190 likes | 321 Views
Denay Huddleston. Who Are We?. Safety Moment . Source: http://www.safetymoment.org/SafetyPresentation/Home/HomeGeneralSafety.pdf. About ConocoPhillips. ConocoPhillips is an international, integrated energy company with interests around the world Headquartered in Houston, TX 30 countries
E N D
Safety Moment Source: http://www.safetymoment.org/SafetyPresentation/Home/HomeGeneralSafety.pdf
About ConocoPhillips ConocoPhillips is an international, integrated energy company with interests around the world Headquartered in Houston, TX 30 countries Approximately 30,000 employees $153 billion of assets and $149 billion of revenues as of Dec. 31, 2009 Website: www.conocophillips.com
connect support IT Services 140 other companies’ networks daily 372 vendors and business partners daily 34,000 external users 13,000 viruses prohibited monthly 43,800 IT Service Desk requests monthly 1,280,000 inbound e-mails daily; 75% spam 1,800,000intrusion attempts blocked daily receive 14 petabytes storage capacity 35,000 SAP user IDs 40,200 personal computers supported 52,770 e-mail accounts 61,500 user IDs managed for employees, contractors and service accounts 60 million SAP transactions monthly 7
SOX • Sarbanes – Oxley Act • 2002. Standards act for all US public companies • Strengthen public accounting controls
Segregation of Duties Segregation of duties is critical to effective internal control because it reduces the risk of mistakes and inappropriate actions. It helps fight fraud by discouraging collusion. • Separation: • Approval • Accounting/reconciling • Asset custody • A detailed supervisory review of related activities is required as a compensating control activity if these functions cannot be separated in smaller departments. Source: http://map.ais.ucla.edu/portal/site/UCLA/menuitem.789d0eb6c76e7ef0d66b02ddf848344a/?vgnextoid=06e56d221c4c0110VgnVCM100000dcd76180RCRD
Mitigating Controls • Type of control used in auditing to discover and prevent mistakes that may lead to uncorrected and/or unrecorded misstatements that would generally be related to .
Comparison of the Economic Measures of MeritNet Present Value (NPV) Strengths • Properly accounts for the time value of money • Yields estimated picture of project profitability – uses after tax cash flow • Broadly used in industry Weaknesses • Gives no indication of magnitude of project (large or small investments can give large or small NPV) • Does not measure investment efficiency – project with highest NPV not necessarily the best project
Comparison of the Economic Measures of MeritAverage Annual Rate of Return (AARR) Strengths • Properly accounts for the time value of money • Yields estimated measure of Return on Investment – uses after tax cash flow • Can be compared to a minimum ROI for an accept/reject decision • Broadly used in industry Weaknesses • Gives no indication of magnitude of project (large or small investments can give large or small AARR) • Negative - Positive – Negative cash flows create multiple AARR’s
Comparison of the Economic Measures of MeritProfitability Index (PI) Strengths • Properly accounts for the time value of money • Provides indication of investment efficiency • Can be compared to a minimum PI for an accept/reject decision • Preferred tool for ranking projects Weaknesses • Gives no indication of magnitude of project (large or small investments can give large or small PI)
Current Process Paper approval form action steps Business Unit (BU) or Staff Group (SG) fills out exception request and mails the request to SOX coordinator SOX coordinator approves or denies, signs, and forwards request to SOX director SOX director approves or denies, signs, and forwards request to General Manager (GM) General Manager approves or denies, signs, and forwards request back to SOX director to keep and log all the requests Approve or Deny BU or SG request SOX Coordinator SOX Director General Manager SOX Coordinator Discuss and Recommend SOX Director BU or SG Hold Official Copy 15
Issues • Labor Intensive • Inefficient - Could take up to a month to get roles approved • Constant need for ‘Pushing’ request through • Lack of reporting functionality • Requesters don’t know the state of the requests
Project Goal • The goal of the project is to achieveglobal implementation of a software application to detect and prevent Segregation of Duties (SOD) conflicts within SAP and across other non-SAP applications. • Document required mitigating controls • Document the approval to Internal Control Standards (ICS) exceptions • Enhance controls relating to SAP “Super Users,” to and improve SAP user access provisioning. • Replace the existing laborious, inefficient and manual processes currently employed to identify, prevent and monitor SOD, mitigating controls, approved ICS exceptions and user provisioning
Project • Use AARR of 10% • Assume need to look at over 1000 roles Note: These are suggested only for the case of this classroom project. Do not represent actuals.