DRAFT TERMS OF REFERENCE FOR CONSULTANCY … for... · DRAFT TERMS OF REFERENCE FOR CONSULTANCY SERVICES UNDER FRAMEWORK CONTRACTS SEPTEMBER 2014. ... LOT 9: DPRD: IT Standards and

NATIONAL INFORMATION TECHNOLOGY AUTHORITY-UGANDA

DRAFT TERMS OF REFERENCE FOR CONSULTANCY SERVICES

UNDER FRAMEWORK CONTRACTS

SEPTEMBER 2014

Consultancy Services – Framework Contracts Version 1.0 2 | P a g e

1.0 INTRODUCTION

The National Information Technology Authority-Uganda (NITA-U) is an autonomous statutory

body established under the NITA-U Act 2009, to coordinate and regulate Information

Technology services in Uganda. NITA-U is under the general supervision of the Ministry of

Information and Communication Technology (MoICT). NITA-U is mandated “to coordinate,

promote and monitor IT development within the context of national social and economic

development”, with a vision as “a facilitator of a knowledge-based, globally competitive Uganda

where social transformation and economic development is supported through IT enabled

services”.

Under the objects of the Authority, NITA-U is mandated to;

a) Provide high quality information technology services to government

b) Promote standardization in the planning, acquisition, implementation, delivery, support and

maintenance of information technology equipment and services, to ensure uniformity

equality, adequacy and reliability of information technology usage throughout Uganda;

c) Provide guidance and other assistance as may be required to other users and providers of

information technology;

d) Promote cooperation, coordination and rationalization among users and providers of

information technology at national and local levels as to avoid duplication of efforts and

ensure optimal utilization of scarce resources;

e) To promote and be the focal point of co-operation for information technology users and

providers at regional and international levels; and

f) To promote access to and utilization of information technology by the special interest

groups.

Under the powers of the Authority, NITA-U is;

1) To carry out regular e-Readiness surveys to ascertain the status of information technology

in Uganda;

2) To establish a repository of information technology standards, and for the registration and

classification of documentation related to locally developed and imported information

technology solutions;

3) To establish a mechanism for collaboration and promotion of partnerships between various

categories of players in the information technology sector;

4) To regulate and certify information technology education in Uganda in consultation with the

ministry responsible for Education or its agencies;

5) To charge fees for services provided by the authority


NITA-U would like to engage suitably qualified firms under framework contracts to provide

technical assistance (consultancy services) to enable her fulfill her mandate. NITA-U expects

the highest level of professionalism from the contracted firms.

2.0 ASSIGNMENT BACKGROUND

In line with her mandate, NITA-U is working on a number of projects across government which

periodically calls for extra highly qualified human resources to enable her deliver on all

assignments within the set budget and expected time frame. From time to time, NITA-U

requires specialized resources to work on specific tasks or projects in accordance with specific

guidelines, to ensure successful implementation.

3.0 OBJECTIVE

The objective of this procurement is to engage firms under framework contract to provide

technical assistance in highly specialized areas as and when required; and ensure that

assignments / tasks, projects and or programmes are completed in time, within budget, and

with satisfactory quality.

4.0 SCOPE OF CONSULTANCY SERVICES

In all cases NITA-U will need short-term technical assistance at short notice allowing for fast

recruitment of experts. The quality of this technical assistance will be guaranteed by

Framework Contractors who have been pre-selected for the thematic areas, or lots below:

LOT 1: DIS: Software Applications / Systems Audit

LOT 2: DIS: Information Systems Audit

LOT 3: DIS: Computer Forensics and Investigations

LOT 4: DRLS: Compliance Assessments and Audits

LOT 5: DRPD: Research and Innovation Services

LOT 6: DTS: Technical Services

LOT 7: DRPD: IT Project Management

LOT 8: DeG: Web Development

LOT 9: DPRD: IT Standards and Frameworks Development Services LOT 10: DPRD: IT Training and Capacity Building Services

LOT 11: PDRP: Project Quality Assurance / Monitoring & Evaluation

LOT 12: DeG: Business Analysis and Design


Each framework contractor disposes of the appropriate internal or external technical expertise and skills required for the lot for which it has been pre-selected.

5.0 SPECIFIC TERMS OF REFERENCE

5.1 LOT 1: DIS: Software Applications / Systems Audit

5.1.1 Background

In line with her mandate, NITA-U intends to conduct several Software

Applications / System Audits on various Government of Uganda Systems that will

determine the security and policy decisions required to ensure the protection of

all internal information resources.

NITA-U invites expressions of Interest from consultants/consulting firms having a

minimum of five years related experience and a proven track record in projects of

a similar nature, who wish to carry out the Audit exercise under a framework

contract arrangement.

5.1.2 Description of assignment

1) Global objective

The objective is to carry out a comprehensive review and examination of the

controls and internal checks built into the application. The consultant shall report

on the conclusions reached from his audit/review of the application controls and

recommend suitable measures for correcting any deficiencies which were

identified during the audit review process.

2) The consultant will be permitted to access concerned records, software,

hardware, and computer installations and shall be required to sign a non-

disclosure agreement before commencement of duty.

3) The scope of work includes

a) Evaluation of all the processes and activities, which are computerized under

the systems using appropriate test data.

b) Evaluation of data origination controls - adequacy on controls in procedures

relating to data preparation, document control, data authorization and data

retention.

c) Review the adequacy of systems and controls for data entry, segregation of

roles, and duties, data validation / editing procedures and data input error

handling procedures.

d) Evaluate the adequacy of controls in the data processing procedures to

ensure that data integrity.


e) Ensure that adequate checks and controls are built into the system to provide

completeness and accuracy of the output reports.

f) Knowledge transfer

g) Recommendations and implementation plan to correct the deficiencies.

h) Study the existing system and validating the application software. Also.

Attempt an analysis of comparator applications used for similar functions in

successful projects in elsewhere.

i) The evaluation framework should include multiple criteria based assessment

for evaluating and validating the application software like ease of use,

complexity of procedure, errors in documentation, timely response, etc.

should be incorporated.

4) Required outputs

The consultant shall submit an application software / system audit report, which

shall include the following;

a) Study the existing system(s), validate the application and submission of

reports with recommendations.

b) Test / audit the application software modules, identify deficiencies observed in

the systems and submission of reports with appropriate recommendations.

c) Knowledge transfer to selected staff.

d) Submission of final reports.

5) NITA-U reserves the right to cancel the consultancy at any point in time if the

performance is found to be unsatisfactory.

5.1.3 Experts profile or Expertise required

1) The expected number of key personnel in the team is five. The team will consist

of one team leader and four team members as a minimum.

They should have experience in the complete life cycle of application software

(study, design, development, testing, implementation, training, troubleshooting

and support, etc.) using various operating systems (like Linux, windows, UNIX)

and tools and environments (like VB, .net , Oracle, Ms Access, Postgres etc.)

2) Profile per expert or expertise required:

a. The Team Leader having Bachelors in Software Engineering, computer

Science, computer application, IT, as well as an IT audit / Information

Security certification with minimum of 5 years computer systems audit

related experience.

b. The Team Member having Bachelors in Software Engineering, computer

Science, computer application, IT, as well as an IT audit / Security


certification with minimum of 3 years computer systems audit related

experience.

5.1.4 Location and duration

1) The duration of this consultancy is 60 calendar days

2) The location(s) of assignment shall be as advised by NITA-U

5.1.5 Reporting

1) The Audit Report should comprise of an Executive Summary, Findings and

Recommendations which should include, but not limited to, System

Vulnerabilities, Security Program Management of Information Technology

Resources and Application Life Cycle Controls.

2) Unless otherwise stated, the reporting language shall be English.

3) Weekly activity reports, tasks to be performed and travel schedule to be

submitted to NITA-U.

4) A committee shall be setup to review the progress on completion of the entire

work at different stages or as and when necessary.

5.1.6 Administrative information

1) Interviews for the Team leader and two of the team members may be required

2) In case of the need to subcontract, NITA-U shall review and approve of such

arrangements

3) English shall be the language of communication for all legal documents

4) For each assignment, a proposal shall be submitted that must contain a brief and

clear methodology to be used to accomplish the assignment at hand

5) Management team member presence shall be required for briefing and/or

debriefing.

5.2 LOT 2: DIS: Information Security Audit

5.2.1 Background

In line with her mandate, NITA-U intends to conduct several Information Security

Audits for various Government of Uganda institutions to determine whether their

information security measures are adequate to guarantee the preservation of the

confidentiality, integrity and availability of information and information processing

assets.


minimum of five years related experience and a proven track record in projects of


a similar nature, who wish to carry out the Audit exercise under a framework

contract arrangement.


