380 likes | 540 Views
pwc. Proposal to Assist Valero Energy Corporation with Sarbanes-Oxley Section 404 Compliance. Table of Contents. TAB I II. Presentation: Tools - PwC Internal Control Workbench - PwC Global Best Practices Database Approach Proposal. 1. PwC Internal Control Workbench.
E N D
pwc Proposal to Assist Valero Energy Corporation with Sarbanes-Oxley Section 404 Compliance
Table of Contents TAB I II Presentation: • Tools - PwC Internal Control Workbench - PwC Global Best Practices Database • Approach Proposal 1
Internal Control Workbench The Workbench is a technology enabler designed to facilitate consistent documentation and assessment of internal controls for clients. • Facilitates the mapping of your system of internal control to the COSO framework. • Supports management’s ongoing certification and reporting responsibilities. • The Workbench is web enabled. • The Workbench is populated with the COSO framework. • The Workbench serves as a central repository. • The Workbench enables allocation and division of responsibilities as well as accountability for internal controls. • The Workbench can be tailored to client specific, unique business processes, control objectives, risks, and control activities. • The Workbench can be configured to accommodate changes to the proposed internal control framework. • The Workbench can be used to document tests of controls, capture issues related to control activities and risks, and develop action plans to address those issues. • The Workbench has a number of useful views to allow a client to see their documented controls. • Initially, the Workbench will be hosted by PwC. In about 2 months, a SQL version will be released to allow hosting at client sites or by a 3rd party service provider. 2
Hierarchy COSO Structure Internal Control Workbench Structure COSO Component Control Activity Cycle Revenue and Receivables Transaction The PROCESS Transaction Order Processing Control Objectives Control Objective Process Only Valid Orders Risks Issues Risk Orders may not be authorized Control Activities Action Plans Control Activities Your unique control activities Testing 3
Transaction Control Objectives Documents: Transaction Risks Issues Control Activities Action Plans Testing 5
Transaction Control Objectives Documents: Control Objective Risks Issues Control Activities Action Plans Testing 6
Transaction Control Objectives Documents: Risk Risks Issues Control Activities Action Plans Testing 7
Transaction Control Objectives Documents: Control Activity Risks Issues Control Activities Action Plans Testing 8
Transaction Control Objectives Documents: Issue Risks Issues Control Activities Action Plans Testing 9
Transaction Control Objectives Documents: Action Plan Risks Issues Control Activities Action Plans Testing 10
Transaction Control Objectives Documents: Testing Risks Issues Control Activities Action Plans Testing 11
All Documents – List of Views All documents menu selection allows multiple views/sorts of created documents. 12
Reports and Additional Views The Reports menu allows access to basic ad-hoc reporting functionality. Selected document information can be formatted for output/export to Excel, XML, or Word. Ability to select the desired document type for reporting. Additional views for the Gap Analysis, Issues and Action Plans Every field from the selected document type can be selected and ordered for output. 13
Introduction of Panel Members Administrative Functions
ICW Setup and Administration: Create a Site Sites are created to match the organization structure of the client. Internal controls can then be documented and assessed by site where they occur. 15
Functions: Duplicate – Site Duplication Function An existing location can be selected as the source of information. The document hierarchy for the selected source will be duplicated in the target to enable quick creation of similar locations. This function can also be used to copy from the COSO Master Content into a New Site. The Duplicate menu is selected to duplicate the tree structure from selected locations to a new target location. 16
ICW Setup and Administration: Create a User Users may be created as necessary for each client by the Administrator. User information is obtained to create unique userid and password. Access levels can be assigned at a user level. 17
ICW Setup and Administration: Create a Job Title Job titles/roles can be defined for each client that match the employee organization structure. 18
ICW Setup and Administration: Assign Users to Sites Through Job Titles Users can be assigned to more than one site based on job title/role. Control activities at each site can then be assigned to the users for accountability. 19
ICW Setup and Administration: Create a Functional Group Functional Groups of similar users can also be created and assigned to sites. 20
ICW Setup and Administration: Edit Configuration This screen allows modifications to the common static text values and keyword field definitions available in the various documents. The configuration for each client could be modified to reflect client and engagement team terminology. 21
Inbound Activities Operations Outbound Activities Marketing and Sales Service Human Resources Technology Development Procurement Manage the Enterprise Manage External Relations Provide Administrative Services Manage Information Technology Manage Risks (of accident or other insurable loss) Manage Legal Affairs Plan Process Accounts Payable Process Accounts Receivable Process Funds Process Fixed Assets Analyze and Reconcile Process Benefits and Retiree Information Process Payroll Process Tax Compliance Process Product Costs Provide Financial and Management Reporting COSO – Business Activities From Generic Business Model 22
