Consultant to Perform IT Audit and Develop API Protocol Standards

Batas Waktu
Lokasi
Jakarta

Consultant to Perform IT Audit and Develop API Protocol Standards

29 October 2021

Background:

The Investing in Human Capital for Disaster Management – INVEST DM 2.0 is a cooperation program between the government of United States of America through United States Agency for International Development (USAID)/Bureau for Humanitarian Assistance (BHA) with the Government of Indonesia (GoI) through the National Disaster Management Agency (Badan Nasional Penanggulangan Bencana – BNPB). INVEST DM 2.0 is a multi-year program implemented by Mercy Corps with consortium partners Yayasan Mercy Corps Indonesia (YMCI) and University of Hawaii (UoH) – designed to provide a holistic approach that can support BNPB in carrying out its roles and duties to fill systems and skills gaps in priority areas, including increasing technical capacity for emergency preparedness, response, and recovery; policy and development planning; institutional governance; and organizational development.

The main objective of the INVEST DM 2.0 is to strengthen the capacity of disaster management agencies in Indonesia and resources at various administrative levels so that they are able to fulfil their mandate in providing effective and life-saving disaster management services. One of the focuses of INVEST DM 2.0 is for systems strengthening to improve guidelines and procedures.

Mercy Corps is a leading global organization powered by the belief that a better world is possible. In disaster, in hardship, in more than 40 countries around the world, we partner to put bold solutionis into action – helping people triumph over adversity and build stronger communities from within.

Purpose / Project Description:

BNPB’s Center of Data, Iniformation and Disaster Communication (PusdatinKK BNPB) is currently in the process of restructuring the governance of its information and communication technologies (ICT). PusdatinKK BNPB with its partner are in the process to develop grand design, road map, ICT architecture, and BNPB’s regulation regarding ICT Management.

At the request of PusdatinKK BNPB, INVEST DM 2.0 is going to support PusdatinKK BNPB’s initiative through provision of a Technical Advisor to conduct Information Technology Audit (IT Audit) of BNPB’s internal information and communication technologies. PusdatinKK BNPB is responsible in the management of ICT in BNPB, including to manage the currently existing 60 applications across work units.

The purpose of this activity is to examine and evaluate BNPB’s information technology infrastructure, policies and operations. The audit will determine whether a computer system safeguards assets, maintains data integrity, and help each work units in BNPB to operates more effective and uses resources efficiently.

The IT Audit will also identify and map all Application Programming Interface (API) of each active application used in BNPB. Leveraging results from this audit, the Technical Advisor consultant will create standardized API design that can be used by all work units in BNPB to maintain, adopt and consume for future development of applications.

Consultant Activities:

Under this assignment, the selected consultant—an individual or a team—under the guidance of INVEST DM 2.0 and close coordination with PusdatinKK BNPB, shall perform the following roles and activities:

  1. IT Audit comprises of the following:
    1. Planning; information gathering and to understand the organization.
    2. Risk management, define audit objective and scope.
    3. Collection and analysis/evaluation of data and information. The consultant should have a sound understanding of techniques and procedures chosen.
    4. Reporting. Adequately document the audit evidence in working papers, including the basis and extent of the planning, work performed and the findings of the audit.
    5. Consult the draft report to INVEST DM 2.0 and PusdatinKK BNPB, and make necessary adjustment for finalization.
  2. Create standardized API for data exchange protocol:
    1. Identify and map all applications used in BNPB and its APIs.
    2. Perform API testing across applications.
    3. Organize APIs
    4. Suggest and/or create standardized API for data exchange protocol to be used/adopted by all work units in BNPB.
    5. Create simple API Portal that provides API gallery for data exchange, which has at least the following features:
      1. Login for admins and standard users.
      2. Choices of API styles taken from the standardized APIs for various purposes.
      3. API documentation.
    6. Develop guideline/manual on how to use the API Portal.

Consultant Deliverables:

  1. Tools for IT Audit
  2. IT Audit report
  3. API Portal.

Timeframe / Schedule: 

The period of the performance is for 27 days, in intermittent input in accordance with the schedule from Pusdalops BNPB, ranging from November until 31 January 2022.

The Consultant will report to:

Senior Disaster Risk Management, Systems and Strategy Specialist.

Required Experience & Skills:

  • Minimum 5 years of experience in performing IT audit (internal or external), risk and control required.
  • Holding license of Certified Information System Auditor.
  • Comprehensive understanding of internal control environments within the IT function.
  • Experienced and highly skilled in API design and creating standardized API.
  • Having good communication skill in English (writing and speaking).
  • Familiar with government policies regarding One Data Policy and the Electronic-Based Governance System is a plus.

How to Apply:

Prospective candidates shall email their technical proposal outlining (a) the proposed work plan; (b) CV, and (c) price quotation to procurement@id.mercycorps.org with subject “IT Audit and API Protocol Standards” before November 5th, 2021. Only candidates who meet the qualifications will be contacted.

Diversity, Equity & Inclusion

Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives.

We recognize that diversity and inclusion is a journey, and we are committed to learning, listening and evolving to become more diverse, equitable and inclusive than we are today.

Equal Employment Opportunity

We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination on the basis of race, color, gender identity, gender expression, religion, age, sexual orientation, national or ethnic origin, disability (including HIV/AIDS status), marital status, military veteran status or any other protected group in the locations where we work.

Safeguarding & Ethics

Mercy Corps Indonesia team members are expected to support all efforts toward accountability, specifically to our stakeholders and to international standards guiding international relief and development work, while actively engaging communities as equal partners in the design, monitoring and evaluation of our field projects. Team members are expected to conduct themselves in a professional manner and respect local laws, customs and MCI's policies, procedures, and values at all times and in all in-country venues.

Attachment
SOW Consultant to Perform IT Audit and Develop API Protocol Standards.pdf (81.48 KB)
INVEST-DM