Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JULY 22, 2012 FBO #3893
MODIFICATION

R -- RFI - FSA FISMA

Notice Date
7/20/2012
 
Notice Type
Modification/Amendment
 
NAICS
541211 — Offices of Certified Public Accountants
 
Contracting Office
Other Defense Agencies, National Geospatial-Intelligence Agency, OCSU - Headquarters Support, Attn: OCSU Mail Stop S84-OCSU, 7500 Geoint Drive, Springfield, Virginia, 22150, United States
 
ZIP Code
22150
 
Solicitation Number
HM0177-12-T-0018
 
Point of Contact
Candace I. Johnson, , Patricia D. Hill,
 
E-Mail Address
Candace.I.Johnson@nga.mil, Patricia.D.Hill@nga.mil
(Candace.I.Johnson@nga.mil, Patricia.D.Hill@nga.mil)
 
Small Business Set-Aside
N/A
 
Description
QUESTIONS & ANSWERS Question 1: Is there an incumbent associated with this effort or if this is a new requirement? If there is an incumbent, can you please provide the contractor name and contract number? Answer 1: This is a new effort and there is no incumbent. Question 2: Does the firm completing the Financial Statement Audit have to be a registered accounting firm in the state of Virginia in which the audit will be performed? Answer 2: Refer to SOW Section 14, Period of Performance and Place of Performance: The Contractor shall perform all work under this contract at NGA-accredited facilities and sites, including: Springfield, VA - All tasks St. Louis, MO - All tasks Other sites as required by the Contracting Officer - All tasks The successful firm will be expected to comply with these states' and other locations' practicing rules to include licensing requirements. Question 3: Can the RFI response be a total of 12 pages in the PDF document? Answer 3: No, the Government's requirement was for the RFI response to not exceed 6 pages (or 3 pages front and back) in the PDF document. However, the Government is willing to extend the page limit to 8 pages (or 4 pages front and back). Question 4: What standards will the FISMA work be performed under? For example, will the FISMA work be performed as an Agreed Upon Procedures engagement? Answer 4: We do not expect the FISMA evaluation to be an agreed upon procedures engagement. Refer to SOW Section 4.2, Task 2: Federal Information Security Act (FISMA) Evaluation, for the standards under which the FISMA evaluation are expected to be performed: The FISMA evaluation shall be conducted in accordance with the Council of the Inspectors General on Integrity and Efficiency (CIGIE) Quality Standards for Inspections and Evaluations issued January 2012, and subsequent revisions, with the general standards of GAO's Government Auditing Standards, and applicable annual instructions from OMB/DHS and the DNI. Question 5 : Will the government be providing an estimated level of effort for the tasks described in the RFI documents? Answer 5: No, the government will not provide the estimated level of effort. As the requirement continues to develop, the Government will ensure that adequate information is available for offerors.   Question 6: Will there be a Small business participation requirement for this contract? Answer 6: At this point, it has not been determined whether this requirement will be a competed on a full and open basis or set aside for small business. In the event that the competition is on a full and open basis, there WILL be a small business participation requirement. Question 7: Will the successful firm work on location at the NGA facility on NGA provided equipment? Answer 7: Yes. Refer to SOW Section 5, Government Furnished Property: The government shall provide the appropriate number of workspaces in the NGA facilities. Workspaces will be furnished with virtual workstations which include access to NGA information system, applications and software necessary to perform the audit. [...]In addition, the government shall provide access to telecommunications (classified and unclassified), photocopy equipment, office furniture, and routine office supplies. Access to conference rooms or offices of adequate size shall be provided, as needed, to conduct interviews, meetings and briefings. Additionally, refer to SOW Section 14, Period of Performance and Place of Performance: The Contractor shall perform all work under this contract at NGA-accredited facilities and sites, including: Springfield, VA - All tasks St. Louis, MO - All tasks Other sites as required by the Contracting Officer - All tasks Question 8: Will the NGA sponsor the Clearances process for contractors assigned to this contract? Answer 8: Yes. NGA will sponsor the clearance process for Contractor personnel assigned to this contract at the expense of the Contractor. NGA will not sponsor in any way facility clearances under this contract. However, clearance sponsorship for personnel does NOT absolve the offeror from the requirements for staff availability at contract award and contract performance. Question 9: What is the estimated implementation date for the NGA Momentum ® environment that is administered and located at NRO? Additionally, what is the planned implementation approach for the NGA Momentum (i.e. parallel, phased, etc). Answer 9: The estimated date of initial operating capability for NGA Momentum® is 1 October 2012. This requirement is currently being finalized and a more definitive response may follow at a later date to be incorporated in the final SOW.   