Skip to main content

Internal Audit of OSCE’s ERP Access Management

Reference Number
Procurement procedures
Request for Quotation (RFQ)
Launch date
15 June 2018
, Europe/Vienna
Expected contract duration
One-off purchase
On behalf of

Summary of Requirements

The OSCE Office of Internal Oversight (OIO) is responsible for planning, organizing and carrying out internal audits, evaluations, investigations and advisory work on the Organization's activities including field operations in order to determine the adequacy of risk management, governance and internal control, to ensure compliance with the regulatory framework, and to enhance the efficiency and effectiveness of operations.

The OIO is seeking the assistance of an experienced and qualified Vendor to conduct an audit of the OSCE’s Oracle ERP Access Management (Controls and Licences). Specifically, OIO expects the Vendor to:

1. Task I – Identify conflicts and assess the adequacy and functioning of existing controls in:

  • Active role/responsibility sets;
  • Assigned rights on a user and role level;
  • Privileged access rights (e.g. IT and application administrators, treasury rights etc.); and

2. Task II – Identify and quantify options to rationalise user licence allocation through, for example, unused and under-used applications and user accesses.

This internal audit of the OSCE’s ERP Access Management is part of OIO’s 2018 approved work plan.

Detailed information concerning this RFQ, including the Terms of Reference can be requested via below “Request for bidding documents” form.