The vendor is required to provide financial audit shall be conducted in compliance with standard auditing practices to include, but not limited to the following:
• An application control review of county’s core financial accounting system, the oracle fusion, including an assessment of transactional and support applications.
• A separate information technology general controls (ITGC) review of county’s IT system and organization.
• The details of this review should be delineated separately as an optional item.
• The major objectives of this review are:
o Evaluate the controls: evaluate the adequacy of and the county’s compliance with the information technology (it) system general internal controls.
o A separate information technology general controls (ITGC) review of county’s IT system and organization.
o The details of this review should be delineated separately as an optional item. the major objectives of this review are:
o Evaluate the controls: evaluate the adequacy of, and the county’s compliance with, the information technology (it) system general internal controls.
o This includes assessing cybersecurity measures and cloud-based internal controls as part of the overall ITGC framework.
o Obtain an understanding of the control environment: obtain a sufficient understanding of the county’s IT system internal controls—including cybersecurity protocols and controls related to cloud-based systems—to plan related contract audit efforts.
o This requires that the auditor assesses the adequacy of the county's IT policies and procedures, determines whether they have been implemented, and evaluate if they are operating effectively and being appropriately monitored.
o Document the understanding of the IT system general internal controls including cybersecurity and cloud-based controls, in working papers and permanent files.
o Assess control risk: assess the control risk, including risks associated with cybersecurity threats and cloud service environments—as a basis to identify factors relevant to the design of substantive tests.
o Report the understanding and assessment: report on the understanding of the IT system general internal controls, including cybersecurity and cloud-based internal controls, and provide an assessment of control risk and the adequacy of the system to perform as expected.
• Examine year-end financial statements and issue formal opinions as to their fairness, accuracy and comprehensiveness within the framework of the accounting and legal requirements for county and department.
• Render an opinion on the county's report, single audit, department, academy for academic excellence, real estate assessment center (REAC), and department annual financial reports in accordance with promulgated filing requirements.
• Develop separate comprehensive engagement letters that identify the objectives of the audit, the nature and scope of the services to be provided and the related fee arrangements for county, the juvenile board and department.
• Development of separate comprehensive management letters that identify opportunities to increase control and efficiency within the organization and systems of county, academy for academic excellence and department.
• report results of compliance audit per public funds investment act.
• Full audit to verify the propriety of each entity’s financial records and data reported in the report.
• Separate audit reports and management letters for each entity as specified.
• The academy for academic excellence audit must be completed and the report issued no later than January 9.
• The Department and department audit is to be completed, and the report issued not later than February 21.
• The county’s audit and department audit must be issued no later than march 20 of each contract year; the single audit must be completed no later than April 30.
• Weaknesses identified in the application review either due to absence of controls or to non-compliance should be brought to the attention of the business process owner and its management responsible for the support of the application.
- Contract Period/Term: 5 years
- Pre-Qualification Conference Meeting Date: May 28, 2025
- Questions/Inquires Deadline: May 30, 2025