210 likes | 344 Views
DS GRA and SOX404 Organisation. Houston 1 June , 2006. DS GRA. The DS GRA organisation has been established to assist DS to successfully achieve the Goal to become a World Class Finance Function. DS Finance Functional Plan. RDS Finance Functional Plan.
E N D
DS GRA and SOX404 Organisation Houston 1 June , 2006
The DS GRA organisation has been established to assist DS to successfully achieve the Goal to become a World Class Finance Function DS Finance Functional Plan RDS Finance Functional Plan “The overall goal is to provide world class finance support and advice that delivers profitable downstream.” • – Ron Blakely, DS EVPF • “Sound controlsframework and compliance process” • “Compliance and Discipline” • “clear global standards that everyone complies with” • “manual of authority” • “non-negotiable compliance to standards” • “embed SOX 404” “My goal is to be a world-class Finance function by the end of the decade.” – Peter Voser, CFO • “Providing independent challenge and global systems to support control and compliance” • “Deepen the effective use of our risk based control framework” • “Investment proposals … include risk-assessment”
Within this context, the DS GRA vision has been created… Enablers* • Appropriate Tone at the Top • Effective use of Risk Management • Control environment that adds value • Compliance culture is embedded • Competent staff • Awareness of consequences of non-compliance • Global standards, local execution • Ownership & accountability optimally placed • Robust and open BCI reporting • Learnings applied across Shell Vision: Establish a world-class Downstream controls environment by the end of the decade * Not all of the enablers are the accountability of GRA
DS GRA process ownership responsibilities will be consistent with the global RDS GRA requirements To be discussed with Business Compliance Officer Process Ownership is predominant responsibility of DS Global CoB/ F GRA Managers The transition of each activity will be appropriately planned and executed Process Ownership is predominant responsibility of DS Financial Controls Manager
Three Key areas of GRA Responsibilities and Activities • Headed by Anno Scheltinga • Ultimate process owner for Governance, Risk, Assurance and Controls requirements • Secretary to Financial Reporting Controls Committee • Comprises a team of process SMEs, operating through a networked relationship with focal points within the DS GRA Organisation. RDS Controls, Governance & Assurance GRA • Headed by Cheng Kwee Ho • DS process owner for Governance, Risk, Assurance and Controls requirements • Comprised of a team of process SMEs with reporting lines within the DS GRA Organisation to align with where the process ownership sits • Working relationship through a network of local Business/Function focal points Downstream Governance Risk & Assurance GRA • Network of assurance providers within the Business/Function • Accountable for the process execution of Governance, Risk, Assurance and Controls requirements • Comprised of Business/Function SMEs with reporting lines within the respective Businesses/Functions to align with where the process execution/content ownership sits Downstream Business/Function Assurance LINE
DS SOX404 Organisation: Key Design Principles • Robust structure: • Cost effective • Sustainable • Consistency across DS • Reporting Lines and Working Relationships that enable: • Strong Governance and Independent challenge • On-going Standardisation and Simplification • Clear accountabilities • Conformity to SOX404 Steering Committee mandated design principles • Alignment with the Group strategy for the use of SSSC in order to optimise processes and controls to achieve standardisation, control improvements and cost benefits. • Fully integrated and focused Learning & Development to facilitate sustainable SOX compliance
