Docstoc

Rfq Templates Audit

Document Sample
Rfq Templates Audit Powered By Docstoc
					        REQUEST FOR QUOTATION (RFQ)
                   DATE AVAILABLE FOR DISTRIBUTION: February 5, 2009
Per Department of Administrative Services, General Services Division’s direction, the Ohio Office
of Budget and Management (OBM) Office of Internal Audit (OIA) is issuing this Request for Quote
(RFQ) to solicit proposals for procuring audit management software.




           PROPOSAL DUE DATE AND TIME: February 26, 2009 @ 11 a.m. EST




SEND PROPOSALS TO:
Office of Budget and Management
30 East Broad Street, 35th Floor
Columbus, Ohio 43215
ATTENTION: Rajeshwer Subramanian




INQUIRY PERIOD BEGINS:        February 6, 2009 @ 8 a.m. EST
INQUIRY PERIOD ENDS:          February 24, 2009 @ 5 p.m. EST




                                        Page 1 of 15                             2/5/2009
                OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                    Request for Quotation


                                  REQUEST FOR QUOTATION

                                 OBM Fiscal Year 2008-09
                          Audit Management Software Procurement
                                             February 5, 2009
1. Introduction
This Ohio Office of Budget and Management (“OBM”) Office of Internal Audit (“OIA”) Request for Quotation is
designed to solicit proposals from vendors for audit management software that includes functionality in the
following areas:
     • Client/Project Initial Set-Up and Access Management
     • Risk Assessment, Governance & Compliance (GRC)
     • Project / Work Flow Management
     • Assessment, Audits, Monitoring
     • Process Flow
     • Audit Reporting
     • Client and 3rd Party Connectivity
     • Portfolio Management and Communication
     • Survey and Assessment Technology

OBM is asking interested vendors to submit proposals to sell audit management software that meets the needs of
OBM as outlined in this RFQ. OBM intends to purchase the required products and services from a vendor with a
valid Information Technology State Term Schedule (STS) If the vendor selected from this RFQ process does not
have an Information Technology State Term Schedule to leverage for completing the project, that vendor must work
with the Department of Administrative Services to establish a State Term Schedule for the project described in this
RFQ. Detailed information on how to establish an STS can be found at the following URL:

https://procure.ohio.gov/proc/ContractsSTS3.asp

Vendors that do not have an STS must agree to establish an STS for information technology products and services or
risk having their proposal rejected.

If an STS cannot be established with the selected vendor in a reasonable timeframe, OBM may elect to work with
the next highest ranked vendor or cancel the RFQ.


2. OBM Office of Internal Audit Background

The OBM Office of Internal Audit is created to conduct internal audits within state agencies by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls,
and governance processes. The mission of the OIA is to provide independent, objective assurance and consulting
services designed to add value by providing quality auditing services that result in reduced costs, gains in
operational efficiencies, strengthened internal controls, and improved practices and policies.

The purpose of the OIA is to assist state agency management and the Audit Committee in the effective discharge of
their responsibilities by furnishing them with analyses, appraisals, recommendations, counsel, and information
concerning the activities reviewed, and by promoting effective control at a reasonable cost. The scope of work of
OIA is to determine whether the state agency network of risk management, control, and governance processes, as
designed and represented by management, is adequate and functioning. Opportunities for improving management
control and state agency image may be identified during audits. They will be communicated to the appropriate level
of management and/or audit committee.
                                                 Page 2 of 15                                     2/5/2009
                OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                    Request for Quotation



A total of 21 state agencies fall under the purview of OIA:
              Bureau of Workers’ Compensation
              Department of Administrative Services
              Department of Aging
              Department of Agriculture
              Department of Alcohol and Drug Addiction Services
              Department of Commerce
              Department of Development
              Department of Health
              Department of Insurance
              Department of Job and Family Services
              Department of Mental Health
              Department of Mental Retardation and Developmental Disabilities
              Department of Natural Resources
              Department of Public Safety
              Department of Rehabilitation and Correction
              Department of Taxation
              Department of Transportation
              Department of Veterans Services
              Department of Youth Services
              Environmental Protection Agency
              Office of Budget and Management