1) Global objective

The objective is to carry out an Information Security Audit by using best security

practices, which helps Government of Uganda institutions to maintain Information

Technology (IT) security through ongoing, integrated management of policies and

procedures, personnel training, selection and implementation of effective

controls, reviewing their effectiveness and improvement. This should improve

customer confidence, a competitive edge, better personnel motivation and

involvement, and reduced incident impact. Ultimately, this leads to control over

organizational losses and improved revenues





a) Review adequacy of systems controls for Database Management system

including access to, structuring of and control over shared database, Evaluate

adequacy of systems for data administration, data access, concurrency

controls, database integrity and content recovery processes.

b) Review and report on the logical and physical security of the computer

systems including Password administration, security violation reports, security

of online access to data, backup and recovery plans and disaster

management procedures.

c) Information security policy for the organization: This activity involves a

thorough understanding of the organization’s business goals and its

dependence on information security. This entire exercise begins with the

creation of the IT Security Policy. This is an extremely important task and

should convey total commitment of top management. The policy cannot be a

theoretical exercise. It should reflect the needs of actual users. It should be

implement-able, easy to understand and must balance the level of protection

with productivity. The policy should cover all the important areas like

personnel, physical, procedural and technical.

d) Creation of information security infrastructure: A management framework

needs to be established to initiate, implement and control information security

within the organization. This needs proper procedures for approval of the

information security policy, assigning of the security roles and co-ordination of

security across the organization.


e) Asset classification and control: One of the most laborious but essential tasks

is to manage inventory of all the IT assets, which could be information assets,

software assets, physical assets or other similar services. These information

assets need to be classified to indicate the degree of protection. The

classification should result into appropriate information labeling to indicate

whether it is sensitive or critical, and the procedure which is appropriate for

copy, store, transmit or destruction of the information asset.

f) Personnel security: Human errors, negligence and greed are responsible for

most thefts, fraud or misuse of facilities. Various practical measures should

be taken, like making personnel screening policies, confidentiality

agreements, terms and conditions of employment, and information security

education and training. Alert and well-trained employees who are aware of

what to look for can prevent future security breaches.

g) Physical and environmental security: Designing a secure physical

environment to prevent unauthorized access, damage and interference to

business premises and information is usually the beginning point of any

security plan. This involves physical security perimeter, physical entry control,

creating secure offices, rooms, facilities, providing physical access controls,

providing protection devices to minimize risks ranging from fire to

electromagnetic radiation and providing adequate protection to power

supplies and data cables. Cost-effective design and constant monitoring are

two key aspects to maintain adequate physical security control.

h) Communications and operations management : Properly documented

procedures for the management and operation of all information processing

facilities should be established. This includes detailed operating instructions

and incident response procedures.

i) Network management requires a range of controls to achieve and maintain

security in computer networks. This also includes establishing procedures for

remote equipment including equipment in user areas. Special controls should

be established to safeguard the confidentiality and integrity of data passing

over public networks. Special controls may also be required to maintain the

availability of the network services.

j) Exchange of information and software between external organizations should

be controlled, and should be complied with any relevant legislation. There

should be proper information and software exchange agreements, the media

in transit needs to be secure and should not be vulnerable to unauthorized

access, misuse or corruption.

k) Electronic commerce involves electronic data interchange, electronic mail and

online transactions across public networks such as the Internet. Electronic


commerce is vulnerable to a number of network threats that may result in

fraudulent activity, contract dispute and disclosure or modification of

information. Controls should be applied to protect electronic commerce from

such threats.

l) Access control: Access to information and business processes should be

controlled. The business and security requirements will include:

i. Defining an access control policy and rules

ii. User access management

iii. User registration

iv. Privilege management

v. User password and management

vi. Review of user access rights, network access controls

vii. Enforcing paths from user terminals to computer

viii. User authentication, node authentication

ix. Segregation of networks

x. Network connection control, network routing control, operating system

access control

xi. User identification and authentication

xii. Use of system utilities

xiii. Application access control

xiv. Monitoring system access and use

xv. Ensuring information security when using mobile computing and tele-

working facilities.

m) System development and maintenance: Security should ideally be built at the

time of inception of a system. Hence security requirements should be

identified and agreed prior to the development of information systems. This

begins with security requirement analysis and specification, and providing

controls at every stage i.e. data input, data processing, data storage and

retrieval and data output. It may be necessary to build applications with

cryptographic controls. There should be a defined policy on the use of such

controls, which may involve encryption, digital signature, use of digital

certificates, protection of cryptographic keys and standards to be used for

cryptography. A strict change control procedure should be in place to facilitate

tracking of changes. Any changes to the operating system or software

packages should be strictly controlled. Special precautions must be taken to

ensure that no covert channels, back doors or Trojans are left in the

application system for later exploitation.

n) Business continuity management: A business continuity management

process should be designed, implemented and periodically tested to reduce


the disruption caused by disasters and security failures. This begins by

identifying all events that could cause interruptions to business processes,

and depending on the risk assessment, a strategy plan should be prepared.

The plan needs to be periodically tested, maintained and re-assessed based

on changing circumstances.

o) Compliance: It is essential that strict adherence is observed to the provision

of national and international IT laws, pertaining to Intellectual Property Rights

(IPR), software copyrights, safeguarding of organizational records, data

protection and privacy of personal information, prevention of misuse of

information processing facilities, regulation of cryptographic controls and

collection of evidence. The use of Information Technology in business has

also resulted in the enactment of laws that enforce responsibility of

compliance. All legal requirements must be complied with to avoid breaches

of any criminal and civil law, statutory, regulatory or contractual obligations

and of any security requirements.

p) Review adequacy of systems documentation for operating and maintaining

the new systems, ensure control functions and responsibilities are

appropriately documented and quality of documentation complies with

minimum industry standards.

q) Documentation: The ISMS documentation shall consist of the following

information:

i. Evidences for action taken for implementation of the ISMS

ii. Details of the procedures adopted to implement the controls. It should

also describe the responsibilities and relevant factors

iii. Procedures covering the management and operation of ISMS.

r) Document Control: Procedures should be established for controlling all

documentation required as detailed above and that the documentation is:

i. Readily available

ii. Periodically reviewed and revised as necessary in line with the

organization’s security policy

iii. Maintained under version control and made available to all locations

where operations essential to ISMS are being performed

iv. Promptly withdrawn when obsolete

v. Identified and retained when obsolete and required for legal or

knowledge preservation purposes or both.

s) Records: Records like visitor’s book, audit records, ACLs, etc, being evidence

generated as a consequence of the operation of the Information System

Management System, should be maintained to demonstrate compliance with

the requirements of ISO 17799:2000. There should be procedures


established for identifying, maintaining, retaining and disposing of these

records demonstrating compliance.

t) Knowledge transfer

u) Recommendations and an implementation plan to correct the deficiencies

4) Required outputs

The consultant shall submit an audit report, which shall include the following;

a) Study of the existing governance, policies, procedures and submission of

reports with recommendations.

b) Validation of the existing administrative documents and submission of the

reports

c) Recommendations and changes in the existing administrative documents

based on industry standards

d) Fine tune the administrative documents based on best practice and business

requirements of the target institution

e) Knowledge transfer to selected staff.

f) Submission of final reports.




1) The expected number of key personnel in the team is five. The team will consist

of one team leader and four team members (Systems Specialist, Network

Specialist, Applications Specialist, Architecture and Integration Specialist) as a

minimum.

They should have knowledge and experience in customizing and deploying

application, Systems analysis and design, Information Systems Auditing,

Operating systems installation, administration and auditing, Information Security

risk analysis and remediation, Network design, installation, support and auditing,

Penetration testing and vulnerability assessment.


a. The Team Leader having bachelor’s degree in either information systems

or computer science (or other technical discipline) with a minimum of 5

years’ Information Security audit related experience. The Team Leader

should possess an IT audit / Information Security certification and project

management knowledge and experience.

b. The System Security Specialist having bachelor’s degree in either

information systems or computer science (or other technical discipline)


with a minimum of 3 years’ System Administration / Audit related

experience. The System Security Specialist should possess a System

Administration and an IT audit / Information Security certification.

c. The Network Specialist having bachelor’s degree in either information

systems or computer science (or other technical discipline) with a

minimum of 3 years’ Network Administration / Audit related experience.

The Network Specialist should possess Network Administration and an IT

audit / Information Security certification.

d. The Application Specialist having bachelor’s degree in either information

systems or computer science (or other technical discipline) with a

minimum of 3 years’ Application or Database Administration / Audit related

experience. The Application Specialist should possess Application /

Database Administration and an IT audit / Information Security

certification.

e. The Architecture and Integration Specialist having bachelor’s degree in

either information systems or computer science (or other technical

discipline) with a minimum of 3 years’ System Integration related

experience. The Architecture and Integration Specialist should possess

System Integration and an IT audit / Information Security certification.




5.2.5 Reporting

1) The Audit Report should comprise of an Executive Summary, Findings and

Recommendations which should include, but not limited to, Web Application

Security, Vulnerability Testing, Penetration Testing, Wireless Security, Policy and

Procedure Review, Cyber Security Incident Response, Physical Security,

Personnel Security, Asset classification, Source Code Review.









arrangements






debriefing.

5.3 LOT 3: DIS: Computer Forensics and Investigations

5.3.1 Background

In line with her mandate and as need arises, NITA-U intends to contract a firm

under framework contract arrangement to conduct several computer forensics

and investigation exercises on various Government of Uganda Systems in

pursuit of those that violate or mismanage computer systems in accordance with

the various cyber laws.

The firm selected will be experienced in all aspects of computer forensic work

and will have a high level of skills and qualifications necessary to conduct the

investigations to effectively support the collection and analysis of electronic

evidence and the effective use of this evidence in later processes including the

recovery from financial loss, administrative action and criminal prosecution by

other government agencies.


1) Global objective

The objective is to carry out electronic investigations, while ensuring that the

investigator creates an audit trail, maintains a complete chain of custody which

can be used to demonstrate that any conclusions drawn from the investigation

are verifiable and in accordance with the industry standards and guidelines for

Digital Evidence.





a) Acquisition of data in a way that preserves the data in the state in which it

existed immediately prior to its capture,

b) Investigation of any device which can hold digital data and

c) Analysis of and reporting on the captured data.

d) Knowledge transfer

4) Required outputs


a) The consultant shall submit an investigation report, which shall include the

following;

i. Procedures used

ii. Evidence located

iii. Evidence collected

iv. Conclusion with reasoning

b) The consultant shall also be expected to undertake deliberate actions aimed

at building capacity of selected staff.



5.3.3 Technical Skills and Competences

1) Knowledge and experience with the following operating systems: windows, Linux,

UNIX, iOS and Android as well as a thorough understanding on computer

forensic tools such as EnCase, Forensic Toolkit (FTK), Autopsy, and/or I/Look

Investigator.

2) Thorough knowledge of computer forensic procedures for data collection,

preservation, recovery analysis – including network forensic analysis and

reporting

3) Ability to properly caliber and maintain the forensic equipment in proper working

order

4) Ability to analyze industry technology trends to incorporate proven forensic

investigation and supporting technologies into practice

5) Ability to analyze and deploy best practices applicable to forensics

6) Understanding of information systems security; network architecture; general

database concepts; document management; hardware and software

troubleshooting; electronic mail systems like exchange and Microsoft office

applications

7) Ability to provide deposition and expert trial testimony when needed

5.3.4 Qualifications

1) Possession of professional certifications and membership in professional

associations in the field of computer forensics is highly desirable

2) The successful firm will have a combination of education and experience related

to the essential duties and responsibilities including;

a. At least seven years of experience in computer forensic investigation with a

law enforcement agency or with a professional services firm

b. Ability to maintain confidentiality is critical


c. Demonstrated experience in managing day to day aspects of client

relationships, as well as forensic cases is a must

d. Knowledge of computer forensic tools, methodologies, and protocols (e.g.

EnCase, FTK, etc.)

e. Expertise in windows operating systems, Linux, UNIX, PC hardware, PC

networking

f. Hardware to be analyzed will primarily encompass hard drives (such as SATA,

SDD). However additional equipment may include thumb drives, memory

cards, mobile phones, and other related storage devices

g. Experience of undertaking engagements of similar nature is an asset.


1) The expected number of key personnel in the team is three. The team will consist

of one team leader and two team members as a minimum.

They should have strong technical ability with various computers, software and

hardware, excellent communication abilities, strong analytical approach to

problem-solving, working knowledge of tools such as Encase, FTK, Paraben and

other industry-recognized tools, and should be willing to travel across Uganda for

business-related purposes without restriction.


a. The Team Leader having bachelor’s degree in either forensics or computer

science (or other technical discipline) with a minimum of 3 years’ experience

working in either a computer forensics or eDiscovery environment as well as

experience in imaging of various digital media platforms, acquiring all sources

of data

b. The Team Member having bachelor’s degree in either forensics or computer

science (or other technical discipline) with a minimum of 1 years’ experience

working in either a computer forensics or eDiscovery environment as well as

experience in imaging of various digital media platforms, acquiring all sources

of data

5.3.6 Reporting

1) The consultant shall submit their forensic examination report(s) to NITA-U as well

as to the institution where the services have been provided. The information

provided in the reports should be concise and accurate

2) The consultant shall maintain an audit trail or other record of all processes

applied to computer based electronic evidence to allow third party re-examination

to achieve same results



4) Analysis and reporting shall be within 30 days of receipt of the digital device





7) Any indications included in the report restricting its distribution and /or use will be

deemed null and void.


1) Interviews for the Team leader and one of the team members may be required


arrangements

3) The electronic evidence and other related records are the property of the

information owners but may be retained by the consultant and should be made

available for review upon request. The retention period for electronic evidence

and other related records shall be seven year.





debriefing.

7) The firm and its staff shall maintain confidentiality regarding any information

obtained in connection with the computer forensic services undertaken on behalf

of NITA-U

5.4 LOT4: DRLS: Compliance Assessments and Audits

5.4.1 Background

As the Authority for Information Technology, NITA-U is required to regulate the

Information Technology (IT) sector which includes public and private entities/persons

and in particular to regulate IT education, IT professionals and IT service providers.

Specific laws have been passed by Parliament to wit: The Electronic Transactions Act,

2011, The Electronic Signatures Act, 2011 and their underlying regulations; and the

Computer Misuse Act, 2011. These laws were passed in order to facilitate, and provide

assurance on the authenticity of, e-transactions and guard against the abuse of

computer systems. Additional regulations are currently being drafted to further

operationalize the NITA-U Act. In addition to the above mentioned laws, Government


Directives on IT and IT Standards that NITA-U issues from time to time together form

the legal framework. These laws apply to the service providers as well as the users of IT

products and services who are expected to abide by them. It is imperative therefore that

NITA-U monitors adherence to these laws or other laws and Directives that may be

passed/issued from time to time. NITA-U may choose to do this using in-house

expertise or engage third party experts for support.


1) Global objective

1.1 To achieve the objective of Government in setting up NITA-U, which

includes;

The implementation of the NITA-U Act, the IT laws, Cabinet Directives and

laws passed from time to time.

To achieve efficiency and effectiveness in service delivery by Government.

To facilitate the provision of quality IT products and services to consumers.

Growth and development of the IT sector that translates in socio economic

development for the nation.

1.2 Monitor compliance by the Authority, management, employees and

stakeholders in the Information Technology (IT) Sector with IT Laws,

Regulations, Standards, Directives, Policies, Procedures and other

relevant Laws (collectively, IT laws/the legal framework) in order to ensure

the delivery of government objectives for regulating the IT sector.

2) Specific objective(s)

The consultant(s) will be required to conduct compliance assessments and or

audits to determine the level of compliance of the target group/entity, and in

particular;

Conduct compliance assessments in order to provide management and the

Board with assurance that the IT laws are being complied with.

Identify compliance gaps within the entity assessed and make appropriate

recommendations for addressing those gaps including the establishment of

necessary controls.

Follow up on progress with resolution of the compliance gaps identified,

where requested by NITA-U.


3) Requested services

The Consult will be required to provide the following services.

Conduct compliance assessments and or audits as assigned by NITA-U from

time to time.

Provide timely reports to NITA-U on the results of the assessments and or

audits.

Where required, conduct follow up reviews to check that review

recommendations have been actioned.

4) Required outputs

It is expected that following the engagement of the consultant for a specific

assignment, the following should be the outputs.

Compliance assessments and or audits conducted as assigned by NITA-U.

A duly completed report issued in accordance with NITA-U terms of reference.

Timely conduct of follow up reviews requested by NITA-U.


1) Number of requested experts per category and number of man-days per expert

or per category.

Category: Compliance with requirements under the IT legal framework.

Number of required experts: 1 (one) expert

Number of man-days per expert: 20 working days

NB: The above will depend on the nature and scope of assignment to be

undertaken and will be determined before engagement of the consultant.


a. Category and duration of equivalent experience

Demonstrated knowledge of IT laws and practices.

At least 5 (five) years’ experience in monitoring and evaluation work

in the IT field and evidence of a minimum of 5 assignments

successfully completed for a large organization or Government.


b. Education

As a minimum:

Master’s or Honours degree in IT, Accounting or other relevant

fields, with skills in compliance audits.

Masters or Honours degree in Law. Possession of professional

qualifications in IT will be an added advantage.

Accreditation and certification in IT will be an added advantage.

Formal training in monitoring and evaluation will be an added

advantage

c. Experience

Evidence of similar assignments undertaken and successfully completed

for a minimum 5 (five) large organizations or Government departments.

d. Language skills

Proficiency in the English language.

Minimum required skills must be clearly identified.

Excellent knowledge of the IT laws and overall IT regulatory environment.

Sufficient technical expertise in IT, audit and the conduct of compliance

assessments.

Excellent report writing skills


1) Starting period

At the start of the Quarter, to be undertaken 4 (four) times in a financial year or

as may be determined by management from time to time.

2) Foreseen finishing period or duration

Each assignment should last no later than 20 working days.

3) Planning including the period for notification for placement of the staff

No less than 10 working days before commencement of an assignment.


4) Location(s) of assignment

The assignments will be conducted onsite at the premises of the entity being

assessed. However, a combination of onsite and offsite assessments may be

adopted as deemed appropriate for the achievement of the objectives of the

assignment.

NB: the duration of the assignment may vary based on the scope of the

assignment but NITA-U reserves the right to determine the assignment scope

and duration.

5.4.5 Reporting

1) Content

As a minimum requirement, the report should contain the following:

An acknowledged receipt of the engagement letter issued to the entity assessed

in accordance with clause 5.4.4 (3) above.

2) Language

The report as well as any annexures thereto shall be written in the English

language.

3) Submission/comments timing

The draft report should be issued within 5 (five) working days from the 20th day

referred to under 5.4.4 (2) above.

4) Number of report(s) copies

A minimum of 3 reports spiral bound with appropriate stationery.

5.5 LOT 5: DRPD: Research and Innovation Services

5.5.1 Background

Under Sections 5(l) and (o) of the NITA-U Act respectively, NITA-U has the

mandate to provide information management services through acting as a

records management facility and information depository and also to undertake

and commission research as may be necessary to promote its objectives. In

execution of its functions under Section 19, NITA-U is required to conduct


Information Technology (IT) surveys. In addition, Section 23 of the Act authorizes

NITA-U to disseminate any information collected from a survey.

NITA-U shall in performing above functions, consult and cooperate with other

Institutions/organizations with functions related to, or having aims or objectives

related to IT Research & Innovation Services. Section 32(2) of the NITA-U Act

2009 (Relationship with other Organization) mandates NITA-U to delegate any of

its functions under the Act to any organization.

In light of the above, NITA-U is seeking suitable individuals, firms/ companies to

deliver upon specified IT Research and innovations services whenever need

arises


1) Global objective

The global objective of this assignment is to strengthen the capacities of NITA-U

in fulfilling her respective pre-accession roles and functions.


To provide IT Research and Innovation services being sought after include but

not limited to;

a) Conducting IT Surveys

b) Conducting research on emerging technologies

c) Development of a comprehensive IT Research & Innovation System

d) Developing research project proposals (needs assessments, appraisals,

and pre‐project studies) in line with the authority’s strategic plan;

e) Software applications and database development

3) Required outputs

Outputs required will be structured/stated according to the service need/request


1) Qualifications

a) A Minimum of a Bachelor’s Degree in Computer Science, Information

Technology, Information Systems, Statistics or their equivalent;

b) A Master's Degree in Computer Science, Information Technology, Information

Systems, Software Engineering or a closely related field is a requirement;

c) Professional/ Industry IT Certification such as ITIL, MCSE,CISSP, CISM, CGEIT,

CRISC, PMP etc. are an added advantage;


d) Certification in Research Administration such as Certified Research Administrator

(CRA) is an added advantage.

2) Experience

a) A minimum of Five years’ proven and demonstrable experience in IT Research

and Innovation in a reputable Public or Private Organization;

b) Experience researching and recommending technical solutions related to

Information Technology;

c) Experience managing technology or software development projects; supervising

professional or management staff; preparing and managing a variety of complex

information technology related operations; setting goals, priorities and strategies

for computer system security and other technical solutions;

d) Experience in establishing procedures and implementing processes; analysing

functions and practices to improve effectiveness; using technology for research

and development efforts; and facilitating group processes;

e) Knowledge of emerging technologies; systems integration and infrastructure;

project implementation strategies; and research and development strategies;


Starting periods and finishing period or duration will be appropriately

communicated along with the location(s) of assignment

5.5.5 Reporting

The medium of communication for the assignment shall be English. The

consultant will produce the documents and Reports in both electronic and hard

copy formats, as Microsoft Word documents, and submit them to the NITA-U.

The nature of the reports shall include;

a) Inception report that should outline the details of the approach, methodology,

work plan (including budget) and the timeline for all the activities in project

scope.

b) Periodic report on project progress and budget exhaustion.

(Daily/Weekly/Monthly)

c) Final report as per indicated in the project timeline.

The work plan should specify the management structure as well as the

responsibility of each member of the team, including the main contractor and/or

sub-contractors. The work plan should include a list of detailed tasks to be

performed, with clear and realistic phases and milestones. Resources should be

clearly associated to each task.


On the basis of reporting, mentioned above the consultant should closely work

under the guidance of the head of department Research and Innovation who is

responsible for planning, executing and monitoring the project as per the contract

agreement with NITA-U.



arrangements



clear methodology to be used to accomplish the assignment at hand.

5.6 LOT 6: DTS: Technical Services

5.6.1 Background

The Directorate of Technical Services is mandated under the NITA – U act to foster the

development of the following functions of the NITA – U Act:

a) Provide first level technical support and advice for critical Government information

technology systems including managing the utilisation of the resources and

infrastructure for centralised data centre facilities for large systems through the

provision of specialised technical skills;

b) Identify and advise Government on all matters of information technology

development, utilisation, usability, accessibility and deployment including

networking, systems development, information technology security, training and

support;

c) Create and manage the national data bank, its inputs and outputs; and

d) Provide guidance on the establishment of an infrastructure for information sharing by

Government and related stakeholders.


a) Specific objective(s)

The consultant(s) will be required to provide advisory services to and on behalf of

NITA – U in relation to its mandate as the IT advisory and implementation arm of

Government. The Directorate of Technical Services provides IT Services to

Ministries Departments and Agencies. The directorate would therefore like to


engage suitable qualified professionals to provide the above services on behalf

of NITA – U.

b) Requested services


Provide Technical Advice in relation to the provisioning of IT Services for

Ministries Departments and Agencies with the specific goal of enabling the

delivery of optimized and rationalized IT services from NITA - U;

developing Conduct compliance assessments and or audits as assigned by

NITA-U from time to time.

Provide timely reports to NITA-U on the results of the assessments and or

audits.

Where required, conduct follow up reviews to check that review

recommendations have been actioned.

c) Required outputs

The Consultancy firms shall be required to undertake all required activities from

project planning until closure; and follow the National IT Project Management

Methodology or any applicable guidelines. Companies will work under the

guidance of IT Services Department in the Directorate of Technical Service.

Contracted firms will be expected to present a list of key resources categorized

based on their experiences in various IT specialized areas including IT Solution

experts, Systems Analysts, Business Analysts, Information Security experts, that

are detailed in attached Terms of Reference, at all levels including senior

management, middle management and entry level positions.


The consultants firms should comprise of network specialists, systems

specialists, and Infrastructure Specialist and IT Services Delivery specialists with

the following qualifications and job experience:

a) Network Specialist

The specialist shall possess network planning, management, supervision and

maintenance of large Next Generation Networks Enterprise Wide Area Networks,

Network Operating Centres (NOCs) and any LAN, MAN or WAN infrastructure.

The Network Specialists will be required to perform the following:


- Planning, Design, implementation, testing and maintenance of Network

Infrastructure;

- Supervision of the systems administration and maintenance of DWDM, SDH

and optical switching networks that is being implemented and maintained by

NITA – U;

- Design and implement security controls for MDA LAN and WAN infrastructure;

- Monitoring and implementation of these to ensure that the performance

targets are met;

- Manage network performance and recommend adjustments to wide variety of

complex network management functions;

- Monitor and ensure availability of the Network for it to be operational at all

times;

- Proactively investigate problems that may affect Network availability and take

actions to resolve them;

- Monitor Network security, deployment of IOS software upgrades, and enforce

Network licence agreements;

- Review and manage service agreements ensuring maximum productivity on

all running SLAs; and

- Recommend and implement policies, standards and documentation

procedures related to the NOC operation procedures.

Qualifications and Competencies

- Bachelor’s Degree in Computer Science, Information Systems, Information

Technology, or Telecommunications Engineering;

- Master’s Degree in any IT related field;

- Five years’ Experience in the design, implementation and management of

Networks in a large enterprise.

- Professional certifications such as CCDA, CCNA, CISSP, MCSE, etc, will be

an added advantage.

- Demonstrated project management and communication experience will be

required.

b) OFC Specialists

The OFC shall provide services in the field of maintenance of the optical

switching networks deployed; oversee the development of the Optical Fibre

networks and quality assurance of OFC implementations.

The OFC Specialists will be required to perform the following:

- Systems administration and maintenance of DWDM, SDH and optical

switching networks;


- Provision of technical support to operators and services providers that

interconnect with the Government Optical Fibre network;

- Monitor and evaluation of the performance of the Optical Transmission

Networks and Systems.


- Bachelor’s Degree in Computer Science, Information Systems,

Information Technology, or Telecommunications Engineering;

- Three years’ Experience in the design, implementation and management

of Optical Switching Systems;

- Professional certifications such as CCDA, CCNA, CISSP, MCSE,

c) WAN/MAN Solution Expert

The WAN/MAN Solution Expert shall administer, maintain and operate the

Wide Area Networks/ Metropolitan Area Networks that deployed by NITA – U.

the Expert will maintain the Network Operating Centres (NoCs) to ensure

maximum availability and uptime.

The WAN/MAN Solutions Expert will be required to perform the following:

- Maintenance and configuration of the Datacom systems;

- Supervision of the installation of the Data communications systems and

hardware;

- Configuration and set-up of all new server systems required for WAN/MAN

infrastructure;

- Firewall administration and overall internal network security.

- Corrective and preventive maintenance of transmission sites.




- Three years’ Experience in the in the administration of LAN/WAN/MAN

servers and infrastructure;

- Professional certifications such as CCDA, CCNA, CISSP, MCSE.

d) Infrastructure Delivery Specialists

The Infrastructure Delivery Specialist will be expected to plan for, build and

supervise the implementation of Infrastructure programmes and projects and

conduct related monitoring and evaluation activities according to project

implementation plans and specifications.

The Infrastructure Delivery Specialist will be required to perform the following:


- Planning and execution of Infrastructure projects that are undertaken by

NITA – U;

- Development of Infrastructure blue prints for NITA-U projects.

- Monitoring and Evaluating the project activities that are undertaken by

NITA – U with emphasis on quality programming with the project

development partners;

- Supervise and control the administrative and financial programs of NITA –

U infrastructure projects;

- Provision of technical support to other public and private sector agencies

undertaking IT Infrastructure Projects to promote high quality, cost

effective and timely outputs of the projects and support the project design

and development.





- Five years’ experience in the in the supervision, management and

administration of IT infrastructure delivery projects;

- Professional certifications such as CCDA, CCNA, CISSP, MCSE;


required

e) Data Centre Expert

The Data Centre Expert shall be capable of the design, construction,

management, supervision and maintenance of the all Data Centres and Disaster

Recovery Site Infrastructure and Applications.

The Data Centre Expert will be required to perform the following:

- Design, construction, management and supervision of Government Data

Centres.

- Management of the implementation, integration and support of Data

Centre Applications.

- Management of the Primary Data Centre storage systems and

applications;

- Recommend and implement policies, standards and documentation

procedures related to Data Centre operation procedures.





- Five years’ Experience in the design, implementation and management of

Data Centres in a large enterprise.

- Professional certifications such as MCSE, MCSA, CCNA,


required.

f) Systems Administrator

The Systems Administrator shall be capable of the configuration and

maintenance of the application systems and enterprise software.

The System Administrator will be required to perform the following:

- Design and acquisition of tools to proactively identify errors, ensuring

efficient and effective use of system resources.

- Implementation, integration and support to Data Centre Applications.

- Implementation of Disaster Recovery Plans.

- Development of application policies and procedures; monitoring

compliance of these.

- Ensuring that server operating systems are up to date with the latest

patches and antivirus updates.




- Three years’ Experience in the design, implementation and management

of Data Centers in a large enterprise.

- Professional certifications such as MCSE, MCSA, CCNA

.

g) IT Services Specialist

The IT Services Specialist is expected to manage the performance of the IT

implementations in MDAs across the country and supervise the implementation

of IT projects countrywide.

The IT Services Specialist will be required to perform the following:

- Management of Clients and Stakeholders on behalf of NITA-U in the

delivery of NITA-U services to districts.

- Supervision of the implementation of IT related projects being deployed in

districts.

- Overseeing the management of IT inventories of equipment, hardware

and software that will be resident in the respective regions;


- Monitor the IT needs specific to the respective regions and develop an IT

needs assessment for the respective regions;




- Three years’ experience in the management of critical national IT projects.

- Professional certifications such as MCSE, MCSA, CCNA,

h) IT Services Manager

The IT Services Manager shall support the planning, coordination and delivery of

Government wide IT Services up to the District level.

The IT Services Manager will be required to perform the following:

- Provision of first level technical support and advisory services for the

development of Government IT systems.

- Managing the utilisation of Government wide IT resources and

infrastructure through the provision of specialised technical skills.

- Provide guidance on the establishment of an infrastructure for information

sharing by Government and related stakeholders.

- Monitoring and managing supplier performance to ensure compliance with

service level agreements.

- Coordinate the development of annual business plans, capital and

operating budgets.


- Bachelor’s Degree Computer Science, Information Systems, Information



- Five years’ experience in coordination and management of IT Services in

a large enterprise is essential.

- Professional certifications such as CCDA, CCNA, CISSP, MCSE,


required.

i) Database Administrator

The Database Administrator shall be capable of the configuration and maintenance of

all the applications and systems Databases. The Database Administrator shall also be

responsible for the performance, integrity and security of all databases.

The Database Administrator will be required to perform the following:

- monitoring performance and managing parameters to provide fast responses to

front-end users;


- Ensures data remains consistent across the database;

- Data is clearly defined;

- Users access data concurrently, in a form that suits their needs;

- There is provision for data security and recovery control (all data is retrievable in an

emergency)

- Mapping out the conceptual design for a planned database;

- refining the logical design so that it can be translated into a specific data model;

- further refining the physical design to meet system storage requirements;

- installing and testing new versions of the DBMS;

- maintaining data standards, including adherence to the Data Protection Act;

- writing database documentation, including data standards, procedures and

definitions for the data dictionary (metadata);

- controlling access permissions and privileges;

- developing, managing and testing back-up and recovery plans;

- ensuring that storage and archiving procedures are functioning correctly;

- communicating regularly with technical, applications and operational staff to ensure

database integrity and security;

- commissioning and installing new applications and customizing existing applications

in order to make them fit for purpose.


- Bachelor’s Degree in Computer Science, Information Systems, Information


- Understanding of structured query language (SQL)

- Knowledge of 'relational database management systems' (RDBMS), 'object

oriented database management systems' (OODBMS) and XML database

management systems

- Experience with their database software/web applications


- Three years’ Experience in the design, implementation and management of Data

bases in a large enterprise.

- Professional certifications such as MCDBA, OCP,CDMP, MTA,MCM, MCTS will be

an added advantage.


1) Starting period

At the start of the Quarter, to be undertaken 4 (four) times in a financial year or

as may be determined by management from time to time.






The assignments will be conducted onsite at the premises of the entity being

assessed. However, a combination of onsite and offsite assessments may be

adopted as deemed appropriate for the achievement of the objectives of the

assignment.



and duration.

5.6.5 Reporting

1) Content

As a minimum requirement, the report should contain the following:

An acknowledged receipt of the engagement letter issued to the entity assessed

in accordance with clause 5.14.4 (3) above.

2) Language

The report as well as any annexures thereto shall be written in the English

language.


The draft report should be issued within 5 (five) working days from the 20th day

referred to under 5.14.4 (2) above.



A minimum of 3 reports spiral bound with appropriate stationery.

5.7 LOT 7: DRPD: IT Project Management

5.7.1 Background

National Information Technology Authority in Uganda (NITA-U) is mandated to enhance

the infrastructure and capacity to deliver on IT projects and programs in government. In

order to improve project delivery success rate, it is important that competent team of

project managers and or companies with proven experience and skills in project

management are identified and pre-qualified for future assignments as projects get

initiated.

Acquisition of qualified project Managers and or companies will support a standard way

to manage critical business operational activities at NITA-U by offering critical Project

management skills.

The project managers and or companies required will be appointed on need basis to

manage NITA-U projects in accordance with the approved IT project management

methodology, best practices, guidelines and standards to ensure successful

implementation of NITA-U programmes and /or projects in time, within budget and

required quality.


1) Global objective

The global objective of this assignment is to identify, pre-qualify and develop an

updatable database of qualified project managers and or project management

companies who will be outsourced to manage NITA-U projects as and when required

depending on the type, size, complexity or risk profile.


The assignment of acquired project managers and or companies will involve the

following major tasks among others:

i. Management of assigned projects from project planning phase, implementation until closure following NITA-U’s IT Project Management Methodology


ii. Undertake the development of project (s) documentation iii. Undertake project quality assurance iv. Undertake Monitoring and Evaluation tasks v. Support contractors/suppliers in project risks management to ensure flawless

execution of projects vi. Undertake IT project management capacity building and training.


A Consultant (Project Manager and or project management companies) assigned

will be required to provide the service as per the scope of work that will be

defined at the time of contracting. NITA-U will determine the scope of work to be

outsourced.

3) Required outputs

The assignment will always have clear deliverables that the consultant shall deliver


Consultants undertaking the above services shall meet the following minimum

requirements

No. Basic Requirement Minimum Standards

1. Person

Qualifications

- Bachelor’s degree in IT, IS or related

degree with a Postgraduate degree is an

added advantage;

- Project management training

- Project Management Certifications such as

PMP, Prince 2 will be an added advantage.

2. Person Experience - A minimum of Three years of working

experience in ICT Project Management in a reputable Public or Private Organization

In case of a company, the contracted firm shall provide detailed CVs of the team

showing the qualifications and experience of key persons for the assignment. For each

specialist proposed, curriculum vitae shall be provided, maximum length five pages,

setting out relevant experience.



The duration of assignment will be pegged to duration of the project and/or contract

assigned.

5.7.5 Reporting

The managers contracted shall submit to the National Information Technology Authority

(NITA-U) all reports and documents in English in both soft and hard copies.

a) Inception Report

The firm / company/manager will provide upon award of the contract, the Inception

report that will detail the methodology that will be utilized in the implementation of

the project. The Inception report shall include the detailed Project Management Plan

which among other issues will outline the Project Implementation Plan (PIP) with

deliverables clearly spelt out with accompanying time lines, change control

procedures, risk management plans, communication plans, and human resource

plans etc.

b) Project Progress Report:

Comprehensive periodic progress reports as stated in the approved PMP.

c) Final Completion Report

The Final Completion Report will summarize all aspects of the assignment and will

include a record of a summary of the deliverables, lessons learnt, difficulties

encountered during execution of the assignment and the means employed to

overcome them, assumptions, etc.

d) Distribution of Reports

Distribution of reports by project managers will be as stipulated in the approved

Project Management Plan

5.8. LOT 8: DeG: Web Development

5.8.1 Background

National Information Authority – Uganda has a mandate to advise government on all matters of information technology development, utilization, usability and accessibility. It is also mandated to promote and provide technical guidance for establishment of IT services to Government.


In line with her mandate, NITA-U has developed website and social media

guidelines that will act as a control in improving online communication in

government. The focus areas are web, social media, email and telephony. We

are to conduct several web evaluations on various Government of Uganda

websites to determine those which fall below the minimum requirements.


minimum of three years related experience and a proven track record in online

communications and service delivery systems (web, social media, email and

telephony or mobile), who wish to carry out the design and development of

government online communication systems.


a) Global objective

The objective is to do an end to end online communication and service delivery

consulting for government agencies on behalf of NITA-U

b) Specific objective(s)

The consultant(s) will be required to provide advisory and technical services to

and on behalf of NITA – U in relation to its mandate as the IT advisory and

implementation arm of Government. The Directorate of eGovernance provides IT

Services to Ministries Departments and Agencies. The directorate would

therefore like to engage suitable qualified professionals to provide the above

services on behalf of NITA – U.

c) Required outputs

The consultant shall submit a fully functional web solution / system report, and

user manuals which shall include the following;

i. Study the existing online communications system(s); validate the

application and submission of reports with recommendations.

ii. Test / audit and deploy the web solution,

iii. Knowledge transfer to selected staff.

iv. Submission of final reports.



3) The expected number of key personnel in the team is four. The team will consist

of one team leader and three team members as a minimum.

They should have experience in the complete life cycle of systems development

(study, design, development, testing, implementation, training, troubleshooting

and support, etc.) using various operating systems (like Linux, windows, UNIX)

and tools and environments (like VB, .net , Oracle, Ms Access, Postgres etc.)


a. The Team Leader having Bachelor of Science computer Science,

computer application, IT, as well as professional certification in creative

design tools and project management skills are a prerequisite.

b. The Team Member having Bachelors in computer Science, computer

application, software engineering, IT, as well as professional certification in

creative design tools, advanced programming skills and data base

management.




5.8.5 Reporting

5) The project Report should comprise of an Executive Summary, project

implementation plan which should include, but not limited to, System

development methodologies, software and specialized applications.


7) A contact committee shall be setup to review the progress on completion of the

entire work at different stages or as and when necessary.




arrangements





debriefing.


5.9: LOT 9: DPRD: IT Standards and Frameworks Development Services

5.9.1 Background

As enshrined in the NITA-U Act 2009, Section 5(f), one of the core functions of NITA-U is to

set, monitor, and regulate standards for information Technology planning, acquisition,

implementation, delivery, support, organization, sustenance, disposal, risks management, data

protection, security and contingency planning.

NITA-U shall in performing above functions, consult and cooperate with other

Institutions/organizations with functions related to, or having aims or objectives related to IT

Standards development. Section 32(2) of the NITA-U Act 2009 (Relationship with other

Organization) mandates NITA-U to delegate any of its functions under the Act to any

organization.

In light of the above, NITA-U is seeking suitable individuals, firms/companies to develop IT

Standards, guidelines and frameworks. The successful individuals, firms/companies shall be

contracted from time to time to undertake the specific assignments as and when need arises.


1) Global objective

The global objective of the assignment is to undertake the development of IT Standards,

guidelines and frameworks for orderly development of the IT Industry in Uganda.


The specific objectives of the assignment shall include:

i. To identify areas within the IT Sector that requires standardization

ii. To develop and review IT standards in line with the ever changing environment

as well as advancement in technology

iii. To develop guidelines for the implementation of the already gazetted IT

Standards

iv. To build capacity of Government Institutions in the rollout and implementation of

IT Standards.

v. To develop Enterprise Architecture Framework/Blueprint for Government and the

e-Government Interoperability Framework


vi. To disseminate and create awareness on IT Standards, Enterprise Architecture,

e-Government Interoperability and Accreditation and Certification Framework

vii. To lobby for active participation and involvement of all stakeholders as well as

creating synergies in the development of IT Standards, Enterprise Architecture

for Government and the e-Government Interoperability Framework

viii. To establish collaboration in Accreditation and Certification, IT standards

development, implementation and enforcement with other local, regional and

international bodies.

3) Scope of Work

The successful individuals, firms/companies shall undertake the following tasks. Other areas

identified through consultation and engagement with NITA-U management and key

stakeholders shall be included as well:

a) IT Standards development Services

i. Identify and document priority areas for standardization within the IT Industry in Uganda

ii. Benchmark and document internationally recognized best practices in the development,

adoption, implementation and enforcement of IT Standards.

iii. Develop, review and update National and MDA IT standards in line with technology

advancement in the IT Industry

iv. Develop implementation guidelines for the already adopted and gazetted IT Standards

v. To develop, implement and maintain a framework, model, process and tools for the

development of National IT Standards, Procedures and Guidelines for IT service

delivery domains.

vi. Conduct capacity building for key stakeholders in the development and implementation

of IT standards.

vii. Create stakeholder awareness as well as conduct sensitize stakeholders on the

adoption, implementation and enforcement of IT Standards.


b) Framework development Services

viii. To develop an Enterprise Architecture Framework/Blueprint for Government including its

implementation and rollout plan.

ix. Develop an E-Government Interoperability Framework including its implementation and

rollout plan.

x. Develop strategy and plans for implementation of the Accreditation and Certification

Framework for IT Service Providers, IT Products, IT Training and IT Professionals

xi. Develop Framework for enforcement and monitoring compliance to both National and

MDA IT Standards

xii. Develop framework for advocacy and dissemination of National and MDA IT Standards,

Enterprise Architecture blueprint for Government, e-Government Interoperability

Framework and the Accreditation and Certification Framework

xiii. Develop Framework for capacity building in the development, implementation and

enforcement of IT Standards as well as Enterprise Architecture Blueprint for

Government, e-Government interoperability Framework and Accreditation and

Certification Framework

xiv. Create stakeholder awareness and sensitization on the Enterprise Architecture

Framework/Blueprint for Government and on the e-Government Interoperability

Framework

xv. Build capacity of key stakeholders in the implementation and rollout of the Enterprise

Architecture Blueprint and the e-Government Interoperability Framework

4) Required Outputs

The following are the desired outputs of the assignment:

i. Inception Report detailing the methodology and timelines for the task areas

ii. Documented list of priority areas for standardization within the IT Industry in Uganda

iii. National and MDA IT Standards and guidelines as agreed upon.

iv. Framework, model, process and tools for the development of National and MDAIT

Standards


v. An Enterprise Architecture Framework/Blueprint for Government

vi. An E-Government Interoperability Framework

vii. Framework for advocacy and dissemination of IT standards, Enterprise Architecture, E-

Government Interoperability and Accreditation and Certification Framework

viii. Strategy and Plans for implementation of the Accreditation and Certification Framework

ix. Framework for Capacity building in the development and rollout of IT Standards,

Enterprise Architecture for Government, e-Government Interoperability and

Accreditation and Certification framework

x. Framework for collaboration with local, regional and internationals standards,

Accreditation and Certification bodies in the development and implementation of IT

standards.


1) The expected number of key personnel in the team is Five (5). The team will consist of

one team leader and three (3) ICT Experts/Specialists and one (1) Legal Advisor/Officer

as a minimum.


a) A Team Leader

i. The team leader shall possess a Bachelor’s Degree in Computer Science or Information

Technology/Telecommunications/Electrical Engineering or a related relevant

qualification with proven additional training in planning, implementation, monitoring and

evaluation of IT Projects and programmes

ii. Possess Industry Certifications in IT Service Management, IT Governance, IT Security

ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.)

iii. At least 5 years’ experience working in the ICT field, with particular verifiable experience

in:

- Developing and implementing Policies, Standards & Guidelines, Frameworks,

Architectures and Strategies for ICT/IT, Management Information Systems, etc. at

organizational, national and regional levels


- Linking ICT to overall National and Regional Development plans

- Working knowledge of Government and IT Sector procedures and processes.

- Negotiation and conflict resolution skills

- Report writing

b) Three (3) ICT Experts/Specialists

i. The three (3) ICT Experts/Specialist shall each possess a Bachelor’s Degree in

Computer Science or Information Technology/Telecommunications/Electrical

Engineering or a related relevant qualification with proven additional training in

planning, implementation, monitoring and evaluation of IT Projects and programmes.

ii. Possess Industry Certifications in IT Service Management, IT Governance, IT

Security (ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.)

iii. At least 3 years’ experience working in the ICT field, with particular verifiable

experience and expertise in:

- Developing and implementing Policies, Standards & Guidelines, Frameworks,

Architectures and Strategies for ICT/IT, Management Information Systems,

etc. at organizational, national and regional levels

- Linking ICT to overall National and Regional Development plans

- Working knowledge of Government and IT Sector procedures and processes.

- Negotiation and conflict resolution skills

- Report writing

c) Legal Advisor/Officer

The Legal Service Officer shall possess the following minimum qualification and skills:

i. Bachelor Degree in Law with a diploma in legal Practice

ii. Postgraduate qualification in law or business administration

iii. A minimum of 3 years’ experience in legal practice or corporate legal services and

verifiable knowledge in the following:

- Accreditation & Certification of Training Institutions, Professionals, Service

providers and Products


- Implementation of legal and policy frameworks and policies to support

governance of IT delivery in the public and private sector.

- Excellent Knowledge of Contract, Commercial , Corporate Law and business

acumen

- National legal and policy framework for IT Service level Management

iv. Knowledge of the Ugandan Cyber Laws will be an added advantage.

v. Negotiation and conflict resolution skills

vi. Report Writing



6) The location (s) of assignment shall be as advised by NITA-U

5.9.5 Reporting

8) The Progress Reports for each task should comprise of an Executive Summary, Findings

and Recommendations to guide NITA-U Management especially where administrative

decisions have to be made.


10) Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA-

U.

11) A committee shall be setup to review the progress on completion of the entire work at

different stages or as and when necessary.


10) Interviews for the Team leader and the four (4) of the team members may be required

11) In case of the need to subcontract, NITA-U shall review and approve of such arrangements


13) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand

14) Management team member presence shall be required for briefing and/or debriefing.


5.10: LOT 10: PDRP: IT Training and Capacity Building Services

5.10.1 Background

Information and Communication Technology (ICT) is a key enabler in the enhancement of

Government services. An ICT-literate population, encompassing the necessary skills, will

enable the realization of ICT’s benefits and foster increased levels of service efficiency while

contributing positively to the economy. The government of Uganda has identified ICTs as one

of the rapidly growing areas that have the potential to ‘leap-frog’ the nation to benefit from the

globalized economy and has invested in initiatives to promote its development, however there

is no programme in place to enhance and equip the users with skills to utilize ICTs and reap

their benefits..

National Information Technology Authority (NITA-U) was established by the Act of Parliament

(National Information Technology Authority, Uganda Act of 2009) and was operationalized in

2010. The authority was charged with an overall mandate to coordinate, promote and monitor

the development of Information Technology (IT) in the context of social and economic

development of Uganda. In order to fulfill its mandate NITA-U seeks to develop, implement and

maintain a National IT Capacity building, Training and awareness framework, policy and

strategy.

In light of the above, NITA-U is seeking suitable individuals, firms/companies to provide IT

Training and Capacity Building Services. The successful individuals, firms/companies shall be

contracted from time to time to undertake the specific assignments as and when need arises


1) Global objective

The main objective this consultancy is expected to establish the National ICT capacity

targets which will enable systems, organizations and the actors therein to function more

effectively


The specific objectives include

i. To review the current situation and establish goals of the stakeholders and

identify their required ICT skills, competences, knowledge and training needs.

ii. To map the existing and available ICT skills, competences and knowledge. To

availability of required training courses.

iii. To identify the gaps between the current and required ICT skills and

competences and provide a roadmap on how these gaps could be filled


iv. To deliver Training Programmes that can address the identified gaps

3) Requested services/Scope of work

The Consult will be required to provide the following services

i. Undertake a capacity building needs assessment and strategy development

ii. Undertake Training Needs Analysis/ Skills Gap Analysis

iii. Develop an Action Plan

iv. Develop required Training Content and Training Plan

v. Deliver Training Programmes

vi. Design and develop a Training Needs Analysis and Skills Gap Analysis Monitoring

and Evaluation Framework;

vii. Identify Volume of ICT skills Demand, occupational categories that are in demand as

well as accompanying trends

viii. Identify supply base trends and suitability of current IT Curriculum of IT and

Computing Programmes

ix. Clarification of competencies - both technical and non-technical that are required for

the present and in future at varying levels in all sectors of the ICT industry

x. Designing E-learning Content

xi. Undertaking Instructional Design for e-learning modules

4) Required outputs

The deliverables for the assignment include

i. A Capacity Building Needs Assessment Report/ Training Needs Analysis Report/

Skills Gap Analysis Report

ii. A Capacity Building Action Plan/ Training Action Plan/ Training Programme

iii. Capacity Building/ A Training Needs and skills Analysis reporting and monitoring &

Evaluation Framework

iv. Customized Operational e-learning Platform

v. E-learning Content


1) The expected number of key personnel in the team is Three (5). The team will consist of

one team leader and three (1) ICT Experts/Specialist Surveys/ Needs Assessment Expert, (2)

Trainers, (1) E-learning Specialist


a) Lead Expert


i. Bachelor’s degree in Computer Science, Information Technology, Information Systems

or related area

ii. Professional qualifications in Capacity Building, Training or related area;

iii. A Postgraduate degree in Computer Science, Information Technology, Information

Systems or related area

iv. Experience in project and programme implementation;

v. At least 5 years’ experience at a senior level in the area of institutional

strengthening/capacity building in the public sector

vi. Demonstrated experience in capacity/training needs assessment and implementation of

training programmes

vii. Proven capacity to provide technical advice to and able to win confidence/trust of senior

government officials and other stakeholders

viii. Fluency in English, both spoken and written.

b) ICT Expert

(i) Should have a Post‐graduate Degree in any ICT related field

(ii) In‐depth knowledge and understanding of ICT and Capacity Building issues and relevant work experience

(iii) Experience in project and programme implementation

(iv) Experience in Survey Design and Methodology

(v) Knowledge of the government institutions

(vi) Minimum of 5 years of experience in institutional organization and business management in complex environments, previous experience with capacity Building Needs Assessment would be an asset.

c) Surveys/ Needs Assessment Expert

i. Bachelor’s Degree in Statistics OR Bachelor of Science (Statistics and Economics) and

any closely related qualification.

ii. Should have a Post‐Graduate Degree in Statistics, Demography or ICT related field;

iii. In‐depth knowledge and understanding of survey design and methodologies

iv. Experience in project and programme implementation;

v. Knowledge of the government institutions;

vi. Knowledge of capacity building instruments and methods

vii. At least 5 years of working experience in survey related work including questionnaire

design and elaboration of survey methodologies, experience in strategic processes

planning, in project management, drafting reports, working with Government institutions.


viii. Ability to analyze, plan, communicate effectively orally and in writing, draft report, solve

problems, organize and meet expected results, adapt to different environments (cultural,

economic, political and social.

b) E-learning Specialist

i. Has a Bachelor’s degree in a Degree in Education and a Postgraduate Qualification in

IT or related field.

ii. Has experience in authoring /programming and is able to develop the functionality and

design the graphical components of an e-learning module using an authoring program

and/or web development tools.

iii. Has skills and knowledge in e-Learning technology is able to configure/set up/update a

learning management system (LMS), software required for synchronous or

asynchronous communication, and any other software or tools required for the learning

environment.

iv. Competent in Instructional Design

v. Is knowledgeable about the latest developments in e-learning technology and trends

and how these can benefit the organization.

c) Trainer

Each trainer should have

i. A Bachelor’s degree in any ICT related field

ii. Professional qualifications in Capacity Building, Training or related area

iii. Has Demonstrated experience in

a. Learning and development Management

b. Learning and Development Assessment

c. Learning Design and development

d. Learning Delivery

e. Teaching and Subject Formation


1. The duration of this consultancy will be determined by the nature of the assignment

2. The location (s) of assignment shall be as advised by NITA-U

5.10.5 Reporting

1. The Progress Reports for each task should comprise of an Executive Summary,

Findings and Recommendations to guide NITA-U Management especially where

administrative decisions have to be made.


2. Unless otherwise stated, the reporting language shall be English.

3. Weekly activity reports, tasks to be performed and travel schedule to be submitted to

NITA-U.

4. A committee shall be setup to review the progress on completion of the entire work at

different stages or as and when necessary


1. Interviews for the Team leader and the four (4) of the team members may be required

2. In case of the need to subcontract, NITA-U shall review and approve of such

arrangements

3. English shall be the language of communication for all legal documents

4. For each assignment, a proposal shall be submitted that must contain a brief and clear

methodology to be used to accomplish the assignment at hand

5. Management team member presence shall be required for briefing and/or debriefing

5.11: Lot 11: PDRP: Project Quality Assurance / Monitoring & Evaluation

5.11.1 Background





development of Uganda.

NITA-U is mandated to co-ordinate, supervise and monitor the utilization of information

technology in the public and private sectors. In performing above function, NITA-U shall

consult and cooperate with other Institutions/organizations with functions related to, or having

aims or objectives related to project quality assurance / monitoring & evaluation services.

Section 32(2) of the NITA-U Act 2009 (Relationship with other Organization) mandates NITA-U

to delegate any of its functions under the Act to any organization..

In light of the above, NITA-U is seeking suitable individuals, firms/companies to project quality

assurance / monitoring & evaluation services. The successful individuals, firms/companies

shall be contracted from time to time to undertake the specific assignments as and when need

arises



1) Global objective

The main objective this consultancy is to assess the progress and impact of

projects/initiatives, activities in fulfilling the set objectives through the planned activities; to

assess the efficiency and effectiveness with which resources have been used to generate

results and achieve project objectives with special emphasis on impact and sustainability

and determine achievements and challenges encountered in the implementation in order to

influence policy decisions regarding the development IT in the country.

The focus will be on measuring achievements against the benchmark (baseline data),

assessing whether the envisaged outputs have been achieved and the contribution of the

projects towards the overall objective.


The specific objectives include

v. To analyze and interpret qualitative and quantitative data to gauge project/ Initiative/

activity impact;

vi. To monitor and evaluate the progress of the Project/ Initiative/ Activity on the basis of

indicators set out in the Project (if there are no indicators the consultant will develop

indicators)

vii. To develop a monitoring and evaluation system and documentation required for

evaluation of Projects/Initiatives/Activities in line with best international practices,

including data collection (questionnaires, interviews as applicable), analysis, and

interpretation of findings

viii. To establish procedures and data collection system and analyses tools for long term

impact evaluation of Projects/Initiatives/Activities

ix. To prepare detailed monitoring and evaluation manuals,

x. To conduct training of the selected staff in M&E to ensure that long-term capacity is

established in the NITA-U to monitor existing and future Projects/Initiatives/Activities,

xi. To produce interim and final M&E reports (which describe established monitoring

mechanisms and results of evaluation process).

xii. To undertake efficient and effective reporting on activities, accomplishments, and

results

3) Requested services/Scope of work

The Consult will be required to provide the following services

xii. Determine the extent to which the project outputs have been achieved taking into

account the indicators given in the project document.


xiii. Develop indicators in cases where they are lacking to be used in assessing the

achievements of the project so far.

xiv. Prepare Quality assurance and action plans.

xv. Prepare activity based project monitoring and Evaluation plans

xvi. A review of the annual work plans, progress reports, mission reports and mid-term

evaluation report for the projects/initiatives or activities;

xvii. Field visits to assess actual progress made in the implementation of various

activities.

xviii. Evaluate the level of contribution of the outputs towards the achievement of the

expected project objectives, goal and impact.

xix. Assess the relevance, effectiveness, and efficiency of interventions as well as, the

sustainability of the results, and the degree of satisfaction of the beneficiaries.

xx. Critically review the roles and responsibilities played by the various players and

stakeholders in project implementation. The review of the roles and responsibilities

should be linked to institutional mechanisms and implementation arrangements that

were put in place to facilitate the delivery of NITA-U objectives. The review should

also identify quality assurance measures put in place for NITA-U to effectively and

efficiently implement the project.

xxi. Identify major external factors that influenced or impacted on the implementation of

the project and evaluate their implication on future interventions.

xxii. Highlight lessons or good practices learned from the project and make

recommendations for future policies/strategies.

4) Required outputs

The deliverables for the assignment include

vi. A Quality Assurance Plan for projects/initiatives or activities

vii. A monitoring and evaluation system will all documentation required for evaluation of

Projects/Initiatives/Activities in line with best international practices.

viii. Procedures for data collection system and analysis for long term impact evaluation

of Projects/Initiatives/Activities


1) The expected number of key personnel in the team is four (4). The team will consist of

one (1) lead M&E expert, one (1) analyst and two (2) monitoring and evaluation officers


a) Lead M&E Expert

ix. Master’s degree in economics/statistics or in any related field in social/economic

sciences.


x. At least 5 years working experience in M&E related issues and/ development context.

xi. Experience in project and programme implementation

xii. At least 5 years’ experience at a senior level in the area of policy, planning and

management in the public sector

xiii. Good management and co-ordination skills, and experience on technical project

implementation Proven capacity to provide technical advice to and able to win

confidence/trust of senior government officials and other stakeholders

xiv. Expert knowledge of programme design (mainly log frame) or similar frameworks for

monitoring and evaluation.

xv. Excellent organizational and time management skills required to meet deadlines.

xvi. Competence in managing and implementing Information Technology (IT) projects.

b) Data Analyst

i. The applicant must have as minimum a degree in statistics/Quantitative economics and

should be comfortable with numbers and basic statistics coupled with the ability to

communicate findings and recommendations in conversational business formats.

ii. Knowledge of database management and statistical software programs including but

not limited to Microsoft Access, Excel, and SPSS understanding of basic multivariate

analysis like correlation, regression

iii. Knowledge of the sources of data and methods of obtaining data

iv. Strong analytical skills including analysis of both quantitative and qualitative data.

v. Experience in project and programme implementation

vi. Experience in Survey Design and Methodology and Data collection

vii. Knowledge of the government institutions

viii. Minimum of 5 years of experience in institutional organization and business

management in complex environments, previous experience with capacity Building

Needs Assessment would be an asset.

c) Monitoring and evaluation officers

i. The applicants must have as minimum a degree in statistics, Quantitative

economics, social / economic sciences or related field and should be comfortable

with numbers and basic statistics coupled with the ability to communicate findings

and recommendations

ii. Formal training in monitoring and evaluation will be an added advantage

iii. Excellent written communication skills

iv. At least 2 years of experience in activities and/or projects that involved working in

the ICT field

v. High degree of competence with MS Office applications: Word, Excel, PowerPoint,

Outlook.


vi. Knowledge of the sources of data and methods of obtaining data.


3. The duration of this consultancy will be determined by the nature of the assignment

4. The location (s) of assignment shall be as advised by NITA-U

4.11.5 Reporting

5. The Progress Reports for each task should comprise of an Executive Summary,

Findings and Recommendations to guide NITA-U Management especially where

administrative decisions have to be made.

6. Unless otherwise stated, the reporting language shall be English.

7. Weekly activity reports, tasks to be performed and travel schedule to be submitted to

NITA-U.

8. A committee shall be setup to review the progress on completion of the entire work at

different stages or as and when necessary


6. Interviews for the Team leader, Data analyst and two (2) of the team members may be

required

7. In case of the need to subcontract, NITA-U shall review and approve of such

arrangements

8. English shall be the language of communication for all legal documents

9. For each assignment, a proposal shall be submitted that must contain a brief and clear

methodology to be used to accomplish the assignment at hand

10. Management team member presence shall be required for briefing and/or debriefing

5.12: LOT 12: DeG: Business Analysis and Design

5.12.1 Background

NITA-U is mandated to promote and provide technical guidance for the establishment of e-Government, e-Commerce and other e-Transactions in Uganda. In order to effectively establish e-government systems in institutions, there is need to understand specific organizational challenges and needs so as to propose appropriate solutions for effective delivery of services to citizens using e-government.


1) Global objective


The consultant(s) will be required to provide advisory services in Business analysis for an

Institution to and on behalf of NITA – U in relation to its mandate as the IT advisory and

implementation arm of Government. The Objective is helping institutions implement technology

solutions in a cost-effective way by determining the requirements/business need for a project

or program, and communicating them clearly too all stakeholders, facilitators and partners.


The consultant(s) will be required to conduct the following specific objectives

1. To lead government institutions through the development of ICT business cases and obtains approval of senior management to proceed through the ICT investment process.

2. To Lead cross-functional business process re-engineering teams and continuous improvement efforts. Identifies opportunities for process improvement and makes recommendations to MDAs, including changes to job functions, elimination and /or creation of positions etc.

3. To develop technical solutions to government institutions by defining, analyzing and documenting requirements, managing requirements at the project level to fulfilling business needs.

4. To document /design business processes using relevant modeling techniques such as Use Case, Swim-lane, and Data Flow Diagramming;

5. To analyse processes to recommend fundamental process improvements to management which exploit technology components, eliminate redundant tasks, and/or minimize duplicationof effort;

6. To evaluate potential software solutions, including off-the-shelf and open source components, and the system architecture to ensure that they meet business requirements; ensuring alignment with architectural and technical standards;

7. Responsible to create of an accurate business requirements document and obtaining stakeholder and senior management’s approval;

8. To perform analysis and facilitates stakeholder consensus to create documented, agreed upon functional and non-functional business requirements and specifications

9. To analyse proposed Project Change Requests for impacts on documented Business Requirements and projected Business Benefits defined in the Business Case;

10. To develop or supports the development of training material; 11. To support development of procurement documents such as TORs, project proposals

and technical requirements



Conducts business requirements gathering in government institutions

Conduct business process reengineering in government institutions

Develops business proposals/business cases for the institutions based on

the business needs and what solutions are recommended.


Provide timely reports to NITA-U on the results from requirements

gathering and needs assessments.

Where required, conduct follow up on project implementation to ensure

the business case objectives are aligned.

4) Required outputs

It is expected that following the engagement of the consultant for a specific

assignment, the following should be the outputs.

Business requirements gathering and needs assessment report for

respective institutions as assigned by NITA-U.

Business proposals/Business cases and technical solution proposals for

respective institutions

Process re-engineering action plan for respective institutions

Terms of reference for the specified solutions for procurement purposes

based on the business need

Timely follow up reviews requested by NITA-U.


1) Number of requested experts per category and number of man-days per expert

or per category

Category: Business Analyst.

Number of required experts: 2 (two) expert

Number of man-days per expert: 20 working days


a. Category and duration of equivalent experience

Demonstrated knowledge of business analysis process

At least 4 (four) years’ experience in business analysis work in the IT

environment and evidence of a minimum of 5 assignments successfully

completed for a large organization or Government.


b. Education

Masters of Business Administration

Undergraduate degree in Information Technology or Business

Computing a suitable combination of a degree with Business

Analysis training and experience;

The following levels of education or certification would be

considered an asset:

o Certification in Business Analysis

o ITIL Certification

c. Experience

Evidence of similar assignments undertaken and successfully

completed for a minimum 4 (four) large organizations or

Government departments

d. Language skills

Proficiency in the English language

Consultant minimum requirement are as follows;

Excellent knowledge of the Business analysis process

Sufficient technical expertise in IT, project management and conducting

business needs assessments.

Excellent report writing skills


1) Starting period

As may be required and determined by demand from government institutions.







The assignments will be conducted onsite at the premises of the institutions

being analyzed. However, a combination of onsite and offsite assessments may

be adopted as deemed appropriate for the achievement of the objectives of the

assignment.



and duration.

5.12.5 Reporting

On the basis of reporting, the consultant should closely work under the guidance of

the Senior Business Analyst in the department of Strategy and Business

development, who is responsible for planning, executing and monitoring the

assignment as per the contract agreement with NITA-U

1) Content

The consultant will produce the documents and Reports in both electronic and

hard copy formats, as Microsoft Word documents, and submit them to the NITA-

U. The nature of the reports shall include;

a) Inception report that should outline the details of the approach,

methodology, work plan (including budget) and the timeline for all the

activities in assignment.

b) Periodic report on project progress and budget exhaustion.

(Daily/Weekly/Monthly)

c) Final report as per indicated in the approved timelines.

2) Language

The reports/documents as well as any annexures thereto shall be written in the

English language.


The draft reports/documents should be issued based on the timelines agreed

during inception of the assignment.


A minimum of 2 reports/documents spiral bound with appropriate stationery.


5.13: LOT 13: DFA: Financial Management and Accounting Services. 5.13.1Background





development of Uganda. In order to fulfill its mandate the Directorate of Finance and

Administration plays a role of support function to all other Directorates.

The Directorate mainly plays a critical but supportive role to the other directorates in the

delivery of the NITA-U mandate and strategic objectives.

These are some of the activities undertaken:

o In house run and maintain approaches,

o Insourcing using inter departmental technical teams,

o Independent private consultancies and,

o Outright acquisitions especially for equipment and supplies.

In light of the above, NITA-U is seeking suitable individuals, firms/companies to provide

Financial Management, Accounting and advisory Services. The successful individuals,

firms/companies shall be contracted from time to time to undertake the specific assignments

as and when need arises.

NITA-U is looking for a consultant/firm to support the Finance and Accounts department.

5.13.2 Description of Assignment

1. Global Objective

The global objective of the assignment is to develop and implement an effective Financial

Management & Accounting Systems and Tools, Policies and Procedures for optimal

sourcing and application of NITA-U Resources.

2) Specific Objective(s)

The specific objectives of the assignment shall include

a) The Consultant will be responsible for assisting in fulfilling all aspects of project, Government of Uganda accounting and financial reporting including advise on maintaining proper books of accounts on the computerized accounting system, advise on managing all bank accounts and petty cash transactions and advice on ensuring the reimbursement requests are reviewed and processed on a timely basis for eligible expenditures, timely


submission of withdrawal application for replenishment from the Bank of Uganda, advice on safeguard of NITA’s assets, advice on both internal and external audits of the Authority.

b) Use the NITA’s Standard Operating Procedures (SOP) and FMM as the financial framework to update the Financial Management Manual for the specific needs of NITA-U.

c) Strengthen the financial management capacity and provide oversight, monitoring and supervision of financial management team; and establish a safeguard mechanism for NITA’s assets

d) Advice and work closely with NITA’s management team on annual budget preparation.

e) Cash flow forecasting for NITA-U and its business projects at large.

f) Installation of the Computerized Accounting package and Billing systems, training of

Finance staff on how to use and support services after installation.

5.13.3 Scope of Service The financial consultant shall provide advice and assistance to NITA-U Executive management, projects and staff. This shall include but not limited to advice on preparing monthly management accounts and prepare financial planning and budgets, financial and management reporting, including reports for the Board, financial partners and the stakeholders. Responsibilities The Financial Consultant’s duties and responsibilities will include, but not limited to:

a) Participate to the implementation of Operational …. midterm review recommendation to improve the financial management system of NITA and adopting best international accounting standards, and the recommendation of External auditors and review

b) Contribute to design financial reporting formats that provide analysis and financial performance indicators,

c) Assess the staff capacity of NITA’s Finance Team, and recommend strategic steps for capacity building that will enable the team to carry out its mandates, roles and responsibilities.

d) Provide class-room and on-job trainings to assist NITA-U Finance Team in establishment and management of the Financial Management Mechanism including the use of an accounting system and preparation of financial reports.

e) Assist the management in ensuring that all expenditures are authorized in accordance with established financial procedures, with proper supporting documentation and are recorded in the computerized accounting system, and maintenance of supporting documentation in proper order and form for the project and Government of Uganda expenditures.

f) Assist in preparation of annual work plan and budget, disbursement projection and subsequent monitoring which include analysis and comment of variance. And coordinate with others stakeholders.

h) Ensure that all financial reports are prepared and submitted to relevant authorities in a timely manner


i) In collaboration with other staff, review and improve the accounting system to meet stakeholders requirements

j) Liaise with internal and external auditors on audit queries and advice accordingly. k) Provide monitoring tools of physical achievements against expenditure and, l) Perform other related duties as required

5.13.4 Reporting and Duration

The Financial Consultant will report to the Director Finance and Administration. The services are expected to continue through approximately 12 months, with possible extension based on the annual performance review and on the project work programs and based on funding. The progress Reports would be produced which include the Executive summary, findings and recommendations to guide NITA-U especially where admistrative decisions have to be made. 5.13.5 Location The Consultant will be based at NITA-U offices based at Palm Courts, Plot 7A Rotary Avenue (Lugogo By pass Kampala. 5.13.6 Knowledge and Skills The candidate/firm must have proficient knowledge in the following areas: Financial analysis Budgeting and budget analysis Mentoring and coaching Cash flow forecasting techniques. Financial performance review techniques Understanding of Government accounting Research and program development skills Computer skills with ability to use advanced spreadsheets and word programs Ability to work individually and provide training as above requirement Demonstrated ability to consult and work cooperatively with others. Effective communication skills with the ability to prepare reports, proposals, policies and

procedures Must demonstrate sound work ethics and maintain standards of conduct 5.13.7 Qualifications Minimum: Masters degree in Finance, Finance management,Bussiness administration, or

related field At least 5 years of work experiences in financial management, financial control, audit or

public or private institutions as a financial controller. Advanced knowledge of Government Accounting Software Full Membership of Internationally Recognized Professional Accounting Body (ACCA,

CPA,CIMA,CA)


Post Graduate qualification in a relevant field will be an added advantage.

Practising Certificate of Accountancy from the Institute of Certified Public Accountants Uganda(ICPAU)

Documents

DRAFT TERMS OF REFERENCE FOR CONSULTANCY … for... · DRAFT TERMS OF REFERENCE FOR CONSULTANCY SERVICES UNDER FRAMEWORK CONTRACTS SEPTEMBER 2014. ... LOT 9: DPRD: IT Standards and