Vacancy Notice No. 2008/070
Position and Grade: IT Auditor (P-4)
Organizational Unit: Internal Audit Section
Office of Internal Oversight Services
Offices reporting to the Director General
Duty Station: Vienna, Austria
Issue Date: 26 August 2008
Application Deadline: 9 October 2008
Type/Duration of Appointment: Fixed term, 3 years (subject to a probationary period of 1 year)

Organizational Setting
The Office of Internal Oversight Services (OIOS) was established to strengthen the IAEA in areas related to management efficiency, programme effectiveness and accountability. OIOS comprises four major functional areas: programme evaluation, management services, internal audit and investigation. The Director of OIOS reports directly to the Director General.

The Internal Audit function provides independent and objective assessments of the adequacy and effectiveness of the internal controls, risk management and governance processes. Internal audit recommendations are aimed to add value by enhancing the IAEA's operations, promoting transparency and accountability.

The Internal Audit Section is assigned the function of internal audit. It is headed by a Section Head who reports to the Director of OIOS. The IT Auditor reports to the Head of internal Audit. The working environment is structured according to an annual work plan, and work is carried out in accordance with the OIOS Charter and the Internal Audit Manual.

Main purpose
The IT Auditor conducts information technology (IT) audit by applying professional standards (CoBiT - Control Objectives for Information and Related Technology) and regular audit assignments in accordance with the Internal Audit Manual in order to provide IAEA managers with objective, analytical reports, and provides constructive advice on professional standards and industry best practices for internal controls.

Role
The IT Auditor is an evaluator, risk assessor and adviser, responsible for planning and conducting 4-5 audit assignments per year of medium and high level complexity.

Partnerships
In the course of audits, the incumbent works with all levels of staff, generally up to the level of Section Heads, in: planning audit assignments; developing work procedures; applying rules, regulations and procedures; and formulating audit findings and recommendations. In the presentation of audit findings and recommendations to higher level management (Directors and above), after clearance from the supervisor, the incumbent usually provides support to the Head of the Internal Audit Section. Additionally, the IT Auditor shares best practices and experience with counterparts in other UN organizations, as necessary.

Functions / Key Results Expected
Prepare and implement a risk-based audit plan and programme with the following objectives:
  • Assess risks that could threaten the achievement of the programme objectives and determine whether adequate and appropriate controls have been established to mitigate the identified risk;
  • Assess the degree of compliance with IAEA regulations, rules and policies;
  • Determine whether the IAEA's assets are protected from misuse, theft and loss and that information resources are protected from unauthorized access, risk of loss and damage;
  • Assess management practices and verify that resources are used for efficient and effective implementation of the programme and activities;
  • Recommend appropriate remedial actions to address any risk to ensure relevant compliance and to improve the efficient and effective management of IAEA resources. These recommendations should focus on the adoption of management best practices.

Knowledge, Skills and Abilities
  • Ability to understand and assess the area under audit; to analyse the audit data for appropriateness and accuracy; to judge the adequacy of internal controls; and to evaluate the effectiveness and efficiency of the procedures under audit.
  • Vigilance to assess and report control and procedural weaknesses.
  • Awareness of the risk of fraud, mismanagement, waste and loss. Vigilance and ability to recognize these risks and alert the Head of the Internal Audit Section to them.
  • Ability to present audit findings orally and in a written report. Ability to assess the procedures and operations under audit as and when they are reviewed. The assessments made are reported with conclusions and recommendations for improvement and/or for changes in policies or procedures.
  • Capacity to identify and propose organizational or procedural changes in IT security and internal control management that can have a significant impact on the operations under audit and may result in preventing or reducing risk of losses or damages to the IAEA.
  • Good knowledge of up-to-date IT security risk and prevention measures promulgated by the relevant professional institutions and groups.
  • Familiarity with appropriate penetration testing techniques, vulnerability assessment, data mining, IT infrastructure and requirement measures for business continuity and disaster recovery desirable.
  • Knowledge of interview techniques, presentation techniques and strong ability to communicate effectively with clients on audit issues.
  • Strong interpersonal skills, the ability to self-manage, as well as analytical, effective communication, team leadership and strategic management skills.
  • Excellent verbal and writing skills.

Education, Experience and Language Skills
  • Advanced university degree in accounting, public administration, finance or IT or other relevant fields.
  • Minimum seven years of IT audit experience at the national and international levels.
  • Certification in one or more of the following areas is desirable: Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).
  • Familiarity and audit experience in an environment where an enterprise resource planning (ERP) system is implemented is desirable.
  • Fluency in written and spoken English essential. Working knowledge of other official IAEA languages (Arabic, Chinese, French, Russian or Spanish) and German is desirable.

Remuneration
The Agency offers an attractive remuneration package including a tax-free annual net base salary starting at US $63 052 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $44 199*, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave, pension plan and health insurance.

How to apply to the IAEA

* Subject to change without notice

Applications from qualified women and candidates from developing countries are encouraged

Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process.