The URL can be used to link to this page

Home My WebLink AboutStaff Report 2306-159724.Approval of Office of City Auditor Task Order Change - 04.19 Disaster Recovery Preparedness; CEQA Status – Not a Project Late Packet Report 2 4 3 9 City Council Staff Report From: City Manager Report Type: CONSENT CALENDAR Lead Department: City Auditor Meeting Date: June 19, 2023 Report #:2306-1597 TITLE Approval of Office of City Auditor Task Order Change - 04.19 Disaster Recovery Preparedness; CEQA Status – Not a Project RECOMMENDATION The Policy and Services Committee and City Auditor recommend that the City Council approve the change to the Task Order 04.19 Disaster Recovery Preparedness to extend the period of performance. ANALYSIS The agreement between Baker Tilly and the City requires that each internal audit commence only upon the City’s approval of a Task Order. The Office of the City Auditor (OCA) presented Task Order 04.19 – Disaster Recovery Preparedness, and the task order was recommended for approval by the Policy & Services Committee on February 28, 2023 (CMR 2301-08271) and accepted by the City Council during the City Council meeting on March 13, 2023 (CMR 2302-10212). This task order with the period of performance from March 1, 2023, to June 30, 2023, has not been signed since it was approved on March 13, 2023. As a result, OCA has not started an audit of Disaster Recovery Preparedness. The OCA requests the period of performance to be extended to November 30, 2023. The total not-to-exceed budget remains the same. 1 2/28/2023 Policy & Services Committee, Agenda Item #2, FY 2023 City Auditor Task Orders, https://recordsportal.paloalto.gov/Weblink/DocView.aspx?id=52154&dbid=0&repo=PaloAlto 2 3/13/23 City Council, Agenda Item #AA1, FY 2023 City Auditor Task Orders, https://recordsportal.paloalto.gov/WebLink/DocView.aspx?id=82302&dbid=0&repo=PaloAlto 2 4 3 9 Baker Tilly presented the attached modified task order during the Policy & Service Committee meeting on June 13, 2023 (CMR 2305-14643), where a motion to approve the task order change was passed (3-0). FISCAL/RESOURCE IMPACT Work recommended in these tasks is within both the approved scope and compensation of the contract with Baker Tilly and funding levels in the FY 2023 Operating Budget for the Office of the City Auditor. STAKEHOLDER ENGAGEMENT No stakeholder outreach was necessary for this report, as it is an internal decision made by the OCA to reallocate resources for audit functions. ENVIRONMENTAL REVIEW Council action on this item is not a project as defined by CEQA because the audit activities do not involve any commitment to any specific project which may result in a potentially significant physical impact on the environment. CEQA Guidelines section 15378(b)(4). ATTACHMENTS Attachment A: TASK ORDER FY23-4.19 Disaster Recovery Preparedness (Extension) APPROVED BY: Adriane D. McCoy, City Auditor 3 6/13/23 Policy and Services Committee, 04.19 Disaster Recovery Preparedness: https://cityofpaloalto.primegov.com/Portal/viewer?id=2186&type=0 PROFESSIONAL SERVICES TASK ORDER TASK ORDER FY23-4.19 Disaster Recovery Preparedness Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): 1B. TASK O RDER NO.: FY23-4.19 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: March 1May 22, 2023 COMPLETION: June 30November 30, 2023 4 TOTAL TASK ORDER PRICE: $87,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT $TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greg Tanaka, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements:  Services and Deliverables To Be Provided  Schedule of Performance  Maximum Compensation Amount and Rate Schedule (As Applicable)  Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Disaster Recovery Assessment Baker Tilly’s approach to conducting a disaster recovery assessment involves four (4) primary steps:  Step 1: Assessment Planning and Kick-off  Step 2: Information Gathering  Step 3: Disaster Recovery Analysis and Recommendations  Step 4: Reporting Step 1 – Assessment Planning and Kick-off This step consists of the tasks performed to adequately plan the work necessary to address the overall assessment objective and to solidify mutual understanding of the assessment scope, objectives, assessment process, and timing between stakeholders and assessors. Tasks include:  Baker Tilly will work with the City to finalize the assessment scope and project timeline. Baker Tilly will also provide the City with an initial interview and documentation request list.  Finally, Baker Tilly will perform a project kick-off discussion with the City to ensure alignment with the project timeline, interview schedule, and deliverables. Step 2 – Information Gathering This step involves conducting interviews with identified IT security personnel and key stakeholders to gain an understanding of the operating environment and understand the desired outcome of the disaster recovery plan. Baker Tilly will also review current IT disaster recovery policy and procedure documentation, as well as review current infrastructure in place. Step 3 – Disaster Recovery Analysis and Recommendations This step involves assessing the documentation of current disaster recovery plan for high priority application and supporting infrastructure to identify the adequacy of the documentation and identify additional documentation requirements. Baker Tilly will perform a gap assessment between the current disaster recovery capabilities, desired disaster recovery strategy, and industry best practices. Baker Tilly develop recommendation to remediate the identified documentation and capability gaps. Baker Tilly will provide recommendations to update the disaster recovery documentation to address the gaps identified. Step 4 – Reporting The project team will perform tasks necessary to finalize the initial draft disaster recovery assessment report and review a draft report with the stakeholders. Additionally, the team will submit a final assessment report to the City. Tasks include:  Develop findings, conclusions, and recommendations based on the supporting evidence gathered  Validate findings with the appropriate individuals  Distribute a draft assessment report and conduct a closing meeting with key stakeholders o Discuss the assessment results, findings, conclusions, and recommendations  Obtain written management responses and finalize a report Deliverables: The following deliverable will be prepared as part of this engagement:  Disaster Recovery Assessment Report Schedule of Performance Anticipated Start Date: March 1May 22, 2023 Anticipated End Date: June 30November 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $87,500. The not-to-exceed budget is based on an estimate of 400 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork. The maximum compensation amount reflected above will be inclusive of any travel related expenses. Note that, if current restrictions associated with COVID-19 continue, an on-site visit may not be possible. The project team will work with the City to consider circumstances at the time.