The purpose of the tender is to conclude a Framework Agreement with a number of service providers in the field of Audit services per lot.

The Contract currently being put out to tender consists of three main parts, namely:

1. Hiring Audit Services;

2. Hiring and result-oriented IT Audit services;

3. Results-oriented multidisciplinary Audit services.

More information about the above three main parts can be found in paragraph 2.2 of the Descriptive document.

The intention is that these Framework Agreements will take effect on September 10, 2021 for an initial period of (two) years and can be extended by the Client up to two (2) times for a maximum period of one (1) year at a time.

Lot 1 - Hiring Audit Services

This concerns the hiring of Audit services in the areas of, among other things:

• investigation of the fairness and legality of financial statements;

• examination of the financial administration, financial management and material management;

• assessing and advising on the design and operation of the various processes belonging to the domain of financial management;

• providing internal management supporting technical advice on request;

• conducting studies into the effectiveness and efficiency of the control measures in and around certain processes, which guarantee that the control frameworks are systematically developed and complied with;

• conducting investigations into, among other things, integrity and the management control system, including risk management;

• participating in integrated audits of, for example, the personnel system, operational monitor, etc.

Lot 2 - Hiring and results-oriented IT Audit services

This concerns the hiring and / or result-oriented IT Audit services in the field of, among other things:

a) IT audits of software development, the associated development methodologies and the management of IT projects. In addition, IT audits include investigations into the quality and control of existing information systems. Both technical and management aspects are important here. Frequently used management frameworks, technical best practices, sourcing strategies and their possible consequences for the security and control of information systems are assumed to be known;

b) The activities can be both strategic (leading the execution of audits) and tactical (supplying tools, knowledge, techniques and manpower), with the emphasis mainly on the tactical aspect;

c) The IT audits in the field of software development focus on the correct use of the development method used and the quality assurance system. In addition, the IT audits focus on the design and existence of the system of control measures to guarantee a reliable implementation of (future) information systems, including the Enterprise Resource Planning (ERP) systems (Oracle, SAP, Exact or similar). );

d) The IT audits of the existing information systems mainly focus on assessing the design, existence and operation of application and user controls, IT General and Infrastructure Controls. Knowledge of and experience with, among other things, Enterprise Resource Planning (ERP) systems, middleware, databases, operating systems and network components is necessary. In addition, data analysis (Data analysis is the retrieval of information from data in a broad sense) is an increasing part of the activities;

e) Frequently used management frameworks and technical best practices in the audits include ITIL, ASL / BiSL, COBIT, Baseline Information Security National Service, Privacy Impact Assessments, ISO27001, OWASP and standards from NIST and Center for Internet Security.

Lot 3 - Results-oriented multidisciplinary Audit services

This concerns the provision of multidisciplinary result-oriented Audit services in the following areas, among others:

a) performing audit work on behalf of the management and control of the organization / service units concerned;

b) performing audit procedures in support of management;

c) the provision of audit products and services such as the annual audit, auditor's report, an investigation or a report of findings;

d) supplying audit (related) specialist knowledge / innovative products aimed at improving the quality of the audit processes and / or internal control at the Client;

e) auditing soft controls.