Audit Risk and Compliance Management Software Solution

The vendor is required to provide audit, risk, and compliance management software solution with accompanying implementation services.
- Enterprise risk management (ERM), compliance, and internal audit functions to provide a more comprehensive and integrated view of risks facing the university.
- Solution must:
•    Centralize and integrate enterprise and it risk management, internal audit, and compliance activities into a single, unified platform.
•    Improve efficiency and reduce manual effort in risk assessments, audit planning, fieldwork, evidence collection, and reporting.
•    Enhance real-time visibility into risk profiles, audit progress, and compliance status through intuitive dashboards and reporting accessible by all necessary stakeholders.
•    Support strengthening internal controls and help ensure adherence to state and federal regulatory requirements.
•    Foster collaboration and communication among risk, audit, and compliance teams, as well as with other stakeholders.
•    Automate key workflows to reduce administrative burden and allow teams to focus on strategic initiatives.
•    Support data-driven decision-making by providing comprehensive analytics and insights into risk and control effectiveness.
•    Enhance visibility and reporting for stakeholders at all levels.
•    Maximize user adoption through an intuitive, out-of-the-box experience.
•    Support flexible, cross-functional planning and tracking methodologies
- Technical requirements:
•    Application must be compliant with security frameworks such as iso 27001 or soc2, and must complete a HECVAT at time of award
•    No on-premises hardware and software required
•    Off-the-shelf dashboards with filterable views
•    Comprehensive audit trail for user activity and change tracking
•    Role-based permissions and update workflows without login requirements
•    Integration with identity governance, access management, and single sign-on systems to support role-based access controls, user management, and workflow assignments
•    Secure data handling for sensitive compliance artifacts
•    Metric tracking and visual performance dashboards
•    Secure backup and recovery capabilities in case of human error, technology failure, or malicious attack
- Audit management requirements:
•    Auditable entities inventory management
•    Audit universe risk assessment and audit plan development
•    Audit scheduling and time tracking
•    Findings management and reporting
•    Audit project management dashboarding and KPI tracking
- Enterprise risk management requirements:
•    Risk inventory management and risk register
•    Risk assessment with flexible scoring metrics
•    Risk assessment surveying
•    Mitigation plan collection
•    Dashboarding and reporting
- Partner to provide bundled implementation services that include:
•    A personalized onboarding process with a dedicated customer success manager (CSM) and strategy consultant (SC)
•    A defined five-phase implementation methodology:
o    Kickoff and planning
o    Plan structuring and optimization
o    Training and capacity building
o    Launch and activation
o    Go-live and progress monitoring
•    Implementation should be able to be completed within 4–6 weeks.

- Contract Period/Term: 5 years
- Questions/Inquires Deadline: September 19, 2025