Академический Документы
Профессиональный Документы
Культура Документы
For
Inspection Department
C-7, 8th Floor, Central Office, Bandra Kurla Complex, Bandra (E), Mumbai- 400 051, Maharashtra,
India
This document is the property of Reserve Bank of India (RBI). It may not be
copied, distributed or recorded on any medium, electronic or otherwise, without the RBI’s
written permission thereof, except for the purpose of responding to RBI for the said
purpose. The use of the contents of this document, even by the authorized personnel /
agencies for any purpose other than the purpose specified herein, is strictly prohibited and
shall amount to copyright violation and thus, be punishable under the Indian Law.
RFP for Audit Management and Risk Monitoring System, RBI
While RBI has taken due care in the preparation of this document and believe it to be
accurate, neither RBI nor any of its authorities, agencies, officers, employees, agents or
advisors give any warranty or make any representations, express or implied as to the
completeness or accuracy of the information contained in this document or any
information which may be provided in association with it.
The information is not intended to be exhaustive. Interested parties are required to make
their own inquiries and respondents will be required to confirm in writing that they have
done so and they do not rely only on the information provided by RBI in submitting
response to the RFP document. The information is provided on the basis that it is non–
binding on RBI or any of its authorities, agencies, officers, employees, agents or advisors.
RBI reserves the right not to proceed with the Project or to change the configuration of
the Project, to alter the time table reflected in this document or to change the
process or procedure to be applied. It also reserves the right to decline to discuss the
matter further with any party expressing interest. No reimbursement of cost of any type
will be paid to persons or entities expressing interest.
The proposal should be signed and submitted by a person duly authorized to bind the
bidder to the details submitted in the proposal. All pages of the RFP document are to be
signed by the authorized signatory. Any clarification sought can be E mail.
Any product name / function used in this document are meant to be generic and do
not refer to the product of any particular company. In case such proprietary terms
have been inadvertently mentioned then such terms should be taken to refer to the
generic technology.
RFP for Audit Management and Risk Monitoring System, RBI
Non-Disclosure Agreement:
All shortlisted bidders must sign the Non-Disclosure Agreement (NDA) for
participating in the Request for Proposal (RFP) process. Bidders must
comply with all clauses mentioned in the NDA. No changes to the NDA are
allowed. The NDA must be executed on the bidders’ company letterhead.
[Salutation]
Confidentiality Undertaking
We acknowledge that during the course of bidding for Request for Proposal (RFP)
floated for supply, implementation and maintenance of Audit Management and Risk
Monitoring System (AMRMS) in Reserve Bank of India (RBI), we may have access
to and be entrusted with Confidential Information. In this letter, the phrase
"Confidential Information" shall mean information (whether of a commercial,
technical, scientific, operational, administrative, financial, marketing, business, or
intellectual property nature or otherwise), whether oral or written, relating to RBI
and its business that is provided to us pursuant to this Agreement.
We agree to the terms set out below:
1. We shall treat all Confidential Information as strictly private and confidential
and take all steps necessary (including but not limited to those required by
this Agreement) to preserve such confidentiality.
2. We shall use the Confidential Information solely for the preparation of our
response to the RFP and not for any other purpose.
3. We shall not disclose any Confidential Information to any other person or
firm, other than as permitted by item 5 below.
4. We shall not disclose or divulge any of the Confidential Information to any
other client or vendor /implementation partner]
5. This Agreement shall not prohibit disclosure of Confidential Information:
We have read this Agreement fully and agree with its terms.
Yours sincerely
Table of Contents
1. Schedule .................................................................................................................................... 1
2. Introduction ............................................................................................................................... 2
2. 1 Background .......................................................................................................................... 2
2.2 Purpose of the Document .................................................................................................... 4
3. Structure of RFP ....................................................................................................................... 5
3.1 Annexure Seeking Response for Evaluation ..................................................................... 5
3.2 Definition of terms ................................................................................................................ 6
4. Overview of Present Audit and Risk Monitoring Universe in the Bank ......................... 8
4.1 Overview of Audit Universe ................................................................................................. 8
4.2 Overview of Risk Monitoring Universe .............................................................................. 12
5. Existing Information Technology (IT) Set-up in the Bank .............................................. 14
5.1 Existing Application and Interfaces ................................................................................... 14
5.2 Existing Data Centre set-up............................................................................................... 15
5.3 Software Licenses with the Bank ...................................................................................... 15
5.4 AMRMS Hardware Infrastructure ...................................................................................... 15
6 Requirement from AMRMS .................................................................................................... 16
6.1 Introduction ......................................................................................................................... 16
6.2 Detailed Scope of the Project:-.......................................................................................... 16
6.2.1 Planning: ...................................................................................................................... 16
6.2.2 Audit Input:- .................................................................................................................. 18
6.2.3 Audit Output/Reports:.................................................................................................. 19
6.2.4 Compliance Monitoring: .............................................................................................. 20
6.2.5 Risk Monitoring ............................................................................................................ 23
6.2.6 Incident Reporting ....................................................................................................... 24
6.2.7 Concurrent Audit & Statutory Audit: ........................................................................... 24
6.2.8 CSAA - Control Self-Assessment Audit :................................................................... 25
6.2.9 External Auditors (IS/ IT / Other audits)..................................................................... 25
6.2.10 Other Requirements: ................................................................................................. 25
6.2.10.1 Risk Classification/ Parameterization of Audits ................................................... 25
6.2.10.2 Document Management ........................................................................................ 26
6.2.10.3 User Management.................................................................................................. 26
6.2.10.4 Backup and Archiving ............................................................................................ 28
6.2.10.5 Activity log management ....................................................................................... 28
6.3 Technology Requirements ................................................................................................. 28
6.4 Security Requirements....................................................................................................... 29
RFP for Audit Management and Risk Monitoring System, RBI
11.3 Standards.......................................................................................................................... 59
11.4 Governing Language ....................................................................................................... 59
11.5 Applicable Law ................................................................................................................. 59
11.6 Notices .............................................................................................................................. 59
11.7 Right to alter the Requirements ...................................................................................... 60
11.8 Contract Amendments ..................................................................................................... 60
11.9 Use of Contract Documents and Information ................................................................ 60
11.10 Escrow ............................................................................................................................ 61
11.11 Indemnification ............................................................................................................... 61
11.12 Cancellation of Contract and Compensation .............................................................. 62
11.13 Earnest Money Deposit ................................................................................................. 62
11.14 Performance Bank Guarantee ...................................................................................... 63
11.15 Resolution of Disputes .................................................................................................. 64
11.16 Delays in the Bidder’s Performance............................................................................. 65
11.17 Liquidated Damages...................................................................................................... 65
11.18 Force Majeure ................................................................................................................ 66
11.19 Ancillary Services........................................................................................................... 66
11.20 Audits .............................................................................................................................. 66
11.21 Prices .............................................................................................................................. 66
11.22 Taxes and Duties ........................................................................................................... 67
11.23 Non Negotiability on RFP .............................................................................................. 67
12 Evaluation Process ............................................................................................................... 68
12.1 Objective of Evaluation Process ..................................................................................... 68
12.2 Technical Bid Evaluation Process................................................................................... 69
12.3 Scoring Methodology for Functional Requirements ...................................................... 70
12.4 Scoring Methodology for Product Structured Walkthrough & Presentation based on
PoC ............................................................................................................................................ 71
12.5 Scoring Methodology for Approach, Methodology & Implementation Strategy .......... 73
12.6 Scoring Methodology for Team Composition ................................................................. 74
12.7 Scoring Methodology for Past Experience(PE) in Banking Sector .............................. 75
12.8 Consolidated Score in Technical Bid Evaluation ........................................................... 75
12.9 Disqualification Parameters in Technical Bid Evaluation ............................................. 76
12.10 Commercial Bidding by Reverse Auction Process ..................................................... 76
12.11 Technical-Commercial Bid Evaluation.......................................................................... 79
13. Instructions for Tender submission ................................................................................. 81
13.1 Instructions for Tender submission ................................................................................. 81
RFP for Audit Management and Risk Monitoring System, RBI
1. Schedule
The following is an indicative timeframe for the overall process. The Bank
reserves the right to vary this time frame at its absolute and sole discretion and
without providing any notice/intimation or reasons thereof. Changes to the
timeframe will be relayed to the affected Respondents during the process.
1
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
2. Introduction
Reserve Bank of India (hereinafter referred to as the RBI or the Bank) desires to
procure an Audit Management and Risk Monitoring System (AMRMS) for the Bank
from potential shortlisted solution providers. The AMRMS will be a comprehensive
package to facilitate Internal Audit and Risk Monitoring functions of the Bank.
The Bank has 33 Central Office Departments located at Mumbai and has 19
Regional Offices, most of them in state capitals and 9 Sub-Offices. In order to
provide adequate training from time-to-time, Bank has established 2 Training
Colleges and 4 Zonal Training Centers at different parts of the country. Inspection
Department, one of the Central Office Departments is entrusted with the work of
performing Inspection/ Internal Audit of the other Central Offices, Regional Office,
Training Colleges/Centers, Subsidiaries and Data Centers. The Risk Monitoring
Department (RMD) is entrusted with implementation of Enterprise-wide Risk
Management System in the Bank. RMD has two divisions looking after operational
risks and financial risks.
2. 1 Background
The Bank has decided to implement AMRMS to carry out various audit and risk
monitoring related activities efficiently in a seamlessly integrated fashion, thereby
replacing the existing system which is partially computerized, mostly in regard to
compliance and follow up with regard to audit activities, and preparation of Risk
Register and Incident Reporting with regards to Risk monitoring activities. The
Inspection Department (ID) of the Bank currently uses separate templates for Risk
Ratings and also the Risk Registers provided by Risk Monitoring Department (RMD),
which, however, are not presently being kept at a single place for efficient usage and
updation. Further, there is no database readily available on risk scores and the same
is required to be manually prepared from hard / soft copies of reports. There is no
system for Auditee offices to check their compliance status or for the Department/
Top management to check the same independently.
2
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
AMRMS will be useful for inspection resource planning, recording audit observations,
generating audit reports, preparation of Risk Registers, analysis of data, preparation
of MIS reports such as Incident Reporting, Heat Maps, Risk Scores etc., for effective
compliance processing and monitoring of audit and risk monitoring functions. The
AMRMS would require preparation of detailed and logically sequenced checklist for
various processes undertaken by the business owner/auditees. The scalability that
would be provided by AMRMS would enhance the ability of the Inspection
Department to assess risk and controls and provide risk assurance by evaluating the
incident report and checklist / Risk Register, etc. Users from Inspection Department,
RMD and auditee departments can be differentiated in terms of user rights.
RMD database on Risk Register and Incident Reporting system is currently being
operationalized and would be integrated with AMRMS. RMD would require a
separate front-end access to the database for preparation / updation of the Risk
Registers and reporting of incidents. AMRMS would primarily handle the
requirements of the stakeholders as mentioned in Diagram 1.
3
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
This RFP is not an offer by the Bank, but an invitation to receive responses from the
Bidders. No contractual obligation shall arise from the RFP process unless and until
a formal contract is signed and executed by duly authorized official(s) of the Bank
with the selected Bidder.
4
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
3. Structure of RFP
This document is the master RFP consisting of:
• the overview of services to be provided by the selected Bidder;
• the current technology infrastructure in the Bank;
• an overview of the solution architecture, software, hardware and facilities
management services required from the Bidder;
• the technical and commercial evaluation methodology which shall be followed
to select the successful Bidder; and
• The terms and conditions to which this RFP and the Bidder responses shall
be subjected to. The Bank shall enter into a separate contract after selecting
the Bidder, which shall detail the terms and conditions.
5
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
6
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
under the purview of change management such as updates, bug fixes or any
other support as and when required.
• Annual Maintenance Contract (AMC) - Post implementation support will be
required during the AMC period on an off-site basis generally, however, on-
site support on need basis would be required to resolve any issues on
immediate basis.
• Change Management – Any request by the Bank that results in changes in
the structure of the application or a new module is added would be considered
as Change Management. Any minor changes required in the application such
as addition / deletion / alteration of a row / column / field, additional report,
menu items will not be considered as part of Change Management.
• Man-day – 9 hours of work of a qualified person.
• Week – 7 Calendar days.
• T – Technical Score of the Bidder
• THigh - The Bidder with the highest technical score shall be ranked as T1 and
be considered as THigh for the technical-commercial score
• C – The final price quoted by the bidder after Reverse Auction.
• CLow - The lowest Commercial Bid after ‘Reverse Auction’ would be declared
as CLow.
• TC1 – The successful Bidder after the ‘techno-commercial’ Bidding process
7
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The ID is also the Secretariat to the Audit and Risk Management Sub-Committee
(ARMS) of the Central Board of the Bank and also reports its assessments to them.
Additionally, it places the findings of Information Systems (IS) audits before the
Information Technology Sub-Committee (ITSC) of the Board. Audit observations
which have been classified as High Risk are placed before the Executive Directors’
Committee (EDC) / ARMS for their review and guidance. The Internal Audit function
constitutes a key dimension in the Bank's governance architecture.
8
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Ombudsman Offices (BO) and Associate Institutions (AIs) are taken up at different
periodicities ranging from 12 to 24 months.
Vertical Audit
A vertical audit is when all / few processes of CODs / across ROs are audited at a
time. In this type of audit it can be easier to see how the same process(s) are
implemented across the Bank. Vertical audit may assist in identifying whether
different procedures are being adopted for the same process across the Bank.
VA-PT discovers which vulnerabilities are present that can be exploited to cause
damage. Penetration tests attempt to exploit the vulnerabilities in a system to
determine whether unauthorised access or other malicious activity is possible and
identify which flaws pose a threat to the application. Penetration tests find exploitable
flaws and measure the severity of such flaws/ breaches.
The Bank generally outsources the conduct of VA-PT to an external service provider
which enables the IT security team of the Bank to focus on mitigating critical
vulnerabilities while the VA-PT provider continues to discover and classify
vulnerabilities.
9
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
10
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Under RBIA, Fact sheets are prepared in excel/word format for each of the work
area (Department/Section at Auditee Office) and reports are prepared based on the
fact sheet observations. Report is divided into sub reports – Functional and
Information systems. Each sub report contain observations about all the departments
in following format
i. Department/Section Name
ii. Functional Component Name
iii. Running Serial Number
iv. Observation
v. Risk Rating
vi. Fact Sheet reference number(s)
The IS Report has an additional column next to the Functional Component Name viz.
IS Domain Name.
Diagram 2 and Diagram 3 illustrate the process work of an audit and its audit
reporting, e.g. RBIA. The other audit types work flow and reporting follow more or
less the same process.
11
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
12
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
13
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Table 3 :
Various Applications
Application I Application II
Hardware Xeon server Xeon server
O.S. Win 2000/2008 server and web Win 2000/2008 server and web
based clients based clients
Software Application software developed in PeopleSoft HCM version 8.9
Java and Oracle Database customized to a large extent and
Oracle Database
RDBMS Oracle 11g z 196 z Linux Oracle 11g z 196 z Linux
14
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Table 4 :
Application VII
Hardware Intel System
O.S. Hyper V, Windows 2012
Software SAP HCM
Linkages CBS, ESCAMS, DMIS
with other
systems
RDBMS Sybase
15
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
16
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
17
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
9. The Application should also have the similar functionality with regard to audit
planning at the auditee office for all the inspections / audits conducted locally.
18
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
19
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
20
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
21
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
not be repeated across all the ROs. If, compliance is not submitted before
expiry of time line, then the paragraphs would automatically be termed as
outstanding and it shall be commented upon in the very next Audit/Inspection.
There shall be a system to monitor the paras treated as MNP (MNP-RAA) for
which timelines are fixed to take necessary further action. This system can be
auditee wise along with summarized report sorted time wise as well.
13. Search & MIS Report Generation: A facility to search compliance / Reports /
findings in terms of Departments / Offices / Areas or any other relevant
parameters with required data protection and user access controls is required.
Generation of reports related to status of compliance submission on user
defined parameters. Further, there should be a provision for the auditees to
view status of the compliance submitted.
14. The application should have the functionality of generating reports providing
assurance in terms of quality management of the audit reports by cross-
comparison of the similar / identical audit findings and the risk scoring.
15. The application should have the functionality of graphical representation and
generation of reports of risk movement of the processes / audit units /
Business Units, etc.
16. Notifications: The system would alert various stakeholders through
SMSs/emails at different levels at the time of generation of reports; reminders
for non-compliance; escalation of pending items to various higher levels,
critical issues, periodical pending status etc. Additionally system should also
raise an alert as per the assigned parameters / crossing of deadline given by
the auditee office / BU in the audit report.
17. The Application should also have the similar functionality with regard to audit
compliance at the auditee office for all the inspections / audits conducted
locally.
6.2.4.2 Compliance Monitoring of ARMS / CB/ CCB/ EDC/ ITSC and other
meetings.
1. Agenda Preparation: There may be a provision for providing an input for
Board / Committee meetings. The Agenda may be prepared from a set
template and downloaded in an editable Word format.
22
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
2. Minutes Preparation: The system may also provide functionality for capturing
the Minutes of the meeting and taking acknowledgment of the same through
email from the participants of the Meeting.
3. Follow-up of Action Points: The system may also provide way for tracking the
action points and compliance of the same from various Departments.
23
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
6. As and when any update / modifications are made to RR, the system should
notify ID and the concerned Department to the changes.
7. System should have the capability to generate reports for the various types of
Risks like inherent risk, residual risk etc of the processes / Risk Register in
various scenarios like when controls are effective/ ineffective / failed.
24
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
25
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
26
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
using the single sign-on feature of the Bank. The display of different modules
on the screen should be controlled by user access privilege rights and only
relevant required screen should be displayed.
5. An authorization matrix shall be put in place for providing privileges to the
users by mapping them to specific roles. Roles are broadly classified based
on the modules whereas privileges are what a user could do in each of the
role allotted to the user. Access controls and management, including user
creation with proper grouping and rights and all necessary services for user
management is to be undertaken in coordination with the ID’s officials at the
time of implementation.
6. There shall be provision for Audit Trails, Access Controls, Password controls
and Report Extraction Control etc. in line with IT policy of the Bank. Provision
to get a snapshot / report on the number of active / deactivated users, no of
Administrators / Super Administrators etc. should be provided.
Users:
A snap shot of various categories of users in Audit system and their functions in brief
are furnished below.
a) Planning User - Planning functions related to various audit activities, viz;
calendar preparation, allocation of resources, allocation of work areas to
auditors, availability of pre-audit data / information with respect to auditee,
calculation of man-days based on certain pre-determined parameters etc.
b) Auditor – Input of reports / factsheets / observations
c) PIO – view of all reports / status of report of assigned audit team members.
Ability to submit final report. Creation and modification of checklist
d) Follow up - Acceptance and closure of compliances, specific responsibilities
for compliance recording, submission to DGM/PCGM for approval/closure.
Periodical reporting of status of compliances, submission of comments on
periodical status reports received and generation of other MIS. Creation of
reports for ARMS / EDC meetings.
e) Risk Officer – There will be a Risk officer in each department / office who will
be tasked with the monitoring of Risk Register and incident reporting.
f) Concurrent Auditors / Statutory auditors – Internal/ External or a group of
auditors with a team leader – tasks to be performed are import/entry of
27
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
28
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
29
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
30
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
6.6 A few requirements which are not mentioned above, but are associated with the
same, may arise during the implementation period and should be considered within
the scope of the SRS at no extra cost.
31
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
7. Scope of Work
7.1 Introduction
The ‘AMRMS Project’ means the Project to implement an Audit Management and
Risk Monitoring System along with the integration/ interfacing with Banks other
existing suite of application packages/ existing/ proposed other systems. The term
AMRMS project also includes ongoing administration and maintenance of the
solution by the means of 3 years warranty and 4 years of maintenance post go‐live
of the AMRMS application in the Bank.
Based on the contents of the RFP, the Bidder shall be required to propose a
solution, which is suitable for the Bank, after taking into consideration the effort
estimated for implementation of the same and the resource and the equipment
requirements. The Bank expressly stipulates the Bidder’s selection under this RFP is
on the express understanding that this RFP contains only the bold provisions for the
entire assignment and that delivery of the deliverables and the services in
connection therewith are only a part of the assignment. The Bidder shall be required
to undertake to perform all such tasks, render requisite services and make available
all such resources as may be required for the successful completion of the entire
assignment at no additional cost to the Bank notwithstanding what is stated here and
what is not stated but underlying intent.
32
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Considering the nature of the assignment and the envisaged relationship with the
Bidder, any service, which forms a part of facilities management that is not explicitly
mentioned in this RFP but is relevant to the mentioned scope of the project, the
Bidder is expected to provide the same at no additional costs to the Bank. The
Bidder has to envisage all necessary services to be provided and ensure the same is
delivered to the Bank. The Bank will not accept any plea of the Bidder at a later date
for omission of critical services on the pretext that the same was not explicitly
mentioned in the RFP.
The Bidder may suggest amendments to the processes that would suit the product
solution offered for a seamless integration and document the same to suit the
33
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bidder is expected to prepare the Control Specification Document containing the
following details but not limited to:
1. Overview of the Process
2. Process flow diagrams including exceptional situations
3. Functional Description of each step
4. Database Schema for the Module
5. Document Management System and integration with database applications
6. Interaction logic of the modules with other Modules
7. Security features and how the existing Digital Signatures which are
currently being used for access to CHRS and existing Bank’s IT Security
Infrastructure be integrated with AMRMS
8. Configuration of each module / customization including field description
indicating data input format including details of all related parameterization
(standard available or customized)
9. Transaction flow between modules / customizations / interfaces
10. Restrictions to data entry
11. Mandatory fields
12. Optional fields
13. List of reports related directly/ indirectly to module(s)/ customization/
interface
14. Layout of each report and related customizations
15. Description and field description of each report
16. IT Security and Backup Architecture and parameterization with relevant
details
17. Abbreviations and Acronyms
34
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
35
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
It is expected that the vendor understand the current system / process design,
database architecture of COMORS and excel / word documents and plan for data
migration into the new system. All necessary tools/ queries required for extraction/
transformation and migration should be provided by the Bidder. It is the Bidder’s
responsibility to ensure accuracy, integrity and completeness of the data migration
from legacy applications to new AMRMS application.
To facilitate understanding of the existing data, Bank shall make available necessary
support (man-power and knowledge of formats). The extraction of data from the
existing system in the required format would be carried out by the bidder. Based on
the study of the existing data, the Bidder has to develop necessary data extraction
tool and provide necessary services for migrating the data.
In case, the data has to be committed through data entry, then the Bidder shall be
fully responsible for data entry and data accuracy. If any outsourcing is resorted to,
previous written permission of the Bank should be obtained before handing over the
work to the outsourced agents. Confidentiality of data should be maintained and the
vendor shall be fully responsible for any act of omission or commission of the agents
who act on behalf of the Bidder.
The Bidder would migrate all necessary data from the existing system / process to
the new AMRMS Application at the time of data migration. The Bidder is expected to
provide an Archival Solution for the historical data. The necessary configuration and
implementation of the archival solution shall be the responsibility of the Bidder.
The Bidder may engage a separate team to decide on data migration strategy and
carry out actual data migration concurrently with other phases of the project. It is also
expected that the user acceptance test is conducted on live data and therefore, for
that purpose live data need to be migrated to the test environment and once
certification for user acceptance is granted, then again live data need to be ported on
to the live system. However, all data should be migrated and audited before the go-
live of the project.
The Bidder shall formulate the detailed Data Migration Strategy and methodology
and submit the same to Bank for its approval before commencement of Data
36
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Migration task. The Bidder should draw a suitable strategy/plan to verify the
accuracy of the data before and after migration.
The Bidder shall provide the required upload formats as per the data structure/
format of the AMRMS application. The Bidder has to inform all the mandatory fields
required for migration and also provide the facility to upload the data with default
value for mandatory fields if the same are not readily available. There should also be
a facility to modify these mandatory fields subsequently by the Bank. In case default
value mapping for any field is to be done, such default values which shall be used
are to be approved by the Bank.
The Bidder shall assist the Bank during the data cleansing and validation exercise of
the data migrated from the legacy systems.
The Bank reserves the right to audit the data migration by external/internal auditors
and any gaps/discrepancies found during the audit are to be rectified by the Bidder.
The Bidder has to conduct mock data migration to confirm the accuracy of the data
migration tool developed.
The Bidder should provide facility for capturing the data through data entry
module/screen, which arises out of the gap between the data available in the legacy
process / system and that required by the proposed system. The data entered
through such screens is to be validated and it is to be uploaded by the Bidders.
It is clarified that the ownership of data shall at all times remain with the Bank and
the Bidder shall be responsible to maintain complete confidentiality of the same.
Bidder shall be responsible for all loss, inaccuracies, and discrepancies in data
arising out of data migration at any time during the currency of the project.
7.6 Implementation
The Bidder shall suggest solution architecture and rollout sequence with a detailed
rationale for the same, the Bank shall suggest changes to the same to meet desired
milestones.
37
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bidder shall give a detailed documentation on the gaps and customization
required – module-wise and how it would be integrated with AMRMS application.
The document should contain both the technical and the functional details along with
the timeline of the customization required.
The Bidder shall ensure that they have the necessary infrastructure and people in
place to resolve all the gaps within the timelines agreed for the implementation and
roll out.
The Bank may during the process of implementation, identify gaps that may not have
come to light during gap analysis and the Bidder should also undertake modification/
customization of such gaps that may be brought to the notice of Bidder during project
implementation. The Bidder should carry out all such modifications, customization at
no additional cost.
The Bidder should ensure that while applying software patches and in the version
migration, the customized software is also properly migrated to such higher
versions or extended versions. It is the Bidder’s responsibility to ensure that any
customization is compatible with upgraded applications / modules
The Bank will not entertain any change requests / cost escalation from the Bidder for
functionality which as per Bidders response is already present in a standard audit /
risk management application at the time of signing the contract or required by the
Bank as part of the RFP or is typically part of an AMRMS solution.
38
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
requirements and add any further items required for interfaces as per Bank’s existing
IT environment and functional requirements. The bidder would be required to make
available the API (Application Programmable Interface) to interface with any other
applications running in the Bank and API should also be provided in AMRMS so that
other applications running in the Bank may be able to connect to AMRMS with due
authorizations. Primarily, the applications listed in Chapter 5 would need an interface
with the AMRMS Application at present.
While developing the interface, the Bidder should ensure and incorporate all
necessary security and control features within the application, OS, database,
network, etc. so as to maintain integrity and confidentiality of the data in all stages to
the extent applicable to AMRMS. All data communications should be in encrypted
form.
The test environment, which has to be set up within the scope of the project includes
the requirement of the interfaces, customization and data migration testing also and
the Bidder has to provide necessary test cases and tools for testing.
7.6.3 Execution
After the successful Test run, the application would ‘Go-live’ from the Data Centers.
The Bidder should customize all the parameters in the application software as
accepted in the test environment. The Bidder shall be responsible for accuracy of the
parameters set according to business needs of the Bank.
Complete Roll-out of the project should be within 4 months from the date of signing
of the Contract.
The Bidder for this purpose shall set up the production Server at Data Centre (DC)
and also carry out the migration of data as explained in the document from ID/RMD
to the DC. The Bidder has to undertake all the necessary activities to go-live at ID/
RMD/ CODs / ROs and Data Centres.
39
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The implementation phase shall be deemed as completed in all respects only after
• All the Applications and Services including Training, Documentation and
Interfaces are implemented as per the intent of this RFP;
• Enabling all the functionalities mentioned in Chapter 6 of this RFP, i.e. go live;
• All the related trainings are completed and post training assessment and
rectification of gaps, if any.
The Bidder is expected to state the implementation plan and methodology and
Bank’s team and the vendor shall jointly decide the roll out methodology including
parallel run.
40
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Bank will start its independent UAT only after the first round clearance from the
Bidder. The results thereafter will be jointly analyzed by all concerned parties. Only
after this clearance and acceptance should the Bidder move in for the rollout. The
Bidder should take note that the timelines for implementation should factor in these
as well.
41
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
would be required to provide support to the Banks’ Team for the above mentioned
training, if required.
The bidder would also be called to provide 2 days of training annually post-AMRMS
implementation to the core-users.
The software should also have a built-in help module along with on-line tutorial and
e-learning module with regards to all the functionalities of AMRMS.
7.8 System Integration Testing (SIT) and Users Acceptance Testing (UAT)
The Bidder should carry out a thorough System Integration Testing (SIT). SIT will be
followed by User Acceptance Testing (UAT), plan for which has to be submitted by
the Bidder to the Bank. The UAT includes Functional tests, Resilience tests,
Benchmark Comparisons, Operational tests, Load tests etc. Banks staff/ third Party
Vendor designated by the Bank will carry out the UAT. The RBI UAT Team will need
necessary on-site training for the purpose and the same should be provided by the
Bidder. Bidder should submit result log of all tests to the Bank.
The Bidder shall fix the Bugs and carry out the necessary rectifications wherever
necessary and deliver patches/version towards changes effected within the agreed
time frame depending on the severity of the bug. On satisfactory completion of the
aforementioned tests, the User Acceptance Test (UAT) letter will be issued to the
vendor by the Bank.
The Bank shall accept the application software only after the critical or major bugs
are fixed. The Bank shall not be obliged to make partial acceptance or accept the
solution unless the solution meets the specifications and the team composition is as
per agreed service levels.
7.9.1 Warranty
It would be mandatory on the Bidder to provide a Warranty for 3 years for the
product. The Warranty period of three (3) years would commence from the date of
42
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
issue of Completion Certificate by the Bank. During the Warranty period the Bidder
would be required to undertake all necessary modifications not falling under the
purview of ‘Change Management’ such as updates, bug fixes, changes in the
application or any other support as and when required at no extra cost.
During the first year of warranty, the Bidder will be required to provide on-site
support, extendable at the Bank’s discretion. It is envisaged at this stage that the
next two years of warranty would be on off-site support basis. Any major changes in
the application which will fall under the ‘Change Management’, the vendor will be
paid separately.
7.9.2 AMC
The Bank will enter an AMC agreement with the vendor for 4 years after the expiry of
3 years of warranty. The support extended during the Warranty Period as mentioned
in Chapter 7.9.1 would also be applicable during the AMC period on an off-site basis.
Any major changes in the application which will fall under the ‘Change Management’,
the vendor will be paid separately.
During each year of the AMC, the Bank reserves the right to use 30 man days’ worth
of effort for changes, development or customizations, any other support etc. The cost
of these additional 30 man days should be part of the commercial bid submitted to
the Bank, as a part of the AMC charges. No extra charge will be paid in this regard.
Till the end of the AMC period, if the total change request and onsite support for
Application maintenance requires work of less than 30 man days each year
respectively, no payment would be made in this regard. Any effort over and above
this would only be paid. Any part of the 30 man days effort left over in any year will
be carried over to the subsequent year and so on till the end of AMC period.
Any additional charges beyond the above prescribed period of 30 man days per
year, would be paid as per the rate mentioned by the bidder while submitting the
commercial bid / the negotiated price by the Bank in this regard. The change
management charges as mentioned by the vendor in the commercial bid annexure
will not be a part for commercial bid evaluation.
43
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Any standard functionality available in the proposed AMRMS would not form part of
the Change Request submitted by the Bidder. Bidder should provide and implement
any security patches/ upgrades/ updates for Software/ OS/ Middleware etc. as and
when release by the Vendor/ OEM or as per requirements of the Bank and the same
shall not be included as a part of change management. Bidder should bring to notice
of the Bank all release /version change. Bidder should obtain a written permission
from the Bank before applying any of the patches/ upgrades/ updates.
All change requests should be documented and should have a numerically assigned
number in sequential order. A database of all change requests should be
maintained, and the Bidder should deploy an automated change management
application. All change requests should be classified, and approval and escalation
mechanisms should be defined as per classification.
The change request should include an appropriate roll back mechanism which is
identified and tested if changes are not successful. The Bank would initiate or invoke
penalty clause in case of repeated roll-back of change request (more than 2 roll
backs).
44
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
All changes should be reviewed and the databases of changes should be reviewed
for any actions taken post implementation. Emergency change requests should
follow a defined and controlled process.
The Bidder should quote the unit costs (man day charges) for affecting the Change
Management Requests as per Annex 14. During the second year onwards of the
support period, the changes in the quoted rate would be calculated as per the
indexation formula given in Chapter 9.3 and the same would be valid for the entire
period of support (3 years of Warranty and 4 years of AMC).
Deployment
3. Customization / Development of AMRMS Within 60 days from calendar
date of Signing off of the SRS
45
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
7.11 Security
The Bank would reserve the right to conduct a Vulnerability Assessment and
Penetration Testing (VA-PT) of the application post implementation by hiring external
experts. Any security issues thrown up by the audit would need to be fixed by the
Bidder at his own cost.
46
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
8 Responsibility of Bidder
The main responsibly of the bidder would be as under:
1. Receipt of Letter of Intent
2. Study of Business Requirements
3. Gap Analysis
4. Contract development and signing
5. Application specific Business Process Re‐engineering report, Blueprint/
Software Requirement Specification document, Segregation of Duties,
Authorization Matrix, Change document etc.
6. Data Migration tools development
7. Implementation at Data Centres
8. Installation of OS / RDBMS / Application software
9. Customisation
10. Interface development
11. Implementation of Security Policies
12. Testing
13. Core Team Training
14. End User Training
15. Roll out
16. Data Cleansing
17. Feedback / Simultaneous fine tuning
18. End User Manual / Online tutorial
Bidder’s deliverable should encompass the off-the-shelf product, any 3rd party
applications, interfaces, customizations required for the successful completion of the
project.
47
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
It will be the sole responsibility of the Bidder to get the proposed technical solution
vetted by the OEM as part of the response, if he is not the OEM; and submit a copy
of the same to the Bank confirming their partnership regarding the implementation of
the AMRMS project. However, the Bidder only should collaborate with the OEM at all
stages of AMRMS implementation to the satisfaction of the Bank. The Bidder needs
to adhere to the project timelines at all costs irrespective of any constraint being
faced by the OEM. The bidder will only be responsible for any loss, damage, late-
payment, penalty arising out of non-fulfillment of obligations by OEM.
48
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
49
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
be calculated as during the Warranty and AMC period would be made as per the
indexation method as mentioned in Chapter 9.3.
The bidder should indicate the rate in INR charged for Change management
requests separately in the Annex 14, however the same would not be considered for
commercial bid evaluation.
9.2 Hardware Costs (DC & DRC for AMRMS & Other Third Party Applications)
The Bank expects to host the application on the Banks existing hardware
infrastructure. The Bidder is expected to propose the required hardware at the data
center, near site disaster recovery center and far site disaster recovery center, for
the deployment of the entire AMRMS application proposed including third party
applications. The Bank will scrutinize the same and if necessary will procure any
additional necessary hardware, or install/ implement the same on the existing
available hardware. The bidder is expected to study & examine the existing
hardware available at RBI as mentioned in Chapter 5 in this regard.
50
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
51
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
period and subsequent agreement should be included in the bid amount and the
Bidder shall not be entitled to charge any additional costs on account of any items
or services or by way of any out of pocket expenses, including travel, boarding and
lodging etc.
The prices quoted will also include transportation to respective sites. The price
payable to the Bidder shall be inclusive of carrying out any modifications/
changes/ upgrades to the AMRMS or other application software or equipment
that is required to be made in order to comply with any statutory or regulatory
requirements or any industry‐wide changes arising during the subsistence of the
implementation of the Project, and the Bank shall not pay any additional cost for the
same. Bidder needs to provide the details about all such items considered in the
RFP.
The prices quoted by the Bidder fees shall be inclusive of all costs such as
insurance, taxes (including service tax, as per the rates applicable), custom duties,
octroi, levies, cess, transportation, installation, (collectively referred to as “Taxes”)
that may be levied, imposed, charged or incurred and the Bank shall pay the fees
due under this RFP and subsequent agreement after deducting any tax deductible
at source (“TDS”) or any other cess/taxes, as applicable at the time of payment of
invoices. The Bidder will need to provide the details for the tax rates as considered
in the pricing. This will be used for subsequent tax changes. RBI shall pay each
undisputed invoice raised in accordance with this RFP and subsequent
agreement, within thirty (30) working days after its receipt unless otherwise
mutually agreed in writing, provided that such invoice is dated after such Fees have
become due and payable under this RFP and subsequent agreement, if any. Any
variation in Government levies/ taxes/ VAT/ cess/ excise/ custom duty /Octroi etc.
which has been included as part of the price will be borne by the Bidder. The
Bidder should not make any conditional or vague offers which are not in conformity
with the guidelines given in the RFP.
If any Tax authorities of any state, including, Local authorities like Corporation,
Municipality, Mandal Panchayat, etc. or any Central Government authority or
Statutory or autonomous or such other authority imposes any tax, penalty or levy or
any cess/ charge other than entry tax or octroi and if the Bank has to pay the same
for any of the items or supplies made in terms hereof by the Bidder, for any reason
including the delay or failure or inability of the Bidder to make payment for the same,
52
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
the Bank has to be reimbursed such amounts paid, on being intimated to the Bidder
along with the documentary evidence. If the Bidder fails to reimburse the amount
within a fortnight, the Bank shall adjust the amount out of the payments due to the
Bidder (Project Cost/ AMC/ BG) from the Bank along with the 12% (twelve per cent)
interest annually recoverable quarterly.
The penalty for delay / non-performance of service as mentioned in Chapter 10
during the Warranty / AMC period shall be deducted from the next payout.
Terms of payment indicated in the Contract that will be issued by the Bank to the
selected Bidder will be final and binding on the Bidder and no interest will be
payable by the Bank on outstanding amounts under any circumstances. If there are
any clauses in the Invoice contrary to the terms of the Contract, the Bidder should
give a declaration on the face of the Invoice or by a separate letter explicitly stating
as follows “Clauses, if any contained in the Invoice which are contrary to the terms
contained in the Contract will not hold good against the Bank and that the Invoice
would be governed by the terms contained in the Contract concluded between the
Bank and the Bidder”. Bidder should ensure that the project should not suffer for this
reason.
The Bidders should note that the contract entered with the successful Bidder
will be for implementation and post go‐live period of 7 years, extendable at the
Bank’s discretion. However, the Bank will have the right, in its sole discretion to
renegotiate the prices/ terms and conditions at the end of the contract period.
53
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
SBOH ‐ SBDT
BU (%) = ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ * 100
SBOh
The “Scheduled Business Operation Hours” for a given time frame are
calculated after deducting the planned downtime which can be taken on the
system only with prior notice to the Bank and with mutual consent of the Bank and
the Bidder.
“Business Downtime (BDT)” is the actual duration for which the system was not able
to service the Bank, due to System or Infrastructure failure as defined by the Bank
and agreed by the Bidder. The "Business Downtime" would be calculated on daily
basis and for all performance appraisals, the daily downtime would form part of
core measurement for assessment/escalation/penalty, etc.
The “Working Hours” for all the Offices are from 9:00 AM to 6:30 PM.
“Business Operation Hours” for Data Centre and Disaster Recovery Centre would be
24x7x365.
Bank requires that all operations at the Data Centre and the Disaster Recovery
Centre related to the proposed solution are supported 24 x 7 x 365 during the
warranty and AMC period.
54
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Any failure in the primary DC should result in automatic switch over to the DR. The
time taken to switch over to DR sites due to complete failure of the DC shall not be
considered for TTR computation.
55
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
TTR shall be computed as total downtime per month. The TTR values given in the
above table therefore, define the maximum acceptable downtime in the specified
time and conditions.
A failure that does not result into a level 1 or level 2 incident, is still required to be
resolved by the Bidder in maximum 2 working days.
Service Degradation is a scenario where the service quality degrades for a
continual period by more than 20% of expectation at any point (measured in terms
of response time).
10.6 Penalties
Business Utility and Business Downtime would be the key considerations for
determining the “Penalties” that would be levied on the Bidder for “Non‐Adherence” to
the SLA for the Services offered.
The inability of the Bidder to provide the requirements as per the scope or to meet
the deadlines as specified would be treated as breach of contract and invoke the
Penalty Clause.
The maximum limit on the penalties during the period of contract shall be 10% of the
total contract value.
The applicable “Penalties” would be the same irrespective of the root causes.
56
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Table 7: Penalties
Criticality
Elapsed Time of
unavailability for end Level 1 (INR) Level 2 (INR)
users
Up to 12 hours 1.25 times man hour/day rate
charged for change management
by the bidder.
Up to 24 hours 1.5 times man hour/day rate 1.25 times man hour/day rate
charged for change management charged for change management
by the bidder. by the bidder.
Greater than 24 hours 1.75 times man hour/day rate 1.5 times man hour/day rate
charged for change management charged for change management
by the bidder. by the bidder.
The Payouts shall be on an annual basis and penalty shall be deducted from the
next payout (Warranty / AMC / BG).
57
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The following are the general terms and conditions proposed to be included in the
Contract. The Bank reserves the right to add, delete, modify or alter all or any of
these terms and conditions in any manner, as deemed necessary before signing the
final agreement.
The Bidder, selected for the AMRMS project, will have to enter into a contract
agreement directly with the Bank. The contract agreement will contain various terms
and conditions relating to payment, delivery, installation & operationalisation,
training, commissioning & acceptance, support during periods of warranty &
maintenance, penalty due to delay in performance etc. All the diagrams, drawings,
specifications and other related literature & information, provided by the Bidder for
the solution and agreed to by the Bank, will also form a part of the agreement.
The successful Bidder should initiate work on the project within one week of signing
of the contract.
The successful Bidder at his own expense will register the contract agreement by
paying the appropriate amount of stamp duty. The first page of the contract
agreement shall be on a stamp paper of appropriate value. The stamp duty and
contract agreement will be based out of Mumbai jurisdiction only.
The bill for the services rendered should be furnished along with the prices thereof,
as per the terms and conditions contained in this document. The successful Bidder
will ensure that the prices quoted are reasonable and in the range of prices for
similar / same services available in the market.
11.2 Application
For the purpose of the Purchase Agreement as well as for the purpose of the Tender
Document, the Purchaser is:
58
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
11.3 Standards
The services and other materials including all deliverables and reports under the
contract shall conform to the standards / best practices as mentioned in this RFP
document as well as the Technical Bid submitted by the Bidder and/or agreed
between the Bank and the Bidder, and when no applicable standard is mentioned,
the services/products/deliverables shall be supplied under the authoritative and
appropriate international standards of the such services/products/deliverables and
such standards shall be the latest issued by the concerned institution/s.
11.6 Notices
Any notice given by one party to the other pursuant to the contract shall be sent to
the other party (as per the address mentioned in the contract) in writing either by
hand delivery or by registered post or by courier and shall be deemed to be complete
only on obtaining acknowledgement thereof; or by facsimile or by other electronic
media and in which case, the notice will be complete only on confirmation of receipt
by the receiver.
59
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bidder agrees that the Bank has no limit on the additions or deletions on the
items for the period of the contract. Further, the Bidder agrees that the price quoted
by the Bidder would be proportionately adjusted with such additions or deletions of
requirements.
Any document, other than the Contract itself, shall remain the property of the Bank
and all copies thereof shall be returned to the Bank on termination of the Contract.
The successful Bidder shall not, without the Bank’s prior written consent, make use
of any document or information above except for the purposes of performing the
Contract.
60
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
11.10 Escrow
Intellectual property rights for all modules/ product developed especially for the Bank
and integrated in the Bank’s AMRMS will rest solely with the Bank. However, in the
case of the AMRMS being a customized product and difficult to concede the IP rights
by the bidder, Escrow arrangement should be made to deposit the source code of
the proposed solution. A certificate in the format as per Annex 11 should be
submitted along with the RFP documents.
The successful bidder shall, within 30 Business Days from the receipt of completion
certificate from the Bank, deposit the Software in human readable form and such
other material, instructions and documentation (including updates and upgrades
thereto and new versions thereof) as are necessary to compile or otherwise generate
the then current version of the Software supplied to the Bank in escrow with a
suitable escrow agent jointly appointed by the Bidder and the Bank. All costs
incurred in connection with the escrow shall be borne by the Bank, other than the
travelling and other expense of Bidders Personnel.
11.11 Indemnification
The successful Bidder shall, at its own cost and expenses, defend and indemnify the
Bank against all third-party claims including those of the infringement of Intellectual
Property Rights, including patent, trademark, copyright, trade secret or industrial
design rights, arising from use of the Products or any part thereof in India or outside
India.
The successful Bidder shall expeditiously meet any such claims and shall have full
rights to defend itself therefrom. If the Bank is required to pay compensation to a
third party resulting from such infringement, the Successful Bidder shall be fully
responsible therefor, including all expenses and court and legal fees.
The Bank will give notice to the successful Bidder of any such claim and shall
provide reasonable assistance to the Successful Bidder in disposing of the claim.
The successful Bidder shall also be liable to indemnify the Bank, at its own cost and
expenses, against all losses/damages, which the Bank may suffer on account of
violation by the Successful Bidder of any or all national/international trade laws,
norms, standards, procedures, etc.
61
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
• The selected Bidder commits a breach of any of the terms and conditions
of the bid/contract.
• The Bidder goes into liquidation voluntarily or otherwise.
• An attachment is levied or continues to be levied for a period of 7 days
upon effects of the bid.
• The progress regarding execution of the contract, made by the selected
Bidder is found to be unsatisfactory.
• If deductions on account of liquidated Damages exceeds more than 10%
of the total contract price.
After the award of the contract, if the selected Bidder does not perform satisfactorily
or delays execution of the contract, the Bank reserves the right to get the balance
contract executed by another party of its choice by giving one months notice for the
same. In this event, the selected Bidder is bound to make good the additional
expenditure, which the Bank may have to incur to carry out bidding process for the
execution of the balance of the contract. This clause is applicable, if for any reason,
the contract is cancelled.
The Bank reserves the right to recover any dues payable by the selected Bidder
from any amount outstanding to the credit of the selected Bidder, including the
pending bills and/or invoking Bank Guarantee, if any, under this contract or any other
contract/order. Work, Study Reports, documents, etc. prepared under this contract
will become the property of the Bank.
The EMD of unsuccessful Bidders shall be returned within 30 days from the
declaration of the disqualification of the respective Bidder. The EMD of the
62
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
successful Bidder shall be returned after the successful Bidder furnishes the
Performance Bank Guarantee.
The amount of Earnest money deposit would be forfeited in the following scenarios:
• In case the Bidder withdraws the bid prior to validity period of the bid for
any reason whatsoever;
• In case the successful Bidder fails to accept and sign the contract as
specified in this document for any reason whatsoever; or
• In case the successful Bidder fails to provide the performance bank
guarantee within 30 working days from the date of placing the order by the
Bank or signing of the contract, whichever is earlier, for any reason
whatsoever.
within thirty (30) working days of the date of notice of award of the tender, a
Performance Bank Guarantee from a scheduled commercial bank, payable on
demand in terms of Annex 2, for an amount equivalent to ten percent (10%) of the
contract price (TCO) for the due performance and fulfilment of the contract by the
Bidder.
Without prejudice to the other rights of the Purchaser under the Contract in the
matter, the proceeds of the performance bank guarantee shall be payable to the
Bank as compensation for any loss resulting from the Bidder’s failure to complete its
obligations under the Contract. The Bank shall notify the Bidder in writing of the
invocation of its right to receive such compensation, indicating the contractual
obligation(s) for which the Bidder is in default.
63
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Performance Bank Guarantee may be discharged upon being satisfied that
there has been due performance of the obligations of the Bidder under the contract.
The Performance Bank Guarantee shall be valid till the end of the contract.
Failure of the successful Bidder to comply with the above requirement, or failure of
the Bidder to enter into a contract within 15 working days from the formal intimation
of issuing the letter of intent or within such extended period, as may be specified by
the Principal Chief General Manager, Inspection Department, Reserve Bank of India,
shall constitute sufficient grounds, among others, if any, for the annulment of the
award of the tender.
All dispute or differences whatsoever arising between the selected Bidder and the
Bank out of or in relation to the construction, meaning and operation or effect of the
Contract, with the selected Bidder, or breach thereof shall be settled amicably. If,
however, the parties are not able to resolve any dispute or difference
aforementioned amicably, after issuance of 30 days’ notice in writing to the other,
clearly mentioning the nature of the dispute / differences, to a single arbitrator,
acceptable to both the parties, for initiation of arbitration proceedings and settlement
of the dispute/s and difference/ strictly under the terms and conditions of the
purchase contract, executed between THE BANK and the Bidder. In case, the
decision of the sole arbitrator is not acceptable to either party, the disputes /
differences shall be referred to joint arbitrators, one arbitrator to be nominated by
each party and the arbitrators shall also appoint a presiding arbitrator before the
commencement of the arbitration proceedings. The arbitration shall be governed by
the provisions of the Rules of Arbitration of the Indian Council of Arbitration under the
exclusive jurisdiction of the courts at Mumbai, India.
The award shall be final and binding on both the parties and shall apply to the
purchase contract.
Work under the Contract shall be continued by the selected Bidder during the
arbitration proceedings unless otherwise directed in writing by the Bank or unless the
matter is such that the work cannot possibly be continued until the decision of the
64
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
arbitrator, as the case may be, is obtained and save as those which are otherwise
explicitly provided in the Contract, no payment due or payable by the Bank, to the
Bidder shall be withheld on account of the ongoing arbitration proceedings, if any,
unless it is the subject matter or one of the subject matters thereof.
The venue of the arbitration shall be at Mumbai, INDIA under the exclusive
jurisdiction of the courts at Mumbai, India.
Liquidated Damages is not applicable for reasons attributable to the Bank and Force
Majeure. However, it is the responsibility/onus of the Bidder to prove that the delay is
attributed to the Bank and Force Majeure. The Bidder shall submit the proof
authenticated by the Bidder and bank’s official that the delay is attributed to the Bank
and Force Majeure along with the bills requesting payment.
65
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
If a Force Majeure situation arises, the Bidder shall promptly notify the Bank in
writing of such conditions and any change thereof. Unless otherwise directed by the
Purchaser in writing, the Bidder shall continue to perform his obligations under the
contract as far as possible, and shall seek all means for performance of all other
obligations, not prevented by the Force Majeure event.
11.20 Audits
The Bank can conduct any third party inspection/ audit for any phase. The Bidder
should make all necessary changes as mentioned by the results of these audits.
11.21 Prices
The price charged by the Bidder for the services performed for the AMRMS Project
shall not vary from the contracted prices.
The price would be inclusive of all applicable taxes under the Indian law.
The prices, once offered, should remain firm and should not be subject to escalation
for any reason within the period of validity. The entire benefits/advantages, arising
66
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
out of fall in prices, taxes, duties or any other reason, should be passed on to the
Bank.
The Bidder is expected to submit the Commercial bid inclusive of the applicable
taxes for each line item as mentioned in Annex 14
All terms and conditions, payments schedules, time frame for implementation,
expected service levels as per this Tender will remain unchanged unless explicitly
communicated by the Bank in writing to the Bidder. The Bidder shall at no point be
entitled to excuse themselves from any claims by the Bank whatsoever for their
deviations in conforming to the terms and conditions, payments schedules, expected
service levels, time frame for implementation etc. as mentioned in this RFP.
The Bidders shall adhere to the terms of this RFP and shall not deviate from the
same.
67
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
12 Evaluation Process
12.1 Objective of Evaluation Process
The objective of the evaluation process is to evaluate the bids received to select the
best fit solution at a competitive price based on technical and commercial
parameters. The evaluation will be undertaken by a Committee formed for the
purpose by the Bank which consists of senior Bank officials and external experts.
The decision of the Bank regarding the evaluation and selection of the Bidder would
be final.
For the purpose of the evaluation and selection of Bidder for the AMRMS project
implementation, a three-stage evaluation process will be followed. First of all, the
bidder has to comply with the pre-qualification criteria as per Annex 1 to qualify to
participate in the Technical Bid evaluation process. Those bidders who qualify the
pre-qualification criteria will only be eligible to participate in the ‘the Technical Bid’
and ‘the Commercial Bid’ process.
The bidders have to submit ‘the Technical’ and ‘the Commercial’ Bid simultaneously
in separate sealed covers; however final commercial bid decision will be taken on
the basis of ‘Reverse Auction’ Process. The ‘Technical Bid’ in a soft copy should
also be provided in a CD.
The Bidder has to submit ‘Technical Bid’ keeping in view the information / criteria
mentioned in Chapter 6, 7 and 8 of this document in a sealed envelope by the date
and time stipulated as in Table 1 of Chapter 1.
‘Technical Bid’ will contain the exhaustive and comprehensive technical details. The
Technical Bid shall NOT contain any pricing or commercial information at all
and if the Technical Bid contains any price related information, then that
Technical Bid would be disqualified and would NOT be processed further.
The ‘Technical Bids’ will be opened on the date mentioned at Table 1 of Chapter
1and subsequently evaluated on certain pre-determined criteria and a technical
score would be arrived at. It is mandatory to score a minimum cut‐off marks, which
will be determined by the Committee, of the total 60 marks allocated for the
Technical evaluation. The Bidder scoring the highest technical score will be ranked
as T1 and so on. Bidders who do not achieve the cut‐off on any of the parameters as
determined by SC members will be disqualified from the bidding process further.
68
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
However, the Committee reserves the right to relax any of the parameters if the need
arises. Further details in this regard is furnished in Chapter 12.8.
In the third stage of evaluation, the commercial bid submitted by the bidders will be
opened and thereafter, all the Bidders who have qualified in the Technical evaluation
process shall be invited to participate in Reverse Auction Commercial bidding
process. After the Reverse Auction Commercial bidding process is complete, all bids
of the Bidders would be ranked as L1 (lowest bid), L2 and so on.
Post selection of the Bidder, the Bank shall return the Earnest Money Deposit (EMD)
to the unsuccessful Bidders within 30 days of formal declaration of results.
Bank may call for any clarifications / additional particulars required, if any, on the
Pre‐qualification / technical / commercial bids submitted. The Bidder has to submit
the clarifications / additional particulars in writing within 2 working days. The Bidder’s
offer may be disqualified, if the clarifications / additional particulars sought are not
submitted within the specified date and time.
Bank reserves the right to call for presentation/s, product walkthroughs, on the
features of the solution offered etc., from the Bidders based on the technical bids
submitted by them. Based upon the final technical scoring, short listing would be
made of the eligible Bidders for final commercial bidding.
69
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
technical-commercial score.
The functionalities expected from AMRMS are explained in Chapter 6 of the RFP.
The bidder would be required to submit their responses as how their product would
address the various functionalities as per Annex 12.
Response Options
The Bidder should provide a response to each of the requirements of Annex 12,
which could be any one from the following categories:
1. Out of the Shelf / Configurable: The system that shall be delivered currently
supports this function either in native form without further enhancement or
the use of either programming or user tools, i.e. included in the base
package. This can also include assets/plug‐ins developed by the Bidder for
similar projects.
The system that shall be delivered currently supports this function but it
would need to be parameterized and modified according to needs of the
Bank. No additional coding or changes in code would be required.
2. Customization: The function is not available in the product but capability is
there and hence would require customisation by the Bidder’s programming
staff.
3. Not Possible – The requirement cannot be met by the proposed system.
4. Yes – The functionality / capability is present.
5. No - The functionality / capability is not present.
70
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The committee would cross verify the information furnished by the respective bidders
in this regard and scoring for the functional requirements would be done accordingly.
The Bidder is expected to amply demonstrate all the Off the Shelf Features as
indicated in Annex 12 in this regard.
The Bank reserves the right to reject the bid if the Bidder does not respond / leaves
the response field blank for any of the requirements.
Customization 3
Not Possible 0
Yes 2
No 0
The total marks obtained would be converted to a score to be calculated out of 21.
(i.e. 35% of 60 which is the total marks for Technical Evaluation)
During the structured walkthrough, the Bank may seek explanations on various
technical and other requirements.
The cost for set up for the structured walkthrough / PoC will be borne by the Bidder.
The Bank will not bear the expenses incidental to conducting the Structured
Walkthrough by the Bidder and his team.
71
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
based on the data / input provided by the Bank as under. With regards to
presentation based on PoC, it would be advisable that the bidder shows the
complete workflow of the proposed system over one audit cycle with the following
minimum information:
1. Conduct of RBIA of a Regional Office which will involve the following activities:
a. Preparation of Audit Calendar
b. Allocation of man-days
c. Allocation of resources
d. Pre-audit data/information in respect of auditees
e. Checklist Modification/Management
f. Audit Intimation
g. Message Broadcasting
h. Addition/ Deletion of audit entities/types of audit
3. Input of data in the above mentioned areas and report submission to PIO and
vice versa till finalisation.
4. Facility of uploading work papers by auditors in the system
5. Generation of Fact Sheets and Audit Reports
6. Submission of report and acceptance by auditee.
Based on the technical response received and product walk-through the Bank
reserves the right to add items to the above list of items, a few specific functional
requirements need to evaluate that particular solution.
72
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Overview
The Bidder is expected to provide, as a part presentation to the Bank’s Steering
Committee (may consist of external as well as internal personnel) explain the
approach and methodology proposed by the Bidder for the implementation of the
proposed solution.
Data Migration
The quality of the Bidder’s Data Migration procedure shall form an integral part of the
final evaluation and selection of the Bidder.
Data Migration solicits answers from the Bidder to questions on the Data Migration
techniques used. Bank shall rate each of the answers provided by the Bidder and
arrive at a total score for the entire module. The questions pertain to the Data
Migration training techniques, details of various steps to be carried out for successful
Data Migration by the Bidder and experience of the implementers.
Project Management
It is expected that the Bidder gives an elaborate Project Management template
covering each of the activities and the implementation schedule as per the
Implementation details provided in the Annex 3.
73
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bidder should provide explanation on the Project Management process that is
proposed for the Bank including details of how the same was applied in a similar
project as per Annex 3.
Roll‐Out Strategy
The Bidder needs to prepare a roll‐out strategy and a plan on how efficiently and
optimally the AMRMS application can be rolled out.
Table 9:
Project Should have 10 • 10 marks for experience in more than one AMRMS like
Manager years of experience implementations as Project Manager in a Bank in India
in Project • 5 marks for experience in one AMRMS like
Management with a implementation as Project Manager in a Bank in India
minimum of one • 0 mark for not fulfilling the criteria
AMRMS like
implementation as
Project Manager
Team Should have more • 5 marks for experience in more than one AMRMS like
Leader(s) than 5 years of Implementations in a Bank in India
experience in • 3 marks for experience in one AMRMS like
Project Management implementation in a Bank in India
with a minimum of • 0 mark for not fulfilling the criteria
one AMRMS like
implementation as
Team Leader
Team Should have at least • 5 marks for experience in more than one AMRMS like
Members 3 years’ experience Implementations in a Bank in India
at least 2 in AMRMS like • 3 marks for experience in one AMRMS like
in number implementations as Implementation in a Bank in India
team members. • 0 mark for not fulfilling the criteria
74
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The total marks for Team Composition would be 20 which would be converted to
appropriate score as per the weightage.
At the time of bidding, the Bidder needs to have the required Project Manager, Team
Leader and Team Members with appropriate skills and experience on their payrolls
(excluding those employees on their notice period) to successfully commence and
complete the AMRMS project.
If any person has resigned from the Bidder’s company, then his name should not
feature in the proposed team structure.
The proposed team Profile information as per Annex 9 should be furnished along
with the other RFP documents keeping in view the requirements as mentioned
above in table 9.
60 40 100
The breakup for the 60 marks which is allocated for the Technical Evaluation is given
in the table below:
75
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bidder will have to mandatorily score a minimum qualifying cut‐off marks
allocated for the Technical evaluation as decided by the Committee. The Bank may
disqualify any Bidder who does not achieve the cut‐off on any of above mentioned
bidding parameters from the bidding process. The decision of Committee in this
regard would be final.
The Bidder with the highest technical score shall be declared as T1.
The Bank at its discretion may reject the proposal of the Bidder without assigning
any reason whatsoever, if in the Bank’s opinion, the Solution Sizing was not made
appropriately to meet the performance criteria as stipulated by the Bank.
The Bank at its discretion may reject the proposal of the Bidder without giving any
reason whatsoever, if in the Bank’s opinion, the Bidder could not present or
demonstrate the proposed solution as described in the proposal.
It may be noted that ‘Digital Signature’ is required for participation in the Reverse
Auction Commercial bidding process. The cost of Digital Signature will be borne by
the Bidder / Tenderer.
76
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
12.10.1 Auction
The qualified tenderer / bidder shall be given a unique user name and initial
password by the service provider. Each tenderer / bidder shall change the password
and edit the information in the registration page after receipt of initial password.
All the commercial bids made from the log-in ID given to bidder shall ipso-facto be
considered as the bid made by the bidder to whom log-in ID and password were
assigned by the service provider. Any bid once made through registered log-in ID /
password by the bidder shall be binding and final and cannot be cancelled.
Every successive commercial bid by the bidder being decremented, shall replace the
earlier bid automatically and the final bid as per the time and log-in ID shall prevail
over the earlier bids.
For the sake of convenience of vendors, the web portal shall display the next
possible decremental value of bid. It is not, however, obligatory on the part of
vendors to bid at the next immediate lower level only. (That is, bids can be even at 2,
3 or more lower levels than the immediate lower level.)
77
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
In order to reduce the time involved in the procurement process, Bank shall be
entitled to complete the entire procurement process through a single e-Reverse
Auction.
The Bank shall however, be entitled to cancel the procurement of e-Reverse Auction
process, if in its view procurement or e-reverse auction process cannot be conducted
in a fair manner and/or in the interest of the Bank.
All the Bidders / Tenderers shall be required to provide a break-up of their individual
last bid price at the close of auction duly signed and stamped as per Annex 14 within
2 working days.
The tenderer / bidder shall not disclose details of his bids or any other details
concerning e-Reverse Auction process of the Bank to any other third party without
specific permission in writing from the Bank.
Neither the Bank nor the service provider shall be held responsible for any faults in
facilities such as power supply, system problem, inability to use the system, loss of
electronic information, power interruptions, UPS failure, etc. which may affect the
bidding process of any tenderer/ bidder/s.
78
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
b) Agreement between service provider and vendor. (This format will be given
by the service provider during training for e - Reverse Auction.)
12.10.10. Training
The Bank shall arrange training for participation in e-Reverse Auction through the
service provider. The service provider shall also enter into an agreement with each
bidder as per a format designed by him for this purpose.
Any bidder not participating in training shall do so at his own risk and responsibility
and such non-participation shall not be considered a valid reason for seeking any
special right / privilege and / or exemption.
Each tenderer / bidder shall participate in the training at his own cost, if any.
Training for e-Reverse Auction shall be arranged to only those tenderers who shall
be declared technically qualified after scrutiny of ‘Technical Bid’ by the Bank.
The date and time of the training will be intimated to the technically qualified
tenderers in due course. No request for postponement / re-scheduling of Training
Date / Time shall be entertained which in the sole view and discretion of the Bank
might result in any avoidable delay to either the e-Reverse Auction or the whole
process of selection of vendor or may act or cause to act in the detrimental interest
of the bidding process or for the Bank as whole.
79
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The payments shall be done as per the costs quoted by the Bidder when the
corresponding services are provided and such payments become due.
The Technically Qualified Bidder with the lowest Commercial Bid after ‘Reverse
Auction’ would be declared as CLOW .
Here, T and C are the technical and commercial scores of the respective Bidders.
The bidder with the highest total score will be selected as the successful bidder. In
case of a tie of Total Score between two or more Bidders, the Bid with higher
technical score would be chosen as the successful Bidder.
In case the Bidder does not accept the correction of the errors as stated above, the
bid shall be rejected.
The Bank reserves the right to renegotiate any terms (Price / Technical) further with
the successful Bidder.
80
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
RFP Application received from any other bidder(s) will be summarily rejected.
The Bidder is expected to submit only one Technical Bid and relevant one
Commercial Bid. More than one Technical and Commercial Bid should not be
submitted and violation of the same may lead to disqualification of the bidder. The
Technical and Commercial bids should be put in separate covers and all such covers
shall be put in one single cover and delivered at the address mentioned in the Bid
Schedule.
The Bidder is expected to submit the Commercial bid inclusive of the applicable
taxes for each line item in the Annex 14. The Commercial Bid Compliance Certificate
should also be submitted as per format specified in Annex 13.
The cost of bidding and submission of the bids is entirely the responsibility of the
Bidders, regardless of the conduct or outcome of the tendering process.
Receipt of the bids shall be closed as mentioned in the Bid Schedule. Bids received
after the scheduled closing time will not be accepted by the Bank under any
circumstances. Bank will not accept bids delivered late for any reason whatsoever
including any delay in the postal service, courier service or delayed bids sent by any
other means.
81
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bidders or their authorized representatives may be present at the time of the
opening of the technical bid. Only two persons per Bidder will be allowed to be
present at the time of the opening the technical bids. No bid shall be rejected at bid
opening stage, except for bids received late.
A declaration may be given by the Bidder stating that "No relative of the Bidders is
working in the Reserve Bank of India". If anyone working in the Bank is related to the
Bidders, the name, designation and the department where the person is posted may
be given.
The Bid should not contain any erasures, over‐writings or corrections using
whiteners. Any corrections to be made would be by striking through the content
being corrected and duly authenticating the corrections.
The Bidder is expected to examine all instructions, forms, terms and conditions and
technical specifications in the Bidding Documents. Failure to furnish all information
required by the Bidding Documents or submission of a bid not substantially
responsive to the Bidding Documents in every respect will be at the Bidder’s risk and
may result in rejection of the bid.
No rows or columns of the tender should be left blank. Offers with insufficient
information and Offers which do not strictly comply with the stipulations given above,
are liable for rejection.
The Bank may at its discretion abandon the process of the selection of Bidder any
time before notification of award.
All information (bid forms or any other information) to be submitted by the Bidders
may be submitted as a softcopy also in MS – Word in a CD and should be kept in the
respective sealed covers. The Bidders may note that no information is to be
furnished to the Bank through e‐mail except when specifically requested and such
queries are to be confirmed in writing.
82
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bank reserves the right to pre‐pone or post‐pone the pre‐bid meeting date.
However, Bidders will be informed the date of pre‐bid meeting in advance to submit
their queries to the Bank seeking clarification.
The amendments so made will be binding on all the Bidders. From the date of issue,
amendments to Terms and Conditions shall be deemed to form an integral part of
the RFP. Further, in order to provide prospective Bidders reasonable time to take the
83
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
amendment into account in preparing their bid, the Bank may at its discretion extend
the deadline for submission of bids.
Forms with respective Power of Attorney should be submitted and signed by the
authorized signatory. Unsigned bids would entail rejection of the bid.
84
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
The Bank will reserve the right to terminate the services of the successful Bidder at
any point of the Project without assigning any reasons.
Information collected or provided to the Bidder would be confidential and shall not be
used by him for any other purpose. The work/study carried out by the Bidder would
be the sole property of the Bank.
At no point should the Bidder use the name of the Bank without prior written
permission to advertise itself.
The term of this Bidder assignment is for a period of seven years from the date of
acceptance of appointment order or such extended period as may be mutually
agreed up on.
Adherence to terms and conditions: The Bidders who wish to submit responses to
this RFP should note that they should abide by all the terms and conditions
contained in the RFP. If the responses contain any extraneous conditions put in by
the respondents, such responses will be disqualified and will not be considered for
the selection process.
DISCLAIMER : The Bank and/or its officers, employees disclaim all liability from any
loss or damage, whether foreseeable or not, suffered by any Bidder/person acting on
or refraining from acting because of any information including statements,
information, forecasts, estimates or projections contained in this document or
conduct ancillary to it whether or not the loss or damage arises in connection with
any omission, negligence, default, lack of care or misrepresentation on the part of
Bank and/or any of its officers, employees.
85
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
• A Service Level Agreement, which would include all the services and terms and
conditions of the services to be extended as detailed herein and as may be
prescribed by the Bank.
The proposed team members should possess the knowledge and necessary
experience as specified under Chapter 12.6 and should be deployed as per the
requirements of the AMRMS Project. The key persons identified by the Bidder for the
project should carry out their activities from the premises of Reserve Bank of India,
Mumbai till the successful roll out of the project.
The successful Bidder will be ineligible to bid for any audit/review and 3rd party user
acceptance testing tenders released under the AMRMS project.
86
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
Adherence to Standards: The Bidder should adhere to laws of land and ‘rules,
regulations and guidelines’ prescribed by various regulatory, statutory and
Government authorities.
No legal binding relationship: It may be noted that no binding legal relationship will
exist between any of the Respondents of this RFP and the Bank, until execution of a
contractual agreement.
The Bank reserves the right to conduct an audit/ ongoing audit of the services
provided by the successful Bidder.
The Bank reserves the right to ascertain information from any of the Indian public
sector undertaking/ Indian public sector banks/large government departments in
India in which the Bidders have rendered their services for execution of similar
projects.
The Bank reserves the right to disqualify any bidder, who is involved in any form of
lobbying/ influencing/ canvassing etc., in the evaluation / selection process.
87
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
88
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
13.19 Assignment
Neither the contract nor any rights granted under the contract may be sold, leased,
assigned, or otherwise transferred, in whole or in part, by the Bidder, and any such
attempted sale, lease, assignment or otherwise transfer shall be void and of no effect
without the advance written consent of the Bank.
13.20 Non-Solicitation
The Bidder, during the term of the contract and for a period of one year thereafter
shall not without the express written consent of the Bank, directly or indirectly:
89
Confidential and for Restricted Use
RFP for Audit Management and Risk Monitoring System, RBI
• Induce any person who is / have been an employee or associate of RBI at any
time to terminate his/ her relationship with the Bank
13.22 Subcontracting
The Bidder shall not subcontract or permit anyone other than its personnel and the
parties enlisted in the response to perform any of the work, service or other
performance required of the Bidder under the contract without the prior written
consent of the Bank.
-----------------------------------------------------------------------------------------------------
90
Confidential and for Restricted Use
RFP For Audit Management and Risk Monitoring System, RBI
The Bidder may note that the below criteria is of critical importance and non-
adherence of the Bidders proposed solution to any would be lead to disqualification
from further bidding process
Authorized Signature
Dear Sir,
PERFORMANCE BANK GUARANTEE – Services for the Implementation and
Maintenance of Audit Management and Risk Monitoring System (AMRMS) for the
Reserve Bank of India
WHEREAS
M/s. (name of Bidder), a company registered under the Companies Act, 1956, having its
registered and corporate office at (address of the Bidder), (hereinafter referred to as
“our constituent”, which expression, unless excluded or repugnant to the context or
meaning thereof, includes its successors and assigns), entered into an Agreement
dated …….. (Hereinafter, referred to as “the said Agreement”) with you (Reserve Bank
of India) for end to end implementation and maintenance services, as detailed in the
scope given in the RFP document, for the Implementation of Audit Management and
Risk Monitoring System (AMRMS) for the Reserve Bank of India, as detailed in the said
Agreement.
We are aware of the fact that in terms of sub-para (…), Section (…), Chapter (…) of the
said Agreement, our constituent is required to furnish a Bank Guarantee for an amount
Rs…….. (in words and figures), being 10% of the Contract Price (TCO) of Rs. … (in
words and figures), as per the said Agreement, as security against breach/default of the
said Agreement by our Constituent.
In consideration of the fact that our constituent is our valued customer and the fact that
he has entered into the said Agreement with you, we, (name and address of the bank),
have agreed to issue this Performance Bank Guarantee.
Therefore, we (name and address of the bank) hereby unconditionally and irrevocably
guarantee you as under:
1 In the event of our constituent committing any breach/default of the said Agreement,
which breach/default has not been rectified within a period of thirty (30) days after
receipt of written notice from you, we hereby agree to pay you forthwith on demand
such sum/s not exceeding the sum of Rs…… (in words and figures) without any
demur.
3 This Performance Bank Guarantee shall continue and hold good till the completion of
the contract period for AMRMS i.e. (date), subject to the terms and conditions in the
said Agreement.
4 We bind ourselves to pay the above said amount at any point of time commencing
from the date of the said Purchase Agreement until the completion of the contract
period for the Total Solution as per said Agreement.
5 We further agree that the termination of the said Agreement, for reasons solely
attributable to our constituent, virtually empowers you to demand for the payment of
the above said amount under this guarantee and we have an obligation to honor the
same without demur.
6 In order to give full effect to the guarantee contained herein, we (name and address
of the bank), agree that you shall be entitled to act as if we were your principal
debtors in respect of your claims against our constituent. We hereby expressly waive
all our rights of suretyship and other rights, if any, which are in any way inconsistent
with any of the provisions of this Performance Bank Guarantee.
7 We confirm that this Performance Bank Guarantee will cover your claim/s against
our constituent made in accordance with this Guarantee from time to time, arising
out of or in relation to the said Agreement and in respect of which your claim is
lodged with us on or before the date of expiry of this Performance Guarantee,
irrespective of your entitlement to other claims, charges, rights and reliefs, as
provided in the said Agreement.
10 This Performance Bank Guarantee shall not be affected by any change in the
constitution of our constituent nor shall it be affected by any change in our
constitution or by any amalgamation or absorption thereof or therewith or
reconstruction or winding up, but will ensure to the benefit of you and be available to
and be enforceable by you.
12 We hereby confirm that we have the power/s to issue this Guarantee in your favor
under the Memorandum and Articles of Association/ Constitution of our bank and the
undersigned is/are the recipient of authority by express delegation of power/s and
has/have full power/s to execute this guarantee under the Power of Attorney issued
by the bank in his/their favor.
We further agree that the exercise of any of your rights against our constituent to
enforce or forbear to enforce or any other indulgence or facility, extended to our
constituent to carry out the contractual obligations as per the said Agreement, would not
release our liability under this guarantee and that your right against us shall remain in
full force and effect, notwithstanding any arrangement that may be entered into between
you and our constituent, during the entire currency of this guarantee.
• Our liability under this Performance Bank Guarantee shall not exceed Rs. …. (in
words and figure) ;
• This Performance Bank Guarantee shall be valid only up to …….. (date, i.e.,
completion of warranty period for the Total Solution) ; and
• We are liable to pay the guaranteed amount or part thereof under this Performance
Bank Guarantee only and only if we receive a written claim or demand on or before
…. (date i.e. completion of the warranty period for the Total Solution).
• This Performance Bank Guarantee must be returned to the bank upon its expiry. If
the Performance Bank Guarantee is not received by the bank within the above-
mentioned period, subject to the terms and conditions contained herein, it shall be
deemed to be automatically cancelled.
Yours faithfully,
(Signature)
Designation
Note:
• This guarantee will attract stamp duty as a security bond under Article 54(b) of the Mumbai
Stamp Act, 1958.
• A duly certified copy of the requisite authority conferred on the official/s to execute the
guarantee on behalf of the bank should be annexed to this guarantee for verification and
retention thereof as documentary evidence in the matter.
Weeks
Serial Task 1 2 3 4 5 6 7 8 9 10 11 12 13 14 …..
No
The above plan should be provided for the entire duration of the implementation and
should include all the areas in the scope that is:
1 Implementation of AMRMS
2 Customization
3 Training
4 Roll-out and Implementation plan
The bidder is expected to provide the details mentioned in the table below apart from
the details project plan.
The details provided in this table should clearly match with the detailed project plan.
* The calendar months specified should indicate the actual calendar months taken to
complete the task from issue of Purchase Order to the selected bidder
NOTE:
The bidder is expected to fill-up the above mentioned table and not change any of
the tasks mentioned above.
[Salutation]
Sub: Request for Proposal for Implementation of Audit Management and Risk
Monitoring System at Reserve Bank of India.
Further to our proposal dated, in response to the Request for Proposal for
Implementation of Audit Management and Risk Monitoring System (hereinafter referred
to as “RFP”) issued by Reserve Bank of India (hereinafter referred to as “RBI”) we
hereby covenant, warrant and confirm as follows:
The soft-copies of the proposal submitted by us in response to the RFP and the related
addendums and other documents including the changes made to the original tender
documents issued by RBI, conform to and are identical with the hard-copies of aforesaid
proposal submitted by us, in all respects.
In case of any discrepancies between the hard copy and the soft copy of the RFP
response, the hard copy shall supersede the soft copy.
Yours faithfully,
Authorized Signatory
Designation
Bidder’s corporate name
Dear Sir,
We, the undersigned, as bidder, having examined the complete RFP document (along
with its annexure), do hereby offer to produce, deliver, install, support and maintain
Audit Management and Risk Monitoring System (AMRMS) in full conformity of your
requirements as elaborated in above said RFP for the amounts mentioned by us in the
Commercial Bid or such other sums as may be agreed to between us.
We hereby agree to all the terms and conditions stipulated in the RFP.
We agree to abide by our Offer for a period of 6 months (180 Days) from the date of
last day of Bid submission and it shall remain binding on us for acceptance at any time
before the expiration of this period.
We understand that you are not bound to accept the lowest or any bid you may receive.
We undertake as a part of this contract for successful operation of the AMRMS during
the warranty and AMC period (if contracted).
Yours faithfully,
(Authorised Signatory)
In the capacity of ______________
Duly authorized to sign the Bid for and on behalf of _________________
Part A
Name,
Name Month Period of Period of
Sr. Address and Contact
/Description of and Year of Implementation Warranty / Remarks
No. details of
the Product the order AMC
the clients From To
Part B
Experience of the Applicant of implementing an AMRMS like solution in any financial institution
Name,
Name Month Period of Period of
Sr. Address and Contact
/Description of and Year of Implementation Warranty / Remarks
No. details of
the Product the order AMC
the clients From To
To,
Principal Chief General Manager
Reserve Bank of India
Inspection Department, Central Office
C-7, 8th Floor,
Bandra Kurla Complex,
Mumbai – 400 051,
Dear Sir,
Re: Tender dated MMMM, DD, YYYY TECHNICAL BID for the Implementation of
Audit Management and Risk Monitoring System (AMRMS) at the Reserve Bank of
India
1 Having examined the Tender Documents including Annexure, the receipt of which is
hereby duly acknowledged, we, the undersigned, offer to supply, deliver, implement
and commission ALL the items mentioned in the ‘Request for Proposal’ and the other
schedules of requirements and services for your bank in conformity with the said
Tender Documents in accordance with the schedule of Prices indicated in the Price
Bid and made part of this Tender.
We attach hereto the Tender Response as required by the Tender document, which
constitutes my/our bid.
3 We agree to abide by this Tender Offer for 180 days from the last day of bid
submission and our Offer shall remain binding on us and may be accepted by RBI
any time before expiry of the offer.
4 This Bid, together with your written acceptance thereof and your notification of
award, shall constitute a binding Contract between us.
We agree that you are not bound to accept the lowest or any Tender Response you
may receive. We also agree that you reserve the right in absolute sense to reject all
or any of the goods /products specified in the Tender Response without assigning
any reason whatsoever.
5 We undertake that in competing for and if the award is made to us, in executing the
subject Contract, we will strictly observe the laws against fraud and corruption in
force in India namely “Prevention of Corruption Act 1988”.
6 We certify that we have provided all the information requested by RBI in the format
requested for. We also understand that RBI has the exclusive right to reject this offer
in case RBI is of the opinion that the required information is not provided or is
provided in a different format.
Witness name:
………………………………………………………
Witness address:
………………………………………………………
……………………………………………………...
Witness signature:
…………………………………………………
All questions received at least three working days before the pre-bid meeting will be
formally responded to and questions/points of clarification and the responses will be
circulated to all participating bidder if required. The source (identity) of the bidder seeking
points of clarification will not be revealed. Alternatively, RBI may at its discretion, answer all
such queries in the Pre-bid meeting.
Section Number:
Page Number:
Point Number:
Query description
1 In case of multiple queries, the contact details need not be repeated and only last two rows
of the above format (table) are to be furnished for the subsequent queries.
2 Please indicate the preferred method and address for reply.
3 Please use email or softcopy as a preference but forward hard copy confirmations.
Strictly Confidential Annex 8: Pre Bid Query Format 1
RFP For Audit Management and Risk Monitoring System, RBI
Sr Name of Professional Certifications Banking Solutions expertise IT Expertise In terms of Number of similar
No Proposed qualifications / (Mention if he/she has years and areas of assignments involved In
Project Accreditations worked in Banks earlier) In expertise Public Sector Unit/ Public
Manager/ terms of years and areas of Sector Banks/ Large
Team leaders expertise Government Department
/Proposed
Team
members
Place:
Date: Seal and signature of the bidder
Dear Sir,
Having examined the Tender Document, we, the undersigned, accept the following:
(a) Within 30 Business Days from the Acceptance Date, XXX shall deposit the
Software in human readable form and such other material, instructions and
documentation (including updates and upgrades thereto and new versions
thereof) as are necessary to compile or otherwise generate the then current
version of the Software as supplied to the Bank (herein after referred to as
“Escrow Material”) in escrow with a suitable escrow agent jointly appointed
by the Parties (hereinafter referred to as “Escrow Agent”) under the terms of
a tripartite escrow agreement to be executed between the Bank, XXX and
Escrow Agent. The Parties hereby agree that all costs incurred in connection
with the escrow shall be borne by the Bank, other than the travelling and
other expense of XXX Personnel.
(b) Escrow Material shall further consist of all information in human readable form
necessary to enable a reasonably skilled programmer or analyst to maintain
and /or enhance the program(s) and that, without prejudice to the generally of
the foregoing, the source shall contain all listing of code, programmer’s
comments, logic manual and flowcharts.
(c) The Escrow Material shall be released to the Bank for its own use or that of
its Affiliates and become the property of the Bank in the event of :
Witness name:
………………………………………………………
Witness address:
………………………………………………………
……………………………………………………...
Witness signature:
…………………………………………………
For detailed information of the system, please refer Section 6 of the RFP
The Bidder should provide the following Additional Details about the proposed
Application
A. Other Requirements
1 Technical Details required Details
1.1 Application Technical Architecture - Modular/
Parameterisable / Other - Please Specify
1.2 Bandwidth required (incl. at server end) to run .. KBPS max., .. kbps
the application smoothly –Bidder to specify normally
2 Scalability & Security
2.1 No. of Concurrent users application can scale to
– Bidder to specify number
3 Change Management
3.1 Cost Estimation: Methods of Efforts estimation
4 Resources required
4.1 Usage of Bank’s existing resources like Yes/No
ORACLE Licence
4.2 Limitations of the applications: like features that
is not possible, dependence on proprietary H/W,
S/W, particular settings in browser etc.
4.3 Assurance to comply with the IS Policy of the Yes/No
Bank
C. General Information
General Information to be
furnished by the
Bidder
1 Based on requirements listed in the overall RFP, 1) __% age available
what is the percentage of requirements already 2) __ % age would be
available in the application and what would need developed.
to be customize/developed as part of 3) __ % Not possible
deliverables
2 Capability to provide the Auditee Office module Yes/No
for the identified functionalities.
3 Training Requirement
a) Administrator User _______ Hrs
b) Auditors _______ Hrs
c) Compliance Users _______ Hrs
d) RMD Users _______ Hrs
e) Auditee Offices Users _______ Hrs
D. Any additional Technical Details the Bidder would like to provide may be
appended.
Subject: Tender dated DD, MM, YYYY COMMERCIAL BID for the Implementation
of Audit Management and Risk Monitoring System at the Reserve Bank of India
Having examined the Tender Document, we, the undersigned, offer to supply, deliver,
implement and commission ALL the items mentioned in the ‘Request for Proposal’ and
the other schedules of requirements and services for the Bank in conformity with the
said Tender Documents for a total bid price of:
We agree to abide by this Tender Response for a period of 180 days from the last day
of bid submission and it shall remain binding upon us, until within this period a formal
contract is prepared and executed, this Tender Response, together with your written
We agree that you are not bound to accept the lowest or any Tender Response you
may receive. We also agree that you reserve the right in absolute sense to reject all or
any of the goods/products specified in the Tender Response without assigning any
reason whatsoever. We also understand that commercial bid decision will be taken on
the basis of ‘Reverse Auction’ as described in the RFP document, and in case if the
award is made to us, the final commercial bid as per Annex 14 will be submitted to the
Bank within 2 working days.
It is hereby confirmed that I/We are entitled to act on behalf of our corporation/ company
/ firm/ organization and empowered to sign this document as well as such other
documents which may be required in this connection.
We undertake that in competing for and if the award is made to us, in executing the
subject Contract, we will strictly observe the laws against fraud and corruption in force in
India namely “Prevention of Corruption Act 1988”.
……………………………………………. …………………………………………….
Duly authorised to sign the Tender Response for and on behalf of:
………………………………………………………………………………………………………
………………………………………………………………………………………………………
Seal/Stamp of Tenderor
Witness name:
………………………………………………………
Witness address:
………………………………………………………
……………………………………………………...
Witness signature:
…………………………………………………
4. Training Cost 4.
___________________________________________________________________
The fees payable by RBI to Bidder shall be inclusive of all costs such as
insurance, taxes (including service tax, as per the rates applicable), custom duties,
octroi, levies, cess, transportation, installation, (collectively referred to as “Taxes”)
that may be levied, imposed, charged or incurred and RBI shall pay the fees due
under this RFP and subsequent agreement after deducting any tax deductible at
source (“TDS”), as applicable. Any variation in Government levies/ taxes/ VAT/ cess/
excise/ custom duty / octroi etc. which has been included as part of the price will be
borne by the Bidder.
Authorized Signature
Failure to provide any of the documents as detailed below could lead to the
disqualification of the bidder from the bid.
Functional RFP
Annexure Content / Details Submitted
Name (Y/N)
NDA Non-Disclosure Agreement
Demand Draft for Bid Security (Ernest Money Deposit)
Annex 1 Pre- Qualification Criteria
Annex 3 Work Plan Format
Annex 4 Conformity of Soft Copy
Annex 5 Bidder Undertaking
Annex 6 Experience Details
Annex 7 Confirmation to Deliver
Annex 8 Pre-Bid Query Format
Annex 9 Proposed Team Profile
Annex 10 Bidder Details
Annex 11 Undertaking Accepting Escrow Agreement
Annex 12 Functional Requirements