Question 10: Are there other financially significant applications that are relevant to the financial statement audit; and if so, are those applications operated by NGA personnel at NGA facilities? Answer 10: Refer to SOW Section 2.3, Systems and Service Providers: In addition to Momentum®, NGA will continue to utilize various DoD feeder systems as well as the Defense Finance and Accounting Service (DFAS) for processing and reporting of certain transactions. This requirement is currently being finalized and a more definitive response may follow at a later date to be incorporated in the final SOW. Question 11: Is the GCC environment for the other financially significant applications also hosted by NRO? If not - what other organizations will host and administered the GCC environment for the other financially significant applications? Answer 11: Refer to the response for Question 8.b above. Question 12: Will a SOC 1 Type II report be provided by the NRO for the relevant controls related to the NGA Momentum ® environment? Answer 12: This requirement is currently being finalized and a more definitive response may follow at a later date to be incorporated in the final SOW. Question 13: Will the financial statement audit contract require and follow all of the applicable AICPA independence standards for independent financial statement audit engagements? Answer 13: Yes. Refer to SOW Section 4.1, Task 1: Financial Statement Audit: The audit shall be performed in accordance with generally accepted government auditing standards (GAGAS), as specified in the most current version of the Government Accountability Office's (GAO) Government Auditing Standards, and the provisions of OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements, as amended. Paragraph 2.08 of Government Auditing Standards states the following: GAGAS incorporates by reference the American Institute of Certified Public Accountants (AICPA) Statements on Auditing Standards (SAS). Additionally, OMB Bulletin No. 07-04, Paragraph 2.7 states the following: Independent auditor means an auditor who meets the independence standards specified in the U.S. Government Auditing Standards. Question 14: Will a firm that has a current Protégé relationship with the NGA have an inherent conflict of interest, and be unable to bid on this contract? Answer 14: Participation in NGA's Mentor/Protégé Program does not automatically indicate a conflict of interest; however, any existing or future relationships between potential bidders and NGA would have to be assessed on a case-by-case basis and against any NGA requirements as well as the GAGAS and AICPA independence standards. Question 15: Please confirm if an internal and external penetration test over NGA's network is required as part of the Financial Statement audit task. Answer 15: Internal and external penetration testing over NGA's networks shall be beyond the scope of the Financial Statement and FISMA tasks under this anticipated contract. Question 16: Is a comparable certification such as CISA will be acceptable for the Partner and Audit Manger labor category? Answer 16: The Partner and Audit Manager who are responsible for the performance of the Financial Statement Audit task must be active CPAs in good standing. Question 17: What was the level of effort to complete the FISMA evaluation in FY2011? Answer 17: As the FY 2011 FISMA effort was not a contracted service, we do not have comparable data on level of effort. Question 18: If there's a rotation plan, approximately how many systems and sites are reviewed annually as part of the FISMA evaluation? Answer 18: The priority and level of review of systems will be established in the agreed upon evaluation plan at contract award. Question 19: How will NGA address significant changes to either FISMA or the OMB reporting requirements that could require a substantial increase in the level of effort to be provided by the successful firm? Answer 19: The Contracting Officer in conjunction with the Contracting Officer Representative will make a determination as to if the changes are considered to be within the scope of the contract. The normal contracting procedures will be followed for all contract changes. If there is a need for a change, a contract modification shall be issued.   Question 20: Why does the Government require the offeror to possess an active firm CPA license in all 50 states within the United States of America? Answer 20: NGA has sites in over 200 locations and the offeror must be able to perform the duties as listed in the SOW at any given time and any given location. Please see the Government's response to Question 2. --------------------------------------------------------------------------------------------------------------- INTRODUCTION This Request for Information (RFI) lists the National Geospatial - Intelligence Agency's (NGA) requirements for Financial Statement Audit and Federal Information Security Management Act (FISMA) evaluation services with the NGA Office of the Inspector General (OIG). OIG is seeking information concerning industry capabilities and best practices concerning obtaining Financial Statement Audit (FSA) and Federal Information Security Management Act (FISMA) evaluation services. This RFI is being issued solely for information and planning purposes and does not constitute an Invitation for Bids (IFB), a Request for Proposals (RFP), a Request