Terms of reference for Systems Audit for the NEXUS Platform

1.0 Background

1.1 NEXUS platform

NEXUS is a platform for change in response to the contemporary challenges to Somalia and Somaliland (http://NEXUSom.org/). The main goal of NEXUS platform is to transform the humanitarian, development, and peace ecosystem. The platform, led by eight pioneering Somali NGOs, aspires to advance a locally driven agenda for change by building partnerships between communities, civil society, and the public and private sectors as well as through the implementation of integrated and sustainable interventions across the triple NEXUS of humanitarian, peace, and development.

Founded in 2019, NEXUS is a paradigm-shifting platform that is now comprised of eight core members: Centre for Peace and Democracy (CPD), Gargaar Relief and Development Organization (GREDO), Horn of Africa Voluntary Youth Committee (HAVOYOCCO), KAALO Aid and Development, Save Somali Women and Children (SSWC), Social-Life and Agriculture Development Organization (SADO), Taakulo Somaliland Community (TASCO), and Wajir South Development Association (WASDA). These members possess wide-ranging technical capacities and represent communities across all Federal Member States of Somalia and Somaliland. NEXUS has two international partners who are committed to the localization agenda – Oxfam and Save the Children.

NEXUS embodies the next evolutionary step of the Somali aid system, pioneering a locally led approach to delivering integrated nexus (peacebuilding, humanitarian aid and development) interventions. By breaking the silos of humanitarian aid, development and peacebuilding and by creating much-needed spaces for local organizations to lead the way in seeking, scaling and integrating solutions across these sectors, NEXUS proposes local leadership as more than a means of realizing localization commitments.

NEXUS is strategically investing in the institutions of civil society and government, advancing a new, community-driven framework that creates space for local organizations, partners in government and the private sector to lead the way in identifying, scaling and integrating community owned and driven solutions to humanitarian, development and peacebuilding needs.

1.2 The SDC & Dutch Embassy project

The NEXUS Institutional Development Unit (IDU) is a mechanism for organizational strengthening that leverages the collective experience and expertise of NEXUS partners to enhance the capacity of Somali civil society to deliver responsive, integrated and community-owned interventions. In the actualization of the IDU, NEXUS will pursue an agenda for strengthening the capacity of NEXUS core members through structural and systemic investments in institutional strengthening. Organizational capacity assessments for all eight NEXUS members were finalized in November 2020 and the findings drafted into individual organizational development plans form the basis for IDU investments in NEXUS core members.

Capacity assessments and project audits identified a common gap with the Enterprise Resource Planning (ERP) systems among NEXUS members. The SDC & Dutch embassy project will support the 8 organizations to improve and integrate their finance, procurement and human resource management in accordance with international standards and practices. Strengthened systems are a key component of institutional capacity, improving financial accountability and allowing for stronger quality control checks, increased absorption capacity, high-quality project implementation and timely reporting.

Starting from a review and audit of NEXUS member organizations’ systems, each NEXUS member will be able to invest in the required upgrade as per identified gaps.

2.0 Objective of the Systems Audit

In support of NEXUS local actors, Oxfam is looking to contract a systems audit consultancy firm that undertakes due diligence for NGOs in carrying out the review/audits of the partners’ current ERPs and recommends strengthening plans. The review/audit should inform appropriate next steps as per the identified gaps, which may include an upgrade of current systems or migration to another system. The review should result in 8 systems audit reports, based on which NEXUS members will plan the required upgrade and investments.

Of the 8 NEXUS partners, 5 are based in South Central Somalia and their main offices are Mogadishu (CPD and SSWC), Kismayo (SADO and WASDA) and Baidoa (GREDO), 1 from Puntland, Garowe (KAALO and 2 from Somaliland, Hargeisa (HAVOYOCO and TAAKULO). Oxfam believes that an Information Systems audit is a part of the overall audit process, to ensure control maximization and risk mitigation. It seeks an independent and objective assurance for all the 8 partners to:

a) Carry-out a functional analysis of the current System Solution in place.

b) Examine and evaluate each information technology infrastructure, policies and procedures.

c) Determine whether IT controls in place protect the organization assets and ensure data integrity and operations.

d) Determine if the Software Solution in place is aligned with the organizations overall goals and strategy.

e) Determine System security and Integrity of the System Solution in use.

f) Determine if the System reporting meets the organization & third party requirements.

g) Advise on best practices and policies to eliminate or mitigate the risks identified.