3. OIA Organization and Structure
The Chief Audit Executive, who serves under the OBM Director, is responsible for the administration of the OIA.
The Chief Audit Executive reports to the State Audit Committee on such matters as the annual internal audit plan
and must also submit a report on all audit findings and recommendations on the completion of an audit. The State
Audit Committee ensures that the internal audits conducted by the OIA conform to the Institutes of Internal
Auditors’ international standards for the professional practice of internal auditing and to the Institutes’ code of
ethics.




                                                Page 3 of 15                                     2/5/2009
                OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                    Request for Quotation


4. Product Requirements
Product requirements are divided into three main categories:
    • Functional requirements (Section 5)
    • Vendor requirements          (Section 6)
    • Technical requirements (Section 7)

Each of the main categories is divided into sub-categories as detailed in the next few sections. Requirements are
grouped as mandatory or optional.

For functional requirements, vendors should list the name of the product and the name of the specific feature within
the product that satisfies the requirement mentioned. If satisfying the requirement entails product customization or
configuration, this should be specifically mentioned. This RFQ assumes that the vendor already has a product or a
suite of products that, with appropriate customizations or configurations, will meet the requirements mentioned.
Quotations from vendors that propose the building of a new product from the ground up, will not be considered.

5. Functional Requirements
   5.1. Client/Project Initial Set-Up and Access Management
    It is mandatory that proposed software be capable of and have the ability to perform the following:
                  Set-up of access rights for an individual user/group of users with the same role.
                  Ability to tag workpapers and supporting files at various levels of sensitivity/confidentiality.
                  Ability to quickly export all work papers and supporting files that meet certain parameters such as
                  “all non-sensitive for 2008”. The objective is to simplify public records request responses.

    The software should optionally be capable of and able to demonstrate the ability to:
                 Set-up software for a new engagement with a client.
                 Changing of access rights for an existing user.
                 Transfer of responsibilities and task from one existing user to another.
                 Deletion of access rights of a user or group of users to both the system and specified
                 files/databases.
                 Create a client from an existing template.

    5.2. Risk Assessment
    Risk Assessment includes Risk Analysis / Management, and Risk-based Assessment.
         5.2.1. Modeling
         It is mandatory that proposed software be capable of and have the ability to perform the following:
                  Creation and use of heat maps or other visual techniques to track relative risk levels, trends over
                  time, etc.
                  Generation of customized reports based on risk assessment data and results.

         The software should optionally be capable of and able to demonstrate the ability for:
                 Storage and retrieval of heat maps.
                 Definition and measurement (e.g. quantification on user-defined scales) of an individual business
                 or control risk, and documentation and archiving in the system.
                 Linkage of individual risks to client agency, business processes, risk controls, etc.
                 Use of surveys (either imported or system-created) to collect data for use in assessing risks.

         5.2.2. Assessment
         It is mandatory that proposed software be capable of and have the ability to perform the following:
                  Creation and use of heat maps or other visual tools to analyze the relative significance and
                  likelihood of multiple identified risks.

         The software should optionally be capable of and able to demonstrate the ability for:


                                                Page 4 of 15                                       2/5/2009
          OBM Fiscal Year 2008-09 Audit Management Software Procurement
                              Request for Quotation


            Storage and retrieval/use of common risk definitions and measures in the performance of an
            entity-level risk assessment.
            Linkage of risks to related definitions, controls, measures, etc. elsewhere in the database or
            system.
            Aggregation and/or comparison of risk indicators or quantified risk measurement data from different
            client company business units, geographic locations, etc., for one or more individual risks.

   5.2.3. Response / Remediation
   It is mandatory that proposed software be capable of and have the ability to perform the following:
            Creation or use of monitoring tools and techniques to establish accountability and monitor
            progress in remediating any reported/recorded control gaps or deficiencies.

