Request for Proposal Information Systems Audit for …imghost1.indiamart.com/tenders/doc/2009-12-02/292_2009-12-02_14.pdfRequest for Proposal Information Systems Audit for ... 8.2

what

Request for Proposal Information Systems Audit for “Core Banking Sol ution” 18 November 2009 Tender Ref: 666/56/2009-10/6

Andhra Bank Request for Proposal for Application Audit

November 2009

i

Contents

1 Preface 2 1.1 About this RFP 2

2 About Andhra Bank 4 2.1 Bank Profile 4 2.2 Overview of Computerization in the Bank 4

3 Current Status of Implementation 5 3.2 Application Software 5 3.3 Functionality Offered by CBS 6 3.4 Application Infrastructure at the Bank 12 3.5 Monitoring and Management Systems 13 3.6 Other Infrastructure 14

4 Scope of Work for Audit 15 4.2 Application Software 15 4.3 IT Infrastructure 18 4.4 Processes and Tools 19 4.5 Internet Banking, Mobile Banking & Telebanking 20 4.6 Verification of Deliverables 20

5 Deliverables 21 5.1 Pre Audit 21 5.2 Performing the Audit 21 5.3 Project Management 21 5.4 Internet Banking, Mobile Banking and Tele-banking 21

6 Eligibility Criteria 23 6.2 Eligibility of Bidders 23 6.3 Experience of the Firm in Core Banking Solutions 24 6.4 Team Strength 25

7 Evaluation of Bids 26 7.1 Evaluation Process 26 7.2 Technical Evaluation 26 7.3 Commercial Evaluation 26

8 Bid Submission 28 8.1 General Terms of Bid Submission 28 8.2 Two Stage Bidding Process 29


November 2009

ii

8.3 Cost of Bid 30 8.4 Earnest Money Deposit (EMD) 30 8.5 Sealing and Marking of Bids 31 8.6 Commercial Bid 31 8.7 Bid Submission 32 8.8 Clarifications on the Tender Documents 32 8.9 Amendments to Tender Documents 33 8.10 Correction of Errors 33 8.11 Confidentiality 33 8.12 Indemnification 34 8.13 Notification of Award 34 8.14 Signing of Contract 34 8.15 Jurisdiction 34 8.16 Other Terms and Conditions 35 8.17 Contact Details 35 8.18 Evaluation Schedule 36

Annexure - 1 Compliance Certificate 37

Annexure - 2 Bidder Profile 38

Annexure - 3 Statement of tie-ups/consortium partners for the project 43

Annexure - 4 Confirmation of Soft Copy 44

Annexure - 5 Credentials 45

Annexure - 6 Team Profile 47

Annexure - 7 Commercial Bid 48

Annexure - 8 Project Plan and Resource Deployment 51

Annexure - 9 Query Format 52

Annexure - 10 Non – Disclosure Agreement Format 53

Annexure - 11 Format of Bank Guarantee 56

Annexure - 12 Checklist of Documents to be submitted 58


November 2009

1

List of Tables Table 3-1Current Status of Application Software Implementation (As on 20 January, 2009) ...... 5 Table 3-2 Functionality Supported by CBS ............................................................................... 7 Table 3-3- CBS Application Infrastructure .............................................................................. 12 Table 3-4- Monitoring and Management Systems Implementation........................................... 13 Table 4-1 Scope of IS Audit for CBS Applications .................................................................. 15 Table 8-1Evaluation Schedule ................................................................................................. 36


November 2009

2

1 Preface

1.1 About this RFP

1.1.1 Andhra Bank, a body constituted under Banking Companies Acquisition and Transfer of Undertakings Act 1980 has its Head Office at 5-9-11, Dr. Pattabhi Bhavan, Saifabad, Hyderabad-500004. It’s Department of Information Technology – Core Banking Solutions is located at 3rd Floor, “D” Block, Cyber Gateway, Madhapur, Hyderabad-500081, India.

1.1.2 Andhra Bank is hereinafter called “Bank” which term or expression unless excluded by or repugnant to the context or the meaning thereof, shall be deemed to include its successors and permitted assigns herein after called “Andhra Bank” or “Bank” or “bank”, issues this Request For Proposal, hereinafter called “RFP”.

1.1.3 The Request for Proposal is issued for inviting proposals (Technical and Commercial Bids) for the Information Systems (IS) audit of “Core Banking Solution” including Core Banking Solution (CBS) application, Surround Applications and related infrastructure, Network, Data Center and Disaster Recovery Center, as per specifications, terms and conditions and scope defined in this document, from eligible bidders satisfying the eligibility criteria set out in Section Error! Reference source not found. of this document. .

1.1.4 Please note, that all references to the CBS project/CBS in this document refer the Core banking solution and all surround solutions implemented as part of the Core Banking Solution Project at Andhra Bank.

1.1.5 A vendor submitting the proposal in response to RFP for IS Audit of CBS project shall hereinafter be referred to as “Bidder / Systems Auditor/ Vendor” interchangeably.

1.1.6 The RFP document is neither an offer letter nor a legal contract, but an invitation for offers / responses. No contractual obligation on behalf of Andhra Bank whatsoever shall arise from the RFP process unless and until a formal contract is signed and executed by duly authorized officers of Andhra Bank and the bidder.

1.1.7 The Bank has no obligation to accept any or the lowest quote. The Bank may decide not to accept any quote or may accept a quote that is not a lowest quote. The bank reserves the right to cancel the RFP at any point in time.

1.1.8 All offers of the bidders shall be unconditional and once accepted whether with or without modifications by the Bank shall be binding between the Bank and such Bidder.

1.1.9 However, this is a binding document between Bank and respondents till the completion of selection process and notification of award and till a contract is signed between Bank and the Systems Auditor in the process in case both parties initiate and expedite certain actions pending the execution of a contract.


November 2009

3

1.1.10 The Bank may modify any / all of the terms of this RFP and shall be entitled to award the contract to a selected bidder with / without modification of any conditions contained herein.

1.1.11 This RFP document is structured in such a way that the Bidders fully understand and acquaint themselves with Bank’s business, existing IT Scenario and Architecture and propose the IS Audit of the Core Banking Solution taking into consideration all the existing applications and infrastructure to meet Bank’s requirement within the scope of the project and subject to terms and conditions of this RFP document.

1.1.12 The last date for the receipt of proposals responding to the RFP is 17 December 2009.

1.1.13 While this section is a Preface to the entire document, the following sections are meaningfully segregated for better understanding of the document. The section headings or any other headings do not have any contractual sequence and the submission of responses to RFP should be based on total understanding of the document.


November 2009

4

2 About Andhra Bank

2.1 Bank Profile

2.1.1 Andhra Bank (http://www.andhrabank.in) has its history parallel to India’s freedom struggle and was founded by an eminent freedom fighter and a multi-faceted genius, Dr. Bhogaraju Pattabhi Seetharamayya. Bank was registered on 20th November 1923 and commenced its operations on 28th November 1923. Bank was nationalized on 15th April 1980 and is presently a Public Sector Bank with the Government of India holding 51% of its capital.

2.1.2 Bank has achieved a business of Rs. 110,460 Crores as on 30 September 2009 and Bank aims to grow to a mid-size Bank with a business of Rs. 1,50,000 Crores by 30th September 2010.

2.1.3 Bank has a three-tier organizational structure with nearly 1536 Branches 49 Extension Counters, 38 Satellite Offices 22 Zonal Offices with its Head Office at Hyderabad. The bank has an ATM network of 798 ATMs across the country. Bank has national presence and representative offices in Dubai and New Jersey (USA).

2.1.4 Bank uses Information Technology in all spheres of its functioning by connecting all its branches, service centres and extension counters through its WAN.

Bank aims to leverage the centralized solution to support its growing business, improve operational efficiency across the counters and multi-delivery channels, and enhance focus on customers with a Customer Centric Organization.

2.2 Overview of Computerization in the Bank

2.2.1 Andhra Bank was one of the first Public Sector Banks in India to achieve 100% computerization of Branches as early as 31st March 2003.

2.2.2 As a part of the technology upgrade the Bank selected M/s Hewlett Packard as the System Integrator for implementation of “Core Banking Solution” project.

