HomeMy WebLinkAbout20162542.tiffRESOLUTION
RE: APPROVE MASTER SERVICES AGREEMENT AND AUTHORIZE CHAIR TO SIGN -
PARAGON AUDIT AND CONSULTING, INC.
WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to
Colorado statute and the Weld County Home Rule Charter, is vested with the authority of
administering the affairs of Weld County, Colorado, and
WHEREAS, the Board has been presented with a Master Services Agreement between
the County of Weld, State of Colorado, by and through the Board of County Commissioners of
Weld County, on behalf of the Department of Information Technology, and Paragon Audit and
Consulting, Inc., commencing upon full execution, and ending August 31, 2016, with further terms
and conditions being as stated in said agreement, and
WHEREAS, a hearing before the Board was held on the 8th day of August, 2016, at which
time the Board deemed it advisable to continue said matter to August 10, 2016 to allow the
Director of the Department of Information Technology to be present, and
WHEREAS, after review, the Board deems it advisable to approve said agreement, a copy
of which is attached hereto and incorporated herein by reference.
NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of Weld
County, Colorado, that the Master Services Agreement between the County of Weld, State of
Colorado, by and through the Board of County Commissioners of Weld County, on behalf of the
Department of Information Technology, and Paragon Audit and Consulting, Inc., be and hereby
is, approved.
BE IT FURTHER RESOLVED by the Board that the Chair be, and hereby is, authorized
to sign said agreement.
GG: TT C PR)
' I301 ICo
2016-2542
IT0005
RE: MASTER SERVICES AGREEMENT - PARAGON AUDIT AND CONSULTING, INC.
PAGE 2
The above and foregoing Resolution was, on motion duly made and seconded, adopted
by the following vote on the 10th day of August, A.D., 2016.
BOARD OF COUNTY COMMISSIONERS
WELD COUNTY, COLORADO
ATTEST: datiL) ,4i
Weld County Clerk to the Board
County Attorney
Date of signature: ?S1 Q4 / 16)
Mike Freeman, Chair
2016-2542
IT0005
BOARD OF COUNTY COMMISSIONERS
PASS -AROUND REVIEW/ WORK SESSION REQUEST
RE: Pcu_uguu Audit udit t 'onsulting, Inc. IT General Control Audit
DEPARTMENT: Information 'technology.
PERSON REQUESTING: Ryan Rose
DATE: July 20.2016
Brief description of the problem/issue:
Annually IT performs reviews of our technology systems. In 2015 we performed an external penetration test to
review the accessibility, stability and security of our outward facing systems. We are requesting to perform an
internal audit in 2016. We anticipate alternating internal and external reviews every other year. This gives us the
ability to continue with our constant improvement approach and ensure our existing technologies and policies are
protecting the county data and systems appropriately.
The scope of this engagement is limited to Paragon providing an IT General Controls Audit.
The current estimate for hours required for this project is 70 hours.
This engagement will include:
Ensuring applications and their supporting databases and operating systems are properly configured
to provision access based on the individual's demonstrated need to view, add, change or delete data.
Ensuring controls provide effective and efficient data storage, retention and archiving to meet business
objectives, the organization's security policy, and regulatory requirements.
Ensuring only authorized and tested changes are migrated into the production environment.
Reviewing current IT policies
Performing a limited review of network security controls
What options exist for the Board? (Include consequences, impacts, costs, etc. of options)
Approve the engagement and proceed with internal audit.
Recommendation:
It is recommended that the 13OCC approve the Master Services Agreement and Statement of Work 41 for an IT
General Controls Audit.
Approve
Recommendation
Mike Freeman, Chair
Barbara Kirkmeyer
Sean P. Conway
Julie Cozad
Steve Moreno
Schedule
Work Session
Other/Comments:
(4-'4'd '- _bre ref
wCZ
2016-2542
‘GON
5/16/2016
oSmith Stevie St , Stitt. Ili
t3emet, Cli MOS2{W 2808
www parayonaudit corn
MASTER SERVICES AGREEMENT
Department of Information Technology, Weld County Government
and Paragon Audit & Consulting, Inc.
