Background Image

AFRICAN REINSURANCE CORPORATION (AFRICA RE)-

INVITATION TO TENDER FOR THE INTERNAL AUDIT OF AFRICA RE’S INFORMATION TECHNOLOGY

INVITATION TO TENDER FOR THE INTERNAL AUDIT OF AFRICA RE’S INFORMATION TECHNOLOGY

1. BACKGROUND ON COMPANY STRUCTURE

Established in 1976 by 36 member States of the African Union and the African Development Bank Group (AfDB), The AFRICAN REINSURANCE CORPORATION (AFRICA RE), the leading reinsurance company in Africa and the Middle East, is a pan-African financial institution whose shareholding is split between African (75%) and Non-African (25%) investors. African shareholding comprises 41 African states, the AfDB, and more than 117 African insurance/reinsurance companies from the 41 member countries. Headquartered in Lagos (Nigeria), Africa Re has a continental network of regional and local offices in Lagos (Nigeria), Casablanca (Morocco), Nairobi (Kenya), Abidjan (Côte d’Ivoire), Ebène (Mauritius), Cairo (Egypt), Addis Ababa (Ethiopia) and Kampala (Uganda), as well as two subsidiaries: Africa Re (South Africa) Ltd in Johannesburg and Africa Retakaful Ltd in Cairo (Egypt).

2. CURRENT INFRASTRUCTURE OF THE INFORMATION TECHNOLOGY

Africa Re has invested in an IT infrastructure upgrade with a primary data center in Lagos, Nigeria and a redundancy / recovery site in Casablanca, Morocco. Both of these sites are hosted by third parties. All the eight regional and local offices of Africa Re and two subsidiaries connect to either the primary data center or the recovery site via dedicated VPN links. All the core business applications are implemented at both the Primary and Recovery sites and the data mirrored continuously. The regional office locations and subsidiary locations, however, maintain network infrastructure and communication systems to enable them to connect with either of the primary or recovery data centers. The Corporation has also outsourced the hosting of its email system and website to 2 different offshore companies, each with its own redundancy sites.

However, important changes are to be effective by the beginning of the audit.

The Corporation recently subscribed to a Software-Defined Data Center (SDDC) on VMware Cloud on Amazon Web Services (AWS). The VMware Cloud on AWS is an integrated cloud offering jointly developed by Amazon Web Services (AWS) and VMware. The benefit to the Corporation is that it allows us to continue to run our traditional virtualization servers and workloads in the AWS cloud while providing us scalability and efficiency with direct, high-speed access to AWS services.

The Corporation will then have two of such data centers: The London SDDC which is the primary, and the North Virginia SDDC, USA which is the secondary. The essence of these two SDDCs is to provide a disaster recovery platform for the Corporation, as data would continually be replicated between the two SDDCs. The advantage of this is that in event that one SDDC is down, business operations would easily be failed over to the second SDDC for production to continue.

In addition to the above, the Corporation has subscribed for Citrix cloud solution and has integrated this with the SDDC. We currently use the Citrix platform to render the SICS business applications to users, although SICS is still in the implementation stage.

The Citrix platform also has the capabilities to securely render existing production applications to users such that they can access them from anywhere and at any time, hence boosting productivity.

3. OBJECTIVES OF THE INTERNAL AUDIT

The Consultant or Consulting Firm, herewith both called the “Consultant”, who shall perform the Internal Audit is expected to conduct a comprehensive review of the entire ICT infrastructure, systems and applications of the Corporation, its subsidiaries, Regional and Local Offices.

The Consultant will be required to adhere to the terms of reference stated below and where necessary expand the scope.

4. SCOPE OF THE WORK

The ICT Internal Audit will include, but not be limited, to the following:

1) IT Governance and Management Audit

a) Alignment of IT and business strategy

b) Delivery of IT services in line with business requirements

c) Long term and short term IT strategies

d) Review of IT Budgeting process

e) IT organization, policies, and processes

f) IT human resources management

g) IT performance monitoring and reporting

h) IT risk management, and its integration in the Corporation’s Enterprise Risk Management

i) Necessity of implementing an IT Service Management System, like ITIL & ISO 20000, and advice on the adequate system for the Corporation and the best way to go about this

2) Operating System (OS) for applications, databases and network equipment Review

j) Logical access controls

k) User access management & security

l) Set up and maintenance of system parameters

m) Patch and update management

You need to login to view the rest of the content. Please . Not a Member? Join Us
Tags
admin

admin@publicprocurement.ng

No Comments

Post a Comment

Password reset link will be sent to your email