2.2.3 The CBS project involved implementation of Finacle Core Banking Solution and other surround applications. The migration from legacy systems to CBS commenced on 31 March 2008, and by 09 March 2009, 100 % CBS implementation was achieved.

http://www.andhrabank.in/


November 2009

5

3 Current Status of Implementation

3.1.1 The first pilot branch went live on Finacle Core Banking Solutions on March 31, 2008 and migrated t 100% of the Branches, extension counters and service centers to CBS by March 9, 2009.

3.1.2 This section covers the implementation status of the complete solution.

3.1.3 The Data Center (DC) of the Bank is located at Hyderabad while the Disaster Recovery site (DRS) is located at Chennai. The DC and DRC house most of the Bank’s centralized infrastructure.

3.2 Application Software

3.2.1 The status of implementation and rollout of the applications procured from the System Integrator is detailed in the table below: Table 3-1Current Status of Application Software Implementation (As on 20 January, 2009)

Service Scope

Implementation of Finacle Core Banking Solution

Finacle Core Banking Solution has been rolled out in 1600+ Branches as on September 30, 2009.

Government Business Module

Government Business Module provided by M/s Ace Frontline has been implemented in the CBS environment. Currently, On-Line Tax Accounting System and Pension modules have been implemented.

Debit Card Management Solution (DCMS) and Debit Card Reconciliation System (DCRS)

The System Integrator has implemented Debit Card Management System from M/s Financial Software & Systems Pvt. Ltd..

Internet Banking Finacle e-Banking suite of applications catering to Retail and Corporate segments has been implemented.

Other Solutions The following ancillary solutions are being customised as per Bank’s requirements.

• Mobile Banking – Push and Pull alerts using Finacle e-Banking

• Anti-Money Laundering – AMLock from M/s 3i Infotech

• Basel II Risk Management – Reveleus, Oracle Financial Solutions Limited


November 2009

6

Service Scope

• Enterprise General Ledger – from Oracle

• Fixed Assets module – from Oracle

• Asset – Liability Management – Oracle OFSA is being implemented to cater to ALM requirements.

• Loan Application Processing System (LAPS) – from M/s Sysarc

• Telebanking with Call Center– M/s Aspect Telebanking solution

• Management Information Systems – Crismac from M/s D2K technologies

Interfaces The following interfaces have been implemented

• Automated Teller Machines (ATM)

• Real Time Gross Settlement (RTGS)

• National Electronics Funds Transfer (NEFT)

• Online Trading through Religare

• Integrated Treasury Management Solution (ITMS)

• Electronic Branch Advice (e-BA1) of legacy system

• Cheque Truncation System integration under progress

• HRMS

• Smartcard based SHG Linkage

• Application Supported by Blocked Amounts (ASBA)

3.3 Functionality Offered by CBS

3.3.1 Finacle CBS implemented at the Bank broadly caters to the following functionalities.


November 2009

7

Table 3-2 Functionality Supported by CBS

Module Services

General Banking • Cash

• Clearing (inward and outward)

• Service Branch

• Remittances

• Central Customer Information File

• User Profile Maintenance

• Inventory Maintenance

• Standing Instructions

• Reports & Queries

Demand Deposits • Current accounts (general, CA-RRBs, CA-other banks, CA-Premium)

• Savings accounts (Domestic, Pension, NRO, NRE, Corporate salary account)

• Insurance linked Accounts (Current and Savings – Abhaya Savings Bank, Abhaya Savings Bank Plus, Abhaya Gold, Abhaya Jeevan, Insurance Linked Current Account, etc)

• Resident Foreign Currency (Domestic) Account

• Exchange Earners Foreign Currency Account (EEFC) – Demand

• Flexi Account (Current and Saving)

• Kiddy Bank and Kids Khazana

• Temporary Overdrafts (Current and Saving )

• Credit Balance in OD & CC

• Call Deposits


November 2009

8

Module Services

• Overdue deposits

• No Frills Saving Accounts

Term / Time Deposits • Fixed deposits

• Reinvestment deposits

• Term Deposits with Insurance linked

• Tax Saver Deposits

• Cash Certificates

• Recurring Deposits

• Recurring Deposits Plus

• Flexi – Fixed Deposits

• RFC – Term (Fixed and Reinvestment)

• FCNR deposits

• NRE Deposits

• ONR Deposits (Fixed and Reinvestment)

• Certificates of deposits

Non – Priority Sector Advances

• Loans against Deposits

• Loans against Shares and Securities

• Loans against Gold

• Housing Loans

• Clean Loans

• Loans against consumer durables

• Term loans to women to purchase gold


November 2009

9

Module Services

• Mortgage Loans

• Reverse Mortgage Loans

• Loans to Doctors & Medical Practitioners for purchase of equipment, ambulance, computers

• Loans to nurses to meet expenses

• Invoked guarantees paid

• Vehicle Loans

• Loans to staff

Priority Sector Advances • Agricultural Direct- crop loans

• Agricultural gold loans

• Agricultural Deposit loans to agriculturalists

• Agricultural Term Loans

• Agricultural Indirect Finance

• Small Scale Industries – Term Loans

• O.P.S. Advances – Transport Operators, Retail Trade, Business Enterprises, Professional and Self employed, Doctors

• OPS Housing Loans

• OPS Consumption Loans

• OPS Educational Loans

• OPS Self Help Groups

• Loans to urban poor indebted to non- institutional lenders

Credit Guarantee Corporation (CGC) Invoked Advances

• CGC Invoked – Small loans 1971 Agricultural


November 2009

10

Module Services

• CGC Invoked – Service Sector

• CGC Invoked 1981 SSI

Medium and Large Scale Loans

• Medium and Large Scale Industrial Term Loans

• Term Loans to commercial real estates

• Term Loans to hotels

• Term Loans to Industrial or warehouse spaces

• Term Loans – Indirect finance to housing

Foreign Exchange Advances • Foreign Currency Loans

Overdrafts and Cash Credits • OD – Temporary Overdrafts

• OD – Clean Overdrafts

• OD – Clean Overdrafts to staff

• OD – Secured Overdraft

• Cash Credit

• Working Capital Demand Loans

Trade Finance – Foreign • Letter of Credit (Export , Import)

• Bills (Import, Export)

• Packing Credit

• Advances against collection bills (AACB)

• Re-discounting of export bills abroad (REBA)

• Travelers Cheques/Foreign Currency (Sale and Purchase)

• Forward contracts

• Pooling Centre


November 2009

11

Module Services

• Bank Guarantees (Domestic and Foreign)

• External Commercial Borrowings

• Foreign currency demand loan / term loan

• Advance against incentives /duty drawback

• Inward/outward remittances

Trade Finance – Inland • Inland Bills/Cheques

• Inland Letter of credit

• Bank guarantees

• Reporting

Others • Nominal Accounts including

- Sundry Debtors

- Sundry Creditors

- Suspense

- Items in Transit

- Credit Receivables

• Head Office Accounts / Inter-SOL Accounts

• Inventory


• Pension Processing and Payment (including Centralized processing)

• Tax module (CBDT & CBEC) including OLTAS

• Public Provident Fund

Debit Card Management Solution

• Card Generation

• Card embossing File generation


November 2009

12

Module Services

• PIN Management

• Fee management

Finacle e-Banking • Retail Internet Banking

• Corporate Internet Banking

• Mobile Banking

• Alerts

Script Magic • Bi-Lingual Solution catering to onscreen display in Hindi

Surround Applications cater to these requirements

• Anti Money Laundering

• Enterprise General Ledger

• Management Information Systems

• Pre Sanction of Loans/Advances

• Tele Banking

• Asset Liability Management

3.4 Application Infrastructure at the Bank

3.4.1 As an industry leading practice, the Bank has a 1:1 configuration at DC and DRC

3.4.2 The application infrastructure for the applications which have gone live at this point of time has been tabulated below: Table 3-3- CBS Application Infrastructure

Server Operating System DC DRC

HP - UX 34 HP Integrity Servers 23 HP Integrity Servers


November 2009

13

Server Operating System DC DRC

MS - Windows 75 HP Proliant Servers

10 HP Proliant Servers at critical branches

43 HP Proliant Servers

RDBMS wise installations Oracle : Finacle CBS ,GBM, EGL, ALM

MS SQL : Finacle e-Banking, Mobile Banking, LAPS, AML, Helpdesk, Call center, Reveleus, DCMS, Telebanking

Backup Environment Automated Tape Library with 2 Backup Servers have been provided at the DC

Automated Tape Library with 2 Backup Servers have been provided at the DC

SAN Solution XP 24000 SAN XP 24000 SAN

3.5 Monitoring and Management Systems

3.5.1 The following applications have been implemented by the System Integrator as part of the HP Open View Suite of applications. Table 3-4- Monitoring and Management Systems Implementation

Service Scope

Enterprise Management Systems (EMS) and Network Management System (NMS)

The System Integrator has implemented HP Openview tools for EMS / NMS suite of products for monitoring and service delivery management.