for Quotations (RFQ) or an indication that the Government will contract for any of the items and/or services contained in this notice (FAR 15.201(e)). This RFI does not commit the Government to award a contract. No determination as to the viability of this requirement has been made at this point and there is currently no solicitation for this effort. Any solicitation resulting from this RFI will be announced separately. Based on your response to this RFI, the Government may contact you for follow-up questions and/or a one-on-one session. Not responding to this RFI does not preclude participation in any future RFP or RFQ. If a solicitation is released, it will be synopsized on the Federal Business Opportunities (FedBizOpps) website. It is the responsibility of the potential offerors to monitor these sites for additional information pertaining to this requirement. Based on the information received in response to this RFI, NGA may build a RFP or RFQ. RESPONSE SUBMISSION INSTRUCTIONS AND DUE DATE This RFI shall focus on your company's experiences and capabilities for providing Financial Audit and FISMA evaluation services to federal government entities. NGA is also seeking industry's feedback concerning the acquisition approach and strategy. The draft version of the Statement of Work (SOW) notes the current state of the government's requirement for these services. Please note that this is a draft version and is subject to change with no limit on the extent of the changes. In accordance with FAR 52.215-3 - Requests for Information or Solicitation for Planning Purposes (Oct 1997), the Government will not pay for any information/items submitted in response to this RFI. All data submitted shall be retained as government property and shall not be returned. a. For your responses to be considered, they must be submitted/received by the Due Date-Time, and Method for Submittal specified below without exception. b. Electronically submitted responses shall not exceed 6 double-sided pages and shall be submitted electronically in Portable Document Format (PDF). Only electronic submissions will be accepted. A submission may not be larger than 3MB; if any responsive document is larger than 3 MB, you may send it in more than one submission. The first page of the submission must state the RFI title and provide the name, e-mail address and telephone number for an individual that can be contacted for clarification or questions regarding this submission. The first page should also provide a short description of the company to include capabilities, company size and category (e.g., large, small, small-disadvantaged). Response must contain only UNCLASSIFIED information and be MARKED "UNCLASSIFIED" on each page of the response. No Classified information may be included anywhere in the response. This information will be used by the government program manager to refine the approach for the final RFP or RFQ. c. All responses to the RFI shall be received no later than 31 July 2012 12:00 PM EST. All responses received after the due date will not be considered. The Government is not obligated to review responses to the RFI received after the deadline specified above. d. All RFI responses shall be emailed to Candace.I.Johnson@nga.mil or Patricia.D.Hill@nga.mil by the due date stated. RFI responses will not be accepted by Fax, the Submit Unsolicited link on the IC-Arc homepage or any other means. e. Phone calls pertaining to this RFI WILL NOT BE ACCEPTED f. Responses shall not include proprietary information. Any responses that are marked proprietary will not be considered. g. The Government will entertain questions on a case by case basis. Written requests for clarification may be sent to the Contract Specialist via e-mail at the title of the e-mail must include "RFI# FSA FISMA QUESTION". The content of a question may be included in a notification or answer to all Offerors, and will not divulge the source of the question. All questions and answers will be posted on the FedBizOpps website prior to the closing date of the RFP. All questions need to be submitted to Candace.I.Johnson@nga.mil no later than 23 July 5:00 PM Eastern Daylight Savings Time. REQUIREMENT The information below has been extracted from the SOW and is described in further detail within attachment 1 - Draft Statement of Work (SOW) for the National Geospatial-Intelligence Agency (NGA) Financial Statement Audit (FSA) and Federal Information Security Management Act of 2002(FISMA) Evaluation. This RFI seeks to ascertain an understanding of your company's experience and capabilities performing the requirements listed below: Financial Statement Audit • Perform an independent audit of NGA's stand-alone basic financial statements in accordance with generally accepted government auditing standards (GAGAS) as indicated in the Government Accountability Office's (GAO) Government Auditing Standards and Office of Management and Budget (OMB) Bulletin No. 07-04, Financial Reporting Requirements. Execute audit procedures in accordance with the GAO/ President Council on Integrity and Efficiency (PCIE) Financial Audit Manual (FAM) and other GAO guidance as detailed in the SOW attachment 1. • Financial audit procedures include tests of manual or automated internal controls, tests of details and balances, and tests of compliance with applicable laws and regulations. • Information