Specifications include, but are not limited to: Contracting with a qualified firm to perform professional consulting services to assist with building an internal audit function at AOC and to assist in the development and execution of an internal audit plan in FY 2020. A. Building of Internal Audit Function 1. The Offeror shall assist AOC in building an internal audit function. Services shall include assistance with selection of an internal auditing director, identification of other needed staff support (number of staff needed and job descriptions), and with hiring of internal audit staff. 2. The Offeror shall provide training to any internal auditors hired by the AOC during the contract term. B. Development and Execution of Internal Audit Plan for FY2020 1. The Offeror shall develop an internal audit work plan in consultation with the Director of Internal Audit to assess the adequacy and effectiveness of the internal control systems at the AOC. The internal audit work plan will be presented to the Audit Oversight Committee for approval. 2. Services provided during the development and execution of the internal audit plan shall include the following: i. Supporting the internal auditing director in the design and preparation of processes, toolkits, and procedures for internal AOC auditing. ii. Supporting the AOC in the design, preparation, and compilation of risk assessments, if required by the internal audit plan, and preparing, coordinating and performing risk assessment reviews of internal controls over operations and compliance. Any assessments must evaluate financial risk as well as business risk (legal, regulatory, strategic, reputation). Risk assessments will be designated by the Audit Oversight Committee. Examples of risk assessments that may be requested by the Audit Oversight Committee include the following: a. Determining whether segregation of duties and internal controls relating to budget and other financial processes including payroll are adequate and effective to provide reasonable assurance that the financial information is accurate and reliable and that the risk of fraud, waste, and abuse is at an acceptably low level. b. Determining whether internal controls over compliance with policies and procedures including grant requirements are adequate and effective to ensure that proper compliance actually occurs. c. Determining whether controls over operations and programs are adequate and effective to provide reasonable assurance that the operations and programs are being carried out as planned and that the results of operations are consistent with goals and objectives.