IT project management experience is an asset.
  • Relevant ICT experience obtained by working in development financial institutions and/or the United Nations System is highly desirable.

For every Child, you demonstrate…

UNICEF’s Values of Care, Respect, Integrity, Trust and Accountability and Sustainability (CRITAS).

UNICEF competencies required for these posts are…

1. Builds and maintains partnerships (level 1)
2. Demonstrates self-awareness and ethical awareness (level 1)
3. Drive to achieve results for impact (level 1)
4. Innovates and embraces change (level 1)
5. Manages ambiguity and complexity (level 1)
6. Thinks and acts strategically (level1)
7. Works collaboratively with others (level 1)

During the recruitment process, we test candidates following the competency framework. Familiarize yourself with our competency framework and its different levels. Click here to learn more about UNICEF’s values and competencies.

UNICEF is here to serve the world’s most disadvantaged children and our global workforce must reflect the diversity of those children. The UNICEF family is committed to include everyone, irrespective of their race/ethnicity, age, disability, gender identity, sexual orientation, religion, nationality, socio-economic background, or any other personal characteristic. We offer a wide range of benefits to our staff, including paid parental leave, breastfeeding breaks and reasonable accommodation for persons with disabilities. UNICEF strongly encourages the use of flexible working arrangements.

UNICEF has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and UNICEF, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination. UNICEF is committed to promote the protection and safeguarding of all children. All selected candidates will, therefore, undergo rigorous reference and background checks, and will be expected to adhere to these standards and principles. Background checks will include the verification of academic credential(s) and employment history. Selected candidates may be required to provide additional information to conduct a background check.

Remarks:

UNICEF’s active commitment towards diversity and inclusion is critical to deliver the best results for children.

UNICEF appointments are subject to medical clearance.  Issuance of a visa by the host country of the duty station, which will be facilitated by UNICEF, is required for IP positions. Appointments are also subject to inoculation (vaccination) requirements, including against SARS-CoV-2 (Covid). Government employees that are considered for employment with UNICEF are normally required to resign from their government before taking up an assignment with UNICEF. UNICEF reserves the right to withdraw an offer of appointment, without compensation, if a visa or medical clearance is not obtained, or necessary inoculation requirements are not met, within a reasonable period for any reason.

Only shortlisted candidates will be contacted and advance to the next stage of the selection process.