HomeMy WebLinkAboutStaff Report 2305-14642
1
8
6
Policy & Services Committee
Staff Report
From: City Auditor
Report Type: ACTION ITEMS
Lead Department: City Auditor
Meeting Date: June 13, 2023
Report #:2305-1464
TITLE
Approval of Office of City Auditor Task Order Change - 04.19 Disaster Recovery Preparedness
RECOMMENDATION
The City Auditor recommends that the Policy & Services Committee recommend that the City
Council approve the change to the Task Order 04.19 Disaster Recovery Preparedness.
DISCUSSION
The agreement between Baker Tilly and the City requires that each internal audit commence
only upon the City’s approval of a Task Order.
The Office of the City Auditor (OCA) presented Task Order 04.19 – Disaster Recovery
Preparedness, and the task order was recommended for approval by the Policy & Services
Committee on February 28, 2023, and accepted by the City Council during the City Council
meeting on March 13, 2023.
This task order with the period of performance from March 1, 2023 to June 30, 2023, has not
been signed since it was approved on March 13, 2023. As a result, OCA has not been able to
start an audit of Disaster Recovery Preparedness. The OCA requests the period of performance
to be extended to November 30, 2023. The total not-to-exceed budget remains the same.
FISCAL/RESOURCE IMPACT
Work recommended in these tasks is within both the approved scope and compensation of the
contract with Baker Tilly and funding levels in the FY 2023 Operating Budget for the Office of
the City Auditor.
STAKEHOLDER ENGAGEMENT
No stakeholder outreach was necessary for this report, as it is an internal decision made by the
OCA to reallocate resources for audit functions.
2
1
8
6
ENVIRONMENTAL REVIEW
Council action on this item is not a project as defined by CEQA because the audit activities do
not involve any commitment to any specific project which may result in a potentially significant
physical impact on the environment. CEQA Guidelines section 15378(b)(4).
ATTACHMENTS
Attachment A: TASK ORDER FY23-4.19 Disaster Recovery Preparedness (Extension)
APPROVED BY:
Adriane D. McCoy, City Auditor
PROFESSIONAL SERVICES TASK ORDER
TASK ORDER FY23-4.19 Disaster Recovery Preparedness
Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the
Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this
Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical
and supporting personnel required by this Task Order as described below.
CONTRACT NO. C21179340
OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE)
1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE):
1B. TASK O RDER NO.: FY23-4.19
2. CONSULTANT NAME: Baker Tilly US, LLP
3. PERIOD OF PERFORMANCE: START: March 1May 22, 2023 COMPLETION: June 30November
30, 2023
4 TOTAL TASK ORDER PRICE: $87,500
BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT $TBD
5. BUDGET CODE_______________
COST CENTER________________
COST ELEMENT______________
WBS/CIP__________
PHASE__________
6. CITY PROJECT MANAGER’S NAME & DEPARTMENT:
Greg Tanaka, Chair of the City Council’s Policy and Services Committee
7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A)
MUST INCLUDE:
SERVICES AND DELIVERABLES TO BE PROVIDED
SCHEDULE OF PERFORMANCE
MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)
REIMBURSABLE EXPENSES, if any (with “not to exceed” amount)
8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A
I hereby authorize the performance of the
work described in this Task Order.
APPROVED:
CITY OF PALO ALTO
BY:____________________________________
Name __________________________________
Title___________________________________
Date ___________________________________
I hereby acknowledge receipt and acceptance of
this Task Order and warrant that I have
authority to sign on behalf of Consultant.
APPROVED:
COMPANY NAME: ______________________
BY:____________________________________
Name __________________________________
Title___________________________________
Date ___________________________________
Attachment A
DESCRIPTION OF SCOPE OF SERVICES
Introduction
Attachment A, the Description of Scope of Services, contains the following four (4) elements:
Services and Deliverables To Be Provided
Schedule of Performance
Maximum Compensation Amount and Rate Schedule (As Applicable)
Reimbursable Expenses, if any (With “Not To Exceed” Amount)
Services & Deliverables
Disaster Recovery Assessment
Baker Tilly’s approach to conducting a disaster recovery assessment involves four (4) primary
steps:
Step 1: Assessment Planning and Kick-off
Step 2: Information Gathering
Step 3: Disaster Recovery Analysis and Recommendations
Step 4: Reporting
Step 1 – Assessment Planning and Kick-off
This step consists of the tasks performed to adequately plan the work necessary to address
the overall assessment objective and to solidify mutual understanding of the assessment
scope, objectives, assessment process, and timing between stakeholders and assessors. Tasks
include:
Baker Tilly will work with the City to finalize the assessment scope and project
timeline. Baker Tilly will also provide the City with an initial interview and
documentation request list.
Finally, Baker Tilly will perform a project kick-off discussion with the City to ensure
alignment with the project timeline, interview schedule, and deliverables.
Step 2 – Information Gathering
This step involves conducting interviews with identified IT security personnel and key
stakeholders to gain an understanding of the operating environment and understand the
desired outcome of the disaster recovery plan.
Baker Tilly will also review current IT disaster recovery policy and procedure
documentation, as well as review current infrastructure in place.
Step 3 – Disaster Recovery Analysis and Recommendations
This step involves assessing the documentation of current disaster recovery plan for high
priority application and supporting infrastructure to identify the adequacy of the
documentation and identify additional documentation requirements.
Baker Tilly will perform a gap assessment between the current disaster recovery capabilities,
desired disaster recovery strategy, and industry best practices.
Baker Tilly develop recommendation to remediate the identified documentation and
capability gaps.
Baker Tilly will provide recommendations to update the disaster recovery documentation to
address the gaps identified.
Step 4 – Reporting
The project team will perform tasks necessary to finalize the initial draft disaster recovery
assessment report and review a draft report with the stakeholders. Additionally, the team will
submit a final assessment report to the City. Tasks include:
Develop findings, conclusions, and recommendations based on the supporting
evidence gathered
Validate findings with the appropriate individuals
Distribute a draft assessment report and conduct a closing meeting with key
stakeholders
o Discuss the assessment results, findings, conclusions, and recommendations
Obtain written management responses and finalize a report
Deliverables:
The following deliverable will be prepared as part of this engagement:
Disaster Recovery Assessment Report
Schedule of Performance
Anticipated Start Date: March 1May 22, 2023
Anticipated End Date: June 30November 30, 2023
Maximum Compensation Amount and Rate Schedule
The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this
Task is $87,500. The not-to-exceed budget is based on an estimate of 400 total project hours, of
which 20 are estimated to be completed by the City Auditor.
Reimbursable Expenses
If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork. The maximum
compensation amount reflected above will be inclusive of any travel related expenses.
Note that, if current restrictions associated with COVID-19 continue, an on-site visit may not be
possible. The project team will work with the City to consider circumstances at the time.