Provision of ICT Audit Services for Kenya Human Rights Commission


Terms of Reference

A. Overview
 
The objective of this audit is to review the general ICT infrastructure of KHRC, system security employed, controls and policy decisions required to ensure the protection of all internal information systems and data.
 
The expected output of this audit will be a report that details the dependability of existing systems at the commission, recommends improvements to these systems and provide a basis for the formulation of an ICT policy.
 
B. Audit Scope
 
The scope will entail conducting an assessment of ICT systems as per Section C: Audit Services Required. 

This includes: identification and evaluation of both hardware and software of the commission and recommending/assist in implementing a set of best practices and tools governing the ICT systems within the commission.
 
The Auditor will inform the Commission as soon as possible of any limitations in the scope of work he/she may find prior to or during the audit.
 
C. Audit Services Required
 
The IT Audit shall include, but not be limited, to the following:-
 
I. Operating System (OS) for servers, Databases, network equipment, Security Systems and Storage Area Networks.
 
a. Set up and maintenance of system parameters
 
b. Patch Management
 
c. Change Management Procedures
 
d. Logical Access Controls
 
e. User Management & Security
 
f. OS Hardening
 
g. Performance, Scalability and Availability
 
h. Firewall efficiency
 
II. Review of IT Processes and ICT Management Tools
 
a. I.T Asset Management
 
b. Enterprise Management System
 
c. Change Management
 
d. Incident Management
 
e. Network Management
 
f. Data and Systems Backup Management
 
g. Enterprise Anti-Virus Management
 
h. Vendor & SLA Management
 
i. Disaster recovery
 
j. Hardware Power Backup Management
 
III. Security Management
 
a. Security Equipment Configurations & Policies Penetration testing and Vulnerability Assessment (PT / VA) of various security zones.
 
b. Network & systems audit
 
c. Network architecture review
 
d. Network traffic analysis and base lining
 
e. Virtual LANS (VLANs)
 
IV. Network & systems audit
 
a. Network architecture review
 
b. Network traffic analysis and base lining
 
c. Virtual LANS (VLANs)
 
V. Review the existing policy documents of the commission such as IT Policy, IT Procurement Policy, IS Security Policy etc., and suggest required changes.
 
VI. Review of installed applications and web portals at the commission, with emphasis on security. Though these systems have already been tested by the developers and end-users, an audit is required as a measure to enhance quality and assurance on adequacy, security, appropriate internal checks and controls in the systems. A list of the applications to be audited will be provided to the Auditor prior to engagement.
 
D. Audit Planning & Reporting:
 
The consultants/consulting firms should deliver at the end of the Audit exercise, a complete Audit Report comprising an Executive Summary, Findings and Recommendations which should include, but not limited to, System Vulnerabilities, Security Program Management of Information Technology Resources and Application Life Cycle Controls.
 
The Auditor should in accordance with ISAE 3000, prepare audit documentation and obtain sufficient appropriate audit evidence to support audit findings and to draw reasonable conclusions on which to base the audit report. 

The Auditor should use professional judgment to determine whether audit evidence is sufficient and appropriate.
 
This report should be submitted to the Director, Finance & Administration. 

Any significant deviation from the formally approved work schedule shall be communicated to the director through periodic activity reports.
 
E. Knowledge & Skills requirements
 
The consultant/ consulting firm should have a minimum of 5 years work experience in computer systems audit. 

The key personnel who will be handling this assignment should be graduates in Computer Science, Computer Technology or its equivalent. 

They should also include their resumes in the proposal which will be considered during the initial evaluation process. 

They must also be members of professional bodies such as CISA, CISCO and ISACA. 

The consultant/ consulting firm should have undertaken similar engagements previously and have ready references to corroborate.
 
Curricula Vitae (' CVs')
 
The Auditor will provide the Commission with CV's of the partner or other person in the audit firm who is responsible for the audit and for signing the report together with the CVs of the other audit team members. CVs will include appropriate details on the type of audits carried out by the staff indicating capability and capacity to undertake the audit as well as details on relevant specific experience. 

The Commission will examine the CV's before it signs an order form or other applicable contractual document for this engagement and reserves the right to reject them if they are not considered suitable for the requirements of the engagement.
 
F. Standards and Guidance
 
The Auditor who performs this systems audit is governed by: The IFAC International Framework for Assurance Engagements and International Standard on Assurance Engagements ('ISAE') 3000 for Assurance Engagements other than Audits or Reviews of Historical Financial Information insofar as these can be applied in the specific context of a systems audit intended to provide assurance that risks to the achievement of the objectives of the Project are properly managed and controlled. 

The IFAC Code of Ethics for Professional Accountants (issued by IFAC's International Ethics Standards Board for Accountants (IESBA), which establishes fundamental ethical principles for Auditors with regard to integrity, objectivity, independence, professional competence and due care, confidentiality, professional behaviour and technical standards; though the auditor needn’t be an accountant, adherence to these fundamental ethical principles is paramount during the audit. 

The IFAC International Standards on Quality Control (ISQCs), which establish standards and provide guidance on an Auditor's system of quality control.

