TERMS OF REFERENCE FOR THE PROVISION OF INTERNAL AUDIT SERVICES-RFP Number: ITPC/IAS/RFP/11/2021 195 views0 applications

1. About ITPC

ITPC is a worldwide network of community activists united by our vision of a longer, healthier, more productive life for people living with HIV and/or AIDS (PLWHA). ITPC’s mission is to enable communities in need to access HIV treatment. ITPC was formed in 2003 at a historic meeting of 125 HIV treatment activists, mostly from the global south, that took place in Cape Town, South Africa.

In 2005, ITPC registered as a company limited by guarantee. It was incorporated in Botswana under the Botswana Companies Act. Until 2018 the Botswana entity has been operating as the Global office.

In 2016, ITPC registered as a not-for-profit organisation incorporated under the Companies Act of South Africa.

ITPC operational budget and expenditure for FY 2019 was around $ 5,3 million and for FY 2020 was $4.3 Million. The 2021 FY Operational expenditure is projected to be $ 6.2 million.

ITPC current main programme areas are around: HIV-advocates for treatment access across the globe through the focus of three strategic priorities:

• Treatment education and demand creation (#TreatPeopleRight)
• Intellectual property and access to medicines (#MakeMedicinesAffordable)
• Community monitoring and accountability (#WatchWhatMatters) 2.Purpose

  The purpose of this request is to appoint a suitable independent Internal Audit Service Provider that can provide and maintain an appropriate Internal Audit Service to ITPC and to the Finance, Audit and Risk Committee (FRAC) of the Board of ITPC. 3.**Role and Objectives of The Internal Audit Service**

The Internal Audit Service should be an independent appraisal function within ITPC, which provides management with a systematic review and evaluation of the operations for determining the economy, efficiency and effectiveness of policies, procedures, practices and the overall system of internal control within the Institute.

The objective of the Internal Audit Service is to add value by assisting the FRAC and Management in effectively discharging their responsibilities, including the promotion of effective internal controls at reasonable cost as well as compliance with the provisions and requirements of a number of different donors.

4.Organisational Status of Internal Audit

The internal auditor will report to the Finance, Audit and Risk Committee (FRAC) functionally and to the Executive Director administratively, and will promote and ensure:

a) the independence of internal audits;

b) broad audit coverage:

c) adequate consideration of audit reports; and

d) the implementation of audit recommendations

5. Scope of The Internal Audit Work

The internal audit must be conducted in accordance with the standards for the Professional Practices of Internal Auditing and the Code of Ethics set by the Institute of Internal Auditors (IIA).

The scope of Internal Audit work shall consist of, but not limited to the following work:

5.1. The evaluation of the adequacy and effectiveness of the organisation’s corporate governance processes, risk management, and internal control systems and the quality of performance in carrying out assigned responsibilities to achieve the organisation’s stated goals and objectives

5.2. Review and update the internal audit charter for approval

5.3. Reviewing the reliability and integrity of financial and operational information and the means used to identify, measure, classify and report such information;

5.4. Reviewing the systems established by management to ensure compliance with applicable ITPC policies, donor regulations, plans, procedures and Acts, and to determine whether the organization is in compliance;

5.5. Reviewing the means of safeguarding assets and verifying the existence thereof;

5.6. Appraising the economy and efficiency with which resources are employed, and identifying and recommend opportunities to improve operating performance;

5.7. Reviewing operations or programmes to ascertain whether results are consistent with established objectives and goals, and whether the operations or programmes are being carried out as planned, i.e. performance audits;

5.8. Reviewing the planning, design, development, implementation and operation of all major computer-based systems of ITPC to determine whether:

5.8.1. Adequate controls are incorporated in systems;

5.8.2. Thorough systems testing is performed at appropriate intervals;

5.8.3. System documentation is complete and accurate; and that

5.8.4. User needs are met.

5.8.5. IT systems are compliant with the new POPI Act on storing personal information

5.9. Reporting to the FRAC in writing on the scope of reviews of corporate governance on any significant findings and meeting the deadlines as agreed to with ITPC FRAC.

6.Scope of Internal Audit Services

The appointed service provider will be required to:

6.1. Compile a three-year risk based rolling internal audit plan for approval by the FRAC.

6.2. Develop a detailed annual plan, to be approved by ITPC every year, indicating scope for each internal audit.

6.3. Discuss audit coverage with management and the FRAC

6.4. Perform internal audits in compliance with the International Professional Practices Framework (IPPF).

6.5. Monitor the clearing and implementation of the external auditor’s audit findings and recommendations.

6.6. Report on the findings to management and secure comments before presenting to the FRAC.

6.7. Attend FRAC meetings when requested, and provide feedback on internal audits completed, the management of risks including a regular overview of the control environment.

6.8. Provide overall annual opinion on the audited control environment for the FRAC.

6.9. Work closely with the external auditors and other assurance providers to ensure synergy of approach, with a view to minimal duplication of effort and to obtain reliance on work performed

6.10. Perform compliance reviews with the:

• Financial, procurement and human resources policies of ITPC
• Donor financial and procurement requirements
• Corporate Governance & Compliance
• Information Technology
• King IV Report, where practicably possible.
• Any other statutory and regulatory requirements.

