REQUEST FOR PROPOSAL: EXTERNAL QUALITY

ASSESSMENT REVIEW

SECTION I: REQUEST FOR PROPOSAL (RFP) PROCESS

PURPOSE OF RFP
The purpose of this document is to facilitate the selection of a professional services firm to perform a quality
assessment (QA) review of Company XYZ’s internal audit department.

Company XYZ’s internal audit management reserves the right to reject any or all proposals or accept additional
proposals during this process. Company XYZ’s internal audit management reserves the right to discontinue the
process of selection for external audit services as governed by changing business needs.

BACKGROUND
(Insert Company Information)

INTERNAL AUDIT QUALITY ASSESSMENT REVIEW

The Institute of Internal Auditors’ auditing standards effective January 1, 2002 require the chief audit executive to
develop and maintain a quality assurance and improvement program that covers all aspects of internal audit
activities and that continuously monitors the effectiveness of such activities. This guidance recommends that the
quality assurance and improvement program should include both internal and external assessments, with external
assessments conducted once every five years by a qualified, independent reviewer or review team from outside
the organization.

To comply with these standards, to help reasonably ensure that internal audit’s services continue to be aligned
with the strategies and objectives of Company XYZ, and to help reasonably ensure that the internal audit
department continues to make appropriate use of internal audit best practices, Company XYZ has requested a
QA of Company XYZ’s internal audit department. The QA services being requested by Company XYZ should be
performed in compliance with the attribute and performance standards set forth in the Institute of Internal Auditors’
Quality Assessment Manual, Fourth Edition (the Standards).

While implicit in the Standards, specific areas that should be covered in the QA include:
• Structural and functional independence.
• Objectivity.
• Proficiency, including knowledge, skills, experience and technical proficiency for specialized operations.
• Continuing professional development of internal audit personnel.
• A quality assurance program.
• Department management, including resource management, policies and procedures, department management
reporting, and overall supervision quality.
• Risk assessment methodology and documentation.
• Planning, including annual planning and audit planning.
• Audit execution, including audit program design, execution and workpaper documentation.
• Reporting, including the quality and timeliness of reporting to department management, senior management
and the audit committee.

1 Source: www.knowledgeleader.com
• Monitoring practices, including exception tracking and follow-up.
• Internal audit’s alignment with other risk management efforts within Company XYZ and its corporate
objectives.
• A definition of the audit universe.
• A review of the adequacy and testing for adherence to written policies and procedures.

At the conclusion of the engagement, the required deliverable will be a formal report that addresses, at a
minimum, the following:
• A conclusion on the independence and effectiveness of internal audit within the standards established by the
IIA.
• The current strengths of internal audit.
• Specific observations regarding opportunities for improvement identified during the review, including the
relative significance of each opportunity.
• Specific implementation recommendations to improve internal audit’s independence and/or effectiveness as
applicable.
• Internal auditing best practices for internal audit’s consideration.
• Recommendations for additional ways internal audit can add value to both management and the audit
committee.

PROCESS FOR RESPONSE

Please submit your proposal, with any attachments, via email to (Insert Email Address) by (Insert Date and Time).

The proposal should be as concise as possible and limited to no more than (Insert Number) pages, excluding
resumes. In creating the written proposal, please organize the document in the exact format and order of the
items listed in Appendix A in order to facilitate our review and comparison between firms. Bidders should describe
their methodology and approach to performing the QA, including relevant examples of completing similar
assignments for institutions similar in size as well as scope of operations to Company XYZ.

Please include a key contact name, phone number and email address that Company XYZ can use to request
follow-up information. If you elect not to respond to this RFP, please return all materials with a letter stating your
reasons for not participating to (Insert Name).

SCHEDULE

RFP issued to firm. (Insert Date)

Firm submits any questions regarding the RFP specifics. (Insert Date)

Company XYZ submits responses to firm. (Insert Date)

Written proposals due to Company XYZ. (Insert Date)
Proposal questions sent to firms. (Insert Date)
Firm oral presentation to internal audit management. (Insert Date)
Pricing/services negotiation. (Insert Date)
Firm selection notification. (Insert Date)
Expected commencement of work. (Insert Date)
Presentation to internal audit management. (Insert Date)

2 Source: www.knowledgeleader.com
ORAL PRESENTATIONS
Company XYZ will select finalist firms to make oral presentations during the week of (Insert Date). Individual
presentations will be held with members of internal audit’s senior management team. Presentations will be limited
to one hour, including Q&A, and attendance should be limited to no more than four representatives from each
bidding firm. At least two of the presenters should be members of the on-site team that would perform the QA of
Company XYZ’s internal audit department.