Department of Information Technology,
Weld County Government
Jessica Raymond
IT Security Manager
1401 17th Avenue
Greeley, CO 80631
Dear Ms. Raymond,
Paragon Audit & Consulting, Inc. ("Paragon" or "Company") is pleased that Department of Information
Technology, Weld County Government ("Client") hereby engages our firm to provide Client with
professional services as described in this Agreement. This Master Services Agreement ("MSA"), when
properly executed, constitutes an agreement between Paragon and Client (together with any
Statement(s) of Work (as defined below) entered into hereunder, the "Agreement"). It is designed to
provide the general terms and conditions of the working relationship between Client and Paragon. Any
Affiliate of Client may enter into one or more Statements of Work under this Agreement, and/or make
use of services provided pursuant to a Statement of Work entered into under this Agreement. For
purposes of this Agreement, "Affiliate" shall mean a person or entity directly or indirectly controlling,
controlled by or under common control with another person or entity.
SCOPE AND OBJECTIVES
The specific scope and fees for Paragon's work for each project will be outlined in a duly -executed
Statement of Work signed by both parties and referencing this MSA, each of which will be an addendum
to this Agreement. Each Statement of Work will be indexed as 1, 2, 3, etc. and each Statement of Work
is subject to the terms of this Agreement unless otherwise specified in the Statement of Work. The Client
agrees to provide written approval of each Statement of Work prior to Paragon beginning work. Delays
in approval could result in project delays.
TERM AND TERMINATION
DB04/1001376000I/9282788I DOC
PARAGON
II South Stc'r'It• Si , Suitt' 325
[)cmcr, t,t) 41!2O9 2808
www paragonaudit corn
This Agreement will be effective upon the date of the last signature to this Agreement and shall remain
in effect until this Agreement is terminated in writing or a new Master Services Agreement is signed by
both parties and specifically indicates that it supersedes this Agreement. For purposes of this
Agreement, the word "Term" shall mean the period of time that commences on the date that the first
Statement of Work is signed by both Client and Paragon through the termination of this Agreement.
In the event of breach of this Agreement by either Client or Paragon, subject to the non -breaching party
providing the breaching party written notice describing the alleged breach, the non -breaching party may
terminate this Agreement following notice of such breach to the breaching party and failure of the
breaching party to cure such default within ten (10) business days of any such written notice (or such
longer period as may be mutually agreed to by Paragon and the Client).
Notwithstanding anything to the contrary in this Agreement, unless agreed to by both parties,
termination of this Agreement by either Paragon or Client will not terminate professional services that
are being provided by Paragon pursuant to an existing Statement(s) of Work under which Paragon has
already commenced work; in such circumstances, Paragon shall complete the Statement(s) of Work and
this Agreement will continue to apply to Paragon and Client regarding such Statement(s) of Work.
Paragon may be using certain of its proprietary technology in the performance of services under this
Agreement. Paragon will retain all of its ownership rights in that technology, including technology that
it develops without input from Client especially to perform work for Client. Upon payment of all of
Paragon's fees, Client will own the work product that Paragon produces for you, including the right to
use that work product for your business purposes.
This is a services agreement, not an agreement for the sale of goods. Paragon agrees to perform its
services timely and in good faith and in a commercially reasonable manner. Paragon makes no other
warranties of any sort including any warranty of merchantability or fitness for a particular purpose.
Paragon shall not be liable for its failure to perform any of its obligations under this Agreement or any
Statement of Work during any period in which such performance is delayed by fire, flood, war, embargo,
strike, riot, shortages or inability to obtain materials or equipment, energy shortage, failure of public
utilities, telecommunications or Internet service providers or common carriers, or the intervention of
any government authority.
INSURANCE
Paragon represents and warrants that it presently has, and shall at all times during the term of this
Agreement, at its sole cost and expense continue to maintain, liability insurance to protect it from
claims for bodily injury, including accidental death, to any person, including employees of Paragon and
2
DRQ4iIJ(3I37MO; 9282'88.,. DI k_
\GON
the Client; and from claims for property damage, which may occur in connection with the performance
of this Agreement. Such insurance shall be in an amount of not less than $1,000,000 combined bodily
injury and property damage for each occurrence. Paragon shall maintain statutory workers'
compensation for all of its employees performing services. In addition, Paragon shall maintain
automobile liability insurance during the term of this Agreement for its employees traveling to and from
the Client's facilities. All such liability insurance maintained by Paragon shall include the condition that
it is primary and that such insurance maintained by the Client or any of its subsidiaries, or any other
additional insured is excess and non-contributory. Certificates of Insurance evidencing the above
insurance coverage shall be furnished to the Client prior to the commencement of the services
contemplated hereunder, if requested, and shall include clauses naming the Client as a certificate holder
with respect to the general liability insurance and obligating insurer to use good faith efforts to notify
the Client at least thirty (30) days prior to any material change or cancellation of the insurance.
COMPLIANCE
In the performance of the services hereunder, Paragon and its personnel shall at all times abide by the
rules of the Client (while on the Client's property) that the Client submits to Paragon in writing or that
is posted in any of the Client's facilities in which Paragon may be doing work, and furthermore shall
conduct themselves in an ethical and professional manner and shall comply with all federal, state and
local laws, statutes, rules, standards, code of ethics, regulations and orders applicable to the services to
be provided by Paragon under this Agreement, including but not limited to adhering to the rules,
standards, and code of ethics of the governing bodies or governmental regulations, including but not
limited to the Sarbanes-Oxley Act of 2002, Public Committee on Accounting Oversight Board (PCAOB),
American Institute of Certified Public Accountants (AICPA), and the Institute of Internal Auditors (IIA)
where applicable.
LIMITATIONS
Generally accepted auditing standards require us to obtain a reasonable rather than absolute assurance
about whether the internal controls are free from deficiencies and material weaknesses caused by error
or fraud. Accordingly, a control weakness may remain undetected. An audit is not designed to detect
error or fraud. However, if during the course of our work, we become aware of such errors, fraud, or
illegal acts, we will bring them to the attention of management.
Although Paragon strives for one hundred (100%) percent accuracy in all our work, we cannot promise
perfection. We do promise to perform our services professionally, carefully and in a commercially
reasonable manner.
3
ui304i 10 , 376 Ou;,1/92a27 a ; )OK:
PA RAGON
O N
Paragon shall not be responsible for any error or mistake in its work product, or any failure in the
performance of services, that is caused by Client's failure to deliver accurate, complete, and timely client
information to Paragon.
INVOICES; PAYMENTS; OUT-OF-POCKET EXPENSES; EXTENSION OF SERVICES
The fees for our professional services will be set forth in each Statement of Work. If there is no specific
Statement of Work signed and executed for a given project, but email communication occurs between
C -level executive, VP or Director of Internal Audit, or Controller of the Client — and the VP of Business
Development or President of Paragon, which email communication confirms approval of the work to be
performed and the rate at which the work will be performed, both parties agree by way of this Agreement
that said work is approved. At Paragon's request, Client shall confirm such email correspondence with
a duly -executed Statement Work describing such additional services. The services performed in an
executed Statement of Work may also be extended or increased by way of email correspondence between
the Controller or other C -level executive of the Client - and the VP of Business Development or President
of Paragon. If such email communication confirms approval of the work to be performed and the rate at
which the work will be performed, both parties agree by way of this Agreement that said work is
approved.
In addition to payment for professional services, Client is required to reimburse Paragon for all
reasonable and documented out-of-pocket costs incurred in connection with such services. If travel is
necessary, travel time, portal to portal, will be billed at 50% of applicable hourly rate. Paragon will charge
for mileage, at the IRS standard mileage rate. Professional services, as well as reasonable and
documented out-of-pocket travel and related expenses, incurred during the Term will be billed semi-
monthly throughout the year and are payable within thirty (30) days of the date of invoice. Except for
current fees and costs invoiced on or after December 15 in any calendar year (which shall be payable not
later than January 15 of the following calendar year), all outstanding fees from work performed in a prior
year must be paid in full before Paragon will begin work in the following calendar year.
Unless otherwise specified in a Statement of Work, all invoices shall be sent to:
Jessica Raymond, Department of Information Technology, Weld County Government 1401 N. 17th
Avenue Greeley, CO 80631 Email: jraymond@co.weld.co.us.
Any amounts not paid within thirty (30) days of the date of invoice (not including any disputed amounts
withheld by the Client pursuant to the following paragraph) shall be deemed past due and accrue interest
at the rate of 12% per annum.
Paragon shall be entitled to recover all costs, fees and expenses, including reasonable attorney's fees,
incurred in any actions to collect any amounts due from Client under this Agreement.
4
)4, Weil i7( (10)".;4:8'2''48 Q(IC
RAGON
I) „ SiUti' ;2;
1)E'n cr. CU ?i(12t W „'titli't
www par,3gonnaud+t corn
In the event of a good faith dispute with regard to an item appearing on an invoice, the Client will pay
the portion of the invoice not in dispute and may withhold the disputed amount while Paragon and the
Client attempt to resolve the dispute. Prior to the payment due date, however, the client shall notify
Paragon in writing of the amount disputed, specifying in detail the basis for disputing such amount.
TIMING
Paragon's services will commence after it receives a duly -executed Statement of Work from you, or by
way of email confirmation (as outlined above) upon a date and time agreed to by the Client and Paragon
in such email.
Paragon may request that the Client produce specific information, such as data and records prior to the
beginning of reviews. These records shall remain the Client property and shall be promptly returned to
the Client at the completion of the reviews. Client shall cooperate with all document and other
information requests of Paragon in order to timely complete the Project.
DOCUMENTATION
The work paper records and files are the property of the Client, and it is understood that we will retain
the work paper documentation for up to two (2) years. Prior year work papers may be used for planning
purposes. The client may access work papers at any time. After that time, the records will be returned to
the Client to be maintained under Client's retention policy. Paragon shall take commercially reasonable
measures to ensure that the records are maintained in a safe, secure location, but will not be held
responsible for catastrophic events or ordinary physical deterioration that may result in the records
being unavailable before the expiration of the two (2) year retention period.
Paragon will allow access to the records by the Client's external auditors (if Client gives Paragon
permission to do so) and the Client's management during the reporting year, and Paragon's staff will
also be available to the Client's external auditors for answering questions regarding the work performed.
NON -DISCLOSURE OF CONFIDENTIAL OR PROPRIETARY INFORMATION
With the exception of Colorado Open Records Acts requests, the Client agrees not to share Paragon's pricing
/ rate structure, methodology, or audit approach with third parties. Client shall not discuss Paragon's
pricing information (including hourly rates) with Paragon's employees or contractors (this excludes
discussions with Paragon's Business Development team, Practice Director, or President).
5
Df304/ I o01 ;76 000 119282788 1 DOC
1 RAG O N
11 tit'it' tiUllr
Vsw,v 1,ir�yun,Ic 1 ( Corn
Client's "Confidential Information" means non-public information in whatever form disclosed by the
Client, including without limitation, the existence of this Agreement and the nature of the services, work
paper records and files, customer information, business, financial and technical records, technical
information, software, materials, information and data, or which although not directly related to the
relationship between the Client and Paragon is nevertheless disclosed as a result of or in connection with
the parties' discussions and objectives. Paragon shall use the Confidential Information only for the
purposes as stated herein, and shall use commercially reasonable efforts to protect such Confidential
Information from disclosure to third parties. Confidential Information shall not be copied, in whole
or in part, except as necessary for performance or services as authorized hereunder, as evidenced by
Paragon's written business records.
The confidentiality and non -disclosure obligations of the previous paragraph shall not apply if, and to the
extent that: (a) the Confidential Information was known to Paragon prior to its receipt from the Client; as
evidenced by Paragon's written records; (b) Confidential Information is or becomes part of the public
domain other than by the breach of this obligation of confidentiality under this Agreement; (c) such
Confidential Information is independently developed by Paragon without access to Confidential
Information or (d) Paragon was in receipt of such Confidential information from a third party without
knowledge that such Confidential Information was the subject of a confidentiality agreement.
If disclosure of Confidential Information is required by a judicial order or decree of governmental law or
regulation, if legally permissible, Paragon shall promptly notify the Client in writing of such requirement
prior to any such disclosure and provide the Client reasonable opportunity to file for or obtain a
protective order or otherwise proceed for protection under applicable law. If such protective order or
other remedy is not obtained, Paragon may furnish that portion of the Confidential Information which,
in the written opinion of Paragon's counsel, Paragon is legally compelled to disclose; provided, however,
that Paragon shall use its commercially reasonable efforts to obtain reliable assurance that confidential
treatment will be accorded the Confidential Information so disclosed.
HIRING EXCLUSION
Weld County Shall comply with Colorado Revised Statute 8-2-113.
Except where Paragon and Client have otherwise agreed in writing or upon the payment of a conversion
fee (if Paragon expressly provides this as an option in any applicable Statement of Work), from and after
the date of this Agreement, during the Term and for a period of twelve (12) months following the Term,
without Paragon's written consent, Client shall not hire on a contract or regular basis, offer to hire or
otherwise use the services, directly or indirectly, of any full-time or part-time employee of Paragon, any
independent contractor engaged by Paragon, any person who is proposed to Client by Company, or any
person who at any time provided services through or on behalf of Company. To the extent Client violates
6
PA RAGoN
) Stolid! SI*', I, , . Surly ;•! 1
MO lq 281)8
WVYW Pal Agen.rilil:. c O!n
this provision of this Agreement, in addition to all other remedies afforded to Paragon under applicable
law, Paragon will be entitled to liquidated damages in the amount of 30% of such employee's guaranteed
compensation (not including retirement contributions, stock grants, or other benefit payments) paid by
Client to employee in the first year of hire by Client or 30% of the aggregate fees paid to any independent
contractor by Client in the first year of engagement by Client. If Paragon personnel becomes both an
employee and independent contractor to Client within the first year, the liquidated damages due will be
equal to the sum of the amounts stated above (30% of aggregate fees paid to independent contractor and
30% of guaranteed compensation to employee, pro -rated for the amount of time the Paragon personnel
is an employee of Client within the first year). The parties agree that the amount of liquidated damages
set forth herein shall be in the nature of a "finder's fee" payable to Paragon by Client and not as a penalty.
Payment for liquidated damages will be due within two weeks of the Paragon personnel's first day of
work for Client (if hired as an employee of Client), or within two weeks of each payment Client makes to
independent contractor.
STAFF AUGMENTATION AND STAFFING / PLACEMENT SERVICES:
This section applies to staff augmentation and staffing services only.
Option to Hire: Paragon Personnel assigned to Client through staff augmentation or placement services
may, at the sole option of Paragon, be eligible for hire by and become an employee of Client. If such
option is available, it will be explicitly stated in the applicable Statement of Work. In such case, the
Hiring Exclusion outlined above will not apply. If Client hires Company Personnel for itself pursuant
to this Section, Client shall pay Company a conversion fee as set forth below. The option to hire is
typically only applicable for permanent or contract Placement Services that Paragon provides for
Client, not consulting projects, audit projects or staff augmentation projects.
Direct -Hire Placement: Unless otherwise stated in an applicable Statement of Work, the placement fee
for direct hire employee placement services due to Paragon will be equal to 25% of the
placed employee's annual guaranteed compensation. Such fee will be invoiced to Client upon date of
candidate acceptance of position and will be due to Paragon within two weeks of candidate's first day
of work at Client.
Direct -Hire Placement Guarantee: If Client hires Paragon candidates or Personnel, and if such Paragon
candidate or Personnel voluntarily or involuntarily leaves Client for any reason at any time within
ninety (90) calendar days of such Paragon Personnel's first day of employment by Client, Paragon will
make its best effort to provide a replacement ("Replacement Personnel") acceptable to Client at no
additional charge. For purposes of the Conversion Fee calculation below applicable to such
Replacement Personnel, the "Number of Hours Billed" shall be applied to such Replacement
Personnel.
7
DF3U4/1 .;I 37, ) (),,9282788 I 1R)C
PARAGON
South Stt't•Ic St , Sum, i2;
Ilrtttvt, Ct> Kli_'tl4 241)8
www par aganaudir corn
Under Direction of Client: Unless otherwise set forth in an applicable Statement of Work, for staff
augmentation, contract placement, contract -to -hire placement, or direct -hire placement services,
Paragon is not liable for project deliverables or outcomes. It is assumed that assigned personnel have
been interviewed and selected by Client, and will work under the management and direction of the
Client, not under Paragon's direction; therefore, Paragon is not responsible for assigned personnel's
performance and work -product. If Client requests that Paragon manage and direct staff augmentation,
contract, or contract -to -hire personnel, a separate hourly rate or fee will be applied for Paragon
Manager, Director, and/or President time.
Competing Claims of Referral: In the event that there are competing claims of referral of a candidate
by two or more agencies against a particular job order, the determining factor for which agency, if any,
receives a fee will be the date of first receipt of that candidate's resume, bio, or experience summary by
Client.
Conversion Fee: Unless otherwise agreed to by the Parties in applicable Statement of Work, if Client
hires Company Personnel as employee, Client shall pay Company a conversion fee as set forth in the
table below. Such conversion fee will be due within two weeks of the employee's first day of work for
Client as employee of Client.
Conversion Fee Schedule
Number of Hours Billed
Fee
0-160 hours billed
25% of annual guaranteed compensation
1 f,(-;(44 hour, killed
20% of annual guaranteed compensation
400-699 hours billed
15% of annual guaranteed compensation
700-899 hours billed
10% of annual guaranteed compensation
900-999 hours billed
5% of annual guaranteed compensation
1,000 and beyond hours billed
No charge
The conversion fee is the percentage of the annual guaranteed compensation Client plans to pay
employee at time of offer; such annual guaranteed compensation is exclusive of other forms of
compensation, including but not limited to benefits, incentives, or bonuses based on performance. This
option is available only if agreed to in writing by Paragon President or VP of Business Development, or
if stated in an applicable Statement of Work.
8
DBir4'loll 37f);Kim 9282 48 I r)ul
RAGON
GOVERNING LAW AND VENUE
')UU Yt-t.lr tit , i!
., pull
This Agreement, and the application or interpretation hereof, shall be governed exclusively by the
internal laws of the State of Colorado, without respect to principles of conflicts of law.
FUND AVAILABILITY
Financial obligations of the County payable after the current fiscal year are contingent upon funds for
that purpose being appropriated, budgeted and otherwise made available. Execution of this Agreement
by County does not create an obligation on the part of County to expend funds not otherwise
appropriated in each succeeding year.
GOVERNMENTAL IMMUNITY
No term or condition of this contract shall be construed or interpreted as a waiver, express or implied,
of any of the immunities, rights, benefits, protections or other provisions, of the Colorado
Governmental Immunity Act §§24-10-101 et seq., as applicable now or hereafter amended.
ENTIRE AGREEMENT
This Agreement constitutes the entire agreement of the parties with respect to the subject matter hereof.
Any and all prior agreements, whether written or oral are superseded hereby and are deemed null and
void and of no effect. Except for a Statement of Work, whether entered into concurrently with this
Agreement or thereafter, which is incorporated herein by reference, the parties are not bound by any
agreements, understandings, conditions or inducements otherwise than are as expressly referenced, set
forth, or contemplated hereunder. No change, alteration, amendment, modification or waiver of any of
the terms or provisions hereof shall be valid unless the same shall be in writing and signed by an
authorized representative of the parties hereto.
NOTICES
For purposes of this Agreement, other than Invoices, which shall be sent as directed above or in a
Statement of Work, all notices, demands or other communications to Client shall be directed to Jessica
Raymond, Department of Information Technology, Weld County Government 1401 N. 17th Avenue
Greeley, CO 80631. All notices, demands or other communications to Paragon shall be directed to Keith
Galante, President, Paragon Audit & Consulting, Inc., 50 South Steele St., Suite 325, Denver, Colorado
80209, facsimile (815) 377-1320, electronic mail Kith,galipte@paugortaudit.corll; or such other
9
i)R04/1001 376 000v92N278S I Doc
PARAGON
(I tiun h ti1t.clr' Sr , tiurtl -O;
M11„{i') 2M )4
v`/'tiW par Jgof w iit corn
address as either party may notify the other party in writing pursuant to this Agreement. All notices
required or permitted under this paragraph shall be in writing and shall be deemed effectively given: (i)
on the same day upon personal delivery to the party to be notified; (ii) on the same day when sent by
facsimile if sent during normal business hours of the recipient and evidenced by confirmation of
successful transmission, if not, then on the next business day; (iii) on the same day when sent by
electronic mail if sent during normal business hours of the recipient and evidenced by an electronic
delivery receipt, if not, then on the next business day; (iv) three (3) business days after having been sent
by registered or certified mail, return receipt requested, postage prepaid; or (v) one day after deposit
with a nationally recognized overnight courier, prepaid and specifying next day delivery, with written
verification of receipt.
INDEPENDENT CONTRACTOR
Paragon's relationship with the Client is that of an independent contractor and not that of partner, joint
venturer, agent or employee. Paragon shall not hold itself out to any party as representing the Client in
any agency relationship, unless specifically authorized in writing by the Client.
MISCELLANEOUS
If any provision of this Agreement is found to be illegal or unenforceable, such provision will be severed
or modified to the extent necessary to make it enforceable, and as so severed or modified, the remainder
of this Agreement shall remain in full force and effect. Further, the failure of either party to enforce any
right resulting from breach of any provision of this Agreement by the other party shall not be deemed a
waiver of any right relating to a subsequent breach of such provision or of any right hereunder. All
pronouns contained herein, and any variations thereof, shall be deemed to refer to the masculine,
feminine or neutral, singular or plural, as the identity of the parties hereto may require. Each person
executing this Agreement warrants that he or she is the duly authorized representative of the party for
which he or she acts and is fully and legally empowered to execute and deliver this Ag eement. This
Agreement may not be assigned by either party without the prior written consent of the other party
which shall not be unreasonably withheld or unduly delayed. Subject to the foregoing, this Agreement
shall inure to the benefit of and be binding upon the parties and their respective permitted successors
and assigns. Each party acknowledges and agrees that this Agreement shall not be deemed prepared or
drafted by any one party. In the event of any dispute between the parties concerning this Agreement,
the parties agree that any rule of construction, to the effect that any ambiguity in the language of this
Agreement is to be resolved against the drafting party, shall not apply. The section and other headings
contained in this Agreement are for reference purposes only and shall not affect in any manner the
meaning or interpretation of this Agreement. This Agreement may be executed in counterparts, each of
which shall be an original, and all of which together shall constitute the Agreement; and signature by
electronic means, including, but not limited to, facsimile copy, is as effective as an original signature.
10
I0i11 S', •JU(11/9282748 I D(;:
A RAGON
APPROVAL
+�1 Snuth Steep' St., Suttee i2S
Denver, CO 80209 280$
wwwparagonaudit corn
The natural persons signing this Agreement on behalf of Paragon and Client, respectively, certify that
such person has all necessary authority to grant and execute this Agreement on behalf of such entity.
If the foregoing terms meet with your approval, please sign below and return this Agreement to us by
email. We look forward to the opportunity to provide you with our professional services.
Sincerely,
Paragon Audit and Consulting, Inc.
By: Ke-i 7!! !2'A t''
Name: Keith Galante
Title:
President
Date
June 29, 2016
WELD COUNTY: r�
ATTEST: (C�� /y�f �i:
Weld o t Clerk to the Beard
BY:
BOARD OF COUNTY COMMISSIONERS
WELD COUNTY, COLORADO
Deputy CI Mike Freeman, Chair
tAt
A
II
UF1114rIuu! i76uuUI;92R27RR I J()C
AUG 102016
ANC E:
f'ticial or C)epartment Head
O2O!6
}'ARAGON
�r! 5rrtil It tituoi., tit , Stine i!
L1(Iltet, (.(t MI)_ &
www pJragUn,tudit corn
STATEMENT OF WORK #1
Weld County Government — and Paragon Audit & Consulting, Inc.
IT General Controls Audit
This Statement of Work is an addendum to the Master Services Agreement entered into between Paragon
Audit
& Consulting, Inc. ("Paragon") and Weld County Government (or "Client"), on
/ti 020 /(o . Refer to the Master Services Agreement for standard terms and conditions.
In the dent of a conflict between the terms and conditions of the Master Services Agreement and this
Statement of Work, the terms and conditions of this Statement of Work shall control.
Confidentiality:
The information contained in this proposed Statement of Work, and any Appendices, including the proposed
hourly rates, approach, and time estimates, is confidential and not to be shared with parties other than Client
management and Board. Rates and costs shall only be discussed with VP of Business Development, President
or Directors of Paragon.
SCOPE & OBJECTIVES
The scope of this engagement is limited to Paragon providing IT General Controls Audit. The current estimate
for hours required for this project is 70 hours.
This engagement will include:
• Ensuring applications and their supporting databases and operating systems are properly configured to
provision access based on the individual's demonstrated need to view, add, change or delete data.
• Ensuring controls provide effective and efficient data storage, retention and archiving to meet business
objectives, the organization's security policy, and regulatory requirements.
• Ensuring only authorized and tested changes are migrated into the production environment.
• Reviewing current IT policies
• Performing a limited review of network security controls
Network design
Firewalls
Physical security
I
AGON
O N
s t •f t A c
r-11 Sun h , lutfo
�w'lltE'f. t t H(I ,f1'1 .MOS
W'w',' par.hhyo"aurl rom
Additional Services:
If necessary, Client can request increases to the size, scope and hours granted to Paragon to perform the
services stated above, or can request other services from Paragon. These services can be agreed to by way
of an email confirmation between Client's IT Security Manager, CIO or other VP level executive — and
Paragon's VP of Business Development or President.
General Terms:
1. Work will be performed under the guidance of Client's IT Security Manager.
2. Testing is expected to begin on or before June 1, 2016, and completed on or before July 15, 2016. If
Client -driven delays occur which change this timeline, different personnel and/or rates may apply.
3. While Client benefits from having full access to the Paragon team's expertise and resources if needed,
the hourly rates assume no Paragon President/CAE assistance will be required. If Client requests
additional assistance from Paragon President/CAE, the applicable rate will be $165 per hour.
4. In order for Paragon to meet the above deadlines, in a timely manner, Client will:
a. Provide senior management employee(s) who will make all management decisions with
respect to the engagement.
b. Make management and staff available to answer questions and provide evidence in a timely
manner.
c. Provide all requested documents.
d. Provide access to critical applications as required.
e. Make available adequate workspace and connectivity for the project team, preferably to
include a dedicated room/area, for the duration of fieldwork.
f. Provide Paragon with directions and instructions relating to any laws or regulations an_ p_ lirahIe
to the protection of data stored.
5. Although no travel outside of the Denver metropolitan area is currently anticipated, reasonable pre -
approved out-of-pocket expenses associated with the completion of the engagement will be billed at
the actual amounts incurred. Unless instructed otherwise by Client, assigned personnel will follow
the Paragon travel policy. Travel and driving time, and mileage will be billed in accordance with the
Master Services Agreement.
6. Paragon may assign different and or additional resources to assist in completing the engagement.
7. Management will provide all requested data within the agreed -upon timeframes. Failure to provide
the data in a timely manner may result in additional charges and or staffing changes.
�I'ARAGON
'7. S<„utfh stet'le S�., Sinte
Oen%et, CO M0'20t0 2$.)28
www paragonaud+t.com
Professional Fees and Hours:
The blended hourly rate for all services provided by Paragon under this Schedule is: $125.00 per hour for all
IT Audit Directors (25+ years of experience), IT Audit Managers (15+ years of experience) and Professionals
that work on this engagement. The total number of hours projected by Client for this engagement is 70, for
a total Client investment of $8,750.00. Under this engagement, Paragon will be compensated for no less
than 35 hours' worth of work (or $4,375.00). If Paragon should need more than 70 hours to perform work
requested by Client, Paragon will communicate this with Client and receive approval by way of email
agreement between Client and Paragon VP Business Development or President.
Invoicing:
Since Paragon will be reserving the time of its professionals for this engagement, 50% of the estimated
investment will be invoiced upon execution of this agreement, and due within 30 days of receipt of invoice.
The remainder of the fees will be invoiced in accordance with the Master Services Agreement.
Staffing:
The assigned team members will be:
• Rick Lucy, Paragon Director, Engagement Director
• Kevin Sear, Paragon Director, Lead Engagement Director
• Nathan McKenzie, IT Subject Matter Expert
• Other Professionals and Staff: TBD
All individuals assigned to this engagement will have the necessary controls, technical, systems, and
interpersonal skills to perform this engagement in an efficient and timely manner.
Signature page follows
PA RAGON
()South title stvi-iu St . Surtv 12;
tren it (t) 1'0 Ig '81)8
www paragordJrt4 corn
SIGNATURES:
Statement of Work is agreed to as proposed as of this / day of
CONTRACTOR:
Paragon Audit and Consulting, Inc.
By: l�eur-i� ga A.ftte-
Name: Keith Galante
Title:
President
Date June 29, 2016
2016.
WELD COUNTY:
ATTEST:
Weld Cou
BY:
BOARD OF COUNTY COMMISSIONERS
y Clerk to the Board WELD COUNTY, COLORADO
Deputy Cler to the Boa , IL j,��� Mike Freeman, Chair
AUG 1 0 2016
PROVED AS TO s ► E
icial or Department Head
c7&2/( -
0q64,2,
Hello