   The software should optionally be capable of and able to demonstrate the ability for:
           Storage and retrieval of standardized risk control process and procedure descriptions in the
           database/system.
           Creation and storage of client-specific risk control descriptions/documentation in the
           database/system.
           Linkage of risk control descriptions/documentation to risk and process information stored
           elsewhere in the database/system (1:1 and 1:many).
           Creation of an action plan to remedy any observed control gaps or deficiencies.
           Creation or use of monitoring tools and techniques to establish accountability and monitor
           progress in remediating any reported/recorded control gaps or deficiencies.

5.3. Project / Work Flow Management
   Project / Work Flow Management includes Resource Planning / Availability, Time Reporting and Billing,
   Audit Management, and Communication.

   It is mandatory that proposed software be capable of and have the ability to perform the following:
            Creation/ Storage/ Retrieval as it pertains to:
                 Time and expense budgeting capabilities.
                 Time and expense reporting capabilities.
                 Billing.
            Monitoring of status of tasks by person and/or work team.
            Creation of reports from various project management information within the system by phase, by
            person, by location, by client, etc.

   The software should optionally be capable of and able to demonstrate the following:
           Creation/ Storage/ Retrieval as it pertains to:
                Audit plans
                Schedules/timelines.
                Project team role and authority matrixes.
                Resource and capacity planning and reporting capabilities.
                Project open/action items.
           Assignment of tasks through the system as it pertains to:
                Assignment to multiple personnel simultaneously, with acceptance by all the parties before
                continuing.
                Escalation of tasks based on elapsed time.
                Alerts to process owners when deadlines are not being met.
                Indicator that a user is out of the office, with automatic workflow rerouting.
           Management of process for reviewing completed work (QA/QC).
           Internal communication/messaging with/among team members (all, or based on assigned roles).
           External communication of status etc. with persons outside the system (i.e. who do not have
           assigned roles in or access to the system, via e-mail) and integration or interfacing with messaging
           providers.

                                         Page 5 of 15                                      2/5/2009
            OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                Request for Quotation


             Scheduling/communicating of events (e.g. meetings) - interface with calendaring
             systems/applications.
             Creation of reports from various project management information within the system by phase, by
             person, by location, etc. as it pertains to:
                  Detail task completion status by project, by person, by client, by team/unit, etc.
                  Open issues status.
                  Budget status.
                  Milestone status.

5.4. Assessment, Audits, Monitoring
Assessment, Audits, Monitoring includes Internal Control Evaluation, Automated Work Papers, and a
Document Repository.

It is mandatory that proposed software be capable of and have the ability to perform the following:
              Creation and storage of documentation of audit or other project procedures performed, both “free-
              form” and using standardized templates.

The software should optionally be capable of and able to demonstrate the following:
             Ability to create, modify and/or import a project plan/audit program from the system or external
             source.
             Ability to access and import client information via the internet, for use in performing various
             control tests and other procedures.
             Aggregation of results of multiple audit procedures performed.
                  Aggregation of results from same procedure performed in different client locations or units
                  Aggregation of results with specified outcomes (e.g. exceptions only)
             Creation and storage of recommendations for changes in client processes, risk control procedures,
             etc.
             Maintenance and use of a library of standardized recommendations.
             Monitoring the status of control recommendations to client, and related action plans.

5.5. Process Flow
The software should optionally be capable of and able to demonstrate the following:
             Creation of business process flows.
             Storage of common business process models in the system and importation of them into a specific
             client database.
             Importation of business process models from external sources (e.g. client source, a website, etc.)
             into the system.
             Customization of common business process models within a client database to fit industry and
             client circumstances.
             Storage of business process maps/flow charts in a specific client database.
             Linkage of individual risks to business processes (1:1 and 1:many).


5.6. Audit Reporting
It is mandatory that proposed software be capable of and have the ability to perform the following:
              Generation of custom and standard reports.

