Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF MAY 15, 2014 FBO #4555
MODIFICATION

R -- Financial Statement Audit & Federal Information Security Management Act of 2002 Evaluation

Notice Date
5/13/2014
 
Notice Type
Modification/Amendment
 
NAICS
541211 — Offices of Certified Public Accountants
 
Contracting Office
U.S. Commission on Civil Rights, U.S. Commission on Civil Rights, U.S. Commission on Civil Rights, 1331 Pennsylvania Avenue, NW, Suite 1150, Washington, District of Columbia, 20425, United States
 
ZIP Code
20425
 
Solicitation Number
CCR-14-0001
 
Archive Date
6/26/2014
 
Point of Contact
Pamela A. Dunston, Phone: 202-376-8105, John Ratcliffe,
 
E-Mail Address
pdunston@usccr.gov, Jratcliffe@usccr.gov
(pdunston@usccr.gov, Jratcliffe@usccr.gov)
 
Small Business Set-Aside
N/A
 
Description
Due to space limitations, the complete Solicitation is not posted here. The complete solicitation has been posted as an attachment along with Attachments A thru C. The complete Solicitation may be requested via email to Pdunston@usccr.gov. Please reference the Solicitation Number, CCR-14-0001, in your email. Questions on the solicitation must be emailed to pdunston@usccr.gov and received by Friday, May 30, 2014, by 5 pm. Responses to all questions received will be posted. This is a combined synopsis/solicitation for commercial services prepared in accordance with the format in FAR Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued. Solicitation CCR-14-0001 is issued by the U.S. Commission on Civil Rights for Financial Statement Audit (FSA) and Financial Information Security Management Act (FISMA) Evaluation. This solicitation is not a small business set aside and will be awarded as a firm fixed-price contract. Scope of Work Financial Statement Audit (FSA) The Contractor shall conduct an audit of Commission's annual financial statements. The audit shall be performed in accordance with generally accepted government auditing standards (GAGAS), as specified in the most current version of the Government Accountability Office's (GAO) Government Auditing Standards, and the provisions of OMB Bulletin No. 14-02, Audit Requirements for Federal Financial Statements, as amended. In conducting the audit, the methodology used should be consistent with the most current version of the GAO/President's Council on Integrity and Efficiency (PCIE) Financial Audit Manual (FAM). At a minimum, the Contractor shall provide documentation, prior to beginning the work, which demonstrates how the Contractor's approach addresses the elements of the FAM. With respect to Required Supplementary Information (RSI) and Required Supplementary Stewardship Information (RSSI), the Contractor shall assess whether the information and its presentation is materially consistent with the information in the basic statements. In performing this assessment the contractor shall perform procedures consistent with AU § 558, Required Supplementary Information. With respect to internal controls, the Contractor shall obtain an understanding of the components of internal control and assess the level of control risk relevant to the assertions embodied in the classes of transactions, account balances, and disclosure component of the financial statements. Such controls include relevant information technology (IT) general and application controls and controls relating to intra-entity and intra-governmental transactions and balances. To assess the effectiveness of the IT control environment, the Contractor shall, at a minimum, perform procedures over the following GAO Federal Information System Controls Audit Manual (FISCAM) general control areas: Security management Access controls Configuration management Segregation of duties Contingency planning With respect to compliance with applicable laws and regulations, the Contractor shall perform tests of compliance with laws and regulations, including laws governing the use of budget authority laws, regulations, and government-wide policies identified by OMB, and any other laws and regulations that could have a direct and material effect on the basic statements. Planning The Contractor shall plan the audit work consistent with the FAM Section 200. The Contractor shall develop ways to obtain the evidence necessary to report on Commission's financial statements, internal controls, and compliance with laws and regulations. The Contractor shall receive approval from the Contracting Officer's Representative (COR) prior to the implementation of any changes to the scope of the audit. The Contractor shall conduct an entrance conference with key Commission officials for the financial statement audit. The entrance conference shall occur prior to the commencement of work. The Contractor shall coordinate with the COR to schedule these meetings. Testing The Contractor shall complete the following in accordance with FAM Sections 300 and 400: determine the nature, timing, and extent of audit procedures document the results of audit procedures performed document conclusions reached Audit procedures shall encompass tests of internal controls, tests of detail transactions and balances (substantive