• HP Network Management Center

• HP Configuration Manager suite for Servers and Desktops for Configuration, Software Distribution and Remote Control

• HP Operations Center – Performance Manager for Windows (OVO) for managing the systems and measuring the performance

• HP OVO SPIs for Oracle and MS-SQL database servers

• HP AssetCenter Software with Base, Financial and Portfolio Management modules


November 2009

14

Service Scope

• HP Service Center software with Service Desk -Incident , Problem, Change and SLM modules

• HP Performance Insight software with report packs for Infrastructure, system resources

• HP Service Information Portal 3.2 Software with, out of the box, default integration to the above supplied EMS software components

3.6 Other Infrastructure

3.6.1 The System Integrator built the Server Farm area in the Data Center to cater to the requirements of the CBS.

3.6.2 Adequate Uninterrupted Power Supply (UPS) has been provided by the Systems Integrator.

3.6.3 Adequate Precision Air Conditioning for the Server Farm area has been provided by the Systems Integrator.


November 2009

15

4 Scope of Work for Audit

4.1.1 The scope of audit includes all applications and areas that are specified in Section 3 of this document.

4.1.2 The major activities to be performed as part of the audit have been specified in the following sub-sections.

4.2 Application Software

4.2.1 The audit shall involve critical evaluation of confidentiality, integrity and availability of all the applications and interfaces that have been procured as a part of the turnkey project.

4.2.2 A non-exhaustive scope for IS Audit of the CBS applications is tabulated below: Table 4-1 Scope of IS Audit for CBS Applications

Service Scope

Application Review covering all the applications implemented in the Bank as a part of the turnkey project covering all the functionalities including but not limited to the details provided in Section 3.3

The scope for functional review includes:

• Functionality implemented vis-à-vis the Bank’s requirements

• Input, processing and output controls across various schemes across the bank. The bank expects that the systems integrator share its audit program prior to performing this review

• Accuracy, adequacy and integrity of data in reports and MIS

• Accuracy and effectiveness of audit logs

• Adherence of reporting to legal and statutory requirements

• Automated batch processing, scheduled tasks, critical calculations etc.

• End of Day, Start of Day, period closure operations including End of Month, End of Quarter and End of Year operations

• Entire Account Life cycle for all the schemes and types of accounts that have been defined in the CBS consisting

- Customer Master Entries


November 2009

16

Service Scope

- Account Opening

- Account Operations including Transfers, Cash Transactions, Clearing Transactions, Delivery Channel Transactions, etc.

- Account Modifications including application controls around the same

- Interest Calculations and Interest Runs

- Account Closure / Premature closure/transfer etc

- Any other scheme specific features that need to be evaluated

• The entire lifecycle related to Bills, Letters of Credit(LC) and Bank Guarantees (BG)

- For Bills: Lodgment, Purchase/Discount, Advance against collection bill, Recovery from local source, Realisation through foreign remittance, Crystallization, Dishonour etc.

- For LC & BG: Issue, Amendment, Invocation, Development, Closure etc.

• Integration with Delivery Channels including data and transaction integrity for the same

• Configuration of Charges and Collection of the same

• Operations including

- DCMS and DCRS operations related to ATM/Debit card

- Helpdesk operations

- Call Center Operations

- Monitoring mechanism for above processes

• All transaction and non-transaction interfaces including but not limited to:


November 2009

17

Service Scope

- Automated Teller Machines (ATM)

- Real Time Gross Settlement System (RTGS)

- National Electronic Funds Transfer (NEFT)

- Electronic Clearing Service (ECS)

- Electronic Bank Advice (eBA–1): Interface with Cluster Banking

- Internet Banking, Mobile Banking

- Telebanking

- Asset Liability Management

- Anti – Money Laundering

- Cash Management System

- Integration with External Service providers like Religare

- Depository Participant

- ITMS

- SWIFT

Application Security The scope for Application security review includes the following across all applications related to CBS project:

• Controls for performing parameter setup of functionality across applications

• Segregation of duties

• Logical Access Controls to different functions automated processing, view/generation of reports, logs.

• Process of customization and controls during Software Development Life Cycle (SDLC)

• Controls in place for migration of changes from testing to production environment.


November 2009

18

Service Scope

• Password policy and implementation

• Database security controls

• Operating system security Controls

4.3 IT Infrastructure

4.3.1 IT General Controls: The scope of the audit includes review of IT General Controls covering the CBS environment including surround applications. These include:

• Access to OS Programs and data

• Program development

• Program Change

• Backup and restoration procedures

• Disaster Recovery Center

4.3.2 Locations to be covered for IT General Controls: The following locations are to be reviewed from an IT General Controls perspective:

• Data Center at Cyber Gateway, Hitec City, Hyderabad

• Disaster Recovery Center at Tidel Park, Chennai

4.3.3 Infrastructure Assessment at a minimum shall cover:

• Building Management System

• Power Supply, UPS, and related infrastructure

• Environment Control

• DC infrastructure including network cabling, raceways, Server / Communication racks, Rack Power Distribution Units, etc

• Fire and Smoke Detection and Suppression Systems

• Physical Access Controls, etc.


November 2009

19

4.4 Processes and Tools

4.4.1 At a minimum the following processes and tools related to the CBS environment are to be reviewed:

• DC/DR IT Operations

• DC/DR Environment Management

• Disaster Recovery Management

• License Management

• User Management

• Release Management

• Recovery and Restart procedures

• Change Management

• Incident Management

• Patch Management

• IT Asset Management

• Service Level Management

• Helpdesk Management

• Database Management

• Network Management

• Enterprise Anti-Virus Management

• Monitoring and Management Systems (EMS / NMS)

• Other Vendor Management

• SLA Management

• Audit and Log Management

• Systems Maintenance


November 2009

20

4.4.2 In addition to the above, the audit of Operating Systems, Database, Network and Security devices, Storage etc, shall at a minimum cover the following as applicable:

• Setup and Maintenance of system parameters

• Change management process

• User Management and security

• Hardening

• Logical Access Controls

• Administration including Audit trails, Log monitoring

4.5 Internet Banking, Mobile Banking & Telebanking

4.5.1 In addition to the application audit as specified in section 5.1, the scope of the audit includes review of Internet Banking, Mobile Banking and Tele-banking Architecture based on RBI guidelines as per RBI circular DBOD.COMP.BC.No.130/ 07.03.23/ 2000-01, dated 14 June, 2001 and other related guidelines.

4.5.2 The audit will involve a detailed review of the Internet Banking, Mobile Banking and Telebanking security architecture vis-à-vis the RBI guidelines.

4.5.3 The scope also includes review of the Internet Banking, Mobile Banking and Telebanking implementation with reference to compliance with privacy and legal requirements.

4.6 Verification of Deliverables

4.6.1 The scope involves a complete verification of deliverables to be completed by the System Integrator vis-à-vis the Bill of Material.


November 2009

21

5 Deliverables

5.1 Pre Audit

5.1.1 Prior to staring the groundwork on the audit, the successful-bidder shall provide the following deliverables to the Bank:

• Audit Plan and procedures for application and security review of Finacle CBS and surround applications, CBS related infrastructure, Network audit and Internet Banking

• Review report of User Acceptance Testing of CBS and surround applications

• Detailed test cases and plans for the items as per scope of audit

5.2 Performing the Audit

5.2.1 As a part of the Audit and the recommendations thereof, the successful-Bidder shall provide the following deliverables:

• Details of tests conducted along with methodology and results

• Interim audit report with detailed risk-control analysis

• Report on final status of issues raised as part of the interim report

• Final audit report with recommendations

• Compliance review for the audit findings accepted for complying with.

