60 likes | 149 Views
DRAFT. DISCUSSION DOCUMENT. DS SOX404 Embedding Transition Organisation design and RASCI chart. London 19 December, 2005. DS SOX404 Transition Organisation 2006 : high level view. FOR DISCUSSION. DS VP Finance. DS CEO. DS Controller. DS GRA Manager. DS. Risk & Assurance.
E N D
DRAFT DISCUSSION DOCUMENT DS SOX404 Embedding Transition Organisation design and RASCI chart London 19 December, 2005
DS SOX404 Transition Organisation 2006 : high level view FOR DISCUSSION DS VP Finance DS CEO DS Controller DS GRA Manager DS Risk & Assurance SOX CoE(including Factory) Planning and Communication GRA Business Improvement CoB/S GRA Managers CoB Leaders VP CoB VP CoB Retail Lubes Mfg. Supply & Distribution B2B Chemicals Global CoB CoS CoB Chemicals Chemicals IT GRA Other GRA Regional Controller Regional GRA Manager (Role TBD) VP CoB Regional SOX404 Team (Role TBD) VP CoB VP CoB VP CoB Americas Region VP CoB VP CoB Americas EAST Americas EAST EU EAST EU EU AoO CoB Leader AoO Controller VP CoB VP CoB = Key positions to be resourced before end Q1 ‘06 AoO GRA Focal Point Control Owner (CoS) Control Owner Control Owner (CoB) Control Owner AoO1) Control Owner Control Owner Position with GL Sign-off responsibility CoB Focal Point SOX404 Team Business Focal Point Control Executor CoS Focal Point Business Focal Point Control Executor Control Executor Control Executor Control Executor Control Executor Control Executor 1) Reflects predominantly Level 1 and 2 AoOs
For completeness, in the Transition Organisation no direct SOX404 content responsibilities Interim Function Temporarily Function SOX404 Responsibilities at DS and CoB levels DS Controller DS GRA Manager FOR DISCUSSION
SOX404 Responsibilities at CoB and Regional level DS Controller DS GRA Manager FOR DISCUSSION Note: Relation/Interface between DS GRA Manager, CoB/S GRA Manager, and Regional GRA Manager to be determined
= Key position to be resourced before end Q1 ‘06 SOX404 Responsibilities at AoO levels Suggested SOX404 Transition Organisation1) (Risk Level 1 and 2) FOR DISCUSSION AoO CoB Leader AoO/Country Controller VP CoB VP CoB AoO GRA network AoO GRA Focal Point Control Owner (CoS) Control Owner Control Owner (CoB) Expertise, Support/ Execution Control Owner Control Owner Expertise, Support/ Execution Control Owner Control Executor Control Executor Control Executor Control Executor CoB Focal Point2) Control Executor SOX404 Team Business Focal Point Control Executor Business Focal Point CoS Focal Point2) Control Executor CoB/S Focal Point • Monitor change in CoB • Execute (support) under responsibility of Control Owners: • Adapt Controls + Documentation • Walkthrough • Self-Testing • Remediation • Support the SOX404 management process in a COB/S SOX404 Team (might be AoO GRA Focal Point in small AoOs) • Support FARM • QA (partly/fully pooled in region/TBD) • Execute Greenlight updates under responsibility of Control Owners • Support knowledge transfer and training AoO GRA Focal Point • Execute FARM • Planning for: adapt controls, self-testing, remediation • Drive AoO management assessment process (synthesis and analysis of test results to support AoO sign-off) • Support knowledge transfer and training Responsibilities/ Activities Key Interfaces • AoO GRA Focal Point • CoB/S Focal Points • Control Owners • AoO CoB Leader • AoO GRA Focal Point, SOX404 Team • Control Owners • AoO Controller • Regional GRA Manager • SOX404 Team • CoB/S Focal Points • Control Owners (1) For level 3 AoOs similar features may be designed on a cross-country or regional level (2) The CoB/S Focal Point does not necessarily reside or report into Finance in a CoB/S
Downstream Transition Organisation RASCI-chart SOX404 Transition Organisation – RASCI-chart For Discussion Comments • Having Responsibility for an activity does not mean that that role is executing that activity, i.e. although the Control Owner is responsible for self-testing of his control, the execution of the self-test and GL update can be done by the SOX404 Team (Support) • Changes or trigger events (changes in process, business, methodology, acquisitions) are constantly monitored by responsible stakeholders and might then cause an off-cycle start of Reassess Scope and Adapt Controls and Documentation • IT link with business being developed by IT embedding workstream Roles Activity R: Responsible to do it or get it done A: Accountable, signs off on internal controls over financial reporting (ICOFR) for area of responsibility S: Provides support to the responsible party C: Must be consulted on activities and results I: Must be informed about activities and results 1) The planning part of these activities will be taken on by the AoO GRA Focal Point or his SOX404 team 2) Whether or not walkthroughs should be obligatory for all controls is currently under review 3) Quality Assurance can be part of Documentation, Self-Testing, and Remediation