testing), and tests of compliance of laws and regulations. As necessary and based on testing performed, the Contractor shall develop findings and recommendations, as described in the FAM Section 580 and generally accepted government-auditing standards. Reporting The Contractor shall complete audit procedures, evaluate results and conclusions reached, and report results to the COR and Commission management consistent with the FAM Section 500. The Contractor shall conduct an exit conference with key Commission officials for the financial statement audit. The exit conference shall occur upon completion of the audit. The Contractor shall coordinate with the COR to schedule these meetings. The Contractor shall conduct a lessons learned meeting with the appropriate Commission management representatives and the COR to discuss and document the processes that were effective and those that could be improved during the subsequent year's contract performance. Federal Information Security Management Act (FISMA) Evaluation The Contractor shall develop an evaluation program that shall include the objectives of each program and steps that will be taken to accomplish the objectives, including the nature, timing and extent of evaluation procedures. The evaluation program shall conform to applicable OMB/DHS guidance. The evaluation program shall encompass the Program Areas referenced in SOW Section 2.2. The Contractor shall conduct an entrance conference with key Commission officials for the FISMA evaluation. The entrance conference shall occur prior to the commencement of work. The Contractor shall coordinate with the ACOR to schedule these meetings. Evaluation of USCCR's Information Security Posture The Contractor shall conduct an evaluation of Commission's compliance with FISMA and related OMB, DHS, and OIG requirements, which includes the following Overall Security Management and Program Areas of information security management: Overall Security Management: Development of Detailed IT Policies and Procedures A Comprehensive Risk Management Process A Comprehensive Certification and Accreditation Process Effective Oversight of Contractors and Contractor Systems An Agency-Wide Privacy Program Effective Configuration Management Policies and Procedures Program Areas: Continuous monitoring management Configuration management Identity and access management Incident response and reporting Risk management Security training Plan of action and milestones Remote access management Contingency planning Contractor systems Security capital planning Systems inventory The FISMA evaluation shall be conducted in accordance with the Council of Inspectors General on Integrity and Efficiency (CIGIE) Quality Standards for Inspections and Evaluations issued January 2012, and subsequent revisions, with the general standards of GAO's Government Auditing Standards, and with applicable annual instructions from OMB/DHS. The Contractor shall consult with the ACOR in the selection of systems to be reviewed. Results of the evaluation shall be documented in a report in accordance with FISMA and applicable reporting guidance. The report shall include responses to the questionnaire provided by OMB/DHS as part of the FISMA instructions. Findings disclosed in the report shall include recommendations for corrective action. F ISMA Evaluation Report The Contractor shall perform evaluation procedures. The Contractor shall document results of testing and conclusions reached in accordance with FISMA, CIGIE Quality Standards on Inspection and Evaluation, and applicable annual instructions from OMB, DHS, and OIG. The report shall include responses to the questionnaire provided by OMB/DHS as part of the FISMA instructions. The Contractor shall develop findings that describe the condition, cause, criteria, effect and recommendation based on testing performed. OMB/DHS Reporting The Contractor shall develop a draft FISMA evaluation report that includes the results of evaluation procedures and complies with applicable OMB/DHS guidance. This report is subject to ACOR approval prior to finalizing the form and content. The report shall include a section that describes findings identified during performance of FISMA evaluation procedures, including recommendations for management. The Contractor shall conduct an exit conference with key Commission officials for the FISMA evaluation. The exit conference shall occur upon completion of the evaluation. The Contractor shall coordinate with the ACOR to schedule these meetings. The Contractor shall conduct a lessons learned meeting with the appropriate Commission management representatives and ACOR to discuss and document the processes that were effective and those that could be improved during the subsequent year's contract performance. The Commission is a micro-agency and must file reports via Cyberscope utilizing the metrics for micro-agencies. The draft reports for Cyberscope should consist of three separate reports: one utilizing the IG Metrics, one utilizing the CIO metrics and one utilizing the Privacy metrics.. Conduct Network Scan The Contractor shall complete a Network Scan. Deliverables