6.11. Reporting

• Provide management reports with management letter points for each respective area of the business audited in line with the audit plan;
• Based on observations made during the course of the audit(s), provide recommendations in the management letter(s) for the audit findings and any weaknesses in internal controls for improvement or efficiency;
• Provide audit summary memorandums and other progress reports to the FRAC after the completion of each planned audit;
• Submit to the FRAC or the Board of ITPC, reports after the completion of any ad-hoc audits or assignment;
• Report to the FRAC on major issues encountered during any audit or assignment undertaken;
• Report on any issues that have arisen during the course of the audit which could appear to have a material impact, or potential impact, on the business and/or the financial statements for each year under review. 7.**Fees and Payment**

Proposed fee structure based on the following:

• Total annual hours
• Average hourly rate
• Reimbursement costs such as telephone, travel, stationery and printing 8.**Content of The Technical and Financial Proposal**

The proposal should indicate:

8.1. All relevant perceived strengths and weaknesses of the firm bidding for the services e.g. similar previous experience, in-house skills, providing information which will assist ITPC to assess its capabilities, capacity, competitive advantages, etc.

8.2. A proposed plan of action to achieve the objectives of the internal audit function and risk management support to management. Such plan should cover short- and medium-term steps to manage the internal audit function and the risk management effort for ITPC;

8.3. Copies of appointment letters of previous and current internal audit contracts awarded;

8.4. An organogram or list of partners, managers, specialists and assistants together with the curriculum vitae of the staff who will be available for the duration of the contract with ITPC. In addition, the team to be appointed to provide internal audit services to ITPC should:

a) Appoint a team, the core of which should remain constant for the duration of the of the contract

b) Source external expertise if and where necessary, based upon the annual risk assessment, the three-year rolling risk based internal audit plan or any other relevant factor.

c) Any possible staff changes during the course of the audit must be done in consultation with ITPC;

8.5. In so far as possible, provide an overview of the methodology to be applied to the execution of the internal audit function.

8.6. The service provider must supply the following information:

a) Certification of registration (CIPC)

b) Valid original tax clearance certificate/SARS compliance Pin

c) Copies of registration and endorsement from relevant internal audit local and or international boards.

d) Company ownership status

e) Organisational chart for the firm

f) Company Profile

9.Validity of Proposals

The Service Provider is required to confirm that it will hold its proposal valid for 90 days from the closing date of the submission of proposals, during which time it will maintain without change the personnel proposed for the service together with their proposed rates.

10. Appointment, Commencement and Duration

The successful Service Provider will sign a legal agreement with ITPC which will be valid for three years subject to confirmation on an annual basis by the FRAC of ITPC based on an evaluation of the effectiveness as well as the independence and objectivity of the internal auditors.

The successful Service Provider will have unlimited access to all appropriate information of ITPC required to execute the internal audit function within the normal working hours of the organisation.
11.Description and Extent of Work

11.1. Conducting of audit assignments

Assignments are to be performed in accordance with the Service Provider’s internal audit procedures in compliance with the standards set by the IPPF. However, each assignment should consist of the following tasks:

a) Audit preparation (which should include the scoping document audit plan)

b) Preliminary survey

c) Review of internal controls

d) Audit testing

e) Development of findings and recommendations

f) Obtaining management responses; and

g) Reporting

On request from ITPC and the FRAC, all procedural documentation and working papers must be made available within three (5) working days, even after the expiry of the appointment.

11.2. Timing of assignments

The annual internal audit coverage plan shall be presented and agreed to by ITPC management and FRAC at its meeting before the commencement of any work. Furthermore, the final responsibility of approving the scope and extent of the work resides with the FRAC.

11.3. Quality assurance reviews of the work

The internal audit shall ensure that all work conforms to the standards for the Professional Practice of Internal Auditing (Institute of Internal Auditors). Such work shall further be subject to an external quality assurance as may be considered necessary and appropriate by the FRAC.

11.4. Independence and objectivity of audit staff

In carrying out the work, the internal auditor must ensure that their staff maintains their objectivity by remaining independent of the activities they audit,

11.5. Monitoring progress of assignments

The internal auditor shall present a report on the progress of the internal audit work at the scheduled FRAC meetings, and to the Executive Director of ITPC as and when required to do so.

11.6. Report of audit results

The report(s) on findings and recommendations should be sent to the Executive Director of ITPC and departmental heads responsible for implementing those recommendations (auditee) for their consideration and comments. Within ten (10) working days of sending the report(s), the internal auditors shall meet with the auditee to discuss the findings and obtain written responses to the recommendations together with implementation dates. These shall then be incorporated into the final report which must be issued to the Executive Director. Copies of these reports must also be tabled at the FRAC meeting for discussion.

The structure of the report is to be as follows:

1. Introduction
2. Audit objective and scope
3. Background
4. Executive summary
5. Activity, findings, recommendations and management response (including corrective action and implementation dates)
6. Conclusion
7. Practical method of proceeding with recommendations

11.7. Fraud and irregularities

In planning and conducting work, the Service Provider should seek to identify serious defects in the internal controls which might result in possible malpractices. Any such defects must be reported immediately to the Executive Director and the FRAC without disclosing these to any other members of the staff. This applies to instances where serious fraud and irregularity is uncovered.

11.8. Authorised delegate(s)

Nothing stipulated in the task directives may be amended without the written confirmation of the Executive Director of ITPC or any person nominated by him/her.

12.Proposal Evaluation

In broad terms, ITPC will assess proposals on the basis of the technical and financial criteria indicated above, to ascertain value for money, along with any other specific criteria that may be deemed pertinent during the selection process. The success of the bid will be determined by the ability of the firm to competently execute this assignment. The technical and financial components of the written proposal must be submitted in hard copies to the address listed below.

In more specific terms, the following assessment criteria would be used to evaluate proposal.

• Credentials of Management Team
• Audit methodology (including quality assurance)
• Continuing professional experience
• Track record & experience
• Previous experience in NPO sector (with grant funding) of the envisaged audit team
• Previous experience in clients similar to ITPC
• Ability to meet the company requirements
• Price

Service Providers who do not have a fully resourced office in Pretoria or Johannesburg, will not be considered.

ITPC reserves the right not to accept any proposal and/or proposal with the lowest price.