The software should optionally be capable of and able to demonstrate the following:
             Ability to generate reports of consistent issues.
                 Systemic Issues
                 Metrics
                 Trending
                 Themes

                                           Page 6 of 15                                      2/5/2009
               OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                   Request for Quotation


                Hierarchical reporting capability that customizes the nature and extent of information in the report
                based on the stakeholder groups.

   5.7. Client and 3rd Party Connectivity
   It is mandatory that proposed software be capable of and have the ability to perform the following:
                 Access/entry into the system via the internet by authorized users other than OIA (e.g. our client
                 interface).

   The software should optionally be capable of and able to demonstrate the following:
                Differentiated access based on different authorities and roles.
                Linkage to other internet-based resources.
                Linkage to and interaction with other sites, such as SharePoint.

   5.8. Portfolio Management and Communication
   It is mandatory that proposed software be capable of and have the ability to perform the following:
                 Creation and use of customized "dashboards" that monitor various engagement and project status
                 elements, preferably in a way that highlights exception conditions (both user-specific and role-
                 specific).
                 Ability to "drill down" from dashboards or similar high-level portfolio views and tools to directly
                 access detail documents and data underlying the dashboard information.

   The software should optionally be capable of and able to demonstrate the following:
                Retrieval and manipulation/analysis of various information that is generated by/stored in the
                Project Management (i.e. 4. above) functionality of the system. The objective is to be able to
                easily manage and monitor multiple projects within one client relationship as well as
                engagements/projects for multiple clients.
                Creation/storage/retrieval of a standardized client profile and other engagement management
                documents or tools (e.g. engagement letters/contracts, client expectations agreements,
                responsibility matrixes, etc.).
                Integration with one or more independent document management products.

   5.9. Survey and Assessment Technology
   The software should optionally be capable of and able to demonstrate the following:
                Technology to send surveys to auditees, obtains comments, and summarizes results.
                Capture of control effectiveness assessment and any evaluated control gaps or deficiencies
                observed.
                Necessary functionality to facilitate Control Self-Assessment.

6. Vendor Requirements
   6.1. Company Size / Characteristics
       6.1.1. Overview
       As part of the Quote, the vendor must disclose the following:
                Number of years that the company has been in the market for Audit Management software
                Resume of past projects
       6.1.2. Customers
       As part of the Quote, the vendor must disclose the following:
                Any US State/Federal Government customers who have used the products proposed
                Limitations on the number of users, databases or clients for each of the products proposed
                Frequency of release of product updates
   6.2. Scope of Work: Implementation, Training and Support Services
         The scope of work for this RFQ includes the following services: implementation (project
         management, analysis and design, configuration and any necessary customization, testing and
         deployment); training and support, which includes maintenance. The vendor must provide a work
                                             Page 7 of 15                                       2/5/2009
                OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                    Request for Quotation


          plan and schedule that addresses the scope of work as described below. The work plan must
          include the required tasks, deliverables and milestones for the project.
        6.2.1. Implementation Services (as defined above)
        As part of the Quote, the vendor must disclose the following:
                 Description of implementation services provided
                 Description of the extent to which the product can be customized to user specifications for the user
                 interface and functionality of the product. The impact of customization on the ability to upgrade
                 (and the ease of doing so)
        6.2.2. Support Services
        As part of the Quote, the vendor must disclose the following:
                 Support options available to customers and their associated pricing models
                 Describe support coverage, support mechanism (phone, email, website etc.) and average response
                 times of support incidents
        6.2.3. Training
              OBM will provide hardware, configure operating system and other infrastructure software,
              and provide facility for training. Vendor needs to provide personnel to install and configure
              their software in all training lab PCs. Training should include end user training, train-the-
              trainer training, and systems administrator training.
        As part of the Quote, the vendor must disclose the following:
                 Describe skills and training needed by system administrators to maintain the system on the
                 customer side
                 Detail training documentation and system documentation that will be provided as part of the
                 training

7. Technology Requirements
   7.1. Basic Platform
    As part of the Quote, it is mandatory that the Vendor disclose the following:
                  What is the minimum hardware and OS configuration for:
                      Server?
                      User PC/work station?
    Please note that OBM currently supports applications in Windows 2003 servers and uses Windows XP for the
desktop operating system. Vendors’ products are required to run either in Windows 2003 or AIX servers.

