Specifications include, but are not limited to: The Credit Union Department (“CUD,” “the Agency,” or “Department”), seeks to contract with one (1) qualified vendor to perform internal auditing services. Thus, the CUD seeks proposals from qualified accounting firms (“Respondent”) to perform internal auditing services for the Credit Union Commission’s supervision of the CUD; (a) Compliance: The Respondent selected as Internal Auditor for the Agency must perform internal auditing services that comply with the Texas Finance Code, other applicable state law, the requirements of this RFQ and the Texas Internal Auditing Act. The Texas Internal Auditing Act requires that an internal audit program conform with: (1) The Standards for the Professional Practice of Internal Auditing; (2) Generally Accepted Government Auditing Standards; and (3) The Code of Ethics contained in the Professional Practices Framework as promulgated bythe Institute of Internal Auditors. (b) Internal Auditor Services and Scope of Procedures: The Respondent selected as Internal Auditor shall perform internal auditing services for the CUD, to include thefollowing: (1) Prepare the annual risk assessment of the Agency to ensure reviews of all major systems and controls as specified in the Texas Internal Auditing Act, including: i. Identification of risk factors, inclusive of cybersecurity/IT risks, affecting the Agency’s major systems and controls; and ii. Establishment of methodology for assigning risk factors and weights to develop an audit plan that includes a prioritized audit work schedule. (2) Complete the annual risk assessment and develop the proposed annual audit plan for the Agency, based on the risk assessment prepared, and identify and recommend priorities for individual audits to be conducted during the year. (3) Present the proposed annual audit plan for the Agency, based on the risk assessment prepared, to the Commission or its Audit Committee at a scheduled meeting. The audit plan must contain estimated ranges of hours for recommended audits. The Contractor’s schedule and priorities for providing services will be as agreed upon with the Agency after the risk assessment. (4) Complete all audits as specified in the audit plan and document findings. (5) Prepare audit reports of the Agency that conform to the requirements of the Texas Internal Auditing Act to be presented to the Commission or its Audit Committee for approval. All audits are required to be completed and presented to the Commission annually unless expressly requested otherwise by the Agency.