technology (IT) audit procedures include tests of the IT control environment in accordance with the GAO's Federal Information System Controls Audit Manual. • Prepare and issue audit reports as required by OMB Bulletin No. 07-04. Federal Information Security Management Act (FISMA) Evaluation • Perform an annual independent evaluation of the information security programs in accordance the Federal Information Security Management Act (FISMA) of 2002 and applicable guidance from the following: 1) Director of National Intelligence (DNI), 2) OMB, and 3) Department of Homeland Security (DHS). • Prepare and issue the annual FISMA evaluation report with guidance provided by the DNI, OMB, and DHS. Acquisition Strategy The government anticipates issuing a task order under a GSA schedule for the services being procured. The contract type is projected to be a Firm Fixed Price - Level of Effort contract that is anticipated to start 1 February 2013 for the base year with 4 one-year options. The NAICS Code for this effort is 541211 Offices of Certified Public Accountant. INFORMATION REQUESTED RFI responses shall provide, at a minimum, clearly annotated answers to all of the following questions: Question 1) What agencies are performing similar requirements and explain any best practices being performed? Question 2) Provide examples/experiences in addressing the requirements listed in the above "Requirements" paragraphs particularly for federal government customers similar in size to NGA. Please note if you were the Prime contractor or a subcontractor. Address some or all of the services listed in the Requirements section that your organization has had experience in managing. Question 3) Does your company have previous experience performing Financial Statement Audits and FISMA evaluations? Please describe the level of complexity, the extent of your company's experience and level of involvement in this process. Question 4) Is the staff that your company would propose for this effort currently cleared at the Top Secret level? Please describe your company's ramp up plan to have employees cleared by contract award, if currently not cleared. Question 5) Does your company or any of your subsidiaries offer and perform audit readiness services, Information Technology Services or any other service that would create a conflict of interest in performing the services listed in the draft SOW? Please note that if you or your subsidiaries are the prime or a subcontractor of the prime performing any of the services listed above at NGA, you will be unable to participate in this competition. Question 6) Does your company possess an active firm CPA license in all 50 states within the United States of America? If not, will your company or teaming partners possess this credential by contract award? Question 7) Please provide any feedback you have concerning the acquisition. You should provide a response to this acquisition strategy detailing what you see as the strengths and weaknesses of this approach. (i.e., type of contract, lessons learned, etc.). Question 8) What is your business type and size (i.e. Woman Owned Small Business, Veteran Owned etc.) under the current NAICS Code? This code must be registered in the Central Contractor Registration (CCR)/Online Representation and Certifications Application (ORCA). Question 9) Do you have a GSA Schedule contract that encompasses the work described in this RFI? If so, provide the name of the contractor, the GSA Schedule Number and the current contract's period of performance. Question 10) Are you aware of clause FAR Part 52.219-14, Limitation of Subcontracting? (Note: On a small business set-aside, at least 50 percent of the cost of contract performance incurred for personnel would have to be incurred for employees of the small business prime contractor.) Question 11) Would you be best positioned to compete and perform as a prime or subcontractor in an effort as described above? Would you bid on this effort if an RFP was issued? a. If you answer yes as a subcontractor, please answer the following: If there was a piece carved-out for small businesses or an opportunity to be a designated small business prime instead of a subcontract, would you be interested in designed Prime opportunity? Question 12) Can you perform all the required work? If no, then what portions of the work can be set-aside for small businesses? Question 13) The anticipated NAICS Code for this effort is 541211 Offices of Certified Public Accountant. Is there another suggested NAICS Code? If yes, please provide. Question 14) Would you propose on this requirement? If yes, would your company participate in a pre-solicitation conference that will take place in the Chantilly, VA area? Question 15) The Government will create a bidders list and will post this list onto the www.fedbizopps.gov website. If you are interested in being on the list, please provide your company's name and point of contact (POC) information, to include email and phone number, to be posted onto this site: www.fedbizopps.gov.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/ac12dcec1857c682214825fa3cdafde9)
 
Place of Performance
Address: 7500 GEOINT Dr., Springfield, Virginia, 22150, United States
Zip Code: 22150
 
Record
SN02810263-W 20120722/120720235305-ac12dcec1857c682214825fa3cdafde9 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.