5.3 Project Management

5.3.1 As a part of the project management, periodic reports on the status of audit vis-à-vis finalized audit plan shall be submitted to the Bank.

5.3.2 The frequency of such reports shall be agreed with the selected Bidder.

5.4 Internet Banking, Mobile Banking and Tele-banking

5.4.1 In addition to the above deliverables, the successful-Bidder shall provide the following for these applications:

• Report on review of IS policy document and other standard documents as recommended by RBI

• Vulnerability Assessment report


November 2009

22

• Report on review on Internet Banking security architecture

• Certificate on level of compliance indicating compliance as per relevant RBI guidelines.


November 2009

23

6 Eligibility Criteria

6.1.1 Firms meeting the eligibility criteria as described in the following sections will be considered for evaluation.

6.1.2 The Bank reserves the right to change or relax the eligibility criteria to ensure inclusivity.

6.2 Eligibility of Bidders

6.2.1 The bidder should not be an individual/ proprietary / HUF etc. The bidder may be a government organization/ Public sector unit/ Partnership firm / Limited Company/ Private Limited Company having its Registered Office in India. Relevant documents of the same are to be submitted

6.2.2 The bidder organization should have been in existence for and must be engaged in the business of Information Systems Audit for at least 3 years as on September 30, 2009 in India. Related document should be submitted as part of the proposal.

6.2.3 The bidder should have a minimum turnover of INR 2 Crores per year in the last three years from IT Audit or IT Consulting services. The bidder must warrant financial solvency, i.e. able to meet all the debts as and when they fall due.

6.2.4 The bidder should have made profits in succession for the past 3 years (FY ending 2007 - FY ending 2009). The relevant documents including Balance Sheet/Profit and Loss Account/Certificate from Statutory Auditors certifying the financials are to be submitted as part of the proposal

6.2.5 The bidder must warrant that there are no legal actions being taken against it for any cause in any legal jurisdiction. If such an action exists and the bidder considers that it does not affect its ability to deliver the requirements as stated in this RFP, an undertaking specifying the nature of the legal action and the reasons why this shall not affect the bidder’s ability to deliver shall be provided.

6.2.6 The Bidder should not have been black-listed by any Public Sector Bank, RBI or IBA or any other Government agencies. Bidder must certify to that effect.

6.2.7 The bidder should not have been restricted by any regulatory authorities to offer such audit / solutions to their clients.

6.2.8 To ensure audit independence, the bidder should not have provided any IT services, including program management, systems integration, requirements specification, etc., but excluding similar IS Audits, either directly, or indirectly through a consortium, in the past three years to Andhra Bank.


November 2009

24

6.2.9 If the bidder proposes to bid as a consortium with a partner, for any task related to the IS audit, details related to the consortium are to be provided as per Annexure 3. The bank reserves the right to reject the partner agency proposed.

6.3 Experience of the Firm in Core Banking Solutions

6.3.1 The bidder should have undertaken IS audit of CBS implementation in at least one Public Sector or a Private Sector bank in India, having at least 250 branches covered under Core Banking solution at the time of such audit.

6.3.2 The experience should include IS audit of the following in CBS Environment

• Retail Banking,

• Corporate Banking,

• Delivery Channels

6.3.3 The IS audit should preferably also include experience of the following modules in CBS environment

• Government Business Module

• Anti Money Laundering

• Asset Liability Management

• Debit Card Management Solution

• Enterprise General Ledger

• Basel II Solution

• Fixed Assets

• Loan Pre-Sanction Applications

• HP OpenView suite of solutions

• Infrastructure for the CBS environment

6.3.4 Preference will be given to bidders who have conducted audit of Finacle CBS and Finacle E-Banking solutions.

6.3.5 The proposal should include certificates stating successful completion of the mentioned audit engagements including contact details of relevant officials of the auditee banks.


November 2009

25

6.3.6 The bidder should have performed vulnerability assessment/penetration testing and security review for Internet Banking Architecture and deployment.

6.4 Team Strength

6.4.1 The IS audit team should have at least 5 members with qualifications such as CISA/CISSP/CISM/CEH.

6.4.2 The team must include members who are conversant in Core Banking Solutions, preferably with experience in IS audit of CBS.

6.4.3 The relevant proof should be submitted as part of the proposal.

6.4.4 Preference will be given for team members with sufficient experience in IS audit of Finacle.

6.4.5 The bidder must warrant that all team members proposed from the prime bidder organization must be permanent employees on the rolls on the organization.


November 2009

26

7 Evaluation of Bids

7.1 Evaluation Process

7.1.1 The evaluation process for Information Systems Auditor of CBS implementation at Andhra Bank will be a two step process. The evaluation of the technical proposal will be conducted first. The details of the technical evaluation criteria are provided in subsequent sections.

7.1.2 The bidders who have qualified based on the technical evaluation will be considered for evaluation of their commercial proposal. The details of commercial evaluation criteria are given in section 8.3.

7.2 Technical Evaluation

7.2.1 The maximum score in the technical evaluation is 100.

7.2.2 At a minimum, the following parameters will be considered for evaluation

• Prior experience in conducting IS Audit of CBS in banks (preferably Finacle CBS and listed surround applications)

• Team Strength vis-à-vis prior experience in IS audit of CBS preferably Finacle CBS

• Approach and Methodology

• Detailed work plan

• Vendor Presentations

7.2.3 Bidders are required to score a minimum of 75 in the technical evaluation to be considered for commercial evaluation.

7.2.4 The bidder shall provide references (including Referee names and contact details) and a documented project management methodology in respect of major projects as stated.

7.2.5 The bids will be technically evaluated based on the data provided by the Bidder as a part of the response in addition to all the assertions provided.

7.3 Commercial Evaluation

7.3.1 The bidders who are eligible based on the technical evaluation will only be considered for evaluation of commercial proposal

7.3.2 The Bank shall scrutinize the commercial bids and normalize the same if found necessary before comparing the bids


November 2009

27

7.3.3 The Commercial Bid will be evaluated based on the Cost that has been proposed by the Bidder in the Commercial Bid.

7.3.4 The Technically Qualified bidder with the lowest Commercial Bid after scrutiny and normalization would be declared as L1.

7.3.5 In case of a Tie between two or more Bidders for considering L1, the Bid with higher technical score would be chosen at the discretion of the Bank

7.3.6 The L1 bidder shall not automatically qualify for becoming selected Bidder and for award of contract by the bank.

7.3.7 The Bidder whose commercial bid is accepted will be referred to as “Selected Bidder” and the Bank will notify the name of the Selected Bidder.


November 2009

28

8 Bid Submission

8.1 General Terms of Bid Submission

8.1.1 The offers should be made strictly as per the formats enclosed.

8.1.2 The Bidder should bear all the costs associated with the preparation and submission of their bid and Bank will in no case be responsible or liable for these costs, regardless of the conduct or outcome of the bidding process.

8.1.3 Two copies of the bid are to be submitted, one in original and the other in copy.

8.1.4 The bid should be signed by the Bidder or any person duly authorized to bind the bidder to the contract. The signatory should give a declaration and through authenticated documentary evidence establish that the person is empowered to sign the tender documents and bind the bidder. All pages of the tender documents except brochures if any are to be signed by the authorized signatory.

8.1.5 The offers submitted to Bank should preferably not bear any corrections, alterations, over writings and additions. In such cases, the person/s singing the bid should initial such corrections.

8.1.6 The Bidder is expected to examine all instructions, forms, terms and conditions and technical specifications in the Bidding Documents. Failure to furnish all information required by the Bidding Documents or submission of a bid not substantially responsive to the Bidding Documents in every respect will be at the Bidder’s risk and may result in rejection of the bid.

8.1.7 No columns of the tender should be left blank. Offers with insufficient information and Offers which do not strictly comply with the stipulations given above, are liable for rejection.

8.1.8 Bank may accept or reject, in full or in part, any or all the offers, without assigning any reason whatsoever.

8.1.9 Bank may at its discretion abandon the process of the selection of IS Auditor anytime before notification of award.

