ENGAGEMENT OF INDEPENDENT FIRM FOR TECHNOLOGY AUDIT AND INDEPENDENT QUALITY ASSURANCE (QA) SERVICES -KUJA BUILD ERP PROJECT 51 views0 applications

Organization

Adeso: African Development Solutions www.adesoafrica.org

Consultancy Title

Engagement of Independent Firm for Technology Audit and Independent Quality Assurance (QA) Services -Kuja Build ERP Project

Reporting to: MD, Kuja

Duration: 3 Months

Starting date: 8th December 2025

Organizational Context

Adeso is a pioneering African social enterprise with global influence. Rooted in Africa for over 30 years, we are working toward a decolonised world where people thrive through their own resourcefulness and tenacity. Adeso is part of global movement to shift power to local leaders who are closest to the problem and, by consequence, closest to the solution. We are working with allies all over the world to reimagine and build a better system that is based on the principles of solidarity, humility, self-determination, and equality. We are committed to this work. Committed to proving it is possible. Ready to partner, ready to overcome barriers, and ready to evolve to create a blueprint for change.

Adeso has successfully launched social enterprises and subsidiaries, such as Ladhan Investment Ltd, Libin Investment Ltd, and Kuja, each with the aim of building the ecosystem needed to confront the legacy of colonialism. These entities all fall under the private sector arm of Adeso, while Adeso’s humanitarian programs and internal operations fall under the non-profit arm of Adeso and are led by Program Leads and Departmental Heads. Through this portfolio of solutions, we work to connect, design, launch, and scale the most promising innovations that will be a catalyst for community-led change. As a recognized leader in the global effort to decolonize the humanitarian and development aid system, Adeso leads coalitions working with civil society leaders, funders, INGOs, and aid agencies that are designed to shift power and resources to those most proximate to the world’s most urgent challenges.

The Proximate Fund is an initiative in Adeso’s global portfolio of projects, providing a new and innovative opportunity for donors who want to support proximate-led organisations and directly contribute to sustainable and scalable efforts identified and led by the communities they serve. As a managed fund, it will fund civil society and social entrepreneurs across Africa, starting in three pilot countries.

Join us as we continue to build a better, more equitable, future for communities across Africa and beyond.

Consultancy Overview

Kuja is a social enterprise under Adeso, developing an enterprise resource planning (ERP) platform—Kuja Build—based on the Odoo open-source framework. The system is designed to serve non-profit organizations, with modules covering finance, procurement, human resources, grants, and program management. As Kuja approaches the system launch phase, Adeso seeks to ensure that Kuja Build meets the highest standards of quality, performance, and security.

Recent internal reviews have indicated that testing activities are behind schedule and primarily ad hoc, and that an independent verification of technical quality, codebase integrity, and documentation completeness is necessary. To address this, Adeso intends to engage a qualified independent firm based in Kenya to conduct a comprehensive technology audit and provide independent QA services during the final pre-launch phase.

Objectives of the Assignment

The objective of this engagement is to:

• Conduct an independent technical, code, and documentation audit of Kuja Build ERP to verify quality, security, and readiness for deployment.
• Provide independent QA testing services, including test planning, execution, and validation of functional, integration, and performance aspects.

Recommend improvements and risk mitigation measures to strengthen Kuja Build’s overall technical and operational readiness prior to launch.

Scope of Work

The selected firm will perform the following key tasks:

A. Technology and Code Audit

1. Code Review and Quality Assessment
   • Evaluate code quality, maintainability, and adherence to Odoo development best practices.
   • Identify technical debt, code duplications, and potential security vulnerabilities.
   • Assess module customization and compliance with Odoo upgrade standards.
2. Architecture and Infrastructure Review
   • Review system architecture, environment setup, and DevOps processes.
   • Assess CI/CD pipeline, version control, and deployment configurations (including AWS hosting).
   • Verify alignment with NIST and AWS Well-Architected Framework best practices.
3. Documentation Review
   • Evaluate completeness and accuracy of technical, user, and system administration documentation.
   • Review existing test documentation (test cases, results, and defect logs).
4. Security and Compliance Validation
   • Conduct high-level security review in line with Kuja’s Cybersecurity Plan.
   • Validate API security controls (authentication, authorization, encryption, rate limiting).
   • Confirm adherence to data protection and privacy standards applicable in Kenya.
5. Performance and Load Assessment
   • Conduct or review performance testing to evaluate scalability and system responsiveness.
   • Identify performance bottlenecks and optimization opportunities.

B. Independent QA Services

1. Test Planning and Strategy
   • Develop or refine a structured QA test plan covering functional, integration, regression, and user acceptance testing.
   • Define test scope, test data, and success criteria in collaboration with Kuja’s internal QA team.
2. Test Execution
   • Execute test cases across key ERP modules (Finance, HR, Grants, Procurement, etc.).
   • Perform regression and integration testing across modules.
   • Conduct performance and load testing using appropriate tools.
3. Defect Management and Reporting
   • Log, track, and retest identified defects.
   • Provide weekly progress and defect summary reports.
   • Support Kuja in implementing root cause analysis and process improvements.
4. Knowledge Transfer
   • Provide structured handover and knowledge transfer to Kuja’s QA team, including reusable test cases, templates, and automation scripts where applicable.

Deliverables

The firm will produce the following deliverables:

Deliverable Description Due Date

Inception Report Detailing methodology, team composition, and detailed workplan. Within 1 week of contract signing

Technical Audit Report Comprehensive findings on code quality, architecture, documentation, and security End of Month 1 (Dec)

QA Test Plan Formal test plan with defined scope, approach, and test cases End of Month 1 (Dec)

Interim QA Report Summary of testing progress, defects, and risks Mid-Month 2 (Jan)

Final Audit and QA Report Consolidated report including findings, recommendations, and executive summary End of Month 2 (Jan)

All reports must include an executive summary suitable for Adeso and Kuja leadership review.

Consultancy Period

The engagement will last for three (3) months from the date of contract signing. The firm must be able to deploy the necessary technical and QA resources immediately upon award.

ESSENTIAL SKILLS AND QUALIFICATIONS

Eligible firms must meet the following minimum criteria:

• Registered and operational in Kenya with a verifiable office presence.
• Proven experience in Odoo development or audit, including at least two projects involving Odoo-based systems.
• Demonstrated capacity in QA testing, automation, and system audits.
• Team with relevant certifications such as OSCP, CEH, ISTQB, or equivalent.
• Experience with AWS-hosted systems and familiarity with NIST Cybersecurity Framework preferred.

EVALUATION AND SELECTION PROCESS

Evaluation will be based on:

Criteria Weight

Technical expertise and relevant experience 40%

Proposed methodology and workplan 30%

Team qualifications and certifications 20%

Financial proposal 10%