Introduction of Panel Members PwC Global Best Practices
PwC Global Best Practices Database Global Best Practices • Dissects best practices into 13 business process categories and 163 sub-categories • Operating processes represent composite of all activities related to acquiring and serving customers • Management processes include all other functions 23
A Word About COSO No firm understands the COSO framework as well as PricewaterhouseCoopers. • 10 years ago our risk and control practice authored the report for COSO– a consortium of leading organizations dedicated to improving the quality of financial reporting • Recently COSO awarded PricewaterhouseCoopers a second engagement to develop an enterprise-wide risk management framework • We expect that the project will be completed and the formal report published in June 2003. 24
Roles and Responsibilities Valero Energy Corporation (Valero)-Disclosure Committee Steering Committee External Auditor E&Y Operations Legal Finance Information Technology Core Project Team Operations Legal Finance Information Technology Other Resources Valero’s Resources:PwC Subject Matter Specialists: • Finance Managers • Operations Management • Information Technology • Internal Audit • SEC Attorney • Tax • HR • Industry Specialists • Internal Controls • Process Specialists • Information Technology • Taxation Specialists • Others as needed Limited to client use only Pwc 25
Our Approach 31 Five key stages of proven structured approach: Pwc 26 Limited to client use only
Key Decisions • Evaluation framework – COSO • Identify Key Financial Processes (KFPs) • KFP impact • KFP targeted maturity • Level and form of KFP documentation: • Process maps and/or detailed procedures memos • Summary memos • Extract of internal and external audit work • Bullet point summaries • Locations and processes to be documented and mapped to COSO • Tool for mapping to COSO • Testing scopes • Control gaps to be remediated prior to certification • Overall certification recommendation to Disclosure Committee 27
Stage 1 Timeline & Resources Limited to client use only Pwc 28
Stage 1- Deliverables • Phase 1 – Mobilize Project • Roles and responsibilities for Core Project Team • COSO Training Materials for Core Team • Mission Statement (project definitions) • Selection of project management tool • Summaries of areas requiring clarification • Identification of other Valero specialists and liaisons needed • Preliminary schedule of resource requirements for inventory of financial processes • Project Calendar through Stage 3 • Selected Pilots • Identification of personnel to perform pilots • Phase 3 – Sizing the Work • Matrix of financial processes • Valero’s terminology and business framework mapped to COSO • Proposed business process taxonomy/business model • Standardized vocabulary for KFP’s • Key findings, observations on each pilot • Phase 5 – Develop Resource – Loaded Work Plan • Final business process taxonomy/business model • Resource-loaded detailed work plan for Stage 2 • Man day requirements for Valero personnel (and contractors if used) • Key milestones for each KFP and/or business unit • Tool/mechanism to track issues and proposed remediation plans (issues management) • Phase 4 – Evaluate and Select Technology Enabling Tool • Tool requirements and selection criteria • Summary evaluation of available tools • Possible options if no go assessment made on available tools • Fully loaded estimate of tool costs (e.g., software, hardware, infrastructure) • Executed license arrangement (if external) • Phase 6 – Stage 2 Start-up • Stage 2 training materials • User guides for tools to be used in Stage 2 • Phase 2 – Engage Key Stakeholders • Presentation to the Steering Committee • Communications infrastructure • Communication package(s) • Calendar of set status meetings • Summary of observations/issues raised by key stakeholders Pwc 29 Limited to client use only
Fees • We sincerely want to serve Valero in the Sarbanes-Oxley Section 404 (S-O 404) compliance project • Since the scope of the project and our role has not been completely defined, we are unable to make a fee estimate • We will bill US personnel at the following hourly rates: Partner $460 Senior Manager $357 Manager $303 Senior Associate $226 Associate $150 • Individual hourly rates for international personnel will be determined based on the nature of work to be done, skills required and geographic location • Where we are engaged as the S-O 404 advisor, there is no additional charge for the PwC Internal Control Workbench • Expenses will be billed as incurred. 30
Why PricewaterhouseCoopers? • Developed original COSO framework • Deep industry knowledge as leading service provider to refining and marketing companies • Thought leader on Sarbanes-Oxley • Develop technology tools specifically for S-O 404 • Perform numerous projects for energy industry (and across other industries), for audit and non-audit clients • Resources to help you wherever needed • Right tools - Internal Controls Workbench and Global Best Practices 31
Disclaimer Language It is Company management’s responsibility to determine the procedures deemed necessary in connection with your compliance with the provisions of the Sarbanes-Oxley Act of 2002 (the “Act”) and related SEC rules, to execute those procedures and to assess the results of your procedures and the adequacy thereof. Our Services should not be taken to supplant inquiries and procedures that the Company should undertake for purposes of obtaining and using the information necessary in connection with the Company’s compliance with the provisions of the Act and related SEC rules. Engagement acceptance is subject to mutually agreed upon terms and conditions. 32