8.1.10 The bids will be opened in the presence of authorized representatives of the bidders. However, the representative of the bidder has to produce an authorization letter from the bidder to represent them at the time of opening of Technical/Commercial bids. Only One representatives will be allowed to represent any bidder. In case the bidder’s representative does not present at the time of opening of bids, the quotations/bids will still be opened at the scheduled time at the sole discretion of the Bank.

8.1.11 The bidder must use the entire information furnished in the RFP including scope, detailed requirements of audit of application and other terms and conditions, while submitting the response.


November 2009

29

8.1.12 All responses should be in English language. All responses by the Bidders to this RFP document shall be binding on such Bidders for a period of 180 days from the date of opening the Technical Bid.

8.1.13 All responses including commercial and technical bids would be deemed to be irrevocable offers / proposals from the Bidders and may, if accepted by Bank, form part of the final contact between Bank and Bidder.

8.1.14 Bidders are advised to attach a letter from an authorized signatory attesting the veracity of the information provided in the response.

8.1.15 Any technical or commercial bid submitted cannot be withdrawn / modified after the closing date and time for submission of the bid offers unless specifically permitted by Bank. However, the Bidder may modify or withdraw its offer after submission provided that, Bank, prior to the closing date and time receives a written notice of modification or withdrawal.

8.1.16 Bank concludes that everything as mentioned in the RFP documents circulated to the Bidders and responded by the Bidders have been quoted for by the Bidders and there shall be no extra cost associated with the same other than the cost quoted by the Bidder.

8.1.17 In the event, Bank has not asked for the quotes for alternative prices and the Bidder furnishes the alternative quotes in the Bidder’s financial bids, the higher of the quotes shall be taken for evaluating the bids. However, payment by Bank shall be made for the lowest quote.

8.1.18 The original and all copies of bids shall be typed or printed in a clear typeface. Copies may be good quality photocopies of the original. An accompanying letter is required, signed by an authorized signatory of the Bidder, committing the bidder to the contents of the original response.

8.2 Two Stage Bidding Process

8.2.1 For the purpose of selection of the IS Auditor, a two-stage bidding process will be followed.

8.2.2 The response to the present tender is to be submitted in two parts, i.e. the Technical Bid and the Commercial Bid. The bidders will have to submit the ‘Technical Bid’ separately from the ‘Commercial Bid’.

8.2.3 The bidder has to submit their response in hardcopy and softcopy in Microsoft Office document formats for Technical Bid and Commercial Bid.

8.2.4 The ‘Technical Bid’ will contain the exhaustive and comprehensive details of approach, methodologies to be followed, assertions, documents and any other collateral the Bidder would want to submit to the Bank.

8.2.5 The ‘Commercial Bid’ will contain the pricing information alone.


November 2009

30

8.2.6 The Technical Bid should NOT contain any pricing or commercial information at all. Any bids violating this will be summarily rejected and the bids shall be disqualified from further evaluation.

8.2.7 In the first stage, only the ‘Technical Bids’ will be opened and evaluated. Those bidders satisfying the technical requirements of the solution, as determined by Andhra Bank and as per the requirements/specifications and the terms and conditions of this document, shall be short-listed.

8.2.8 Under the second stage, the Commercial Bids of bidders which have been short-listed earlier on the basis of evaluation of their Technical Bids, will only be opened.

8.2.9 Bank may call for any clarifications/ additional particulars required, if any, on the technical/ commercial bids submitted. The vendor has to submit the clarifications/ additional particulars in writing within the specified date and time. The bidder’s offer will be disqualified, if the clarifications/ additional particulars sought are not submitted within the specified date and time.

8.2.10 Bank reserves the right to call for a presentation on the features etc., from the short-listed bidders based on the technical bids submitted by them to make an evaluation.

8.2.11 The commercial bid should contain quotation for end-to-end IS Audit services as envisaged in the Scope of Audit section.

8.2.12 Bidders must acquaint themselves fully with the conditions of the bids. No plea of insufficient information will be entertained at any time.

8.3 Cost of Bid

8.3.1 The bidder is required to submit as Demand Draft amounting to Rs.10,000 in favour of Andhra Bank along with the bid. This is to be submitted as part of the Technical Proposal.

8.4 Earnest Money Deposit (EMD)

8.4.1 The bidder is required to submit Rs.1,00,000/-, Rupees One Lakh only in the form of a Bank Guarantee issued by a Scheduled Commercial Bank or a Demand Draft in favour of ‘Andhra Bank’ payable at Hyderabad. The format of Bank Guarantee is provided in Annexure 11.

8.4.2 This is to be submitted as part of the Technical Proposal.

8.4.3 No interest will be paid on the EMD.

8.4.4 The EMD (bid Security) / Bank Guarantee of successful bidder shall be refunded after furnishing performance Guarantee as required by the Bank.

8.4.5 EMDs / Bank Guarantees furnished by all unsuccessful bidders will be returned on the expiration of the bid validity / finalization of successful bidder, whichever is earlier.


November 2009

31

8.4.6 Failure to accept the order by the Selected bidder with in seven days from the date of receipt of the order makes the Security Deposit liable for forfeiture at the discretion of Bank. However Bank reserves its right to consider at its sole discretion the late acceptance of the order by selected bidder.

8.4.7 Failure to submit the guarantee with in stipulated period from the date of execution of the contract makes the EMD liable for forfeiture. In such instance, Bank at its discretion may cancel the order placed on the selected bidder without giving any notice.

8.5 Sealing and Marking of Bids

8.5.1 The offer should be submitted in two separate sealed covers containing Technical (Technical Bid) and Commercial (Commercial Bid) Proposals super scribed with “IS Audit Services for Core Banking Solutions – Technical Bid” and “IS Audit Services for Core Banking Solutions – Commercial Bid”.

8.5.2 The sealed covers containing the Technical offer and the Commercial offer should in turn be put in a sealed outer envelope to be super-scribed as “Technical and Commercial offers for providing Information Systems Audit services for Core Banking Solutions”.

8.5.3 The envelope containing Technical Offer should include only Bidder’s Profile (as per enclosed format), Relevant Technical Bid Forms and Standard Printed Technical Literature/Brochure about the IS Audit services supporting above eligible requirements etc., for the bid.

8.5.4 The envelope containing Commercial Offer should include only the commercial quote for the IS Audit services offered (as per the formats enclosed). Please note that no other information other than the price should be furnished along with this offer.

8.6 Commercial Bid

8.6.1 The commercial bid should be enclosed in a separate sealed envelope. Cost figures should be presented separately for each of the line item mentioned as per Annexure 4.

8.6.2 The Bidder to quote in Indian Rupees only and bids in currencies other than INR would not be considered.

8.6.3 The prices and other terms offered by Bidders must be in force for a period of 180 days from the date of opening of the commercial bid.

8.6.4 All costs should be for door delivery are inclusive of all taxes, duties, charges and levies of State or Central Governments, as applicable, at the date of signing the Agreement and subject to deduction of all statutory deductions applicable, if any. The benefits realized by Bidder due to lower rates of taxes, duties, charges and levies shall be passed on by Bidder to Bank.

8.6.5 Any additional expenses incurred by the Bidder due to increase in taxation, duties, charges and levies, the same shall be reimbursed to the Bidder on production of satisfactory proof.


November 2009

32

8.6.6 The Bidder has to include all costs like Travel, Lodging & Boarding, Local Travel expenses, etc incurred during the entire period of Audit and Bank will not bear any additional costs on these.

8.6.7 The prices quoted by the Bidders shall include all costs such as Taxes, Service Taxes, VAT, Levies, Cess, Insurance, etc. that need to be incurred.

8.6.8 Terms of payment shall be finalized with the selected bidder and milestone based payments shall be made to the selected bidder, on completion of such milestones to the satisfaction of the Bank.

8.6.9 Any outstation travel required out of a part of the audit, other than those specified in Section 4.3. will be reimbursed by the Bank based on pre-approved rates for Middle Management (MM-III) and Senior Management (SM-IV) Cadre depending on the role of the traveler in the project.

8.7 Bid Submission

8.7.1 Bidders are not permitted to submit more than one bid.

8.7.2 The cost of bidding and submission of the bids is entirely the responsibility of the Bidders, regardless of the conduct or outcome of the tendering process.