ACCEPTANCE OR REJECTION OF PROPOSALS

For XYZ to award a contract to any service provider does not limit Company XYZ’s rights to negotiate terms in its
best interest. Company XYZ reserves the right to accept or reject any or all proposals in part or whole. Company
XYZ reserves the right to request clarification on any specific responses, omissions or claims made in response to
this RFP.

EXCEPTIONS/ADDITIONS
Any bidder that discovers an ambiguity, inconsistency, error or omission on examining the RFP shall promptly
notify Company XYZ by written notification. Any interpretation of or correction or change to this RFP will be made
by written addendum to the RFP. An addendum will be distributed to all that are known to have received an RFP.

STATEMENT OF CONFIDENTIALITY
All information (written and verbal) exchanged between Company XYZ and the participants to this RFP is to be
treated as confidential per the existing non-disclosure agreement.

SECTION II: PROPOSAL REQUIREMENTS

This RFP describes the required information to be included in your proposal. To facilitate the review of all
proposals, Company XYZ internal audit management requires that your firm organize responses to directly
address the items listed in Appendix A.

3 Source: www.knowledgeleader.com
 APPENDIX A: INTERNAL AUDIT REQUIREMENTS
INTERNAL AUDIT PRACTICE
• Provide an overview of your internal audit practice, capabilities and experience.
• Provide the number of dedicated resources in your internal audit and information technology audit practices.
• Provide an overview of your firm’s experience and expertise with providing internal audit services.
• Provide an overview of your firm’s experience with performing QAs.
• Provide a list of major clients for which your firm provides QA and other internal audit services. Please specify
those clients for which you have performed QA services.
• Indicate your firm’s major initiatives/resources that support audit committees and internal audit functions.

SERVICE TEAM
Provide an organizational chart showing the structure and specific personnel for the team that you propose will
serve Company XYZ. Include the resumes of these team members in an appendix to your response. Resumes
should include a brief discussion of each individual’s proposed responsibilities, the estimated percentage of their
time dedicated to Company XYZ during the review, and any unique skills they bring to the engagement. (Note:
Only provide resumes for personnel who will be active on the Company XYZ service team.)

METHODOLOGY
• Describe your QA methodology and differentiating factors that provide enhanced value to clients.
• Please indicate the approximate length of time it will take to complete the QA and how soon your firm can
commence working after a selection has been made. Please indicate if the above schedule is feasible and how
your firm’s methodology is suited to the expected completion date.
• Please identify the time commitment of Company XYZ and its associates needed to support your QA review
and the types of resources you will need.
• Describe how Company XYZ can be confident that you will contribute value to the organization through this
engagement.
• Describe the policies and practices your firm maintains in order to ensure accuracy, consistency and
confidentiality in the work performed. Also, describe your policies and practices in regard to retention of audit
work papers and other material related to Company XYZ.
• Describe your process for reporting recommendations and observations.

REFERENCES
• Provide a minimum of three references, preferably global companies in the technology industry, whose asset,
revenue and employee base are similar in size to Company XYZ. Include the name, address and phone
number of a contact person.
• If the contact person is an alumnus of your firm, please so designate.

FEES
• Please provide a fee proposal to perform these services. Specifically indicate in your proposal any
administrative charges and estimated out-of-pocket expenses, including how they will be billed to Company
XYZ.
• Provide a table detailing proposed hours by staff level.

4 Source: www.knowledgeleader.com
 APPENDIX B: FEE TEMPLATE

Staff Level Total Hours $/Hour * Total

Management $–

Others $–

Total Staff Fees $–

Other Expenses Total

Out-of-Pocket Expenses $–

Administrative Expenses $–

Total Other Expenses $–

*Average overall hourly cost based on expected mix of staff.

5 Source: www.knowledgeleader.com