3.0 Scope of the Work

To meet these objectives, the scope of work will cover the following areas.

i. Software Solution Review – To provide assurance whether the financial and operational applications meet the current and future needs of the organization. The auditor must access controls and authorizations, error and exception handling, business process flows within the application, complementary controls and procedures. The Auditor is required to perform gap analysis of the business requirements and current functions.**

ii. Data Integrity Review – To provide assurance that the database design and structure provides the best possible design for the organizational needs and corresponding application and future integration needs, including management of ‘safety/integrity and fraud incidents and complaints’. The purpose is scrutiny of live data to verify adequacy of controls and impact of weaknesses, as noticed from any of the above reviews.

iii. Business Continuity Review – Review existence and maintenance of fault tolerant and redundant hardware, backup procedures and storage, and documented and tested disaster recovery/business continuity plan.

iv. Control Review: Validation of processes controls in the System covering documentation, transaction origination, input and output controls, processing controls, and most importantly, the accuracy of system generated reports.

v. Compliance Review: Assessing if the daily operations activities are consistent with the Organization documented policies and the EU General Data Protection Regulation (GDPR).

vi. Capacity Review: Assess the ability of the staff to carry-out daily tasks using the system. Additionally, assess the staff understanding of the System in place. Check system user manuals in place.

4.0 Approach & Methodology

The audit methodology and the audit techniques to be used are those which accord with generally accepted international auditing standards. Additionally, the consultancy team will be required to conduct Key Informant Interviews with respective partners’ staff as well as review key documents and policies. Further, the Consultant should explain in details how they intend to conduct the process in order to meet the laid out objective.

5.0 Scope and Duration

The exercise will be externally conducted with close coordination by Oxfam staff and the NEXUS Secretariat. Given the nature of this exercise, physical travels will be required by the consulting team. This will involve travels to specific partner locations for interviews, including eg. Mogadishu, Baidoa, Garowe, Kismayo and Hargeisa. Virtual interviews will be explored on a need basis. The Audit process is planned to take place in the month of October.

6.0 Deliverables

All reports shall be confidential and delivered exclusively to the designated persons in Oxfam and NEXUS Secretariat. No information will be revealed under any circumstances to third parties.

The expected deliverables to be prepared and submitted are:

i. Inception Report including approved budget

ii. Eight draft audit reports (one for each NEXUS member) (Not more than 10 pages)

iii. Final audit report, summarising the audit analysis of each NEXUS project partner (not more than 25 pages). The final report shall contain detailed observations on aforementioned areas as well as suggested areas during preliminary meetings with the management. In addition, a detailed roadmap/ recommendations for improvements in risk areas identified are also required.

7.0 Consultant Fees and Operations

The consultancy firm/individuals will be required to provide a reasonable budget based on the scope of this assignment. Oxfam and Partners shall facilitate visa payments, flight costs and transport within Somali/ land if deemed necessary to visit the site locations.

8.0 Minimum Qualifications

· Demonstrable experience in leading and conducting organization’s systems audit and operations. Experience with Not-for-Profit organizations highly preferred.

· Sound understanding of organizations internal systems and operations and integrated approaches and functions

· The team lead should have University Degree in IT, Operations, Business management accounting, finance or related fields or first level degree in combination with a professional certification.

· At least 10 years of practical experience in organizational development, systems and IT

· Expert level experience in finance/accounting

· Expert level experience in NGO processes and reporting

· Diverse multicultural clientele experience

· At least 5 years’ experience in systems implementation for NGOs

· Additional professional certifications on information technology are desirable.

How to apply

Applicants who meet the above requirements should submit their application to SOM-Consultancies@oxfam.org before 18 October2021 in subject line – TOR for Systems Audit for the NEXUS Platform with the following requirements.

· Brief technical proposal and a work plan with succinct rationale on how the consultants/firm meets the requirements above (Max. 6 Pages)

· Indicative budget including daily rates in USD for each team member and any other related costs

· Contact details for two referees for similar type of work

· Confirmation of availability to undertake this work including field visits to Somalia/Somaliland

Shortlisted applicants will be invited for an interview which will include a presentation of the technical proposal.

Related Posts

Leave a Comment

%d bloggers like this: