REQUEST FOR PROPOSAL Internal Audit Services RFP NO: RFP/SASSETA/17181002 1. Request SAFETY AND SECURITY SECTOR EDUCATION AND TRAINING AUTHORITY ( SASSETA ) is seeking to appoint suitable and qualified independent Internal Audit Service Provider that: Possesses the required knowledge relating to the entity s financial reporting and the applicable financial reporting framework, Possesses the necessary skills to perform work related to the entity s financial statements, audit of predetermined objectives and compliance with legislation. Possesses adequate technical training and proficiency in auditing Is suitably qualified, reputable and a member of the relevant professional body and/ bodies that oblige them to comply with the relevant professional standards including continuing professional development requirements. Is adequately and appropriately resourced, relative to the size of this entity and the nature of its operations. for a period until 31 March 2020. 2. Background on SAFETY AND SECURITY SETA Safety and Security Sector Education and Training Authority (SASSETA) is an education and training authority established as a juristic person in terms Section 9 of Skills Development Act, 1998 (Act No. 97 of 1998 as amended). On 12 February 2015 the Director-General: Department of Higher Education and Training, Mr Gwebinkundla Fellix Qonde placed SASSETA under administration, as published in Government Gazette Notice No.38469, thereby suspending all members of the accounting authority and the constitution of the SETA. 1
3. Scope of work The scope of Internal Audit work shall entail evaluating the adequacy and effectiveness of the organisation s systems and processes of internal controls and risk management. This shall include : Review and report on the adequacy and effectiveness Internal Control system. Use SASSETA's existing risk registers as a starting point, and enhance the institution's risk management through continuous risk identification (including identification of emerging risks) during the course of the Internal Audit Plan execution. Assess risk areas of the entity s operations to be covered in the scope of external auditors. Compile a well-documented Internal Audit (rolling) Plan and 1st year plan which will be in line with the results of the risk assessment, previous audit reports ( internal and external), and the organisation's operational and strategic risk registers; Assess the progress of Management Audit Action plans (internal and external) to ensure that they are implemented and met within agreed timelines; Review and report on the adequacy, reliability and accuracy of the financial information provided by management and the means used to identify, measure, classify and report such information; Carry out Ad-Hoc audits as requested by Executive Management and the relevant governance structures Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information; Review the systems established by management to ensure compliance with those policies, plans, procedures, laws and regulations that could have a significant impact on operations, and determine whether the organisation is in compliance with its regulatory universe. Reviewing operations or programmes related to the core mandate of the SASSETA to ascertain whether results are consistent with established objectives and goals and whether the operations or programmes are being carried out as planned, in line with the prior year reports on the audit of predetermined objectives. Review the planning, design, development, implementation and operation of major computer-based systems to determine whether: adequate controls are incorporated in systems, infrastructure, network and applications; IT Security ( including cyber security) is adequate, sufficient and commensurate with protecting sensitive, critical and important data and information; thorough systems testing is performed at appropriate stages; Assess the effectiveness of ICT governance within the organisation; system documentation is complete and accurate; and the needs of users are met Prepare internal audit governance and compliance documents as prescribed in Treasury Regulations paragraph 3.2.7 on a timely basis to be reviewed by Audit and Risk Committee. 2
Enhance the Combined Assurance Model through robust participation with the external auditor, which must occur at least twice a year, Actively reducing audit fatigue and enhancing external auditor reliance on the work of Internal Audit Conducting of Audit Assignments Compliance with standards Assignments are to be performed in accordance with the Service Provider s Internal Audit procedures in compliance with the standards set by the Institute of Internal Auditors. Quality assurance reviews of the work The successful Internal Audit Service Provider shall ensure that all work conforms to the Standards for the Professional Practice of Internal Auditing (as per the Institute of Internal Auditors). Such work shall further be subject to an external quality assurance as may be considered necessary and appropriate by the organisation s Audit and Risk Committee. Independence and objectivity of the auditing staff members In carrying out the work, the Internal Audit Service Provider must ensure that its staff members maintain their objectivity by remaining independent of the activities they audit. Fraud and irregularities In planning and conducting its work, the Service Provider should seek to identify serious defects in the organisation s internal controls and systems which might result in possible malpractices. Any such defects must be reported immediately to the appointed Project Manager, the CEO and the Audit and Risk Committee without disclosing these to any other members of staff. This applies to instances where serious fraud and irregularity is uncovered. 4. Mandatory compliance documents 4.1. Service Providers must submit the following documentation when preparing their bid documentation: (In Soft Copies (CD) and Original Hardcopy) Company profile, including an organisational status and relevant policies and procedures that supports the objectivity of the Internal Auditors Certificate of Registration Company's proof of membership with the relevant professional audit institutions. Valid and Original Tax Clearance Certificate at the time of bid closing ( bidders must ensure that their tax status is compliant at all times on the CSD as failure to do so will result in an automatic disqualification) Valid and Certified B-BBEE certificate/sworn Affidavit (Not Compulsory only used for claiming B-BBEE Points) 3
