IT Audit and Assessment Services

The Vendor is required to provide independent IT audit services designed to assess the effectiveness of IT-related controls, security practices, and governance processes. 
- Audits should be conducted in accordance with generally accepted auditing standards and recognized IT control frameworks, as appropriate.
- Provide IT audit services is structured to include both annual review areas and rotational review areas, with flexibility to adjust based on risk considerations and organizational priorities.
- The environment supports financial operations, document management, identity and access management, network and security infrastructure, and secure remote access for staff.
- Annual IT Audit Areas
•    Review of prior year audit findings and remediation status; and
•    Network security management and operations.
- Rotational IT Audit Areas
•    Business Continuity Plan / Disaster Recovery Plan;
•    Vendor management;
•    Electronic document management;
•    IT department management (typically on a two-year cycle);
•    Electronic banking general controls;
•    Internally developed software applications; and
•    Websites.

- Contract Period/Term: 1 year
- Questions/Inquires Deadline: January 30, 2026