IT services: consulting, software development, Internet and support

Contract Value:: -
Notice Type:: Contract Notice

Published Date:: 19 October 2018
Closing Date:: 19 November 2018

Location(s):: DEF02 Kiel, Kreisfreie Stadt (DE Germany/DEUTSCHLAND)

Description:

The Investitionsbank Schleswig Holstein (IB.SH, client) - the country's central development institution with currently around 600 employees is looking for a service provider to assist in rolling out a process-oriented internal control system (ICS).

Background:

"Process-oriented ICS" means for IB.SH:

- A bank-wide process map is available

End2End business processes are modeled in a BPMN format throughout the bank,

- The written order (sfO = instruction system) is integrated into the modeled processes as structured information,

- Process-inherent risks and controls are linked to the processes,

- Information with its protection requirements and information carriers (in the first instance applications) are linked to the processes,

- Information Security Management (ISMS) is interlinked with process management (eg use of uniform data base, no duplicate entries, etc.),

- The emergency management is interlinked with the process management,

- the process-inherent risks, the risks of the ISMS and the emergency management are transferred to the OpRisk management for the bank-wide risk control of the operational risks,

- A control-risk self-assessment (CRSA: procedure for checking the adequacy and effectiveness of controls) is established in a process-oriented manner.

IB.SH is currently close to finalizing the development of a methodological and technical framework for a process-oriented ICS within the framework of a project (basic project).

The task of the follow-up project 1 will be

- develop a detailed CRSA process,

- procure and implement tool support for CRSA,

- fully roll out all credit processes

- Modeling of processes including integration of the sfO, identification of information, information carriers, risks and controls,

- subject similar processes to a first harmonization (eg same terminology for the same facts or the same work sequences for the same processes),

- Training of the process owner with regard to the following activities: determination of protection requirements of the identified information, risk assessment and control description, CRSA,

- Implementation of the trained content by process owners,

- Subsequent quality assurance of the processes, release and replacement of the previous sfO,

- Partially roll out all other processes of the bank.

In contrast to the "full roll out" will be there

- Processes not modeled at work level,

- locate only the most important information / information carriers, risks and controls in the process and transfer them to the controller.

Job description:

The service provider should support the client during the term of the follow-up project 1 in the project work.

The principal will provide support services primarily for

- the development of a CRSA methodology and

- demand the collection of risks in the processes, in cooperation with the risk controlling of the client.

Next is the service provider

- Leading and accompanying workshops on process recordings (including method-conforming BPMN modeling in BIC, using the already developed procedure)

- the approximation of the sfO to the process model,

- the implementation of training for employees of the client,

- the creation of guides,

- support in change management (cultural change) and,

- carry out the quality assurance of the results obtained in the project.

Further information can be found in the service description.

: Download full details as .pdf

The Buyer:: Investitionsbank Schleswig-Holstein IB.SH vertreten durch die Gebäudemanagement Schleswig-Holstein AöR

CPV Code(s):: 72000000 - IT services: consulting, software development, Internet and support