    As part of the Quote, it is suggested that the Vendor disclose the following:
                  Describe the basic technology platform and architecture on which your product is built.
                  Are there any basic limitations (e.g. only runs using SQL)?

    7.2. Compatibility and Connectivity
    As part of the Quote, it is suggested that the Vendor disclose the following:
                  What Internet browsers will allow ready access to your system?
                  Can the system/databases be accessed anytime, from anywhere?
                  What response times can be delivered via the Internet? Base your response on standard VPN
                  connectivity.
                  Does the system support working with databases offline/disconnected?
                  Are any of the system features (e.g. work flow) usable with PDA technology and devices?

    7.3. Security and Access Control
    As part of the Quote, it is mandatory that the Vendor disclose the following:
                  Can access rights be defined at the file and/or document level within a database?
                  Are unauthorized access attempts logged and reported?
                  Is the product compatible/proven to work with "single sign-on" technologies?

    As part of the Quote, it is suggested that the Vendor disclose the following:

                                                Page 8 of 15                                     2/5/2009
            OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                Request for Quotation


             Describe the process for defining and allowing user access to new system users (including who
             controls, ability to define specific roles and differential access rights, lead time required,
             notifications, etc.).
             Can access rights be changed or reassigned easily and quickly (e.g. in the event of changes in
             engagement team staffing or assignments, client personnel changes)?
             If your product/solution involves a service you host, describe the system and database security
             measures that you employ (e.g. backup provisions etc.). This is for informational purposes only.
             OBM is not interested in procuring this software using a hosted solution model.
             If you have a SAS 70 review performed, please supply a copy of the most recent report.
             Describe the methods for ensuring the security, confidentiality and integrity of individual client
             engagement databases.

7.4. Work Flow Management
As part of the Quote, it is mandatory that the Vendor disclose the following:
              What capability does the system support to define different user profiles, e.g. authors, reviewers,
              approvers?
              Can access and activity rights be controlled within the system based on profiles?
              Describe the use of automatic notifications (e.g. via e-mail) to alert users to task and document
              status, their need to perform certain tasks in the work flow (e.g. review), etc. Also, is there any
              prioritization of notifications?

7.5. Document and File Management
As part of the Quote, it is mandatory that the Vendor disclose the following:
              Describe how the system's document management functionality interfaces with work flow
              functionality to track a document through Create, Edit, Review, Submit for Approval, Approve,
              and Final "modes".
              Does/can the system maintain previous or superseded versions of documents?
              Can documents be viewed by more than one user at a time?
              Describe the system search capabilities and ability to find documents easily.

As part of the Quote, it is suggested that the Vendor disclose the following:
              Describe the system's ability to handle large file sizes (e.g. 20 MB+) and any technical or practical
              limitations on file sizes and system performance.
              List all file formats the system will accommodate.
              Describe the ability to import files from a local repository (e.g. project team member's or client's
              PC/hard drive).
              Describe the ability to export files to a local repository.
              Can multiple files be imported and/or exported easily (i.e. as a group, rather than having to be
              handled individually)?
              Is the product/database capable of robust, full text searches against unstructured data?

7.6. Technical Support and System Reliability
As part of the Quote, it is mandatory that the Vendor disclose the following:
              Do you allow escrowing of product source code for the benefit and protection of customers?
              If escrowing is not allowed, what protection do you offer customers to ensure continued access to
              the product?

As part of the Quote, it is suggested that the Vendor disclose the following:
              Describe the process for resolving technical issues or problems a user may encounter.
              What is the relative role and responsibility for technical support between vendor and customer?
              When/if the system is "down" or inaccessible, what is the average duration? The longest time
              experienced?


