Internal Audit Consulting Services

The Vendor is required to provide to conduct a comprehensive supervisory control and data acquisition (SCADA) governance assessment of its operational technology (OT) environment for water and wastewater services.
- The focus is on evaluating current alignment with industry-recognized frameworks, integrates effectively with agency enterprise governance, and protects critical infrastructure from risks, especially those related to cyber threats, operation continuity, and third-party access, as well as the new risks emerging from increased cloud integration, IoT adoption, and AI-driven automation.
- This will include all phases of an internal audit consulting project from the development of the engagement work program and ending with reporting on the engagement findings on the effectiveness of current SCADA Governance against the industry standards and best practices and recommended SCADA Governance model, in accordance with the global internal audit standards from the institute of internal auditors.
- Identify risks to SCADA governance objectives, assess the effectiveness of controls to manage these risks, and provide recommendations for areas where improvement is needed to address the risks identified.
- An assessment of SCADA security policies, guidelines and compliance with the security program and standard; and the management of security risks
- An assessment of the governance oversight structures and processes for managing SCADA/OT security risks, including how vulnerability assessments, threat risk assessments, and penetration testing are planned, approved, and reviewed
- An assessment of the level of security reporting currently produced and the adequacy of reporting.

- Contract Period/Term: 2 years
- Questions/Inquires Deadline: December 18, 2025