8.7.3 Bids sealed in accordance with the Instructions to bidders should be delivered as mentioned in the Bid schedule. Bids may be sent by registered post or hand delivery, so as to be received at the address given above in the tender schedule.

8.7.4 Receipt of the bids shall be closed as mentioned in bid schedule. Bids received after the scheduled time will not be accepted by the Bank under any circumstances.

8.7.5 The technical bids will be opened as mentioned in bid schedule.

8.7.6 Bank will not be responsible for any delay due to postal service or any other means.

8.7.7 The bidders or their authorized representatives shall be present at the time of the opening of the technical bid. Only one person per bidder will be allowed to be present at the time of the opening the technical bids. No bid shall be rejected at bid opening, except for late bids and those that do not conform to bidding terms.

8.8 Clarifications on the Tender Documents

8.8.1 Written requests for clarification may be submitted to the Bank at least 10 days prior to bid submission and clarifications for such queries shall be provided by the Bank or its representative at least 7 days before the bid submission.

8.8.2 Form should preferably be emailed to the Bank or provided by softcopy – in either event hardcopy confirmations are to be submitted with the Bid documents.


November 2009

33

8.8.3 The queries and clarifications wherever necessary shall be placed in Bank’s web-site under Tenders column.

8.9 Amendments to Tender Documents

8.9.1 Amendments to the Tender Document may be issued by the Bank for any reason, whether at its own initiative or in response to a clarification requested by a prospective bidder, prior to the deadline for the submission of bids.

8.9.2 The amendments will be posted on Bank’s web site and will be binding on all the bidders.

8.9.3 From the date of issue, amendments to Terms and Conditions shall be deemed to form an integral part of the RFP.

8.9.4 Further, in order to provide, prospective Bidders, reasonable time to take the amendment into account in preparing their bid, the Bank may, at its discretion extend the deadline for submission of bids.

8.10 Correction of Errors

8.10.1 Arithmetic errors in the Bids submitted shall be treated as follows:

• Where there is a discrepancy between the amounts in figures and in words, the amount in words shall govern; and

• Where there is a discrepancy between the unit rate and the line item total resulting from multiplying the unit rate by the quantity, the unit rate will govern unless, in the opinion of the Bank, there is obviously a gross error such as a misplacement of a decimal point, in which case the line item total will govern.

• Where there is a discrepancy between the amount mentioned in the bid and the line item total present in the Commercial Bid, the amount obtained on totaling the line items in the Commercial Bid will govern.

• The amount stated in the tender form, adjusted in accordance with the above procedure, shall be considered as binding, unless it causes the overall tender price to rise, in which case the bid price shall govern.

8.11 Confidentiality

8.11.1 Bidder agrees that all information gathered from the Bank including oral enquires, letters, documents, emails, presentations, interactions, technical documentation, discussions with Bank’s service providers and documents gathered from Bank’s service providers etc. related to the Bank’s business and other information identified as confidential by the Andhra Bank are confidential information of Bank.


November 2009

34

8.11.2 Unauthorized disclosure of any such confidential information will amount to breach of contractual terms and in such cases Bank may pre-maturely terminate the contract and initiate any legal action as deemed fit.

8.12 Indemnification

8.12.1 The Bidder shall, at their own cost and expenses, defend and indemnify the Bank against all third-party claims including those of the infringement of Intellectual Property Rights, including patent, trademark, copyright, trade secret or industrial design rights, arising from use of the Products or any part thereof in India.

8.12.2 The Bidder shall expeditiously meet any such claims and shall have full rights to defend itself there from. If the Bank is required to pay compensation to a third party resulting from such infringement, the Bidder shall be fully responsible therefore, including all expenses and court and legal fees.

8.12.3 The Bidder shall also be liable to indemnify the Bank, at its own cost and expenses, against all losses/damages, which the Bank may suffer on account of violation by the Bidder of any or all national/international trade laws, norms, standards, procedures etc.

8.13 Notification of Award

8.13.1 The acceptance of a bid will be communicated in writing at the address supplied by the Bidder in the bid response. Any change of address of the Bidder, should therefore be promptly notified to the Assistant General Manager, Department of Information Technology, Andhra Bank, 3rd Floor, D-Bloack, Cyber Gateway, Hitec City, Hyderabad.

8.14 Signing of Contract

8.14.1 The Bidder shall be required to enter into a contract with Andhra Bank, within 15 days of the award of the tender or within such extended period, at the discretion of the Bank.

8.15 Jurisdiction

8.15.1 All disputes and differences of any kind, whatsoever, arising out of the audit propositions shall be referred by either party (the Bank or the Bidder), after issuance of 30 days notice in writing to the other, clearly mentioning the nature of the dispute / differences, to a single arbitrator, acceptable to both the parties, for initiation of arbitration proceedings and settlement of the dispute/s and difference/ strictly under the terms and conditions of this contract, executed between the Bank and the Bidder. The arbitration shall be governed by the provisions of the applicable Indian Laws. The award shall be final and binding on both the parties. The venue for arbitration shall be at Hyderabad, India.


November 2009

35

8.16 Other Terms and Conditions

8.16.1 This RFP document is the property of the Bank and this can not be copied or used in any other manner except for the purpose of responding to this tender notice or without written permission from the Bank.

8.16.2 All the documents submitted along with bids shall also become the property of the Bank and retained by the Bank unless otherwise specifically mentioned.

8.16.3 The bidder should mention whether he is having any contractual obligation presently with the Bank, its status and any conflict of interest has arisen in such contractual obligation.

8.16.4 The implementation methodology and business processes in the implementation of the Project will form the property of the Bank except for those for which Intellectual Property Rights are already established.

8.16.5 Selected bidder has to undertake not to hire, solicit, or accept solicitation for their employees directly involved in this contract during the period of the contract and one year thereafter, except as the parties may agree on a case by case basis.

8.16.6 Besides penal provisions, Bank reserves the right to terminate the contract, if the work is not progressing according to the agreed project plans and when the delay is attributable to the Bidder either directly or indirectly due to the failure of Proper Project Management.

8.16.7 Penal Provisions and right of termination is however subject to Force Majeure situation to be defined in the agreement.

8.17 Contact Details

8.17.1 The contact details for submitting the proposal is as follows:

Primary Address

Sri V. Narasimha Murty Asst. General Manager Andhra Bank Department of Information Technology , Cyber Gateway, 3rd Floor, “D” Block, Wing-1 Hi-tech City, Madhapur Hyderabad - 500 081: India Tel: 040-23122260 Fax: 040-23122261 [email protected]

mailto:[email protected]


November 2009

36

Alternate Address:

Sri. Ajay Gupta Asst. General Manager Andhra Bank Department of Information Technology Cyber Gateway, 3rd Floor, “D” Block, Wing-1 Hi-tech City, Madhapur Hyderabad - 500 081: India Tel: 040-23122257 Fax: 040-23122261 Email: [email protected]

8.18 Evaluation Schedule

8.18.1 The proposed evaluation schedule is tabulated below. However, the Bank, at its discretion can change the schedule assigning no specific reasons for the same.

8.18.2 Any other milestones will be communicated to the bidders in due course. Table 8-1Evaluation Schedule

Activity Scheduled Dates

Last Date for receipt of Queries 11.00 AM on 4 December 2009

Prebid Meeting 11.00 AM on 5 December 2009

Last Date for Bank’s response to Queries 08 December 2009

Last Date for receipt of RFP response 2.00 pm on 17 December 2009

Technical Bid Opening 3.00 pm on 17 December 2009

8.18.3 Bids would be opened at Andhra Bank Department of Information Technology, Cyber Gateway, Hitec City, Hyderabad, if not specified by the Bank.

8.18.4 Commercial bids of only those bidders who have been short-listed as part of the Technical evaluation. The date of opening of commercial bid will be intimated to bidders who have qualified in Technical Bid evaluation.


November 2009

37

Annexure - 1 Compliance Certificate

To,

The Assistant General Manager, Department of Information Technology, Andhra Bank, ‘D’ Block, Right Wing, 3rd Floor, Cyber Gateway, Hitec City, Hyderabad

Dear Sir,

Subject: Declaration and Acceptance of Terms and Conditions and Confirmation of offer

The details submitted in the this document are true and correct to the best of our knowledge and if it is proved other wise at any stage of execution of the contract, Andhra Bank has the right to summarily reject the proposal and disqualify us form the process.