                                            Page 9 of 15                                       2/5/2009
                OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                    Request for Quotation


                  What is the typical support cycle for upgrades (e.g. support X versions, support for Y months after
                  release of new version)? What options, if any, exist to obtain support for "off maintenance"
                  versions?

8. Response Guidelines
A complete response must include, but is not limited to, the following:

         1.   Cover Letter.
         2.   Vendor References.
         3.   Product Proposal.
         4.   Cost Summary.

Additional details on elements of the response are provided below.

THE STATE WILL NOT BE LIABLE FOR ANY COSTS INCURRED BY ANY VENDOR IN
RESPONDING TO THIS RFQ. THE STATE RESERVES THE RIGHT TO ACCEPT A QUOTATION IN
FULL OR IN PART BASED UPON THE QUOTATION AND COSTS PROPOSED. IF THE STATE
DECIDES NOT TO SELECT A VENDOR, IT RETAINS THE RIGHT TO CANCEL THIS RFQ AND
PROCURE THE WORK THROUGH SOME OTHER PROCESS OR BY ISSUING ANOTHER RFQ.
NO VENDOR SUBMITTING A QUOTE OR INFORMATION BASED UPON THIS RFQ HAS A
PROPERTY INTEREST OR AUTOMATIC RIGHTS TO SELECTION, REGARDLESS OF PAST
CONTRACTUAL/PROJECT HISTORY WITH THE STATE.

    8.1. Cover Letter

    The cover letter must be in the form of a standard business letter and must be signed by an individual authorized
    to legally bind the vendor. The cover letter will provide an executive summary of the solution the vendor plans
    to provide. The letter must also have the following:
    a. A statement regarding the vendor legal structure (e.g., an Ohio corporation), Federal tax identification
         number, and principal place of business.
    b. The name, address, phone number and fax number of a contact person who has authority to answer
         questions regarding the proposal.
    c. If a vendor has a valid State Term Schedule (STS for information technology product and services), the
         STS number, including inception date and expiration date must be included. If the vendor has a valid STS,
         the vendor should indicate whther all of the proposed products are currently on their STS or whether an
         amendment will be necessary to add products or services to their STS.
    d. If a vendor does not have a current STS, provide a statement that the vendor is willing to work with the
         Department of Administrative Services to establish an STS if selected through this RFQ process.
    e. A statement that the vendor has reviewed and agree to the standard terms and conditions for a STS; the
         State Term Schedule terms and conditions can been viewed at:
         https://procure.ohio.gov/proc/ContractsSTS3.asp
    f. A statement that the vendor is not now, and will not become subject to an “unresolved” finding for
         recovery under Revised Code Section 9.24, prior to the award of a contract arising out of this RFQ, without
         notifying OBM of such finding.
    g. URL address (if public and available).

    8.2. Vendor References

    The vendor must include at least three (3) and up to five (5) project references where the vendor has
    implemented the product(s) proposed. These references must include the name of the organization, project
    details, and a contact including; name, phone number and email address.

    Each reference must be willing to discuss the vendor’s performance as it pertains to application design and
    development.
                                               Page 10 of 15                                     2/5/2009
            OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                Request for Quotation



8.3. Product and Services Proposal

The product and services proposal should include a clearly organized reply to the requirements mentioned in
Sections 4, 5, 6, and 7 of this RFQ. If the vendor is proposing more than one product to satisfy the requirements
mentioned in this RFQ, the proposal should clearly mention which of the requirements are satisfied by a
particular product. Excluding the hardware and operating environment software to be provided by the State, the
vendor’s proposed pricing must include pricing for all products and services necessary to meet implement a
fully functional system. OBM expects that the implementation will be completed within 2 months of
purchasing the software. Product training is expected to be completed within 4 months of implementing the
software.

8.4. Cost Summary

Vendor must provide its cost on company letterhead as described in Attachment 1. Vendor must provide the
total cost estimate for completing the scope of work and deliverables described in the RFQ. Costs must include
the following components:
     • Cost of product licensing,
     • Cost of annual product maintenance through December 31, 2010.
     • Cost of implementing solution to meet the needs identified.