The DS SOX404 Organisation structure is based on the mandated key design principles for SOX404 Accountability GRA: Effective SOX404 Process Line: Compliant SOX404 Content Accountabilities • ‘GRA’ owns the SOX404globalprocess per RDS SOX404 Methodology. • DS GRA Manager has single-point accountability for ensuring the SOX404 process: • Is robust; • Is applied consistently and accurately • Ensures completeness and transparency of the content via provision of Quality Assurance • Is appropriately supported (tools, structure, competencies) to ensure on-going sustainability; • Is fully integrated into business operations and assurance activities • DS GRA Manager is responsible for transitioning from Project to Embedded State Accountabilities • The ‘Line’ owns SOX404 content (actual controls narratives, evidence) • SOX404 signatories are accountable for ensuring that the content is: • Accurate: controls operating as designed, correctly assessed, appropriately remediated, accurately reported • Appropriate: effective controls mitigate SOX404 process risks & conform to SOX scope requirements. • Transparent: clear content meets quality standards; evidence is retained/maintained • Complete: all relevant business risks and considerations accounted for • Fully compliant with requirements of SOX404 global process and annual SOX cycle
DS SOX404 GRA Organisation Head of Controls, Governance & Assurance Anno Scheltinga DS GRA Manager Cheng Kwee Ho IT for Shell GRA Manager Henk Reimers Financial Controls Manager Risk Manager Ian Crawford GRA Projects Manager Julie Amey Retail GRA Manager Dave Davis Lubes GRA Manager Trevor Walters Mfg GRA Manager Elaine Wyrick S & D GRA Manager Carlo Stiore B2B GRA Manager Rafi Basheer Chemicals GRA Manager Frits Schneider Functions GRA Manager Tim O’Brien IT GRA Manager DS CIO Alan Matula SOX SMEs Scope/MA/ SOX Factory. Lead SOX SME QA/ GRA support Planning, Monitoring Reporting FC Learning Manager Security Manager (incl SoD) SOX Factory (GSAP) Lead/Team QA CoE Team UK GRA Lead US GRA Lead Germany GRA Lead NL GRA Lead* France/ Belux GRA Lead MED/Nord/CEE GRA Lead Australia GRA Lead Philippines GRA Lead Singapore GRA Lead Malaysia/ HK GRA Lead LA GRA Manager** Andre Nolte SOPAF GRA Manager** Graham Legge Size of GRA team to support Country/Cluster GRA Leads to be determined based on local requirements Temporary Roles (<4yrs) *Also primus inter pares **Dual roles: Business and Country GRA Lead
DS SOX404 GRA Organisation: CoB/Functions GRA Managers DS GRA Manager Cheng Kwee Ho IT for Shell GRA Manager Financial Controls Manager Risk Manager GRA Projects Manager Retail GRA Manager Lubes GRA Manager Mfg GRA Manager S & D GRA Manager B2B GRA Manager Chemicals GRA Manager Functions GRA Manager IT GRA Manager DS CIO CoB/Functions GRA Manager: SOX404 Role • Reports to DS GRA Manager • Identify and address systemic business and controls issues in CoB/F • Support CoB/F senior leaders in SOX Sign-off Process • Prepare/present SOX Management Information to CoB/F Senior Leaders/BAC • Working relationship with Financial Controls Manager/Team • Working relationship with Country/Cluster GRA Leads on an exception basis IT GRA Manager: SOX404 Role • Support DS IT SOX organisation (IT GRA Manager) • Liaise with Shell for IT CoE (IT GRA Manager) SOX SME RESM/FARM/Mngt Ass. SOX SME QA/ GRA Lead support Planning, Monitoring Reporting FC Learning Manager Security Manager (incl SoD) SOX Factory (GSAP) Lead/Team QA CoE Team UK GRA Lead US GRA Lead Germany GRA Lead NL GRA Lead France/ Belux GRA Lead MED/Nord/CEE GRA Lead Australia GRA Lead Philippines GRA Lead Singapore GRA Lead Malaysia/ HK GRA Lead LA GRA Manager SOPAF GRA Manager
DS SOX404 GRA Organisation: Financial Controls Manager/Team Financial Controls Manager and SMEs: Activities • Lead the Global SOX404 process in DS • Monitor and support Country/Cluster GRA Leads • Support non-AoO SOX Control Owners • Create a global synthesis for SOX404 controls to understand differences and standardisation opportunities • Implement new SOX Controls arising from GSAP project • Support change control (incorporating SOX impact assessment) process • Liase with/support CoB GRA; FCC; • Coordinate/Facilitate Management Assessment process and planning • Perform RESM/Support FARM • GreenLight Admin and Reporting; RAP Tracking and Reporting; Planning • NOTEs • FTEs for SOX Factory and QA CoE team TBD DS GRA Manager Cheng Kwee Ho IT for Shell GRA Manager Financial Controls Manager Risk Manager GRA Projects Manager Retail GRA Manager Lubes GRA Manager Mfg GRA Manager S & D GRA Manager B2B GRA Manager Chemicals GRA Manager Functions GRA Manager DS CIO IT GRA Manager SOX SME Scope/MA/ SOX