Internal Audit Consulting Services

The Vendor is required to provide internal audit consulting services may include assurance and advisory engagements intended to strengthen citizens’ governance, risk management, and internal control environment.
- Requirement:
1. Governance, risk and compliance 
•    An assessment of the organization’s governance structures, enterprise risk management (ERM) framework, risk taxonomy, appetite and limits, key risk indicators (KRI) library, heat maps, risk and control self-assessments (RCSAS), issue governance, regulatory risk management practices, and compliance programs to ensure effective oversight, risk informed decision-making, and alignment with regulatory and strategic objectives. 
2. Internal controls and assurance 
•    An evaluation and advisory service focused on the design, implementation, and operating effectiveness of internal controls in alignment with established leading frameworks and practices. 
3. Finance, investments and financial integrity 
•    Assessment of financial operations, investment activities, actuarial practices, and related controls to ensure accuracy, safeguarding of assets, regulatory compliance, and alignment with organizational objectives. 
4. Operational effectiveness and process improvement 
•    A systematic, future-focused evaluation of operational processes to assess efficiency, effectiveness, scalability, and risk exposure across core business and support functions. 
•    This includes, but is not limited to, property and casualty insurance operations (including underwriting, claims, and product development), human resources functions, procurement, and vendor management processes. 
5. Data analytics and continuous assurance 
•    The development and application of advanced data analytics to identify risks, data mining, regression analyses, anomalies, trends, and performance insights that support audit planning, operational improvement, and continuous risk monitoring. 
6. Forensic, fraud and misconduct investigations 
•    Specialized examinations of enterprise and individual data to detect, investigate, and document potential fraud, misconduct, or irregularities, including support for legal or regulatory proceedings to protect against financial claims. 
7. Cyber risk, information security and technology assurance 
•    An assessment of cyber risks, information security controls, and technology governance to ensure the confidentiality, integrity, and availability of systems and data. 
•    This includes artificial intelligence (AI) system governance and controls, model risk management, security of models and data, access controls, and change management, third-party risk, as well as system development and deployment controls. 
8. Privacy and data governance 
•    An evaluation of data governance structures, privacy controls, and data lifecycle management practices to ensure regulatory compliance, ethical data use, and protection of sensitive information. 
•    Including, but not limited to, data mapping, retention, data subject request (DSR) processes, and de-identification checks. 
9. Quality assurance and audit methodology 
•    An independent evaluation of internal audit methodologies, practices, and performance, based on the IIA GIAS, to ensure conformance with professional standards, consistency, and continuous improvement. 
•    Includes external quality assessments, file reviews, and audit coaching.