Cost for implementation and training services should be specified as a flat rate inclusive of all charges,
including travel and accommodation.

If the vendor has a STS then the vendor must propose costs that does not exceed the pricing in the STS. For
vendors that agree to establish a STS, costs proposed in response to this RFQ must not exceed the established
STS pricing. Whether an STS is currently in place or will be established post selection, costs cannot exceed the
STS pricing.




                                           Page 11 of 15                                       2/5/2009
                OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                    Request for Quotation



9. Evaluation of Responses
Responses to this RFQ will be evaluated by the State using the general process below:


          Vendor   Evaluate response
         Proposals   completeness




                                              Evaluate
                    Vendors                 responses &
                 with Complete              assign initial
                    Reponse                    scores



                                                                    Vendor
                                         Vendors                 Demonstrations
                                       shortlisted for             and Score
                                       demonstration               Validation



                                                                                  Verify Customer
                                                               Vendors                                  Vendor
                                                                                  References and
                                                             shortlisted for                           Selection
                                                                                  finalize scoring
                                                               Customer
                                                              Reference


OBM will perform an initial evaluation to short list few vendors. These vendors will be asked to provide a
demonstration of their product capabilities based on specific requirements outlined in this RFQ.

The State may not evaluate and/or may reject a response for any of the following reasons:
         • the response is not submitted by the deadline
         • the response is not complete
         • the response does not address any of the mandatory requirements mentioned
         • the response does not address all of the requirements
         • the State believes it is not in its interest to consider or accept the response.

In addition, the State may reject any and all responses and seek to do the work through another competitive process
or by other means.




                                                 Page 12 of 15                                       2/5/2009
              OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                  Request for Quotation


Vendor Grading Criteria
         NO.                                      CRITERIA                             WEIGHT

                                  Functional Criteria (60%)
          1             Client / Project Initial Set-up and Access Management              5%
          2             Risk Assessment - Modeling                                         4%
          3             Risk Assessment - Assessment                                       4%
          4             Risk Assessment - Response / Remediation                           4%
          5             Project / Work Flow Management                                    10%
          6             Assessments, Audits, Monitoring                                   10%
          7             Process Flow                                                       3%
          8             Audit Reporting                                                   12%
          9             Client & 3rd Party Connectivity                                    5%
         10             Portfolio Management & Communication                               2%
         11             Survey Technology                                                  1%
                                                         Total (Functional Criteria)      60%
                                  Vendor Criteria (20%)
         12             Vendor - Overview                                                  5%
         13             Vendor - Customers                                                 1%
         14             Implementation Services                                            5%
         15             Support Services                                                   2%
         16             Training Services                                                  2%
                                                             Total (Vendor Criteria)      15%
                                Technology Criteria (20%)
         17             Basic Platform                                                     1%
         18             Compatibility & Connectivity                                       5%
         19             Security & Access Control                                          5%
         20             Work Flow Management                                               5%
         21             Document & File Management                                         5%
         22             Technical Support & System Reliability                             4%
                                                        Total (Technology Criteria)       25%
                                                                        Grand Total      100%




                                      Page 13 of 15                                    2/5/2009
                OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                    Request for Quotation



10. Payment
Payment to the vendor will be made as per the following timelines:
   • The cost of the software and the initial maintenance cost will be paid to the vendor upon delivery of the
       software, delivery of all documentation related to the software, submission of invoice, and duly signed note
       of receipt and acceptance of the software.
   • The implementation cost will be paid after successful implementation of the software, and submission of
       invoice. “Successful implementation” is defined as a solution that is implemented within two months, that
       pass user acceptance testing, and performs satisfactorily for a 30 day period after product installation and
       configuration.
   • Fifty percent of the costs for training will be paid after completing 3 training sessions, and submission of
       invoice.
   • The remaining 50% will be paid after successful completion of 2 training sessions, delivery of all training
       documentation, and submission of invoice.