Factory. Lead SOX SME QA/ GRA support Planning, Monitoring Reporting FC Learning Manager Security Manager (incl SoD) SOX Factory (GSAP) Lead/Team QA CoE Team Learning Manager • Delivery through Regional Training focal points in the Line • Liaise with Group to ensure alignment of direction • Work closely with QA team to identify/address competency gaps arising from QA findings Role/Term of SOX Factory and QA CoE Team (temp. roles) • SOX Factory in place to support GSAP roll-out (execution role) • Central QA team ensures standardisation/best practice across countries • Requirement for centralised QA will be reviewed on periodic basis • QA CoE team supports Country/Cluster GRA Lead to execute Quality Assurance Requirements (deployment/locality of team to be determined) UK GRA Lead US GRA Lead Germany GRA Lead NL GRA Lead France/ Belux GRA Lead MED/Nord/CEE GRA Lead Australia GRA Lead Philippines GRA Lead Singapore GRA Lead Malaysia/ HK GRA Lead LA GRA Manager SOPAF GRA Manager
DS SOX404 GRA Organisation: Country/Cluster GRA Leads/Team DS GRA Manager Cheng Kwee Ho IT for Shell GRA Manager Country/Cluster GRA Leads/(team) • RDS SOX404 Process SME • Manage ‘local’ transition from SOX project to embedded state • Support Controller/Senior Business Leaders to operationalise SOX processes • Support on-going SOX404 compliance: • Support FARM • prepare/roll-out SOX planning (QA, SOX Cycle/calendar; audit) • provide Quality Assurance to ensure conformity with methodology (via centrally controlled QA CoE team with in-country SMEs in Level 1 and 2 AoOs) • create synthesis of deficiency reporting and tracking • facilitate/co-ordinate Management Assessment (deficiency evaluation and sign-off) • Support identification of systemic business and control issues to assist with determination of root causes and advise appropriate actions • Provide support for local learning and competency development • Manage alignment of Group requirements and Line application/reality • Country Risk assessment process Financial Controls Manager Risk Manager GRA Projects Manager Retail GRA Manager Lubes GRA Manager Mfg GRA Manager S & D GRA Manager B2B GRA Manager Chemicals GRA Manager Functions GRA Manager DS CIO IT GRA Manager SOX SME RESM/FARM/Mngt Ass. SOX SME QA/ GRA Lead support Planning, Monitoring Reporting FC Learning Manager Security Manager (incl SoD) SOX Factory (GSAP) Lead/Team QA CoE Team UK GRA Lead US GRA Lead Germany GRA Lead NL GRA Lead France/ Belux GRA Lead MED/Nord/CEE GRA Lead Australia GRA Lead Philippines GRA Lead Singapore GRA Lead Malaysia/ HK GRA Lead LA GRA Manager SOPAF GRA Manager
EVP CoB CoB GRA Managers CoB GRA Managers CoB GRA Managers AoO CoB Leaders AoO Control Operators AoO Control Owners CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers SOX SMEs SOX SME SOX SME CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers DS SOX404 Organisation: summary of design principles DRAFT for discussion Exec. Dir DS Rob Routs DS VP Finance Ron Blakely ‘GRA’ ‘LINE’ DS VP Controller Jim Lobb DS GRA Manager Cheng Kwee Ho Regional Controller Regional Training Focal Pt Regional Testing Executn Team GRA Project Manager Functions GRA Manager IT GRA Manager Financial Controls Manager Risk Manager Country Controller Security Manager Planning, Monitoring Reporting Learning Manager Country/ Cluster GRA Leads CoB GRA Managers SOX Team Manager CoB GRA Managers CoB GRA Managers CoB GRA Managers SOX Team QA CoE GRA Lead Team SOX Factory GSAP CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers Temporary Roles (<4yrs)
AoO Controllers and CoB Leaders CoB EVPs CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers AoO CoB/F Control Operators AoO CoB/F Control Owners CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers DS USSOX404 Line Organisation – ‘run and maintain’ baseline assumption DRAFT for discussion GRA DS VP Controller Jim Lobb DS GRA Manager Cheng Kwee Ho US Regional Controller Geritt-Jan Smitskamp DS FC Manager TBA US GRA Lead Jeff Blackwell US SOX Team Manager US GRA Team TBD US Training Focal Point US OE Self Testing Execution Team US SOX SMEs