We confirm having understood the entire bid process, contents of RFP with all its terms and conditions and undertake to abide by the terms and conditions. We have also understood that the Bank may add, alter, modify the terms and conditions and post the required information in its web-site under Tenders column and all such additions, modifications, alterations will form part of the RFP.

We hereby acknowledge and confirm having accepted that the Bank can at its absolute discretion apply whatever criteria it deems appropriate and fit, not just limiting to those criteria set out in the RFP, in short listing of bidders for providing IS Audit services.

We confirm having met all the criteria set out for Bidder’s eligibility including financial soundness. There is no legal action against our organization for any cause in any legal jurisdiction which will impose restrictions to the ability of the Bidder in carrying out its obligations under this RFP.

We confirm and warrant that key project personnel to be deployed in this project have been sufficiently involved in similar projects in the past.

Authorized Signatory with Seal

Date:

Place:


November 2009

38

Annexure - 2 Bidder Profile

Description Details

The registered name of the Bidder

Bidder’s registered address

Bidder Address for Correspondence

Address: STD- Phone: e-mail Id: FAX No:

Contact name of the official who can commit on the contractual terms and the name of an alternate official who may be contacted in the absence of the former

Primary Contact: Name: Designation: STD- Phone No: Mobile Phone : e-mail ID :

Alternate Contact:

Name : Designation: STD- Phone No: Mobile Phone : e-mail ID :

Contact addresses if different from above

Business Structure

Constitution

Names of Directors

Organization Structure


November 2009

39

Description Details Core Business of Bidder

Bidder’s Organization has been in existence since (date)

Bidder is engaged in Information Systems Audits since (month & year)

Whether Information Systems Audit is a core function of the bidder?

Details of assignments where the bidder has performed IS audit of CBS implementation

Names of the Banks where IS Audit of CBS implementation was undertaken by the Bidder

Name of the Bank Audit begin- date

Audit end-date

Explain audit experience in Finacle CBS and E-banking solution: Indicate if any of the audit scope that was outsourced:

Tools used for IS Audit of CBS implementation

IS Audit Methodology used for CBS implementation


November 2009

40

Description Details

Bidder’s experience in Vulnerability Assessment and Penetration Testing, Security review for Internet Banking Architecture

Expertise in Vulnerability Assessments: Expertise in Penetration Testing : Expertise in Security review of Internet Banking Architecture: Prior experience in VA/PT/Security review of Finacle E-Banking architecture:

Turnover from IT Audit or/and Consultancy services over the past 3 years

2006-2006 Rs. 2007-2008 Rs. 2008-2009 Rs.

Authenticated Proof of revenue from IT Audit or/and Consultancy Services being :

Net Profit of the Organization for last 3 years

2006-2006 Rs. 2007-2008 Rs. 2008-2009 Rs.

Audited Balance-Sheet and Profit & Loss Account for last 3 years enclosed :

Bidders warrants financial solvency i.e., ability to meet all the debts as and when they fall due

(substantiate)

Bidder confirms that there are no legal actions / restrictions by any regulatory authority that would affect the ability to deliver audit deliverables

Qualifications of Project leads that have led prior IS audit assignments for CBS implementation in a Public Sector Bank

CISA : CISSP : Individual Curriculum Vitae of Project Leads and other key personnel enclosed.

Number of Professional Manpower available for IS Audits

Number 1. CISA/CISM : 2. CISSP : 3. BS7799/ ISO 27001 LA : 4. CCNA/CCNE : 5. DISA/ISA : 6. Others :


November 2009

41

Description Details

IS Audits carried out till 31.03.2009

Public Sector Banks : Other Banks : Government & other PSUs : Total :

Business domain of the auditee organizations

Typical applications in use by auditee organizations

Ability to carry out Vulnerability Assessment and Penetration Testing

Empanelment with CERT-In – current status

Most complex CBS environment of a Public Sector Bank that was audited (by the Bidder)

Audit Methodology & Framework used: Applications in Scope: Systems in Scope:

No. of Computer Systems No. of Servers No. of Switches No. of Routers No. of Firewalls No. of IDS/IPS


November 2009

42

Description Details

Most complex IT environment of any auditee organization that was audited (by the Bidder)

Business Domain: Applications in Scope: Systems in Scope:

No. of Computer Systems No. of Servers No. of Switches No. of Routers No. of Firewalls No. of IDS/IPS

Total Number of employees in India

Number of employees who have worked on similar projects in India


Date:

Place:


November 2009

43

Annexure - 3 Statement of tie-ups/consortium partners for the project

To

General Manager Andhra Bank Department of Information Technology Cyber Gateway, “D” Block, 3rd Floor, Wing-1 Hi-tech City, Madhapur Hyderabad - 500 081: India

Statement of tie-ups/ agreements entered for the project

S No Job/Task Agency Name and Address

Relevant experience details

Validity of Tie-up or agreement

Note: Copy /Copies of understanding/ tie-up/agreement should be enclosed.

Date: Signature of Authorized Official of Principal Bidder with Seal


November 2009

44

Annexure - 4 Confirmation of Soft Copy

To

General Manager Andhra Bank Department of Information Technology Cyber Gateway, “D” Block, 3rd Floor, Wing-1 Hi-tech City, Madhapur Hyderabad - 500 081: India

Dear Sir,

Sub: Information Systems Audit for Core Banking Solution

Further to our proposal dated XXXXXXX, in response to the Request for Proposal(Bank’s tender No. hereinafter referred to as “RFP”) issued by Andhra Bank (“Bank”) we hereby covenant, warrant and confirm as follows:

The soft-copies of the proposal submitted by us in response to the RFP and the related addendums and other documents including the changes made to the original tender documents issued by the Bank, conform to and are identical with the hard-copies of aforesaid proposal submitted by us, in all respects.

Yours faithfully,

Authorized Signatory

Designation

Bidder’s corporate name


November 2009

45

Annexure - 5 Credentials

Description Details

Name of the client

Project Name

Project Location

Address of client

Current Status of the Project

Client contact person and contact details

Project start date

Duration of project

Project Closure Date

Modules covered in IS audit of CBS

Names of project staff


Date:


November 2009

46

Place:


November 2009

47

Annexure - 6 Team Profile

6.1.1 Please provide following details of the team members . The structure should clearly indicate if the member is part of (a) the Governance Structure or (b) the team proposed to be deployed for the IS audit. The information should distinguish the teams clearly.

Description

Details

Name of the member

Designation

Educational Qualification

Other Certifications/accreditations

Employment History

Total Banking Experience (no. of years, areas of experience)

Experience in similar projects (including client details, role of member, activities performed, duration of experience)


Date:

Place:


November 2009

48

Annexure - 7 Commercial Bid

Name of the Bidder

Communication Address

Item/Activity

Details of mandays of Auditors etstimated

Professional Fee (INR)

Finacle Core Application – all modules including Trade Finace


Finacle eBanking – Mobile Banking (Push alerts, Enquiries through PULL, MPay

Telebanking and Call center (Aspect solution)

Debit Card Management System and Debit Card Reconciliation system (FSS solutions)

Reveleus – Basel-II solution – Credit Risk – Standardised Model

AMLOCK – Anti Money Laundering

Oracle Enterprise General Ledger

Oracle Fixed Assets

Oracle Asset Liability Management

Lending Automation Processing System (LAPs)


November 2009

49

ScriptMagic – Bilingual software

ATM – Tandem Base24 Switch interface

RTGS and NEFT module

Interfaces with ITMS, SWIFT

Anti virus, Webcontent filtering solution

Online Trading – interface with Religare, Depository services, Internet Banking

Help Desk solution

Hardware configuration verification with Bill of Material (for all the above systems alongwith T&D, Training systems ( systems at DC and DR)

HP Openview EMS / NMS solution

Network equipment, Security appliances – Configuration verification with BOM

DC infrastructure verification

Processes and Tools

Total: Indian Rupees

We Confirm that

• The above quoted fee is the lump sum (fixed price) amount and any add on in any form will not be payable by the Bank for whatsoever reason. No out of pocket expenses will be paid over and above this price.


