Terms of References
Job Title: Information System Audit and Security Specialist (International)
Organization: IARCSC-TAGHIR Project
Position Announcement Reference: AF-IARCSC-TAGHIR-155435-CS-INDV
Contract Duration: Two Months
Contract Type: Lump sum
Reports to: The incumbent shall report to ICT Assessment Project Manager
Announcement Date: 17/03/2020
TAGHIR directly responds to the 2017-2021 Afghanistan National Peace and Development Framework (ANPDF) – including its development priority on “Building a responsive and effective public administration system” and the objective of “Establishing, maintaining and improving professionalization (of the civil service)”. The ANPDF highlights the need for Afghanistan to establish a civil service that is responsive to national development needs with balanced participation of Afghan men and women. The ANPDF notes that Afghanistan must overcome a legacy of patronage and corruption that has led to large numbers of unqualified staff in the civil service. Reforms must uproot deeply embedded practices and convince powerful political figures that the interest of Afghanistan is best served by building a professional civil service that creates more value than it consumes.
The web-based HRMIS (2nd version) was developed by IARCSC in mid-2018. This application is developed to facilitate the Human Resource data and processes of Line Ministries and Independent Agencies (LMAs) by providing them a comprehensive and integrated HR Management solution in a single nationwide system. Aiming to computerize and automate their routine work, this application will enable the targeted LMA to easily and accurately manage their HR activities within a shorter timeframe and less labor work. The system is comprised of functional and administrative modules.
The system holds LMAs’ Organization structure and their employees’ biometric data – two key starting points for piloting digital salary payments system to the registered employees. The application is developed on a platform that allows integration with other systems of the government and scalability for value-added functionalities to support overall Civil Service Reforms in Afghanistan. The HRMIS is expected to interface with national and LMA’s systems for data/information sharing and business processes simplifications/automation. The interoperability of HRMIS is crucially important. This capability has to adhere to proper standards and based on international best practices.
IARCSC is planning to incorporate the following modules in the application:
- Contracts Management
- Performance Appraisal Management
- Capacity building
As at present, the bespoke HRMIS is now developed with five functional and administration modules including Settings and User Management modules The functional modules are the Organizational Structure, the Personnel Information, Concise Biographic module and Biometric enrollment and verification subsystems, Attendance and Payroll The application is developed as a platform on PHP development tool with scalability for value-added functionalities that will support the overall Civil Service Reforms in Afghanistan. The five currently developed modules are:
Module 1: Organizational Structure
This module is for management of organizational structure tashkeelat (establishment control) process. It has a hierarchy structure of the various designations and structure of these designations within an organization. The various organizations and their departments and units have been developed/ coded in the system.
Module 2: Personnel Information
This module is for management of employee records across government. It has the forms and fields for recording personnel detailed employment related information. These include date of birth, qualification, next of kin, etc.
Module 3: Concise Biographic Module and Biometric enrollment/verification system:
The Concise Biographic module captures the current employee’s short information based on which system analyses the data.
Biometric enrolment/verification system is used for registration of employee biometric data. It captures employee’s fingerprints and record such in an encrypted database that is seamlessly integrated with the HRMIS. The biometric application is developed in Microsoft C# and the integration is real-time through a Service Oriented Architecture (SOA).
The biometric identification of each Civil Servant is one of the primary features of HRMIS. It is expected that adequate measures have been adopted to protect biometric data and address its security and integrity. Additionally, it is anticipated that the data storage and data transportation are safe and secure and follows standard measures of biometric data protection. Module 4: Attendance
The Attendance module automates the existing HRM attendance record management. The system receives initial data controls from the “Calendar” and the “Leave Allocation” sub-modules. This module enables HR to record and submit attendance report of each CS staff and has all necessary attributes that can be used for payroll processing. System has the capacity to provide attendance data entry up to the smallest size of organization’s unit in additional to capability for receiving bulk attendance report from legacy formats. In the second phase, Attendance would interface electronic attendance records systems for data capture.
Module 5: Payroll
The Payroll module designed based on GIRoA salary process and marks necessary verification and approval processes. The module feeds by MoF treasury department on defined values for salary and other entitlements. HR unit of each organization feeds staff attendance record to the system. These data provides enough resources for Finance Unit to generate the payroll. The finance unit uploads supportive document –digitally- along the payroll as evidence. MoF receives CS organizations payrolls in a separate interface and performs standard review/verification/approval processes before passing for payment.
This position’s activity is part of a teamwork for conducting a thorough assessment with defined scope. Under direct supervision of ICT Assessment Project Manager, position will be responsible for:
Duties and Responsibilities:
- Assessment of HRMIS Design, Structure & Scalability: the objective of this is to assess the design and structure in terms of Enterprise Relation of entity sets of the HRMIS database in validating the application’s capability for scalability and use as National HRMIS across government entities.
