140 likes | 264 Views
OP US SOX 404 Project Update June 2, 2006 Jim Lobb and Andrew Redcliff. How Embedded We Are. How Embedded We Are. COB/COS interacts with Internal Audit Function, PWC, and reports remediation to Steering Committee Knowledge Transfer Super workshops Q4 2005 Status accountability at 1/06
E N D
OP US SOX 404 Project UpdateJune 2, 2006Jim Lobb and Andrew Redcliff
How Embedded We Are • COB/COS interacts with Internal Audit Function, PWC, and reports remediation to Steering Committee • Knowledge Transfer • Super workshops Q4 2005 • Status accountability at 1/06 • Training 60% complete • Average Knowledge Survey score (post training) 85% • Average Readiness score 4.3 out of 5.0 • Core courses converted to elearning • Q1Sign-off completed without issue by AoO leaders
Knowledge Transfer: Top 7 SOPUS Strategies • SOX Focal Point Involvement - Liaison between CoB/CoS’s, Project and Embedding Teams - Continue to serve as primary point of contact • Super Workshop - End to end process with whole system representation - Best practice borrowed from EPW • Customized Training - Consistent core content with customized ACD exercises for each CoB/CoS - Utilizes SME’s from businesses • Train-The-Trainer - Conducted training in remote locations - Nominated by each CoB/CoS - Build legacy of additional “go to” expertise in CoB/CoSs
Knowledge Transfer: Top 7 SOPUS Strategies, Cont’d • Embedding Training Model - Based on Embedding methodology developed from lessons learned in Lubes IT Pilot • Consists of: • Scoping: Planning, customization • Training Delivery: 3 mandatory courses • Wrap-up: After Action Review, Training Evaluation, Knowledge Results & Recommendations • Shifted Responsibility to the Business - Ownership for SOX processes systematically shifted from Project Team to CoB/CoSs - Enhanced CoB/CoS role remediation, audits and management response • Business Accountable to Steering Committee - Progress updates and remediation plans renew by Business Unit Management - Held accountable for meeting targets and deadlines
Training: Total Participants Trained by Organization Training status as of 5/23 As of 5/23 we are: 60% through delivery, but 95% through preparation
Training: SOPUS SOX Transition & Training Timeline Timeline as of 05/11/06
A. Downstream Pilot • Participated in YE2005 global design effort: • RASCI and Maintain Evidence Activities • Importance of desk- level activities and hidden population • Stakeholder Assessment development • RASCI chart (Appendix) • Role Definition for Maintain Evidence Activities (Appendix) C. CMT Training & KT • Used CMT program input to develop US courses • CMT adopted SOPUS training model • Participation in CMT workshops • Embedding provided to Business and IT • SOPUS LiveLink repository for all courses • 7 SOPUS KT Strategies • Training Timeline & Results • Training Curriculum • Train-the-Trainer Program B. GRA Structure • Defined SOPUS COE structure to centralize: • Ongoing support for CMT programs/PCM • System assurance and quality– the weak spot in external SOX implementations • Consistent, quality testing • Ongoing training delivery coordination • COE Organization Chart and staffing levels (Appendix) • Defined job descriptions Knowledge Transfer: Leveraging the CMT DS Program CMT Program SOPUS Support Deliverable(s) or Appendix
Knowledge Transfer: Lessons Learned “Surprised at how little people knew – after all the time spent on SOX” • Large level-of-effort needed by CoB/CoS to understand and accept the project team work. • Only the self-testing course gave staff a true understanding of what they were being asked to do. • Control mindset is not natural for most desk-level staff – even in IT. • SOPUS 6 hour core training is targeted at “passing the audit.” Courses gave multiple experiences to adapt CoB/CoS staff to control mindset.
Embedding Summary The Bottom Line “In our recent audit review of Controllers… We were impressed with the preparedness of the staff. Our audits are taking 50% of the usual time.” PricewaterhouseCoopers
Appendix - Deliverables • Appendix – Deliverables • RASCI with Maintain Evidence Responsibilities • Maintain Evidence Activities • Proposed COE Organization
DS GRA Manager* Cheng Kwee Ho DS GRA Manager* SOPUS Controller G-J. Smitskamp CoB Finance Manager DS Controls Manager DS Controls Manager Manager Financial Accounting & Assurance Y.Ammerman GRA Lead** (CoB) GRA Lead** (CoS) LUBES MOTIVA Aviation Retail SOPUS Supply SOPUS Distribution SOX Implementation & Systems Assurance Mgr. 1A SOX Focal Point*** SOX Focal Point*** Embedding PMO 7B For Each CoB 6 T. Morgan FTE = 1.0 1Q/2Q FTE = 8.0 3Q/4Q FTE = 0.0 C. Highwarden 7A Project Manager Mfg FTE = 8.0 P. Ponton *Only 1 Global GRA Mgr role FTE = 1.0 B. Manwaring Group Alignment Training Systems Assurance & Security 1 2 Testing Q/A & Audit Change Control & Monitoring 3 5 4 **GRA Lead Responsibilities FTE = 6.0 G. Pounders FTE = 1.0 JG (4/5) FTE = 16.0 JG (2/3) FTE = 3.0 JG (3) FTE = 1.0 JG (4) • HSE • Finance • Governance • Info Mgmt Data Input (2.0) Incident Mgmt. (1.0) EUC AEC SoD (3.0) 2006 SOX Project ***SOX Focal Point Responsibilities 7 1Q/2Q FTE = 42.0 3Q/4Q FTE = 0 JG (3) • Remediation/Coordination • Management Assessment • Standardize Templates • Routine Reporting • Attestation “Dry Run” Temporary Function SOX COE Appendix: 2006 OP US SOX 404 Organization - Proposed Need latest update from TM