The Vendor is required to provide for a cloud-based, fully functional, audit management software solution.
- Provide training on the system as well as on-going support and service, including system upgrades, fixes, and enhancements.
- Requires a solution for five (5) core users, with the option for additional licenses, and unlimited stakeholder users.
- Solution must encompass all requirements to automate the audit process, including, but not limited to, electronic work papers, reporting, issue tracking, risk assessment, data analytics, project scheduling, resource management, a documentation library, and unlimited data storage.
- System configuration
• Compatible with Microsoft office products.
• Support for widely used file formats including, but not limited to, pdf, jpeg, etc.
• Support for client operating systems.
• Provide multiple security levels in the application that allows for a separation of duties.
• Identify single sign-on offerings and multi-factor authentication for the application.
• Browser support for Microsoft edge and google chrome preferred. - Security
• Support active directory authentication and/or single sign-on.
• Support multi-factor authentication.
• Role-based access.
• Backup data is encrypted.
• automated backup solutions with flexible recovery options.
• Identify cloud service provider and data storage location, which must be us-based.
- Disclosure of support
• List of support channels.
• Service level agreement.
• Solution upgrade/update/maintenance schedule, including any planned outage windows.
• Escalation process.
• Issue tracking mechanism.
- Risk assessment and audit planning
• Ability to support the annual risk assessment process.
• Ability to create an audit universe and develop an annual audit plan based on risk assessments or other criteria.
• Provide budgeting support for audit plans that will report on deviations from projected to actual project time.
• Create a draft plan of the yearly audit schedule.
- Electronic work papers
• Ability to record the following information associated with each audit project:
1. Process/auditable entity description.
2. Objectives
3. Narratives
4. Risks and mitigating controls.
5. Work program outlining tests to examine effectiveness of controls.
6. Evidence obtained in performing the tests.
7. Results from tests (i.e., finding information).
8. Observations
9. Recommendations
10. Management responses and agreed action plans for issues reported.
11. Review notes and other correspondence.
• Ability to assign specific audit step to individual auditor with tracking and notifications.
• Review and approval workflows for audit documentation.
• Provide cross-referencing between documents and support point-to-point hyperlinks for Microsoft
(“MS”) word, excel, PowerPoint, and adobe pdf files.
• Version control with capability to maintain previous versions of work papers with the ability to revert to earlier iterations.
• Ability to print and/or export completed work papers, review notes, audit programs, and other electronic documentation created within the system.
• Provide flexibility to add, delete and/or modify audit steps in standard audit programs.
• Allow search capabilities within audit findings, projects, and the document library.
• Ability to create severity ratings and assign them to findings.
• Templates for audit work papers that can be customized per engagement, including audit notifications, meeting agendas, information requests, memos, audit reports, etc.
• Ability to write review notes with links to targeted work papers.
• Capability to import and export data to and from spreadsheets, financial systems, and other auditing tools.
• Automated generation of audit reports and customizable dashboards for engagement progress tracking.
•Ability to attach scanned documents and annotate documents (MS word, excel, PowerPoint, and adobe pdf) with standard tick marks/comments from within the application without additional software license requirements.
• Ability to upload, store, and organize various document types (e.g., pdf, word, excel, etc.).
• Integration with audit standards and compliance with the institute of internal auditors’ global internal audit standards. - Data analytics
• Ability to provide a clear picture of compliance; enable auditing team to visualize continuous improvements in approach.
• Ability to support the execution of the audit process through comprehensive documentation and clear recommendations.
• Ability to support sample selection for audit testing.
• Allows risks to be viewed in the context of broader organizational objectives, operations, and priorities.
• Must be designed for auditors with pre-built scripts.
• Built-in data connectors that allow secure linkage with platforms such as sap, oracle and/or concur.
- Audit reporting
• Provide standard reports for common inquires such as audit planning, project tracking, issue tracking, and timesheet reports, with data visualization options.
• Ability to easily customize the standard audit report and other ad-hoc reports.
• Allow for custom reports to be saved in MS word, excel, and/or adobe pdf formats.
• Allow for distribution of reports via email.
- Audit response and issue tracking
• Must provide on-line portal or reporting option that allows management responses to be automatically populated in the system, along with supporting documents or evidence.
• Allow for customer surveys to be generated and feedback recorded.
• Ability to track and report on issues in a variety of ways, including audit project, audit manager, or departmental area.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: May 6, 2025
