You are here: Home Tenders Request For Quotations Internal Audit Assignment At Soul City - Service Required: Information Technology General Controls Review

Request For Quotations Internal Audit Assignment At Soul City - Service Required: Information Technology General Controls Review

The Soul City Institute (SCI) hereby invites suitably qualified, experienced and accredited service providers to submit quotations for Internal Audit Services: Information Technology General Controls.

Background

As per the approved Internal Audit plan, Internal Audit has been instructed to conduct an Information Technology General Controls Review. SCI hereby seeks to appoint a service provider that will review SCI’s Information Technology General Controls.

Scope Of The Service Required

SCI requires a service provider to undertake the following:

  • A review of existing IT policies to ensure they conform to best practice for organisations of Soul City’s size and relevant legislation.
  • A review of SCI’s Information Technology General Controls. A written report should be provided which explains the deficiencies identified and recommends suitable remedies to address the deficiencies.
  • The scope of the assignment includes the review of the adequacy and effectiveness of controls in the following sub-processes:
    • IT Governance – A review of existing IT policies to ensure they conform to best practice for organisations of Soul City’s size and relevant legislation. Review of contractual agreements with service providers and the Monitoring of Network and Telecommunications.
    • Security Management – Review of firewall, exception reporting and password configurations.
    • User Access Control – Review of user account creation, password setting, user logins and evidence thereof.
    • IT Service Continuity – Review of Disaster recovery plans, backup procedure as well as the testing thereof.
    • Program Change Management – Review of changes / updates to the financial accounting systems classified changes as well as the design, monitoring and testing thereof. To further establish that adequate and appropriate segregation of duties exists.
    • Incident and problem management – Review of processes relating to Incident / Problem categorisation, logging, escalation, approval, recording and monitoring thereof.
    • Facilities and environmental controls – Review of physical access and environmental controls including safeguarding of equipment and software licenses.

Download


Estimated Timing - end February 2018

© 2016 Soul City Institute for Social Justice
CMS website by Juizi