G. Deliverables and Timelines
 
The duration of the IT Audit exercise is expected to take around 10 weeks. 

Work will begin January 2013. 

The end of the contract will be determined as the audit progresses.
 
H. Application Procedures
  • If you meet the criteria above submit an application to admin@khrc.or.ke by 4th January 2013 that includes: Your company profile 
  • Resumes of the key personnel to handle this assignment. 
  • 3 Professional referees of whom you have done a similar assignment for. 
Costing based on the work described above
Provision of ICT Audit Services for Kenya Human Rights Commission Provision of ICT Audit Services for Kenya Human Rights Commission Reviewed by Unknown on 6:01:00 AM Rating: 5

JOBS CATEGORY

Tanzania Kenya NGO JOBS Uganda Best Jobs Consultancy Rwanda ICT JOBS Administrative United Nations Sudan Best Jobs Finance Health - Medical Engineering Ethiopia Education Agricultural Lecturer Human Resources Somalia Media Congo - Kinshasa Legal Jobs Bank Jobs Monitoring and Evaluation Mining World Vision Burundi Procurement African Barrick Gold Accountant Zambia Sales and Marketing US EMBASSY East African Community Mozambique Telecoms Research CARE International Save The Children Plan International Arusha Malawi South Sudan Oxfam Scholarships African Development Bank Finance and Administration SafariCom Aviation The Commonwealth American Embassy Sales Zanzibar Environmental Catholic Relief Services Dar es salaam USAID Operations FHI 360 UNDP Security World Bank Economist TradeMark East Africa Unicef Hospitality Managers International Rescue Committee (IRC) Restless Development Accounting Civil Engineers AMREF Morogoro Utumishi AfDB African Development Bank COOPI - Cooperazione Internazionale Driver - Logistics Path International Mwanza African Union Tigo Jobs Marketing Mbeya Teaching Au African Union PSI Population Services International Pwc PricewaterhouseCoopers East African Breweries North Mara Gold Mine ACTED Djibouti Malaria Consortium Bulyanhulu Gold Mine DFID Driver Buzwagi Gold Mine Jhpiego COMESA FINCA JOBS International Jobs Adeso Danish Refugee Council Kilimanjaro Nairobi Coca-Cola Handicap International Pact International Rio Tinto Solidarités International Tender EGPAF Elizabeth Glaser Pediatric AIDS Foundation Logistics Serengeti Breweries Ltd Nation Media Group Africare Norwegian Refugee Council Samaritan's Purse Chemonics International COUNTRY DIRECTOR ICAP of Columbia University InterShips Precision Air RwandAir Marie Stopes International (MSI) Serengeti Breweries Volunteer Climate Change IGAD Tetra Tech ARD Agriculture Jobs Dodoma Iringa One Acre Fund Project Management Clinton Health Access Initiative (CHAI Technoserve Twaweza East Africa ActionAid Lutheran World Federation SADC Secretariat Tanga Vso International ACDI/VOCA Halmashauri Agha Khan Kenya Commercial Bank World Agroforestry Centre Deloitte East Africa International Organization for Migration (IOM) COMESA Secretariat: Software Engineering Safety and Security Shinyanga Jobs Tanzania Breweries Pathfinder International World Health Organization KPMG TANROADS Tanzania Electric Supply Company British Council Futures Group KCB BANK UN-Habitat WFP World Food Programme Barclays GEITA GOLD MINING TANESCO Electrical Engineer Food and Agriculture Organization GOAL Mombasa Tabora WWF World Wide Fund for Nature Microsoft Tanzania Ports Authority East African Development Bank Family Health International (FHI) IBM EAST AFRICA IntraHealth International Mercy Corps SERIKALINI - GOVERNMENT OF TANZANIA AccessBank Community Development Jobs Data Base Management Google Africa ICAP - TZ KEMRI/CDC Program WaterAid Tanzania Auditor SNV International Stanbic Bank Amnesty Horn Relief Kampala Management Systems International (MSI) Standard Chartered Bank VETA Christian Aid DIAMOND TRUST BANK Helen Keller International Help Age Mtwara Uganda Telecom Airtel Africa Equity Bank Internships Marie Stopes TCRA Web Development B B C WORLD SERVICE Human Rights Kigali Makerere University Nile Basin Initiative Kenyatta University Kigoma Mzumbe University NSSF National Social Security Fund Nile Breweries Limited Tulawaka Gold Mine University of Nairobi kenya Airways Bank of Tanzania Graduates MTN Muhimbili National Hospital Nepad Partners in Health Room to Read SUMATRA UNWOMEN African Wildlife foundation (AWF) KEMRI Kagera Librarian MENTOR Initiative Trainee USAILI - INTERVIEW Uiversity of Nairobi WaterAid International icipe Project CAFOD - Catholic Agency for Overseas Development Egerton University EngenderHealth Goal Ireland Kenyan Banks Lake Victoria Basin Commission Peace Corps TANAPA TASAF Tanzania Social Action Fund Zanzibar University ACB AKIBA COMMERCIAL BANK AGRA Alliance for a Green Revolution in Africa Advans Bank Ethiopian Airlines Freedom House IITA International Institute of Tropical Agriculture Legal Moshi NMB BANK Resolute Tanzania Singida Uganda Uganda National Roads Authority University of Dar es salaam University of Dodoma British High Commission ChildFund EWURA FilmAid International NECTA TPDC Tanzania Civil Aviation Authority (TCAA) United States International University World Concern Aga Khan Foundation CBA Commercial Bank of Africa Ecomist Ernst and Young IUCN International Union for Conservation of Nature International Medical Corps Islamic Relief Kakira Sugar Musoma National Institute for Medical Research OPEN UNIVERSITY OF TANZANIA Relief International TAA Tanzania Airports Authority Trócaire Uganda Revenue Authority VODACOM TANZANIA VSF Belgium Architects Hivos IFC International Finance Corporation Ifakara Health Institute Inoorero University International Commercial Bank Kenya Red Cross Society MADEREVA Medical Oil and Gas Pwani University College SOKOINE UNIVERSITY Tumaini University Water Engineering AWF African Wildlife Foundation Acacia Mining Accounts African Virtual University Altima Africa Ardhi University Bank of Uganda Business Development Concultancy Del Monte Kenya Embassies Kenya Airports Authority Lake Victoria South Water Services Board Mara National Bank of Commerce RECORDS MANAGEMENT JOBS RUKWA Ruvuma Search for Common Ground Songea TTCL Tanzania Telecommunications Company Limited Unilever War Child International Zinduka Afrika ACORD AKU ​Aga Khan University Africa Nazarene University Africa Rice Center (AfricaRice) Aga Khan Health Services CRDB BANK Commercial Bank of Africa Daraja Tanzania Engineers Registration Board (ERB) Fina Bank International Potato Center International Potato Center (CIP) Intrahealth Jomo Kenyatta University Kilimanjaro Christian Medical Centre Kyambogo University Lindi Jobs MCL Mwananchi Communications MUHAS-harvad Moi University NBC BANK National University of Rwanda Ngorongoro Conservation Area Authority Njombe Nuru International Nzoia sugar Company RTI International SUA SOKOINE UNIVERSITY OF AGRICULTURE THE LAW SCHOOL OF TANZANIA TRA Tanzania Revenue Authority Tanzania Postal Bank The Foundation For Civil Society Udhamini wa Masomo Western Union AIR TANZANIA Action Against Hunger (ACF) Agricultural Society of Kenya BRALIRWA Bondo University College Caritas Comoros Concern Worldwide Conservation Jobs Consolidated Bank of Kenya DHL Express Ewaso Ngiro South River Basin Development Authority Geologist Gulf African Bank INSTITUTE OF ADULT EDUCATION Jomo Kenyatta University of Agriculture and Technology Kabale University Kabale University (KAB) Kenya Ports Authority KickStart International MORUWASA Morogoro Urban Water and Sanitation Authority MSH Management Sciences for Health Mumias Sugar Company Nairobi Hospital Nkumba University Rural Electrification Agency SOKINE UNIVERSITY SONGWE STAMIGOLD Stores TACAIDS TARURA TCU Tanzania Commission for Universities Tullow Oil World Lung Foundation (WLF) ALAF Limited Aga Khan Development Network (AKDN) Aga Khan Hospital Air Malawi American Refuge Committee BENKI YA POSTA - TPB BANK BTC Belgian Technical Cooperation Bhttp://www.blogger.com/img/blank.gifank of Tanzania Bioversity International CHF International Customer Service Jobs DANGOTE DIT DAR ES SALAAM INSTITUTE OF TECHNOLOGY Danida Dar es Salaam Institute of Technology Daystar University ECOBANK ETDCO Electrical Transmission and Distribution Construction and Maintenance Company European Union IFM INSTITUTE OF FINANCE MANAGEMENT INSURANCE JOBS - BIMA ITECH Internews® Network KUITWA KAZINI Kenya Accreditation Service Kenya Polytechnic University College Kilombero Sugar Company Kisii University College Kisumu Laboratory Jobs MSD MEDICAL STORES DEPARTMENT MSF Switzerland Management Sciences for Health Manyara Maseno University Ministry of State for Planning Muteesa 1 Royal University Médecins Sans Frontières NIDA National Identification Authority Narok University College OSHA Occupational safety and Health Authority Open Society Initiative for Eastern Africa (OSIEA) PA PAC PEPSI POLICE - POLISI Petroleum EngineerS RWANDA HOUSING AUTHORITY Seychelles Songas TBC TANZANIA BROADCASTING CORPORATION TBS TANZANIA BUREAU OF STANDARDS TFDA TANZANIA FOOD AND DRUGS AUTHORITY TIB - Tanzania Investment Bank Tanzania Mortagage Refinance Company Tanzania Teachers’ Union Transmara Sugar Company Tropical Pesticides Research Institute Tumba College of Technology Twiga Cement UNESCO UNOCHA Umma University University WRP Walter Reed Project ZANTEL ao uga
Powered by Blogger.