- Assessment of HRMIS Functionality: the objective of this is to assess the application’s functionalities and processes that it is a fit-for-purpose HRMIS with functionalities and processes suitable for HRMIS operations of the government.
- Assessment of HRMIS Security and Internal Controls: the objective of this is to assess the internal controls of the application in ensuring security data is not only encrypted but the controls in data recording and user rights assignments are enforced.
- Biometric Data Security Assessment: the objective is to assess the biometric data safety and security during transportation, storage, and handling. Assessment of HRMIS Integration and Interface Capability: the objective of this is to assess the application’s interoperability ability for interface with other systems of government.
- Assessment of Silo Systems and Development of Migration Strategy: the objective of this is to assess silo legacy HRMIS applications at the MOPH and MOE and determine their suitability for data migration to the National HRMIS.
- Review and Update the Deployment/ Roll-out Strategy of HRMIS: the objective of this is to support the IARCSC in development of strategy or roll out plan of how the HRMIS can be scaled out to other government entities.
- Review the relationship between IARCSC and MOCIT: the objective of this is to review any available contracting document defining the HRMIS software development relationship between the IARCSC and the MOCIT.
- Assess the proposed MDC and DRS for HRMIS: the objective of this is to review the proposed HRMIS Main Data Center (MDC) and Backup/ Disaster Recovery Site (DRS) that the proposed locations are suitable for such operations and to further cost the required equipment needed for full operation of both sites.
- Assess the HRMIS Development and Implementation Team: the objective of this is to assess the teams developing and implementing the HRMIS solution and identify gaps- human resources needed in ensuring timely delivery of the HRMIS solution.
- Deliverables/ Outputs
The deliverables of this assignment will be the contribution of different capacities for assessing the HRMIS system. In specific, the Information System Audit and Security Specialist will have a primary role in assessing the HRMIS application, subsidiary system, IT infrastructure and capacity on deploying the system in a production environment and maintaining the system safe and secure based on international good practices and standards. The position will submit his/her input to the Team-Lead as per defined schedule.
The following deliverables of this assignment are tied to the release of payments:
- Inception Report Submission – It is expected of the assessment team to deliver an Inception Report 15 days after the contract signing date. This report should present a clear and detailed picture and understanding of the Terms of Reference (TOR) for this assignment and how the assessment team intends to achieve the objectives and scope of this assignment. The assessment team is expected to present to the government the list of HRMIS stakeholders to be consulted and interviewed in line with this assignment and the Inception Report is expected to present the methodology the team will employ for this engagement and this will include but not limited to predefined questions that will be examined to conduct the required assessments. This report should present a work plan that captures the related timelines for all the tasks and activities to be performed by the team members in the course of delivering on this engagement. Payment delivery of this shall be 20% of total contract value, only after acceptance and approval.
- Draft Final Report Submission – The assessment team, upon completing the assessments of the HRMIS application and interviews with all the stakeholders, should present a draft final HRMIS assessment report. This report is expected to be detailed assessments with observations and recommendations on each of the identified weaknesses or areas of improvements of the HRMIS system with a value-for-money concept. Payment delivery of this shall be 40% of total contract value, only after acceptance and approval.
- Completion and Final Report Acceptance – Upon submission of the Draft Final Report and with the subsequent reviews and comments obtained from all pertinent and designated stakeholders, the assessment team should make the necessary adjustments to the structure, contents and display of the submitted Draft Final Report. The final contract between the government and the consultant shall provide and specify the submission a “Completion and Final Report” to the government through the designated Director of the HRMIS at the IARCSC. The Director of HRMIS will be obligated to provide any further reviews and comments to the submitted final report until the report is acceptable and in total compliance with the intentions and overall requirements for this engagement. The Permanent Secretary/ Director General of IARCSC shall direct the HRMIS Director to produce an official written Acceptance Certificate (AC) for the completion of this assignment. The production of an AC will bind the government with making the final payment to the consultant for this final deliverable. Payment delivery of this shall be 40% of total contract value, only after acceptance and approval.
- University Degree in Informatics, Information Systems/ Technology, Engineering, Mathematics, or related field.
- Valid Certified in Information System’s audit
- Minimum of Five (5) Years of implementing security or audits services on Enterprise Resource Planning (ERP) systems.
- Proven experience of at least One (1) similar engagements at public or private institutions.
- Excellent communication and training skills both written and verbal.
How to Apply:
Interested applicants who meet minimum requirements for this post are requested to please send their applications with curriculum vitae to the following email addresses:
Announced Date: 17th March 2020
Expire Date: 15th April 2020