Specifications include, but are not limited to: (a) Compliance: The Respondent selected as Internal Auditor for the Agenc y must perform internal auditing services that comply with the Texas Finance Code, other applicable state law, the requirements of this RFQ and the Texas Internal Auditing Act. The Texas Internal Auditing Act requires that an internal audit program conform with: (1) The Standards for the Professional Practice of Internal Auditing; (2) Generally Accepted Government Auditing Standards; and (3) The Code of Ethics contained in the Professional Practices Framework as promulgated by the Institute of Internal Auditors. (b) Internal Auditor Services and Scope of Procedures: The Respondent selected as Internal Auditor shall perform internal auditing services for the Commission and the Agency, to include the following: (1) Prepare the 2022 risk assessment of the Agency to ensure reviews of all major systems and controls as specified in the Texas Internal Auditing Act, including: i. Identification of risk factors, inclusive of cybersecurity/IT risks, affecting the Agency’s major systems and controls; and ii. Establishment of methodology for assigning risk factors and weights to develop an audit plan that includes a prioritized audit work schedule. (2) Complete the annual risk assessment and develop the proposed annual audit plan for the Agency, based on the risk assessment prepared, and ident ify and recommend priorities for individual audits to be conducted during the year. (3) Present the proposed annual audit plan for the Agency, based on the risk assessment prepared, to the Commission or its Audit Committee at its regularly scheduled meeting in March. The audit plan must contain estimated ranges of hours for recommended audits. The Contractor’s schedule and priorities for providing services will be as agreed upon with the Agenc y after the risk assessment. (4) Complete all audits as specified in the audit plan and document findings. (5) Prepare audit reports of the Agenc y that conform to the requirements of the Texas Internal Auditing Act to be presented to the Commission or its Audit Committee for approval. All audits are required to be completed and presented to the Commission annually unless expressly requested otherwise by the Agency. (6) Prepare an annual audit report of the Agency as required by the Texas Internal Auditing Act. These requirements include: i. A copy of the annual audit plan; ii. A list of audits completed; iii. An explanation of any deviation from the approved annual audit plan; iv. A narrative description of the most significant findings and recommendations for each audit, including a description of material weaknesses found in the internal control system; v. A description of the management actions taken in response to the audit findings and recommendations; vi. A listing of the audit recommendations from the previous fiscal year's report and an explanation of the status of each recommendation; vii. Distribution of all audits and other required reports to applicable state agencies as required by statute; viii. A statement of the last date on which an external peer review of the Respondent’s internal audit program was conducted; ix. A statement that the audit was made in accordance with generally accepted governmental auditing standards; and x. A statement as to whether any pertinent information has been omitted because it is deemed privileged or confidential by law, and why. (7) Perform additional audits, outside the scope of the approved audit plan for the Agenc y, as directed by the Commission or its Audit Committee. Compensation for these additional audits will be paid at an agreed upon additional hourly fee as set forth in Respondent’s proposal or BAFO. (c) Coordination with the State Auditor’s Office: The Respondent selected as Internal Auditor shall perform internal auditing services for the Commission and the Agency in coordination with the risk reviews, audit plans and audit activities conducted by, or for, the State Auditor’s Office.