AoO Controllers and CoB Leaders CoB EVPs CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers AoO CoB/F Control Operators AoO CoB/F Control Owners CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers DS USSOX404 Line Organisation–‘Run and Maintain’ Baseline Assumptions DRAFT for discussion GRA DS VP Controller Jim Lobb DS GRA Manager Cheng Kwee Ho US Regional Controller Geritt-Jan Smitskamp DS FC Manager TBA US SOX Team Manager US GRA Lead Jeff Blackwell Group Alignment US Training Focal Point US OE Self Testing Execution Team Systems Assurance & Security Change Control & Monitoring US GRA Team TBD Data Input Incident Mgmt. EUC AEC
CoB Finance Manager GRA Focal Points CoB/CoS Appendix: 2006 OP US SOX 404 Organization - Proposed SOPUS Controller G-J. Smitskamp Manager Financial Accounting & Assurance Y.Ammerman DS GRA Manager Cheng-Kwee Ho SOX Implementation & Systems Assurance Mgr. 1A SOPUS Supply Retail SOPUS Distribution Mfg LUBES MOTIVA Aviation DS Controls Manager PMO 7B T. Morgan FTE = 1.0 Embedding 6 7A Project Manager 1Q/2Q FTE = 8.0 3Q/4Q FTE = 0.0 C. Highwarden GRA Leads (CoB/CoS) FTE = 8.0 P. Ponton B. Manwaring FTE = 1.0 Testing & Audit 3 Change Control & Monitoring 5 4 Systems Assurance & Security US GRA Lead Group Alignment 1 Training 2 FTE = 16.0 JG (2/3) FTE = 3.0 JG (3) FTE = 6.0 G. Pounders FTE = 1.0 JG (4/5) FTE = 1.0 JG (4) Incident Mgmt. (1.0) Data Input (2.0) 2006 SOX Project 7 EUC AEC SoD (3.0) 1Q/2Q FTE = 42.0 3Q/4Q FTE = 0 JG (3) Temporary Function SOX COE
AoO Controllers and CoB Leaders CoB EVPs CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers AoO CoB/F Control Operators AoO CoB/F Control Owners CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers DS USSOX404 Line Organisation – ‘run and maintain’ baseline assumption DRAFT for discussion GRA DS VP Controller Jim Lobb US SOX Team Manager and SMEs • Reports through to Controller with strong working relationship with Country/Cluster GRA Lead • Accountable for planning for Testing and preparation of Test Scripts with support from Regional Execution team • Conclude on DE and OE status • Prepare/Co-ordinate/Monitor Control updates and Remediation Action Plans (detailed planning) • GreenLight/EUC/SoD Update and Administration • Support Management Assessment • Execute Change Control requirements and FARM requirements • Incident Management DS GRA Manager Cheng Kwee Ho US Regional Controller Geritt-Jan Smitskamp DS FC Manager TBA US OE Regional Testing Execution Team • Reporting line to US SOX Team Manager • Regional focus for greater efficiency and effectiveness and enable consistency of skill-sets/competencies • Accountable for execution of testing in accordance with AoO Test Scripts and Testing Plan • Responsible to gather/ hand-over testing evidence • Support test script preparation • SSSC transition plan required US GRA Lead Jeff Blackwell US SOX Team Manager US Training Focal Point • Planning and execution of Learning and Development requirements US GRA Team TBD US SOX SMEs US Training Focal Point US OE Self Testing Execution Team
AoO CoB Leaders CoB GRA Managers CoB GRA Managers CoB GRA Managers AoO CoB/F Control Owners AoO CoB/F Control Operators CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers CoB GRA Managers DS SOX404 Line Organisation: Control Owners/Operators DRAFT for discussion DS VP Controller Jim Lobb EVP CoB GRA DS GRA Manager Cheng Kwee Ho Regional Controller Regional OE Self Testing Execution Team Control Owners • Reports through existing supervisory in CoB/F • Accountable for design of control • Accountable for Updating and Maintaining Controls • Responsible for performing control walk-throughs in accordance with methodology • Responsible for remediating control deficiencies in accordance with Remediation Action Plans (DE and OE) • Responsible for retaining evidence as required • Execute Change Control process requirements • Support Management Assessment process as required No additional FTEs in ‘run and maintain’– workload absorbed up to 10% annual control change Country Controller DS FC Manager Country/ Cluster GRA Lead SOX Team Manager Clustered Activities Control Operators • Reports through existing supervisory in CoB/F • Accountable for operating the control as designed • Responsible for retaining evidence as required • No additional FTEs in ‘run and maintain’ – workload absorbed Clustered Activities Clustered Activities Training Country/ Cluster GRA Team