November 2009

50

• The bidders have to make their own assessment of the audit work involved to audit all the above solutions. The above cited component list is not exhaustive. Based on the scope of work the bidders have to ensure their effort is included in appropriate components.

• The bidders need to explain their understanding of the project clearly in their Technical proposal and also explain during the presentation. The masked Commercial Bid which has to be furnished alongwith Technical Bid should have second column duly filled. The price column should be marked “xxxxxx”.

• The fee includes all taxes, duties, levies, service tax, etc.,

• The fee also includes the cost of deliverables for all the phases of the Project.

• Bank will deduct the tax at source, if any, as per the law of the land.

• Further, we confirm that we will abide by all the terms and conditions contained in the Request for Proposal document.


Date:

Place:


November 2009

51

Annexure - 8 Project Plan and Resource Deployment

A Project plan similar to the illustrated plan needs to be provided by the Bidder.

A resource deployment plan as provided in the illustrated plan needs to be provided by the Bidder.


November 2009

52

Annexure - 9 Query Format

IS Audit of Core Banking Solutions Request for Clarification

To be mailed, delivered, posted, faxed or emailed to:

Assistant General Manager

-- address, email id and fax number given in the schedule

Name of Organization submitting request

Name & position of person submitting request

Full formal address of the organization including phone, fax and email points of contact

Tel:

Fax:

Email:

Please Tick preferred contact option

Section Number:

Page Number:

Point Number:

Query description

Section Number:

Page Number:

Point Number:

Query description

Section Number:

Page Number:

Point Number:

Query description

Name and signature of authorized person issuing this request for clarification

Signature/Date

Official designation


November 2009

53

Annexure - 10 Non – Disclosure Agreement Format Strictly Private and Confidential

To, The General Manager, Andhra Bank, ‘D’ Block, Right Wing, 3rd Floor, Cyber Gateway, Hitec City, Hyderabad

Date Dear Sir, Confidentiality Undertaking We acknowledge that during the course of the Engagement for ‘Information Systems Audit for Core Banking Solutions,’ we shall have access to and be entrusted with Confidential Information. In this letter, the phrase "Confidential Information" shall mean information (whether of a commercial, technical, scientific, operational, administrative, financial, marketing, business, or intellectual property nature or otherwise), whether oral or written, relating to Andhra Bank and its business that is provided to us pursuant to this Agreement. In consideration of the bank making Confidential Information available to us, we agree to the terms set out below:

1. We shall treat all Confidential Information as strictly private and confidential and take all steps necessary (including but not limited to those required by this Agreement) to preserve such confidentiality.

2. We shall use the Confidential Information solely for the preparation of the Engagement

and not for any other purpose.

3. We shall not disclose any Confidential Information to any other person or firm.

4. We shall not disclose or divulge any of the Confidential Information directly or indirectly to any other client of ours.


November 2009

54

5. We shall seek the bank’s prior written consent to disclose the information, except in cases where such disclosure is required by any rule or requirement of law or any regulatory authority with which we are bound to comply

6. This Agreement shall not prohibit disclosure of Confidential Information:

i. To our employees who need to know such Confidential Information to assist with the Engagement and in the review processes

ii. To our professional advisers for the purposes of our seeking advice. Such

professional advisors will be informed of the need to keep the information confidential.

7. This Agreement shall not apply to Confidential Information that:

i. Is in the public domain at the time it is acquired by us

ii. Enters the public domain after that, otherwise than as a result of unauthorized

disclosure by us

iii. Is independently developed by us.

8. This Confidentiality Agreement shall continue for two years After the completion of the engagement unless and to the extent that the bank may release it in writing.

9. We acknowledge that the Confidential Information will not form the basis of any

contract between the bank and us. 10. We warrant that we are acting as principal in this matter and not as agent or broker for

any person, company, or firm. 11. We acknowledge that no failure or delay by the bank in exercising any right, power, or

privilege under this Agreement shall operate as a waiver thereof, nor shall any single or partial exercise thereof or the exercise of any other right, power, or privilege.

12. This Agreement shall be governed by and construed in accordance with Indian laws and

any dispute arising from it shall be subject to the exclusive jurisdiction of the Indian courts.

We have read this Confidentiality Undertaking carefully and confirm our agreement with its terms.

With kind regards


November 2009

55

Yours sincerely

Authorised Signatory:

Name:

Title/position:

Date:

Company Seal:

duly authorised for and on behalf of


November 2009

56

Annexure - 11 Format of Bank Guarantee

To

Andhra Bank

Data Centre, Block-D, III Floor,

Cyber Gateway, Madhapur

Hyderabad

Dear Sirs,

In response to your invitation to respond to your RFP reference No. ________________ ,

addressed to ___________________ having their registered office at _____________

(hereinafter called the ‘Bidder’) wish to respond to the said Request for Proposal (RFP) for

self and other associated Bidders and submit the proposal for the turnkey solution for

development, installation, integration, implementation and maintenance of a Management

Information System (MIS) Solution and to provide training and initial handholding as listed in

the RFP document.

Whereas the ‘Bidder’ has submitted the proposal in response to RFP, we, the ____________

Bank having our head office ________________ hereby irrevocably guarantee an amount of

Rs. ______ Lakhs (Rupees ____________ only) as bid security as required to be submitted by

the ‘Bidder’ as a condition for participation in the said process of RFP.

The Bid security for which this guarantee is given is liable to be enforced/ invoked:

1) If the Bidder withdraws his proposal during the period of the proposal validity; or

2) If the Bidder, having been notified of the acceptance of its proposal by the Bank

during the period of the validity of the proposal fails or refuses to enter into the

contract in accordance with the Terms and Conditions of the RFP or the terms and

conditions mutually agreed subsequently.


November 2009

57

We undertake to pay immediately on demand to Andhra Bank the said amount of Rupees

________________ without any reservation, protest, demur, or recourse. The said guarantee

is liable to be invoked/ enforced on the happening of the contingencies as mentioned above

and also in the RFP document and we shall pay the amount on any Demand made by Andhra

Bank which shall be conclusive and binding on us irrespective of any dispute or difference

raised by the Bidder.

Notwithstanding anything contained herein:

1) Our liability under this Bank guarantee shall not exceed Rs. ________ Lakhs (Rupees

__________ only).

2) This Bank guarantee will be valid up to __________________; and

3) We are liable to pay the guarantee amount or any part thereof under this Bank

guarantee only upon service of a written claim or demand by you on or before

________________.

In witness whereof the Bank, through the authorized officer has sets its hand and stamp on

this _______________ day of __________________ at _________________.


November 2009

58

Annexure - 12 Checklist of Documents to be submitted

Sno Document RFP Reference Document submitted (Yes/No)

Eligibility

1 Type of Organization- Government/Public Sector Unit/Partnership firm/Limited Company/Private Limited Company having registered office in India

6.2.1

2 Years of existence and engagement in the business of Information Systems Audit for at least 3 years as on 30th Sep.2009.

6.2.2

3 Turnover Document 6.2.3

4 Balance Sheet/Profit & Loss Account / Certificate from Statutory Auditors certifying the financials for last 3 years

6.2.4

5 Undertaking certifying that there are no legal actions against bidder in any legal jurisdiction.

6.2.5

6 Undertaking certifying that bidder is not black listed by any Public sector bank, RBI, IBA or any other Government agencies.

6.2.6

Experience

7 Any claims related to experience are to be supported by Purchase orders/ letter of appointment/letter from the auditee.

6.3.5, 6.3.6

8 Any assertion related to IS audit completion should be supported by relevant certificate duly certified by auditee

6.3.5


November 2009

59

Sno Document RFP Reference Document submitted (Yes/No)

9 Any assertion related to team experience and qualification are to be supported by necessary proof

6.4

10 Compliance Certificate Annexure 1

11 Bidder Profile Annexure 2

12 Statement of Tie Ups (if applicable)

Annexure 3

13 Confirmation of Soft Copy Annexure 4

14 Credentials/Details of Experience Annexure 5

15 Team Profile Annexure 6

16 Commercial Bid Annexure 7

17 Project Plan and Resource Deployment

Annexure 8

18 Earnest Money Deposit Annexure 11 (in case of BG), else DD

19 Cost of Bid 8.3.1


Date:

Place: