TECHNICAL PROPOSAL FOR PROVIDING

CONSULTANCY SERVICES FOR IT AUDIT

Submitted To

March 2019

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
TABLE OF CONTENTS
1. EXECUTIVE SUMMARY .............................................................................................................. 3
2. OUR UNDERSTANDING:............................................................................................................. 3
3. SCOPE:...................................................................................................................................... 3
4. METHODOLOGY AND WORK PLAN ............................................................................................ 4
4.1 TIMESTAMP’S IT AUDIT SERVICES - OVERVIEW ...................................................................... 4
4.2 TIMESTAMP’S IT AUDIT SERVICES .......................................................................................... 5
4.3 TIMESTAMP IT GENERAL CONTROLS AUDIT SERVICE .............................................................. 5
4.4 TIMESTAMP COMPLIANCE GAP ANALYSIS SERVICE ................................................................ 5
4.5 TIMESTAMP IT AUDIT FRAMEWORK ...................................................................................... 5
5. TIMESTAMP IT AUDIT SERVICES – OVER ALL METHODOLOGY ..................................................... 6
5.1 TIMESTAMP IT INFRASTRUCTURE AUDIT ............................................................................... 9
5.2 TIMESTAMP IT INFRASTRUCTURE ASSESSMENT ..................................................................... 9
5.3 TIMESTAMP IT ASSURANCE ................................................................................................... 9
5.4 BENEFITS OF OUR AUDIT, ASSESSMENT AND ASSESSMENT SERVICES ....................................10
6. TEAM COMPOSITION AND TASK ASSIGNMENTS ........................................................................10
7. TIMESTAMP AUDIT EXPERIENCE AND PREVIOUS ENGAGEMENTS ..............................................11
8. ASSUMPTIONS .........................................................................................................................14
9. ANNEXURE – TIMESTAMP IT AUDITOR PROFILES ......................................................................14

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
1. Executive Summary

Timestamp would like to thank Volta River Authority (VRA), for shortlisting our
organisation to submit our proposal to provide Consultancy Service for IT Audit. Having
served as external auditors for several organisations for the past two decades and
currently serving as internal auditors for various industries , we have gained valuable
insight. We feel that the knowledge can be used to provide valued input in assisting Volta
River Authority (VRA) in their internal IT audit function.

2. Our Understanding:

Volta River Authority (VRA) is looking for shortlisted IT Services & Consulting firms to
conduct a diagnostic study of its Information Technology infrastructure and provide
recommendations to enhance its Business and Corporate Strategy.

The assignment is to provide Management with an independent professional view of the

short, medium and long-term strengths, weaknesses, opportunities and threats of the
current ICT assets of the VRA and provide recommendations to the Management of VRA.

The following are the objectives considered:

 Validate that the current IT environment is compliant with industry standards

 Assess the overall IT function to determine whether sufficient resources and skill
sets have been appropriated to support the technological requirements
 Evaluate whether appropriate access has been granted to the network and
selected applications
 Validate whether databases are sufficiently backed-up and whether back- ups are
restorable
 Confirm IT general computer controls
 Benchmark against other institutions

3. Scope:

The report shall clearly summarize among other findings, an independent professional
view of the short, medium and long-term strengths, weaknesses, opportunities, threats of
the current ICT assets of VRA and provide recommendations to the Management of VRA.
The specific Scope of Work will include:

1. High Level Review of the General Business Operations and Direction

The first step will be to review VRA’s Business Operations and Direction to establish the
characteristics of the organization such as core objectives, locations and business units.
It will also include a review of key stakeholders and customers, services, product offerings
and the channels (how and where) by which clients access the products and services.

2. Detailed Review of ICT Governance Policies and Procedures

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
ICT Governance generally refers to the processes by which the ICT functions within
organizations are directed, controlled and held to account. It encompasses authority,
accountability, leadership, direction, and control exercised within the organization. ICT
functions utilize resources to achieve strategic and operational goals. The existing ICT
Governance management framework will be analyzed to determine how effectively it is
aligned with the general Corporate Strategy.

3. Detailed Review of any Previous ICT Strategies

The consultant or firm will analyze the outcome of any previous ICT Strategic Plans and
other initiatives to see how they have impacted the organization. Lessons learned will be
used as a guide not to repeat mistakes but rather build on successes.

4. Detailed Review of ICT Resources and Processes

This review focuses on both the organizational structure (human resource, departments,
reporting relationships etc.), physical assets (servers, computers, storage devices etc.)
and processes (Business applications, network infrastructure, back office systems etc.).
It will include a technical environment summary as well as description and analyses of
the various applications and systems.

5. Detailed Review of the ICT 3rd Party Technology Interfacing.

The team will review the technology interfaces, if any, with third parties. This will also
include an evaluation of the IT spend and how it is aligned to the business.

6. Review of International Best Practices

Review and document the relevant International ICT and Modern Management Methods
that can be leveraged by VRA to drive positive, manageable and sustainable results over
the long term.

4. Methodology and Work Plan

4.1 Timestamp’s IT Audit Services - Overview

Timestamp’s IT internal audit services help organisations understand their key technology
risks and how well they are mitigating and controlling those risks. We also provide insight
into the threats inherent in today’s highly complex technologies. Timestamp provides a
wide range of services of IT internal audit outsourcing and co-sourcing. The Timestamp
methodology, which is both COSO - and COBIT®-based, facilitates an overall IT internal
audit management team with the execution of individual projects by subject-matter
experts in each IT audit area. Timestamp estimates to conduct the IT audit and submit
the final report in a period of 12 weeks from the date of commencement. The following
are the reports that are delivered in phased approach:

1. Baseline Report
2. Draft Final Report

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
 3. Final Report (IT Development Strategy Document)

4.2 Timestamp’s IT Audit Services

Our IT Audit service is an examination of the controls within an organization’s IT

infrastructure. During the IT audit process, Timestamp Auditors evaluate the overall
effectiveness of our client’s IT control environment to ensure these controls are properly
configured to preserve the availability, confidentiality, and integrity of mission-critical
systems and data.

The audit scope depends primarily on the size and scope of the client’s operation and the
specific needs of the client. The project manager and auditors work directly with the client
to ensure cost-effective and timely delivery of our auditing services.

4.3 Timestamp IT General Controls Audit Service

This audit is an examination of the proactive/protective controls, the detective controls,

and the reactive/corrective controls within an organization’s IT infrastructure.

During the IT controls audit process, Timestamp IT Auditors collect and evaluate evidence
of the client’s information systems controls, policies and procedures, and other related
documentation to ensure the availability, confidentiality, and integrity of mission-critical
systems and data.

4.4 Timestamp Compliance Gap Analysis Service

The compliance review is an examination of existing controls, procedures, and policies

against industry best practices and industry regulations surrounding cybersecurity and
information security. Timestamp’s compliance review services help organizations
determine their adherence to established state, federal, and industry guidelines.
Timestamp also provides a report identifying gaps and prioritizing areas of improvements,
and providing solutions on how to bring the organization into compliance.

4.5 Timestamp IT Audit Framework

Timestamp IT Audit framework contains technical policies, guidelines and standards for
achieving interoperability between the technical systems in the government. The
developed framework contains in excess of 100 technical standards. The framework also
provides guidelines for implementation and compliance. The COBIT framework provides
a tool for the business process owner that facilitates the discharge of this responsibility.

The framework starts from a simple and pragmatic premise: To provide the information
that the organization needs to achieve its objectives, IT resources need to be managed
by a set of naturally grouped processes. IT service management is concerned with
delivering and supporting IT services that are appropriate to the business requirements
of the organization. ITIL provides a comprehensive, consistent and coherent set of best
practices for IT service management and related processes, promoting a quality approach
for achieving business effectiveness and efficiency in the use of IS. ITIL service
management processes are intended to underpin, but not dictate, the business processes
of an organization.

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
5. Timestamp IT Audit Services – Over All Methodology

Phase I - Assessment of Current State (Gap Assessment)

 Identify critical processes or other enablers that will be addressed

 Identify appropriate management practices for each selected process
 Identify the gaps between the as-is and the to-be positions
 Assign the Current COBIT Rating based on the gap assessment

Activities: Timestamp Team shall conduct current state assessment with respect to
COBIT Process Maturity Model in the following broad areas:

 Principles, Policies and Frameworks to Review/Establish IT & IS Policy

framework
o Define IT & IS principles that support the business
o Prepare/Update existing IT & IS policies

 IT & IS Processes & Procedures

o Identify existing processes
o Define description and purpose
o Define Process goals
o Establish Management processes based on planning, building, running
and monitoring [PBRM] domains

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Organizational Structures
o Develop COBIT based Organizational Structure & RACI Matrix
o Define IT & IS Roles and Structure

 Culture, Ethics & Behaviour

 Information model that includes Information type such as strategy, budgets,
plans, awareness material, service catalogues, security dashboards
 Business case outline, initiative feasibility and potential ROI
 Services, Infrastructure and Applications
 People, Skills & Competencies o Review/Define Role Skill Requirements, Skill
Levels & Categories
o Define goals for skills and competencies o Identify training requirements,
technical/non-technical skills
 Present problems and opportunities to VRA Management.
 Constraints or Limitations in the present IT environment
 Key issues and weaknesses related to the current and required future solutions
and services
 Define Risk Appetite and Maturity of the existing IT governance model
 Define COBIT CSA model with rating tool having capability to evaluate all the
processes periodically
o Deliverable: COBIT Gap Assessment Report for all processes and with
current ratings

Phase II - Define Road map

Define the targeted to-be state. Determine the identified gaps between the as-is and the
to-be positions and translate these gaps into improvement opportunities.

Activities:

 Define a roadmap to address the problems and opportunities identified in the

previous stage
 Set initiative direction, scope, benefits and objectives at a high level.
 Ensure alignment of the objectives with COBIT 5 framework.
 Fine-tune the scope in view of the existing risk
 Identify short-term and long-term projects as part of the roadmap.
 Create and evaluate a detailed business case, budget, time lines, and high-level
initiative plan.
 Obtain necessary budgets and define initiative accountabilities and
responsibilities.
 Develop a communicate strategy

Deliverables: Best Practices, Organisation Chart, RACI Chart, Road map,

Phase III - Plan Program Objective:

Create a detailed business case and high-level initiative plan.

Activities:

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Prepare documentation with respect to amendments in IT Strategy, IT Policy and
supporting guidelines
 Run a Program Management Office (PMO) to facilitate VRA Management in
monitoring the identified projects
 Organize potential projects into the initiative.
 Guide the allocation and prioritization of business resources necessary to
achieve initiative and project objectives
 Define the required deliverables, considering the full scope of activities required
to meet objectives
 Establish project plans and reporting procedures to enable progress to be
monitored
 Prepare KPIs for the target state Deliverables: Project Definitions, Detailed
Project Plan (including baselined schedule), Reporting Procedures, Identified
Quick Wins, KPI for the target stage, Various documents generated through the
abovementioned activities

Phase IV - Execute and Monitor

Objective: Support for Implementation of the projects, leveraging enterprise initiative

and project management capabilities, standards and practices. Monitor, Measure and
Report on project progress

Activities:

 Provide PMO support / handholding in roll-out / implementation

o Develop and where necessary, acquire solutions that include the full scope of
activities required
o Testing the practicality and suitability of the solutions in the real working
environment
o Roll out solutions o Implementation support for change response plans
o Plan cultural and behavioural aspects of the broader transition.
o Communicate roles and responsibilities for use
 Conduct Periodic awareness programs to familiarize on new processes, projects and
plans o To ensure that a broader base of role players has the skills, resources and
knowledge, as well as buy-in and commitment to the change
 Ensure the execution of the initiative is based on an up-to-date and integrated plan of
the projects within the initiative.
 Guide and monitor the contribution of all the projects in the initiative to ensure delivery
of the expected outcomes.
 Provide regular update reports to stakeholders to ensure that progress is understood
and on track
Conduct follow-up assessments with respect to COBIT 5 Process Maturity Model to
monitor progress and ensure;
o Whether assigned roles and responsibilities have been assumed o
Performance of the initiative against the business case objectives
o Measure KPIs to assess progress vis-a-vis planned

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
5.1 Timestamp IT Infrastructure Audit

An IT audit is to evaluate the system's internal control design and effectiveness against
relevant standards and best practices. This includes but is not limited to, design,
implementation, performance, efficiency, security protocols and IT governance or
oversight. Installing controls are necessary but not sufficient to provide adequate security.
Periodic review of the infrastructure and the processes is mandatory to ensure
compliance to these controls.
Timestamp, in its role as an IT infrastructure consulting company has been responsible
for building out and upgrading number of information technology infrastructure projects
for its clients in India and Overseas. Our IT consulting staff is specially trained for
assessment of network, data centre, compute, storage and security solutions.
Timestamp has relevant skills and experience to carry out the audit for
 Network Design and Performance
 Datacentre Design and Performance
 Security Solutions and Policies
 Technology
 Operation and Maintenance Processes

5.2 Timestamp IT Infrastructure Assessment

Timestamp Infrastructure Assessment services takes structured and systematic

approach in providing end to end support with proper understanding and alignment with
the customer's requirement and expectation.
Timestamp offer the following levels of assessment services:
Level - 1: Progressive and proactive monitoring.
Level - 2: High Availability with preventive mechanism & technics
Level - 3: Optimization, standardization & Consolidation
Level - 4: Advanced Visibility & Prompt Service
Level - 5: Scalable, Structured, Quantitative & Qualitative Service Delivery.
5.3 Timestamp IT Assurance

Assurance is the process of getting the right information to the right people at the right
time with Information Risk Management, Trust Management, Resilience, appropriate
Architecture, system safety, and security.
Our professionals provide independent, pragmatic advice and advanced technology
capabilities to help you proactively and reactively manage your technology risks and use
the data to its full potential. Our Information Assurance services help customers secure
their information with 5 pillars of security namely Integrity, Availability, Authentication,
Confidentiality, Nonrepudiation.

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
We can help provide high levels of assurance and insights in respect of your technology,
including:
 IT infrastructure internal and external audit services.
 IT infrastructure assessment and benchmarking services.
 IT infrastructure certification services.
 IT infrastructure security and business resilience services.
 IT Data privacy and protection services.

5.4 Benefits of our Audit, Assessment and Assessment Services

 Proactively review and reduce your risks around the use of IT

 Demonstrate compliance with standards.
 Significantly reduce the risk of costly and damaging IT security / data privacy and
protection breaches.
 Significantly reduce the risk of interruptions to your business operations through
the implementation of appropriate IT disaster recovery and business continuity
plans.

6. TEAM COMPOSITION AND TASK ASSIGNMENTS

Timestamp proposed the following team and IT auditors to provide consultancy services.
Technical / Managerial Staff
Name Position Task

Support Staff
Name Position Task

6.1 TIME SCHEDULE FOR PROFESSIONAL PERSONNEL

Weeks
Number of
1 2 3 4 5 6 7 8 9 10 11 12
Months
Reports
Name Position
Due/Activities

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
6.2 Activity Work Schedule

Duration in Weeks
1 2 3 4 5 6 7 8 9 10 11 12
Activity (Work)

6.3 Completion and Submission of Reports

Reports Date
1. Baseline Report 10th week from the date of
commencement of engagement
2. Draft Final Report 11th week from the date of
commencement of the engagement
3. Final Report (IT Development 12th week from the date of
Strategy Document) commencement of engagement

7. TIMESTAMP AUDIT EXPERIENCE AND PREVIOUS ENGAGEMENTS

Engagement 1 - Network Security Audit

Client Situation:

A mid-size company with many entities was concerned about network security.
Management wanted an internal and external network security audit of each entity.

Timestamp Solution:

Timestamp provided a 50 - point, 360-degree view of risks. Our services included an

evaluation of:

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Risk assessment, risk analysis, and risk treatment
 Policies, procedures, plans, and related documents
 Use of service providers
 Security of servers, firewalls, and network infrastructure
 Protection against malicious software (viruses, spyware, etc.)
 Security mechanisms and practices
 Controls over removable media and USB devices
 Incident response and business continuity

Timestamp analysis included a comparison of the organization with security best

practices to identify gaps. Altius IT provided a report of findings as well as
recommendations, costs, and a prioritized risk response executive summary Action Plan.

Client Benefit

Timestamp network security audit documented several areas that placed the organization
at risk to both internal and external threats. The prioritized Action Plan helped the
telephone company increase security and protect its information assets.

Engagement 2 – Cyber Security Audit

Client Situation

A county needed assurance that its sensitive information was protected against hackers
and other Internet threats. County management was concerned about compliance related
issues and wanted assurance its systems were protected against external threats.

Timestamp Solution

Timestamp provided an External Network Security Audit. Our services included a variety
of hacker type tools and techniques that identified and evaluated the county’s external
risks:

 Firewall – reviewed and analyzed configuration

 External penetration – evaluated vulnerabilities
 Social engineering – determined employee risks
 Phishing – used fake e-mails and USB devices
 False web sites – determined risks
 Policies – evaluated security related policies

Timestamp compared the county with industry benchmarks and determined the type of
security infrastructure in place. We tailored our attacks to take advantage of gaps.

Timestamp provided an External Network Security Audit Report, a Risk Assessment

Report, and a prioritized Action Plan Report of security related recommendations.

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
Client Benefit

Timestamp external network security audit documented several areas that placed the
organization at risk to external threats. The prioritized Action Plan helped the organization
increase security while increasing protection of its information assets.

Engagement 3- Web Application Security

Client Situation

A software developer provided on-line marketing solutions including web design, content
management, and e-commerce solutions. The software developer was notified by a third
party that its software was not secure. When negative publicity appeared in the media,
clients and prospects became concerned and revenue declined. The software
developer’s President wanted assurance that its code, with interfaces to internal database
systems, was secure and protected from threats.

Timestamp Solution

Emulating the approach used by hackers, Timestamp used a variety of manual and
automated tools to perform a controlled real-life attack on the organization's web
application and web server for vulnerabilities. Timestamp evaluated the application for
over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow,
authentication, encryption, JavaScript, and many others. Timestamp provided a Web
Application Security Audit Report with our findings, an analysis of vulnerabilities, and
solutions to enhance security.

Client Benefit

Timestamp web application security audit identified several areas that placed the
organization at risk to hackers and other external threats. With Timestamp report, the
organization eliminated software bugs and enhanced security by implementing changes
to their code and procedures. As a Certified Information Systems Auditor, Timestamp
provided a follow-up web application security audit and verified that the security issues
identified in the first audit had been addressed. Timestamp provided the software
developer with our Auditor Opinion Letter that the client distributed to their prospects and
clients. The organization’s enhanced image and reputation helped it increase revenue
both by retaining current customers and by converting new prospects into client.

Engagement 4 - Mobile Application Security Audit

Client Situation

A marketing company developed a mobile software application for a large international

client. Management at the marketing company was concerned about the security of the
mobile application.

Timestamp Solution

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
Timestamp provided a "hand on" security audit of the mobile application. We evaluated
security risks related to:
 User use of the device
 Mobile software coding issues
 Interfaces to servers and databases
 Configurations of servers, firewalls, and network segmentation
 Authentication issues
 Backups and recovery

Timestamp Mobile Application Security Audit Report documented security risks and
provided recommendations to enhance security.

Client Benefit

Timestamp's mobile application security audit documented recommended changes to

enhance security of the mobile application and server environment. The marketing
company and the large international client had the peace of mind knowing that the mobile
application kept information secure from intruders.
8. ASSUMPTIONS

 VRA is responsible to provide relevant reports/information relating to the

assignment.
 VRA is required to grant access for Timestamp to IT Infrastructure
 A single point of contact is assigned from VRA team to communicate with
Timestamp
 VRA authorizes and informs Timestamp about the Key personnel required for
interview during the assessment phase

9. ANNEXURE – TIMESTAMP IT AUDITOR PROFILES

9.1 Profile – 1:

Patrick Mosiatlhaga

PROFESSIONAL QUALIFICATIONS

 Certified in the Governance of Enterprise IT (CGEIT), ISACA - Registration No.

1607047
 COBIT® 5 Implementation Certified, ISACA - Registration No. 03955818-01-ZFJK
 TOGAF® Certified, The Open Group ®- Registration No. 100923
 OMG Certified Expert in BPM 2 (OCEB 2) - OMG, Candidate ID. OMG00018354
 Project Management Professional (PMP), Project Management Institute (PMI) - Reg.
No. 1431471

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
 Registered PRINCE2® Practitioner, APMG, Registration No. P2R/883592

EXECUTIVE SUMMARY

Patrick has been a professional for the past thirty years with more than 20 spent at Senior
and Executive Management levels. He gained his first 15 years of his professional career
at Eskom where he progressed from Junior Programmer to head of the Systems
Development and Support Department. He was previously the Chief Information Officer
at the City of Johannesburg, and his last fixed term contract of employment was as Chief
Information Officer at Gauteng Enterprise Propeller. This career progression is testament
his visionary leadership and continuous self- improvement philosophy.

QUALIFICATIONS

 2009 Executive Development Programme (EDP) in Labor Relations and Leadership

Wits Business School
 2000 Graduate Programme in Utility Management, Global Utilities Institute Samford
Business School
 1999 Master of Business Leadership (MBL)
 UNISA School of Business Leadership
 1986 B.Sc. Computer Science & Mathematical Statistics, University of the North
 1982 Matriculated with Exemption, Anchor High School

Achievements

 Graduated Cum Laude (Thesis) in MBL

Experience

Strong acumen in aligning IT vision and strategy with business strategy, ensuring benefits
realization from IT investments, managing IT risks optimally, and building teams and
organizations that create and deliver value. He has a proven track record in, amongst
others, IT Strategy, IT resource optimization, Business Process Reengineering and
Management, IT Security and Risk Management, successful implementation of complex
projects and development and implementation of IT Governance frameworks and related
processes.

PROFESSIONAL WORKING EXPERIENCE

POSITION: CHIEF INFORMATION OFFICER (CIO) (3 YEAR FIXED TERM

CONTRACT)

Period: November 2013 – January 2017

Gauteng Enterprise Propeller (GEP) is a Provincial Government agency established

under the auspices of the Department of Economic Development. The GEP mandate is
to provide tailored Financial and Business Development Support services to Gauteng
based SMMEs and Cooperatives.

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
Responsibilities:

 Member of the Executive Committee and provided vision and leadership for
developing and implementing information systems and communications
technologies to enable and support the GEP achieve its business objectives.
 Responsible for all aspects of the organization’s Information and Communications
Technologies using industry best practices, standards and frameworks such as
COBIT, ITIL, PMBOK, PRINCE2, TOGAF Architecture Development Method
(ADM) and the ISO/IEC 27000 series.
 Formulating and delivering the IT Vision and Strategy
 Defining and implementing the Enterprise Architecture
 Application Development, support and maintenance
 IT Service Management
 IT Governance, Risk and Compliance
 Project/Program and Portfolio Management
 Manage Stakeholders, Relationships and Suppliers
 Manage Resources (Human, Financial, Physical and IT Assets)
 Technical Consultant to the business, including the Board and Board Committees

POSITION:IT MANAGEMENT CONSULTANT

Period: October 2011 – October 2013

Company: Self employed

Responsibilities:

IT Management Consultant providing consulting services based on industry best

practices, frameworks and standards (COBIT, ITIL, TOGAF, PMBOK, ISO/IEC 27000
series, etc.)

Consulting Services

 IT Strategic Alignment, IT Governance, Business Process Management,

Enterprise Architecture, Portfolio / Programme / Project Management, Systems
Development Lifecycle Approaches, IT Service Management, Information
Management and Information Security and IT Risk Management
 One of the companies I consulted for is Standard Bank, for the period Jan 2012 –
Dec 2012 as the Programme Manager in the Global Technology Group.

POSITION: CHIEF INFORMATION OFFICER (FIVE YEAR FIXED TERM CONTRACT)

Period: July 2006 – September 2011

Company: Greater Johannesburg Metropolitan Council

Responsibilities:

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Responsible for providing vision and direction, enabling the Johannesburg
Metropolitan Council (Enterprise) to achieve strategic technology and business
objectives.
 Reported to the City Manager (CEO) and was a member of the Executive
Committee and various other sub- committees and interacted a lot with the Board,
as constituted by the Mayoral Committee.
 Projects undertaken ranged from R1 Million to R800 Million. During the last year
(July 2010 – August 2011) of my 5 Year contract, I was seconded to City Power,
an Agency / Company of the Joburg Metropolitan Council, to head the IT Function
and be part of the Executive Team that sought to position Joburg Metro as the
Regional Electricity Distributor (RED4) leader.
 Formulation and implementation of the IT Strategy to align IT plans and operations
with the City’s objectives and operations.
 Ensuring a cost effective and efficient IT service delivery to the City through
management of own resources and IT Outsourced Contracts and ensuring end-
user satisfaction
 Developing and implementing Enterprise Architectures, including enterprise
technology standards to ensure systems compatibility and integration throughout
the enterprise
 Project and Programme Management of Enterprise-wide Technology initiatives.
 Developing and implementing IT Governance, Risk Management and ensuring
compliance with Information
 Security Laws, regulations and other relevant statutes
 Engaging and collaborating with other government entities, professional and
international agencies to craft business solutions.

POSITION: GENERAL MANAGER – INFORMATION AND SYSTEMS MANAGEMENT

Period: October 2002 – June 2006

Company: City Power Johannesburg (Pty) Ltd
City Power is an Electricity Distribution Utility that serves the Greater Johannesburg
Metro Customers. Projects managed range from R100K to R80M.

Responsibilities:

 Strategic and general management of the full spectrum of IT services and

resources, including Information Systems Development and Support.
 Developing and delivering the Information Systems and Technology Architectures
 Project and Program Management of Technology initiatives.
 Developing and implementing IT/IS service plans for the organization.
 Liaising and networking extensively with top and senior management.

POSITION: Period: Company:

CHIEF OPERATIONS OFFICER (COO)

May 2002 – October 2002

Motswedi Technology Group (Information and Communications Technology Solutions
Company)

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
Responsibilities:

 Responsible for the operational aspects and strategic delivery alliances of the
company.
 Generation and maximization of shareholder value by integrating operational
strategies, plans, budgets, operational guidelines and procedures.
 Management of customer and supplier relationships
 Formulation of strategic technology relationships
 Ensure optimal utilization of resources and effective SLA delivery

POSITION:SENIOR MANAGER – APPLICATION DEVELOPMENT AND SUPPORT

Period: November 1999 – January 2002
Company: Eskom & arivia.kom

arivia.kom comprised of the merged IT Divisions of Eskom (Eskom ITS), Transnet

(Datavia) and Denel (Ariel Technologies).

Responsibilities:

Managed the Application Development and Support division, which comprised about
340 professionals (including contractors) with qualifications ranging from bachelors to
doctorate degrees. Projects managed range from R1M – R350M.

 Managing the Application Development and Support service line as a sustainable,

profitable entity
 Providing strategic direction and leadership for the integrated systems/applications
development, maintenance & support Division; and ensuring service line delivery
capability.
 Formulating and implementing best practice Project/Programme Management
strategies, tools and work practices to ensure successful delivery of
Projects/Programmes.
 Developing high-level Service Level Agreements and Contracts with
customers/vendors/External Service providers and ensuring adherence and
delivery performance.
 Building and managing client relationships at Senior and Board levels
 Liaising with industry experts, vendors and subject matter experts on best practice
methodologies and work processes.
 Establishment of Centres of Excellence

EARLIER WORKING HISTORY

 PART-TIME LECTURER - Higher Certificate in Project Management, Damelin,

March 2002 – June 2002
 REGIONAL INFORMATION MANAGEMENT MANAGER (Central Region),
ESKOM Distribution, 1997 – 1999
 CORPORATE DISTRIBUTION INFORMATION MANAGEMENT MANAGER,
ESKOM Distribution, 1995 – 1997
 MARKETING INFORMATION SYSTEMS ADVISOR, Eskom (Marketing Group),
1993 – 1995

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  JUNIOR PROGRAMMER UP TO ANALYST DESIGNER, Eskom (ITS), 1987 –
1993

COMMITTEES

 Has served and been a member of Senior Management and Board Committees,
Labour/Management forums and served as an Executive Council member of the
then Computer Society of South Africa in the year 2001.

REPRESENTATION

 Has been a representative in a number of Business/IT forums and have played

key roles in Business/IT strategic alignment projects, including BPM, Enterprise
Resource Planning (ERP) implementations, Enterprise Architecture and Business
Transformation projects.

9.2 Profile – 2:

Kwadzanai Wilson Majaji

SUMMARY: A mature Computer Science graduate with both academic and proven
practical I.T skills in I.T security, systems support, systems analysis and design, project
management as well as training. Offering proven problem solving skills and strong client
focus, with ability to relate to individuals across all levels is one form of expertise I
possess. Experienced in working both independently and in a team providing solutions
in a pressurised, deadline- driven setting. Looking for an opportunity to build on existing
skills and simplifying business processes through the use of technology so as to ensure
maximum business efficiency.

TECHNOLOGY SUMMARY:

Security Technologies: Kaspersky, McAfee, Symantec, ESET, Microsoft

I.T Governance Frameworks: Cobit 5, ITIL, ISO 27001, Prince2, King III
Operating Systems: Windows XP, Vista, 7, 8, 8.1, 10, Ubuntu,
Servers: Windows DHCP, DNS, Active Directory, SQL Server 2012
Networking: Switching, Routing, VPN, ADSL, Cisco, HP, Ubiquiti, Netgear.
Firewalls: Cyberoam, Windows, Fortigate, Checkpoint, pfSense
Applications: Office 365, Exchange Online, SharePoint Online, MS Office Suite
Virtualization: VMware, Virtual Box, Hyper-V
Project Management: Scrum, Agile, SDLC, Prince2, PMBOK

ACADEMIC QUALIFICATIONS:

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
 Post-Grad Diploma: Project Management

2015 - 2015 Management College of Southern Africa (MANCOSA)

BSc (Honours) Computer Science

2006 – 2010 National University of Science and Technology

A levels: Biology (A) Mathematics (B) Chemistry (C)

2003 – 2004 Daramombe High School

PROFESSIONAL CERTIFICATIONS:

 Cisco Certified Entry Networking Technician

 Cobit 5 Foundation and Implementation (Certified)
 Prince 2 Foundation and Practitioner (2000349051) (Certified)
 ITIL v3 Foundation (Registration Number: 275480373) (Certified)
 MCSA SERVER 2012: Passed one module 70-411
 Comptia Security+ 2012- 2015
 Cyberoam Certified Network Security Professional (CCNSP) 2014 - 2016
 PC Maintenance & Repair
 Linux Network Administration

WORK EXPERIENCE:

March 2016 – Present: Africa’s Best 350 (AB350) Bus Company, Mthatha

I.C.T Specialist / Administrator

 Lead I.C.T and related technology advisor to the CEO

 I.C.T risk, security, governance and compliance officer for the organization
 Network (wired and wireless) monitoring, support and administration
 Desktop configuration, support, monitoring and maintenance
 Maintenance of servers (on-premise physical and virtual, cloud-based)
 CCTV installation and maintenance
 Performing and monitoring backups for all I.C.T systems
 Administration and support of I.C.T and related technologies
 Project management for all I.C.T and related corporate strategy projects
 End-user training and support for all new and old systems
 SLA drafting, negotiation and monitoring
 Supervising the ICT technician

January 2014 – Present: Ikhala Public FET College, Queenstown

ICT Manager

 Section head for the institution’s ICT department

 Ensuring that all the systems are functioning as expected

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Supply Chain Management Evaluations, ICT/Infrastructure, Resource planning
committees member
 Project management and administration for I.C.T projects
 Contract and stakeholder management for I.C.T-related matters
 Maintenance of the Office365 and related infrastructure
 Server and network monitoring and management (WAN and LAN)
 Training staff on the old and new technologies that exist at the college
 Researching on ways of ensuring business process efficiency using existing
technologies within the institution and in the market
 I.T governance and compliance for all systems and I.T processes
 Providing 2nd line support for all the technicians and mentoring of staff
 I.C.T-related projects design and specifications drafting
 Advising management with regards to policy making which affects ICT
 In-charge of the systems’ backups and disaster recovery processes
 I.T systems security management and administration
 Maintaining all IT hardware and software for users including networking, servers,
Windows Vista, XP, Windows 7, 8, 8.1

February 2013 – December 2013: OpenMind Technologies, Queenstown

Systems Administrator (On-site Consultant at Ikhala FET Queenstown)

 Acting in place of the I.C.T Manager

 Coordinator for Ikhala College I.T infrastructure project
 Liaising with suppliers and overseeing the procurement of equipment
 Desktop, server and network configuration, support and maintenance
 Networks and systems security monitoring, support and maintenance
 ERP (Coltech) administration, backup and assisting with system upgrade
 Performing data, databases and systems backup
 Supervising and mentoring I.T Technicians and interns
 Supporting the roll-out of new applications
 Systems’ user training

May 2011 – August 2011: Zezethu Consulting Engineers, East London

IT Support Engineer

 Configuring and testing of any new hardware or software

 Resolving hardware and software issues on desktops, laptops and network
printers
 Administering and maintaining LAN network equipment to ensure high availability
and high performance of the systems
 Tracking and deploying Windows patches and updates to maintain a baseline of
IT security standards and policies
 Handling IT asset and inventory management
 Installation and troubleshooting of systems at remote sites
 Network security and administration

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Maintaining all IT hardware and software for users including networking, servers,
Windows Vista, XP and Windows 7

9.3 PROFILE – 3

Professional Qualifications

 February 2014 ISO 27000-2 Information Security - Certified Trainer EXIN

 October 2013 ITILv3 Expert certificate – Certified Trainer APMG
 September 2013 ITILv3 service Strategy - Certified Trainer APMG
 September 2013 ITILv3 service Design Certified Trainer APMG
 August 2013 ITILv3 RCV - Certified Trainer APMG
 June 2013 ITILv3 Service operations -Certified Trainer APMG
 May 2013 ITILv3 CSI -Certified Trainer APMG
 January 2012 ITILv3 Foundations - Certified Trainer APMG
 January 2012 ISO 20000 Foundations Certified Trainer EXIN
 February 2012 Business process analysis Training

ITSM PROJECTS:

 2010: Lead practitioner - Bytes System integration/Altech Card Solution -

ISO27001 Certification. Assess and Implement the Security Management
System.
 2016: Support Practitioner - BCX /Telkom - ISO20000 Certification – Phase 1.
Assess and identify ISO20000 Gaps based on Part 1 , 2 and 4 -cloud services
 2017: Project Lead - Telesure Financial Services- ITIL implementation project.
Service Management implementation to design, embed and execute 2ITIL
processes

Pink Elephant ITSM

ITSM Consultant 01/04/2015 (1 Year 6 months)

 Lead and manage ITSM driven improvement initiatives for Clients.

 Conduct process maturity and capability assessments based on best practice
frameworks like ITIL, models like CMMI and standards like ISO/IEC 15504
 Design of roadmaps to plan ITSM process implementation and improvement
programs.
 Facilitate and manage projects to drive service and process
improvement/implementation Initiatives.
 Assisting clients to develop clear strategic plans to address people, process
and technology issues associated with relevant Pink Elephant engagements
 Function in an advisory capacity both internally and externally, driving
innovation and enhancing the capability of Pink Elephant’s consultancy
practice.
 Enhance the credibility of Pink Elephant through thought leadership and
industry recognition.
 Actively supports the Pink Elephant corporate strategy i.e. through delivery
excellence, providing opportunities for other Pink Elephant business units.

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Meet or exceed qualitative and quantitative Key Performance indicators for
Consultant performance
 Owner of the Service Desk Service.

Dimension Data
Operations Manager: 01/04/2014 (1 Year)

 Manage all operational aspect of the SBSA IT service desk

 Delivery of Management reporting on service performance weekly / monthly
basis
 Manage all aspects of Human Resource management for staff
 Maintain relationship with internal clients (SLM, Incident Managers and Ops
Managers.

BPO Service Centre Manager: 01/03/2012 (2 Years )

 Ensure delivery of all Contact Centre services supporting internal and external
clients.
 Championed service management project team responsible for rolling out
ISO27000 in the Network operations business unit.
 Planning service transitions.
 Engineering of policies and procedures according to ISO: 9000 standards.
 Adopting appropriate workforce management techniques.
 Adopting best practice processes.
 Application owner for opentext Assure ITSM Tool.
 Management of Human capital and service assets.
 Global Incident Manager interfacing into problem management teams
 Budgetary forecasting and service costing

Service Desk Supervisor: 1/02/2011 ( 2 years )

 Responsible for the daily operations of service desk support teams. Supervisory
responsibilities included
 Planning and scheduling workforce
 Monitoring performance of staff
 Creating and managing service knowledge content
 Assist management with new service take on and transitions
 KPA assessments and training for -+ 20 support agents

Service Desk Agent: 01/09/2010 ( 1 Year )

 Support role for logging customer IT related incidents and request.

 Adhere to service level agreement stipulated in support contracts
 Solve users queries by using Remote Tools
 Use Active Directory for object reference and validation

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019
  Domain password support.
 Contribute to FCR targets or escalate to 2nd line field engineers.

Trainer and facilitator : 01/06/2009 – 01/06/2011

 Run Team building session for SAB STI

 Facilitate leadership programs and amazing race for corporate clients
 Product training where necessary.

Accounting Officer: 10/11/2006

 Accounting officer ,Finance division Bank and Cash

 Create Payment register
 Capture processed payment for cash flow projections
 Signatory distribution
 Ensure that mangers sign equal amounts of payment monthly.
 Work on Standard bank online CAT’s system
 Make sure that all payments are released by deadline date.
 Payment processing (electronic, manual & ad-hoc )
 Cheque payment – processing and issue supplier cheques.
 Maintain Vodacom bursary collection register

Room Service Waiter: 02/11/2004

 Provide in room catering services for guest making sure that food served was
well-presented
 Contribute to maintain high service excellence in 5 star environments.
 Adherence to health and safety regulation
 Assistance with waiting at Banqueting events
 Worked at G20 international summit
 Worked at British open Golf event

RESPONSE FOR RFP No: 11606 – CONSULYANCY SERVICES FOR IT AUDIT MARCH 2019