Specifications include, but are not limited to: A. Enterprise Risk Assessment o Assess my529’s Risk Universe: map out inherent risks to my529 and assign priorities or degrees of risk. Provide a gap analysis of my529’s current Risk Assessment, Strategy, processes, and list recommendations in order of priority. • Include recommendations on integrating Internal Audit functions into risk planning. B. External and Internal Security and Fraud Assessment o Identify strengths and vulnerabilities for: systems and processes relative to customer accounts including: new account fraud, online registration fraud, account takeover, payment fraud and benefit disbursement integrity, account takeover by an employee, false beneficiaries, and payment diversion. C. Technology and Technology Integration Assessment o Review the organization’s use of technology solutions specific to detecting, analyzing, and mitigating fraud and cybersecurity threats. o Provide guidance and best practice recommendations for better aligning solutions, retiring obsolete technology, or implementing additional security layers. D. Network penetration and social engineering testing o Review and assess previous penetration and social engineering testing and remediation. o Conduct an in-depth network penetration and social engineering test. o Assess current strategies and processes and provide recommendations for addressing vulnerabilities.