Technical Specification

Appendix

to the Tender Regulation of

19 May 2015

No. LZRA2015/1/K

Technical Specification

(procurement identification No. LZRA2015/1/K)

1. Introduction 2

1.1. Context and aim of the document 2

1.2. Procurement goals and structure 2

1.3. Definitions and descriptions of terms used 3

1.4. Abbreviations 4

1.5. Related documents 4

2. General description 5

2.1. Description of the present situation 5

2.1.1. Operation of LACA 5

2.1.2. Necessity of the Audit Support Information System (ASIS) 5

2.1.3. Audit or review engagement work stages 6

2.2. Description of system operations 10

2.2.1. The ASIS software architecture 10

2.2.2. System users 10

2.2.3. Technical architecture of the system 11

2.3. Timeline of development and implementation of the IS 12

3. Description of procurement requirements 13

3.1. Service delivery requirements 13

3.1.1. Organising requirements for the project 13

3.1.2. Requirements for development, implementation and maintenance of the system 15

3.2. Functional requirements of the system 19

3.2.1. The ASIS system 19

3.2.2. System integration requirements 27

3.3. Non-functional requirements of the system 29

1.  Introduction

1.1.  Context and aim of the document

1.2.  Procurement goals and structure

The goal of the procurement is to ensure development or adoption and implementation of the Audit Support Information System (ASIS). Within the framework of the procurement, the winner of the tender shall have to provide development or adoption and implementation of functional blocks of ASIS, carrying out development and delivery of components described in the table below.

Table 1 – Procurement components

Component / Description /
Development or adoption of ASIS system software / The provider shall develop or adopt functional blocks of the software for registration, processing, output of the ASIS information.
Key functional blocks:
•  Customers’ register;
•  Users’ register;
•  Database of templates and management of engagement types;
•  Creation and acceptance of engagements;
•  Creation and processing of engagement file;
•  Completion and archiving of engagement;
•  Introduction of changes in logic of audit procedures;
•  Administering users and system.
Integration of ASIS with internal and external information systems. / The provider shall develop or adopt integration with internal and external systems.

When preparing a proposal, applicants have to offer a complete solution to comply with all requirements referred to in Table 1 and in the technical specification to ensure operations of all components. The Applicants shall indicate separately in the Proposal and sign the items given in the table below.

Component / Notes /
Functionality of software developed by the applicant in line with requirements referred to in the technical specification / To be included in the Applicant’s proposal
Components of third parties used by the applicant / To be included in the Applicant’s proposal
To ensure exchange of software data between external and internal IS / To be included in the Applicant’s proposal
Software of application servers / To be included in the Applicant’s proposal
Licences for database management systems / The Applicant shall ensure the DBVS licences necessary to operate the solution, on the basis of infrastructure available to the Client.
Operating systems / Provided by the Client. The Applicant shall sign claims against the OS on the basis of infrastructure available to the Client.
Other software / Any additional software necessary to comply with requirements defined in Section 2 and 3 to be included in the Applicant’s proposal.
Technical support / Provided by the Client. The Applicant shall sign claims against the technical support on the basis of infrastructure available to the Client.
Other technical support / Any additional technical support necessary to comply with requirements defined in Section 2 and 3 to be included in the Applicant’s proposal.

1.3.  Definitions and descriptions of terms used

Table 2 – Definitions and descriptions of terms used

Term / Description /
Business Process Execution Language / Business Process Execution Language. A language used to describe business processes and interaction of business processes in organisations and among those.
Classifier / One or more database tables that include collection of specialised information necessary to systematise a certain quantity.
User interface / Interface for information exchange between user and software components.
Metadata / Data describing information and different parameters.
Web services
. / A common way to exchange software data. Web protocols are used for transmission. Web services ensure information exchange without having knowledge of the second involved system software. It is important for the service user to receive a specific resource, service provider, however, can choose freely any time in what language and on what platform to develop and operate the necessary algorithms.
Service Oriented Architecture / An aggregation of design principles providing an opportunity to use network technologies, create modular services that can be mutually integrated and used repeatedly, applying united data exchange principles (web services).
Web / Network environment that can operate applications via browser.
Clients / Small and medium-sized auditor companies’ clients
Engagement / Specific work (audit or review) as a result of which an auditors’ report is prepared
Engagement working file / An aggregation of engagement tasks and documents related to engagement and documented systematically
Work tasks / Work (audit procedure) performed within the framework of an engagement and that is necessary to prepare an auditors’ report; work tasks are usually provided in specific templates.
Financial statements / Financial statements prepared by client on which an auditor provides an opinion
Auditors’ report / Auditors’ report on financial statements reflecting the performed work
Component of the financial statements / Part of the financial statements (for example, balance sheet item, note to the financial statements etc.)
Template
(document template) / Previously defined term of reference saved in the system or document template or both
Template database / An aggregation of illustrative work tasks and templates, from which work tasks or templates can be imported to the engagement file
Superuser related to audit company / Superuser / administrator of audit company that is assigned by administrator (system administrator related not to audit company but general software administration)

1.4.  Abbreviations

Table 3 – Abbreviations

Abbreviation / Description /
ASP / Active Server Pages
DBMS / Database Management System
HTTP / Hyper text transfer protocol
ICT / Information and Communication Technologies
IS / Information System
Client / Latvian Association of Certified Auditors (LACA)
Provider / Tender Applicant that obtained provider and implementation rights
DSD / Description of Software Design
SRS / Software Requirements Specification
Applicant / Participants of procurement tender from which one Provider is selected
ASIS / Audit Support Information System
SOA / Service Oriented Architecture
SSO / Single Sign-on
RCSP / Reliable Certification Service Provider
XML / eXtensible Markup Language

1.5.  Related documents

Table 4 – Related documents

No. / Abbreviated title / Full title /
1.  / Methodology / Manual of International Accounting Standards application in audit of small and medium-sized companieshttp://www.fm.gov.lv/lv/sadalas/gramatvedibas_un_revizijas_politika/projekts_tehniska_palidziba_finansu_parskatu_sagatavosana/tulkojumi/
2.  / Law On Certified Auditors / Law “On Certified Auditors”

2.  General description

This section provides a summary of the present situation, as well as sets goals and tasks of the IS and functional blocks. In addition, the section contains information on the timeline for development and implementation of the IS that the Provider has to comply with when preparing and submitting a proposal.

2.1.  Description of the present situation

2.1.1.  Operation of LACA

The Latvian Association of Certified Auditors (LACA) is an independent professional corporation that was founded in 1994 according to the Law on Certified Auditors. The organisation was founded by 75 certified auditors, however, its roots trace back to 12 July 1938 when the Cabinet of Ministers of the Republic of Latvia adopted and the President proclaimed the “Law on Certified Auditors”. LACA is the only professional organisation in Latvia uniting all certified auditors and commercial companies of certified auditors.

The goal of the Association as a professional corporation of the Latvian certified auditors is to implement professional management of certified auditors to facilitate increase of qualification, improvement of creative skills and sharing of experience, as well as take care of reputation and legal protection of the profession. The Association’s operations are directed towards compliance with the tasks prescribed in the Law “On Certified Auditors”:

·  to ensure the supervision of conformity with the professional standards and ethical norms, as well as other laws and regulations applicable to the profession, and of the professional activity of members of the LACA;

·  to represent and defend the interests of its members, to organise qualification examinations for certified auditors, to decide on the issuance of a certificate to a certified auditor and on the issuance of a licence to a commercial company of certified auditors;

·  to organise the Certified Auditor Register and the Register of Commercial Companies of Certified Auditors;

·  to review disputes between certified auditors and clients at the request of one of the parties to the dispute;

·  to organise and supervise continuous education and improvement of professional qualification of certified auditors;

·  to develop and submit recommendations related to accounting standards and audit to legislative institutions;

·  to ensure quality control of certified auditors.

2.1.2.  Necessity of the Audit Support Information System (ASIS)

When documenting work, the small audit companies currently are operating on the basis of their own subjective opinion and practice. Work performed is documented in separate files, however, there is no joint system that would provide a summary whether all the tasks have been completed and in what status they are at present. Moreover, separate document files require manual work that often makes the work of small audit companies inefficient.

In light of the above, the small audit companies cannot solve this problem continuously investing in development of software. The Latvian Association of Certified Auditors would like to use the available financial support provided by the Swiss – Latvian Cooperation Program to develop a specific audit software that would be adapted to the needs of the Latvian market and would therefore increase efficiency and quality of work performed in this sphere.

Implementation of the new software:

·  will help to reduce the amount of manual work and allow auditors to perform their work more efficiently;

·  will improve quality of work as working processes are structured in a system;

·  will simplify supervision, as well as cooperation and consultations among auditors as work would be conducted using a similar system;

·  will allow look for common solutions to archive documents and solve other issues, which currently are solved by each auditor individually; and

·  will allow audit companies to exchange with new templates and participate at their development.

The LACA is planning to carry out the ASIS implementation project and offer ASIS to small audit companies as a pay service: during the first 2 years subscription payment would include infrastructure and administration costs for operating the ASIS and after 2 years it would include also ASIS maintenance costs.

2.1.3.  Audit or review engagement work stages

This section provides work stages (auditor review engagement) and planned succession of work for support of which the ASIS is developed.

Image 1 – The key work stages of audit and review engagement

Work stage / Example of tasks
(The ASIS has to document a description of all tasks performed within the term of reference and the respective results.) / Additional explanation: Work conducted within the framework of the planned system and work conducted outside it (separate tasks) /
1. Client acceptance / 1.1. The Auditor researches information available on the client.
1.2. The Auditor assesses compliance with requirements of independence, resources, qualification and other requirements compliance with which is necessary to accept the work.
1.3. The Auditor takes a decision on the client acceptance and signs a service agreement. / 1.1. The main data on the client are registered with the ASIS in the client card. Information obtained during research is attached in files.
1.2. The conducted work is documented in external files.
1.3. To take a decision on acceptance of work a questionnaire is filled in and a decision on client acceptance is taken in the ASIS. The ASIS fills in agreement template using data entered in the client card.
2. Engagement planning / 2.1. The Auditor obtains information and fills in the following documents:
·  client’s business understanding, impact of external and internal factors and related risks;
·  understanding of key accounting processes, internal controls and related risks.
(If work within the engagement is conducted for a long time, prior year engagement file templates are used; templates are reviewed and, if necessary, updated.)
2.2. The Auditor enters the main data of the financial statements (balance sheet, profit or loss statement) in the software and links it with data of journals / ledgers imported from accounting software containing information of accounting level.
2.3. The Auditor defines the significance on the basis of indices in the financial statements.
2.4. The Auditor analyses the financial statements and identifies spheres that would potentially contain deficiencies.
2.5. The Auditor prepares a summary of risks and assesses their significance and possible impact.
2.6. The Auditor prepared the planned time line of audit procedures in line with the identified risks (majority of tasks are planned on the basis of components of the financial statements; the more components, the larger the number of tasks).
2.7. Tasks are transferred to work group members for completion. / 2.1. Client business (business environment) understanding is documented in an external file. The identified risks are entered in the system and a summary of their assessment is documented in the ASIS.
2.2. Indices are entered or imported to the ASIS.
2.3. Significance is calculated in the ASIS using data (indices) referred to in the previous subsection (up to 4 or 5 indices). There has to be an option to describe (define) calculation procedure / formula and indices used in the system.
2.4. Risk spheres are entered in the system on the level of items of the financial statements. The selection defines the calculation of selection cluster with the ASIS (the higher the risk, the larger the selection cluster).
2.5. All risks are summarised with the ASIS.