No. Title Ref. 001 Detailed Audit Planning Documents 2 2.1.1 002 Audit Programs 2.1.1 003 Internal Control Phase Documents 2.1.2 004 Interim Audit Documentation 2.1.2 005 Final Audit Documentation 2.1.2 006 Audit Reports (Draft and Final) 2.1.3 007 Management Letter Financial Statement Audit 2.1.3 008 FISMA Evaluation Program 2.2.1 009 FISMA Evaluation Documentation 2.2.2 010 FISMA Evaluation Final 2.2.3 011 Network Scan 2.2.4 012 Firm Memorandum for Independence and Quality Control, Peer Review Report and PCAOB Inspection Report 2.3.2.2 013 Statements of Independence and GAOCPE Compliance 2.3.2.2, 2.3.2.3 014 Non-Disclosure Agreements 2.3.2.4 015 Monthly Progress Reports 2.3.3 016 Technical Status Meeting Agendas 2.3.4 The period of performance for this task shall be from the date of award through December 15, 2014, with two 30-day extensions, if needed and four option years. Offers will be evaluated in accordance with FAR 52-212.2 "Evaluation - Commercial Items, which is incorporated into this solicitation with addendum to paragraph (a) as follows: the following factors shall be used to evaluate offers: (1) Technical Proposal, (2) past performance, and (3) price. The Government will make award to the responsible offeror whose offer conforms to the requirements herein and represents the best value to the Government. Contractor qualifications are more important than price. Technical Proposal : The quote shall include (1) the technical approach, (2) qualifications of key personnel and other proposed staff, and (3) contractor's qualifications. The quote must provide resumes of all key personnel and other proposed staff. The resumes should indicate the proposed staff's knowledge and experience with conducting Financial Statement and FISMA audits on small Federal agencies. The quote must include the contractor's experience with conducting Financial Statement and FISMA audits on small Federal agencies. Past performance: The quote shall include a minimum of three (3) references with a brief description of previous projects of similar size and complexity. Each example of past performance shall include: contract number; contract description; contract amount and type of contract; period of performance; name, address, Email address, telephone number, fax number (if Govt contract, provide the name, telephone number of contracting officer and the COR or if commercial, provide the technical and contracting equivalent); size and complexity of the project; and whether all options were exercised. Pricing : The quote shall include the following information: (1) a breakdown of labor categories, fully burdened hourly rates for all proposed personnel under each effort as outlined in the Statement of Work, (2) a breakdown of the number of proposed hours in sufficient detail to allow the Government a good understanding of your planned technical approach and the ability to review the consistency between the planned technical approach and the proposed pricing. Appendex B should be used to provide a breakdown and summary of the price proposal quote. The proposal shall not exceed 25 pages - resumes excluded. The following Federal Acquisition Regulation (FAR) provisions and clauses in effect through FAC 2005-03, dated April 2005 are applicable to this procurement: 52.212-1, Instructions To Offerors-Commercial Items; 52-212-4 Contract Terms and Conditions-Commercial Items; 52.212-5 Contract Terms and Conditions Required to Implement Statues or Executive Orders-Commercial Items including subparagraphs (b) (1), (17), (18), and (19), which are applicable to commercial services. 52.227-17 Rights in Data-Special Works and the Key Personnel Clause is applicable as well. The offeror shall submit with their quote a completed copy of FAR 52.212-3, Offeror Representations and Certifications-Commercial Items. The award will be based on the best value to the Government, price and other factors included. Submit three (3) copies of your quotes to Pamela Dunston, U.S. Commission on Civil Rights, Acquisition Office, Room 1139, 1331 Pennsylvania, NW., Suite 1150, Washington, DC 20425. Quotes will be accepted by Email, or hand-delivered. Proposals are due by Wednesday, June 11, 2014 at 12:00 Noon. The Government shall not pay for any costs associated with the preparation of the proposal. All RFQs received in aquistions@usccr.gov must be received by the deadline specified on http://www.usccr.gov. USCCR accepts no liability for the problems that are encountered by your email system. Please check for any viruses or security problems with your system before sending an email to this account. We will not accept any RFQs after the posted deadline. Point of Contact: Pamela Dunston Place of Performance: Washington, DC
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USCCR/USCCR/USCCR1/CCR-14-0001/listing.html)
 
Place of Performance
Address: U.S. Commission on Civil Rights, 1331 Pennsylvania Avenue, NW, Suite 1150, Washington, District of Columbia, 20425, United States
Zip Code: 20425
 
Record
SN03364229-W 20140515/140514021346-6112274787e0c8cfc286ed0d4d533275 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.