IT - Audit Services

Location: Oklahoma
Posted: Jun 19, 2026
Due: Jul 6, 2026
Agency: Grand River Dam Authority
Type of Government: State & Local
Category:
  • R - Professional, Administrative and Management Support Services
Solicitation No: RFP 9461 – Audit Services – Information Technology
Publication URL: To access bid details, please log in.
NewsRFP 9461 – Audit Services – Information Technology

Jun 18, 2026

RFP 9461 Pkt

RFP Number: 9461

Project Description: Audit Services – Information Technology

The bid is due by July 6, at 2:00 PM CST

Please send all questions and correspondence to: Melissa.Rickman@GRDA.com

Questions are due by June 29, 2026, at 2:00 PM CST

Click the link above to access the packet for all pertinent documentation.

Disclaimer

It is the responsibility of the prospective vendor to check the GRDA Website regularly for bidding opportunities and any amendments or announcements that may be issued to solicitations. GRDA is not responsible for a vendor’s failure to acknowledge any aforementioned information required to be obtained in a timely manner.

Some solicitations have documents, such as blueprints, that cannot be attached to the solicitations due to confidentiality issues. It is the responsibility of the prospective vendor to read instructions in the solicitation on how to obtain these documents required to complete the solicitation response and to submit the response in accordance with the instructions. Fax, E-mail or third party submitted copies of bids will not be accepted for the submission of sealed bids. Sealed bids must be submitted via bidexpress.com.

Solicitation means a request or invitation by GRDA for a vendor to submit a priced offer to sell acquisitions to GRDA. A solicitation (i.e. bid opportunities) may be a Request for Quote (RFQ), an Invitation to Bid (ITB), or a Request for Proposal (RFP).

An amendment to a solicitation means a written change, addition, correction, or revision to a solicitation.

An announcement includes, but not limited to, notice of award, cancellation of a solicitation, an update of a solicitation.

Attachment Preview

GRAND RIVER DAM AUTHORITY
RFQ/RFP# 9461
Solicitation Cover Page
1. Solicitation #: 9461
2. Solicitation Issue Date: 6.16.26
3. Brief Description of Requirement:
The Grand River Dam Authority is seeking responses for Audit Services – Information Technology
4. Response Due Date: 7.6.26 Time: 2:00 P.M. CDT
5. Contracting Officer:
Name: Melissa Rickman
Phone: 918.370.6969
Email: melissa.rickman@grda.com
Grand River Dam Authority is an agency of the State of Oklahoma.
GRDA Engineering & Technology Center • 9933 E 16th Street • Tulsa, Oklahoma 74128 •918-256-5545
Request for Proposal
Audit Services – Information Technology
I. SCOPE OF WORK
The Grand River Dam Authority (the “Authority” or “GRDA”), a non-appropriated state
agency, was created by the State of Oklahoma in 1935 as a conservation and reclamation
district. The Authority has the power to control, store, preserve, and distribute the waters
of the Grand River and its tributaries for any useful purpose and to develop and generate
water power, electric power, and electric energy within the boundaries of the Authority
and to buy, sell, resell, interchange, and distribute electric power and energy.
GRDA’s Information Technology (IT) team formally adopted and implemented 117 of
the safeguards from the CIS Critical Security Controls - version 8 framework (see
enclosed document identifying the safeguards). The Internal Audit Services (IAS) team is
seeking proposals from qualified firms to provide professional IT assurance services on
the effectiveness of this implementation. The engagement shall be performed in
accordance with the Global Internal Audit Standards, including all relevant elements of
the Cyber Security Topical Requirement, with work anticipated to begin October 1,
2026.
II. INSTRUCTIONS FOR SUBMITTING A PROPOSAL
Proposals must be emailed to Melissa Rickman (melissa.rickman@grda.com) by July 6,
2026 . All questions and correspondence should be directed to her no later than June 29,
2026. Contact with GRDA personnel other than Ms. Rickman regarding this RFP may be
grounds for elimination from the selection process.
III. DELVERABLES
The Respondent selected will be responsible for the following:
Conducting an entrance conference with the key stakeholders from IT and Internal
Audit Services
Developing a formal audit objective, audit plan and virtually discussing them with the
Director of Internal Audit Services prior to execution
Providing written status updates biweekly via email to the Director of Internal Audit
Services
Developing and discussing draft audit results with the Director of Internal Audit
Services, including:
Executive summary
Detailed observations with risk ratings
Recommendations for improvement and an overall conclusion
Presenting the audit results to IT senior management and the Director of Internal
Audit Services as well as addressing questions
Seeking and incorporating management’s responses to recommendations into the
final work product
Providing an electronic version of the final work product to the Director of Internal
Audit Services.
IV. PROPOSAL REQUIREMENTS
There shall be six (6) parts to the proposal;
1. Qualifications - The Respondent should state the size of the Respondent firm, and nature
of the professional staff to be employed in this engagement. The principal supervisory
and management staff, including engagement partners, managers, and other supervisors
and specialists, who would be assigned to the engagement, should be identified. Describe
the IT auditing experience of each person. The engagement team must include certified
professionals holding one or more of the following credentials: Certified Internal Auditor
(CIA); Certified Information Systems Auditor (CISA); Certified Information Security
Manager (CISM); or Certified in Risk and Information Systems Control (CRISC).
2. Experience and References– The Respondent must have a minimum of five (5) years of
experience performing audits of a similar nature and have completed at least three (3)
information technology audits within the last three (3) years. Preference may be given to
Respondents with specific experience in evaluating the CIS Critical Security Controls
framework. These audits should be conducted in accordance with Global Internal Audit
Standards or the International Standards for the Professional Practice of Internal
Auditing.
Identify the scope of work, date, engagement partners, total hours, and the name and
contact information of the principal client contact.
3. Cost Proposal - Provide a total all-inclusive maximum price to complete the engagement
including all direct and indirect costs including all out-of-pocket expenses. Include a
schedule of professional fees and expenses that supports the total all-inclusive maximum
price. Out-of-pocket expenses for Respondent personnel (e.g., travel, lodging and per
diem) will be reimbursed for itemized actual and necessary expenses (with detailed
supporting receipts). All expense reimbursements will be charged against the total all-
inclusive maximum price submitted by the Respondent. The Authority will not be
responsible for expenses incurred in preparing and submitting responses to this proposal.
Such costs should not be included in the proposal.
4. Engagement Letter- Provide a sample format engagement letter that may be similar to
what would be used for this engagement along with any supplemental terms and
conditions. Please note that state law prohibits the Authority from entering into contracts
with indemnification and/or limitation of liability provisions. The agreement shall be
governed in accordance with the laws of the State of Oklahoma.
5. Certificate of Non-Collusion and Business Relationships - Submit the provided
Certificate of Non-Collusion and Business Relationships affidavit with the proposal.
6. Insurance Requirements – Commencing with the performance of the Services and
continuing until the earlier of acceptance of the Services or termination of this
Agreement, Respondent shall maintain the following types of insurance coverage with
limits as indicated below. All insurance required in this Agreement shall be obtained
from insurance companies that are duly licensed or authorized in the State of Oklahoma
and rated A– or better by A.M. Best Company or otherwise reasonably acceptable to
GRDA.
6.1.1 Workers' Compensation
Workers’ compensation insurance sufficient to meet Respondent’s obligations
under the laws of the State of Oklahoma and any other state where the Services
are being performed, including employer’s liability coverage for injury, disease
and death with coverage limits of at least One Million Dollars ($1,000,000) per
accident and per employee/policy limit by disease.
6.1.2 Commercial General Liability
Commercial general liability insurance (including contractual liability coverage)
on an occurrence basis for bodily injury, death, “broad form” property damage,
and personal injury, with coverage limits of at least One Million Dollars
($1,000,000) per occurrence and Two Million Dollars ($2,000,000) in the
aggregate.
6.1.3 Professional Liability Insurance
Professional liability insurance with limits of at least One Million Dollars
($1,000,000) per claim and in the aggregate covering Respondent against sums
which Respondent may become legally obligated to pay on account of
professional liability caused by negligent acts, errors, and omissions during the
performance of this Agreement.
6.1.4 Excess Liability
Excess Liability or Umbrella Insurance coverage written over the underlying
employer’s liability, commercial general liability, and professional liability
insurance described above on an occurrence form with a limit of at least Three
Million Dollars ($3,000,000) per occurrence and aggregate.
6.1.5 Certificates
This is the opportunity summary page. It provides an overview of this opportunity and a preview of the attached documentation.
Daily notification on new contract opportunities

With GovernmentContracts, you can:

  • Find more opportunities and win more business
  • Receive daily alerts for all new bid opportunities
  • Get contract opportunities matched to your business
ONE WEEK FREE TRIAL

See also

...with program that provides direct access to local medication drawer cabinets, cart settings, ...

VETERANS AFFAIRS, DEPARTMENT OF

Bid Due: 7/21/2026

...SECURITY and AUDIT RIGHTS 16 DATA PROCESSING 16 CNE OBLIGATIONS 18 SECTION V...

Cherokee Nation

Bid Due: 7/28/2026

* Disclaimer: Information regarding bids, requests for proposals (RFPs), or requests for qualifications (RFQs) is provided on this website only for convenience and does not constitute official public notice. Persons wishing to respond to or inquire about bids, RFPs, or RFQs should contact the appropriate government department.