11. Questions or Clarifications
Vendors may make inquiries regarding this RFQ anytime during the inquiry period listed below. All inquires
regarding this RFQ must be submitted to the email address below by 5 p.m. EST on February 24, 2009. Inquiry
responses will be posted on the following web address:

http://obm.ohio.gov/SectionPages/Internalaudit/RFQ_AMSP/Default.aspx

The vendor that sent the inquiry will also be informed once the website is updated. All updates will be completed
within two business days but not later than the 5 p.m. EST on February 25, 2009.

Contact Email for Questions or Clarifications: Raj.Subramanian@obm.state.oh.us

The State does not consider questions asked during the inquiry period through the inquiry process as
exceptions to the terms and conditions of this RFQ.

12. Submissions
The vendor must submit six (6) paper copies of their response clearly marked “OBM Fiscal Year 2008-09
Audit Management Software Procurement” to the address below by 11 a.m. EST on February 26, 2009. Included
in the sealed package, the vendor must also submit one (1) electronic copy of the proposal on CD-ROM in
Microsoft Word, Microsoft Excel, or PDF format as appropriate. In the event there is a discrepancy between the
hard copy and the electronic copy, the hard copy will be the official proposal.

All proposals and other material submitted will become the property of the State and may be returned only at the
State's option.

Ohio Revised Code (ORC) Section 9.24 prohibits the State from awarding a contract to any
vendor(s) against whom the Auditor of State has issued a finding for recovery if the
finding for recovery is “unresolved” at the time of award. By submitting a proposal, the
vendor warrants that it is not now, and will not become subject to an “unresolved” finding
for recovery under ORC 9.24, prior to the award of a contract arising out of this RFQ,
without notifying DAS of such finding.

Submissions should be delivered to:
      Rajeshwer Subramanian
      Office of Budget and Management
      30 East Broad Street, 35th Floor
      Columbus, Ohio 43215

                                              Page 14 of 15                                     2/5/2009
                 OBM Fiscal Year 2008-09 Audit Management Software Procurement
                                     Request for Quotation


                                                  Attachment 1
                                                  Cost Summary
    Vendor must provide its Cost on company letterhead. Vendor must provide the total cost estimate for
    completing the scope of work and deliverables described in the RFQ. Costs must include the
    following components:
         • Cost of product licensing,
         • Cost of product maintenance till December 31, 2010.
         • Cost of implementing solution to meet the needs identified.
         • Cost of providing training to OIA and state agency staff.

    Cost for implementation and training services should be specified as a flat rate inclusive of all
    charges, including travel and accommodation.

    If the vendor has a STS then the vendor must propose costs that are consistent with the pricing in the
    STS. For vendors that agree to establish a STS, costs proposed in response to this RFQ must align
    with the established STS pricing. Whether an STS is currently in place or will be established post
    selection, costs cannot exceed the STS pricing.


                            Deliverable                                   Total Cost per Deliverable

Product licensing cost (75 full access licenses). Licenses should
include unlimited access to the features in the product(s) that are
utilized by auditees (e.g. for viewing recommendations,
responding to findings, viewing audit reports, responding to
survey, control self assessment etc.)

75 full access licenses x ______ = _______

Product maintenance cost (starting with the date of purchase until
December 31, 2010)
Maintenance cost (2011) = _______
Maintenance cost (2012) = _______
Maintenance cost (2013) = _______
Do not mention the maintenance costs for 2011, 2012, and 2013
on the right side of this table. Only maintenance through
December 31, 2010 should be included in the total cost equation.


Implementation Cost (includes both product installation, design
sessions to configure/customize product to OIA requirements)


Training Cost (training for 75 users; 5 training sessions; 2 days
for each session)

4 training session x _______ each = ______total


           TOTAL NOT TO EXCEED FIXED COST




                                                Page 15 of 15                             2/5/2009

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:130
posted:7/26/2011
language:English
pages:15
Description: Rfq Templates Audit document sample