KENYA NATIONAL BUREAU OF STATISTICS P.O.BOX 30266-00100 NAIROBI TENDER NO. KNBS/EOI/37/2015-2016 EXPRESSION OF INTEREST FOR PROVISION OF INFORMATION SYSTEMS AUDIT SERVICES E-mail: procurement@knbs.or.ke Web site: http://www.knbs.or.ke JANUARY, 2015 1
TERMS OF REFERENCE (TOR) 1. BACKGROUND Details about the organization Services and products The Statistics Act 2006 specifically mandates KNBS to; 1. Act as the principal agency of the government for collecting, analysing and disseminating statistical data in Kenya 2. Act as custodian of official statistics. 3. Conduct the Population and Housing Census every ten years, and such other censuses and surveys as the Board may determine; 4. Maintain a comprehensive and reliable national socio-economic database 5. Establish standards and promote the use of best practices and methods in the production and dissemination of statistical information across the NSS; and 6. Plan, authorize, coordinate and supervise all official statistical programmes undertaken within the national statistical system. Presence locations, branches KNBS has its head quarter in Herufi House and other offices in Nyayo and Bima House. It also has offices in all 47 Counties in the Country. ICT infrastructure overview The organization has a wide area network that links the above locations. The network runs on Office /Windows 2008 network operating system and supports approximately 478 users. The organization has implemented the following key software applications; ERP with the following modules [ Fleet management systems, financial module] Pastel Labour Enumeration Information system( Master File) 2
Scanning Software Library management system SPSS software Online Data capture and Dissemination system Data Processing software, Icade Server Operating system Email Messaging software E- commerce Portal ARCGIS 10.1 Operations systems IPPD Payroll software Adobe C6 software In addition, some systems are interfaced with the following external parties eg banking system for online payments The above systems have been in operation for the last [6] years. The ICT function is headed by the Director, ICT and has 27 other staff members. The organization desires to engage the services of a Certified Information Systems Auditor to undertake an Information System (IS) review of the above systems covering the following key components: a) A general IT controls review. b) An application controls review covering the input, processing and output controls for the following key applications: ERP, Operations system and Payroll. 2. OBJECTIVES OF THE AUDIT The IT audit is planned to answer the following key questions: a) Are there adequate general IT controls and application controls to mitigate the IT risks facing the organization? b) Are the current systems adequately meeting the users needs? 3
c) Are there areas of improvement that would further enhance the utilization of the existing ICT systems and improve the efficiency of processes? 3. SCOPE OF WORK The scope of work shall entail covering the following aspects. a) General IT controls review IT governance the structure of IT function, roles and responsibilities, segregation of duties and the adequacy of IT policies and procedures, IT strategy and planning. Information Systems Security covering both physical and logical access security of the systems. Database Administration. Business continuity management and disaster recovery planning for the Information systems. IT support provided to users. Maintenance of the IT infrastructure. Systems implementation and change management. b) Application controls review This shall cover the input, processing and output controls for the following key applications: ERP. Windows/ Office operations system. IPPD payroll system and all other systems in existence in the Bureau. 4. DELIVERABLES/OUTCOME The IS audit is expected to be completed in not more than one month. The Draft report highlighting findings, exposure/risk, impact and recommendation will be presented to management for review and to obtain their comments. 4
The final report is to be presented to the Board Audit and Risk Management Committee. 5. MANDATORY REQUIREMENTS KNBS will require a suitably and experienced firm to carry out the IT audit. The Constancy Firm will be required to submit on the minimum the following mandatory requirements;- A. Company profile indicating the nature of past IT audits undertaken and a proposal seeking to demonstrate competency and expertise in IT audits. B. Detailed CVs of the team that will undertake the audit with qualification of the proposed team as below:- i) Team Leader Relevant University Master s Degree Relevant professional qualification. Membership to Institute of Internal Auditors will be added advantage Membership to ISSAC & CISA qualified Over 5 years IT audit. Experience in at least two 2 public sector institutions in the last 3 years Not less than 5 years IT audit experience ii) Other Team Members Relevant University Bachelor s Degree Relevant professional qualification Membership to ISSAC & CISA qualified Over 2 years IT audit. Experience in at least two 2 public sector institutions in the last 3 years Not less than 2 years IT audit experience C. Attach at least three (3No.) Reference /recommendation letters / Certified Copies of contracts /Local Service Orders of corporate clients who have undergone similar audit and to provide evidence that the said consultants have undertaken similar exercise in the recent past. Added advantage if the experience is in the public sector. 5
D. The methodologies to be used to successfully undertake the audit. E. A detailed work plan on how the milestones of the Consultancy will be achieved. F. Methods and tools measuring and monitoring effectiveness of the Consultancy. G. Certificate of Registration and /or Incorporation certificate H. Trade license and/or single business permit. I. Valid VAT Certificate/ PIN Certificate. J. Valid Tax Compliance Certificate K. Attach copies of audited Financial statements for the last 3 years i.e. 2012, 2013 and 2014 L. Declaration stating that you have NOT been debarred by Public Procurement Oversight Authority (PPOA). M. Properly filled, signed and stamped Confidential Business Questionnaire. NB: - Tenderer s who meet the above mandatory requirements shall be invited to participate in the Request for Proposal Document RFP. 6. Reporting Systems Whoever is identified will work closely with Internal Audit unit for coordination. 6. Criteria for technical evaluation This will be based on the technical proposal submitted in accordance to the forms provided and the following criteria shall be used; 7. Costs The costs will be payable in Kenya Shillings. Complete EOI documents submitted in two copies ORIGINAL and COPY and placed in plain sealed envelopes clearly marked the tender reference and name should be addressed to: - 6
The Director General Kenya National Bureau of Statistics P.O Box 30266-00100 NAIROBI The EOI document should be deposited in the Tender Box situated at Herufi House, 1st Floor and to be received on or before 9 th February, 2016 at 10:30 a.m. Bulky E O I documents which will not fit in the tender box shall be delivered and received in the Senior Manager, Procurement office, 2 nd Floor Herufi House. EOI documents will be opened immediately thereafter in the presence of the bidders representatives who choose to attend the opening at the KNBS Board room located on 1 st floor Herufi House. Canvassing will lead to automatic disqualification. SENIOR MANAGER, PROCUREMENT FOR: DIRECTOR GENERAL 7