SBD 1 Invitation to Bid SBD 3.1 Pricing Schedule SBD 4 Declaration of Interest SBD 6.1 Preference Claim Form SBD 8 Declaration of bidder s past supply chain management practices SBD 9 Certificate of independent bid determination NB: Please note that the above requirements are mandatory and MUST accompany the proposal. CSD Report information as at 31 days after date of closing of bid will take precedence over submitted information ( i.e. a CSD report will be generated by SASSETA on the date of evaluation). A 3-day turn-around period will be granted to resolve tax noncompliance issues identified prior to awarding of the contract. Non-compliance identified after this period will lead to disqualification. Non-compliance with the above mandatory submissions will lead to a disqualification. Proposals must be properly indexed. 5. Conditions for selection/short listing The proposals will be evaluated as follows: Phase 1 Mandatory Document Submission (Compliance) and Functionality Evaluation. Phase 2 Price Evaluation. 5.1 Evaluation Criteria (Phase One) Compliance: Phase 1 Compliance by the organization with regulatory requirements It will be ascertained whether all standard bidding documents have been included, properly completed and signed off as indicated above. n/a Note: Non-compliance with the Administrative Requirements will render your bid non-responsive and will result in disqualification. Functionality (Phase 1) Audit Capacity The qualifications and competence of the personnel proposed to provide the service (key personnel proposed to provide the service, including the relationship team management escalation levels and related professional affiliations) must be documented to indicate the bidder's capacity to deliver on the expected outcomes. The team profile must be accompanied by documented experience of individual team members (Attach CV s and certified copies of qualifications/affiliations). 4
Score 0 points = No Qualifications indicated. 10 points = Qualifications and experience sufficient (Certified copies of Bachelor's Degrees with no Honours and 0 to 5 years audit experience, and professional affiliation with the relevant bodies) points = Qualifications and experience more than sufficient (Certified copies of Bachelor's Degrees with Honours and more than 5 years audit experience, and professional affiliation) Technical Proposal A proposed plan of action specific to SASSETA to achieve the objectives of the outsourced internal audit function must be submitted. Score 0 points = No Project Plan proposed 10 points = Project Plan proposed however no clear deliverables or understanding of the Safety and Security Sector, the SETA landscape and SASSETA's mandate indicated. points = Detailed Project Plan and an indication of understanding of the Safety and Security Sector, the SETA landscape and SASSETA's mandate. Audit Planning A proposed plan of action to achieve the objectives of the outsourced internal audit function must be included. The plan should cover short, medium and long term objectives. Score 0 points = no audit plan proposed 10 points = audit plan proposed, however no clear deliverables on cost analysis, methodology to be implemented, the implementation procedure on deliverables within agreed timeframes and within budget, and a credible methodology to be implemented points = audit plan proposed with clear deliverables on cost analysis, methodology to be implemented, the implementation procedure on deliverables within agreed timeframes and within budget, and a credible methodology to be implemented Audit Experience: Experience of similar work done in the past in the public sector and, more preferably within the SETA fraternity and in specialised audits. Experience in the following disciplines will be considered. Information and Communications Technology environment, and Information Systems audit. Forensic Auditing Regulatory Auditing Internal Controls Change Management 5
Risk Management Review of financial statements. Documented experience must be accompanied by a minimum of three positive reference letters from previous clients and must be relevant to this tender i.e. a proven track record in the disciplines above. Score: (From 5 years and above: points); (Between 4 to 5 years = 20 points); (Between 3 to 4 years = 15 points) (Between 2 to 3 years = 10 points) (From 0 to 2 years = 5 points) Total out of the minimum 75 points to meet the Functionality Criteria 100 5.2. Price Evaluation (Phase Two) 80/20 PREFERENCE POINT SYSTEM WILL BE USED FOR THIS TENDER, i.e. bids will be evaluated 80 points for price and 20 points for BBBEE. PRICE 80 BBBEE 20 TOTAL 100 6. Process of Submission Suppliers must submit their proposals in the following format o o o Mandatory Documents Technical proposal, and Price proposal. Bidders who meet the minimum score for functionality will be required to do a presentation as part of due diligence to support the functionality assessment. 7. Commencement and Duration Service provider to commence within one month of project being awarded. Service Providers are requested to quote for services for a period ending 30 March 2020. This period is subject to annual review of performance. 8. General 8.1 Submissions can be couriered or hand delivered to SASSETA at the following address; Riverview Office Park, Janadel Avenue (off Bekker Road) Halfway Gardens Midrand or posted to PO Box 7612, Halfway House, 1685 6
8.2 The Service Providers are required to submit their proposals on or before 12:00 pm on the 28/07/2017. Any bid document received after closing date and time will not be considered. E-mailed or faxed submissions will not be accepted 8.3 A briefing session will be held at SASSETA premises as indicated above (please refer to the physical address in 8.1) on the 13th July 2017 from 11H00-13H00. 8.4 If you do not hear from us within 6 weeks after closing date, please accept that your proposal was unsuccessful. 9. Disclaimer Kind regards SASSETA reserves the right not to appoint a provider and is also not obliged to provide reasons for the rejection of any proposal. Mr. Musa Mazibuko Supply Chain Officer SASSETA Tel: 011 087 5500 Fax: 011 805 6630 Email: sassetatenders@sasseta.org.za Physical Address: Riverview Office Park, Janadel Avenue (off Bekker Road) Halfway Gardens, Midrand, 1685 Postal Address: P O Box 7612, Halfway House, 1685 7