Description of the MIS Software Applications Audit Assignment

Purpose

The purpose of the Management Information Systems Software applications audit is to provide an independent evaluation of the conformance of the MIS Softwares and their supporting elements to user defined requirements, software industry standards and performance expectations for management of an effective digital finance software system not vulnerable to cybercrime risks.

Specific objectives

1. To test that the system software, hardware, and networks have been installed and set up correctly.
2. To test functional elements and assess whether the system meets all user defined requirements under all anticipated conditions of operation.
3. To conduct penetration tests and vulnerability assessments on networks, web applications and other critical infrastructure.
4. To examine the conformance of the system’s implementation to software industry standards such as testing, change logs, documentation among other things.
5. To examine system hardware, software and network connections for potential failures and security risks.
6. To assess the risk mitigation measures put in place by the system developers.
7. To obtain and document sufficient, reliable, and relevant evidence of the current state of the system through inspection, observation, inquiry, and confirmation.
8. To examine and advise on the Human Resource Skills requirements for the management/maintenance software infrastructure.

Audit Scope:

1. Licencing status of operating systems
2. Vault and server room access.
3. User account management controls
4. Management of business continuity and disaster recovery activities
5. IT Governance and Strategic management issues
6. Information security user training and awareness programs
7. Training and development for IT personnel.
8. Server system and organizational computers protection.
9. Digital Certificate Status.
10. Preventive maintenance activities.
11. Network connectivity mechanism
12. CCTV-surveillance
13. Reliability of power supply

Approach

The general guideline to this assignment is to undertake a step-by-step review of the various aspects of MIS Softwares / core banking applications by giving insight on the test procedures to be carried out to assure the adequacy and effectiveness of technical, system and operational/process controls in and around the applications and business service functions.

Timeline and Deliverables

The timeline for the assignment is expected not to exceed 70 calendar days from the date of signing the contract.  Here below are the key specific deliverables:

1. Audit plan presenting proposed methodologies and approaches to conduct the audit of MIS Software applications of the 18 SACCOs.
2. The 18-draft individual SACCOs MIS Software applications audit reports highlighting findings, and recommendations.
3. Disseminate draft audit reports to respective SACCOs/MFIs Board of Directors, Management in formal validation meeting and INCLUDE staff.
4. The 18-final individual SACCOs MIS software applications audit reports with findings and actionable recommendations.

Qualifications of Consultant

The locally sourced consultant shall be a firm or a team of individual information systems auditors. To be eligible to conduct the MIS Software applications audit, the lead Auditor shall possess:

1. Bachelor Honours degree of Science in Information Technology or Computer Science from a reputable University. Any relevant master’s degree will be added advantage.
2. Certification in Information Systems Audit (CISA). Any additional certifications in IT field will be added advantage.
3. Membership to IT professional associations and demonstrated experience in conducting similar information systems auditing will be added advantage.
4. At least 10 years practical postgraduation work experience and proven track record in undertaking auditing in financial institutions.
5. The proposed audit team must have a strong knowledge of Uganda financial system and in particular Micro Finance Institutions and savings & credit cooperatives.
6. Demonstrated ability to provide timely, quality assured technical reports. (For avoidance of doubt, a sample of at least two (2) past assignments audit reports written by the consultant shall be annexed to the technical proposal.
7. Good communications skills in English.