1 / 13

SOX 404 Management Assessment Process

SOX 404 Management Assessment Process. RDS Plc. Certifying Officers CEO & CFO. SOX 404 Assessment. External auditors attestation. Reporting of Controls deficiencies / remediation (GreenLight) Periodic sign-off Assurance. Management Assessment Overview.

rosa
Download Presentation

SOX 404 Management Assessment Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SOX 404 Management Assessment Process

  2. RDS Plc. Certifying Officers CEO & CFO SOX 404 Assessment External auditors attestation • Reporting of • Controls deficiencies / remediation (GreenLight) • Periodic sign-off • Assurance Management Assessment Overview Financial Reporting Controls Committee “FRCC” • Review, evaluate, challenge • Advise EC on assessment • Review / validate reports from businesses/functions • Analyse / aggregate • Advise FRCC Business / Function (via Region/CoB as appropriate) Central SOX 404 Evaluation Team • Interpret / evaluate deficiencies • Summarise / categorise • Report to central evaluation team • Periodic sign-off • Assurance • Other controls data: • External audits • Internal Audits • BCIs GreenLight data OU / AoO Primary Reporting and Dialogue Information

  3. FRCC Sign Off Cascade Business EP/OP/Chem/G&P/GS/Trading/ Renewables Functions Controller/Treasury/Tax HR/CIO/S&D Corp Affairs/Legal Region/Class of Business, If appropriate Region/ Business Internal Service Providers in Functions Pensions / SPS / FCA / FinOps / ATTRAC GroupService Providers Group Reporting Treasury AoO Functions in AoO IT Taxation Sign off cascade Confirmation to internal users via GreenLight Access

  4. Sign off AoOs, Regions, Class of Business, Business and Functions • Form of annual confirmation to the Financial Reporting Controls Committee (FRCC) by the senior finance and business representatives of Businesses, Region/Class of Business, AoOs and Functions . • “At the 31 December 20xx, the significant internal controls over financial reporting (ICOFR) for our area of • responsibility, and deemed to be in scope by the FRCC, are: • documented, recorded in GreenLight, assessed as effectively mitigating the related financial statement risks • and meeting the financial assertions. Evidence is available to support this evaluation and will be retained. • operating effectively based on detailed testing performed by Management. These tests have been updated to • the period-end where necessary. Evidence exists to support the results of these tests and will be retained. • This confirmation includes the ICOFR operated on our behalf by internal service providers based on the • assessment recorded by them in GreenLight for the control registers of the primary services provided. • Deficiencies • Significant internal controls that are not effective have been recorded in GreenLight and an action plan for • remediation exists and is summarised in GreenLight. • Non-effective controls have been reported and if required quantified in accordance with the Shell methodology • and reporting requirements for deficiencies”. DRAFT

  5. Sign Off Required April May June July Aug Sept Oct Nov Dec Jan Feb March Q1: Exceptions April/May Q2: Half Year Status Confirmation Q3: Dry Run Assessment Confirmation of design and operating effectiveness at Q3 and report control deficiencies July/Aug Q4: Annual Assessment Oct/Nov Feb/March Content and Timing of Quarterly Sign off Report Control deficiencies and changes to controls Confirmation of design effectiveness and confirmation of opertating effectiveness of OLA and IT General Controls and report control deficiencies Confirmation of design and operating effectiveness at year end and report control deficiencies

  6. DS SOX 404 AoO Signoff Protocol • LSDR & CC • Pro’s • Single point accountability • Consistent with other LSDR compliance responsibilities • Con’s • No COB ownership • No roll-up hierarchy • Dominant COB/S & CC • Pro’s • COB/S ownership for processes • Con’s • Single COB/S not responsible for total process • Subjective determination when no obvious candidate. • COB/S & CC • Pro’s • COB/S ownership of controls operated • Alignment with BAL & GRA • Focus on results delivery and risk management • Management controls are by COB/S • Competency Development • Faster = First CC = Country Controller 6

  7. AoO Sign-off Accountability Defined 7

  8. Sign-off rolls-up through the class of business RDS Accountability Facilitation ED DS EVP FN DS Other EVP Retail EVP DS Controller & GRA Retail CoB FN VP & GRA Other CoB CoB FN VP & GRA Germany Retail Lead Germany Controller

  9. Current Line of Business Focus Line of Business Responsibilities • Provide resources • Make themselves available “face time” • Accept responsibility for SOX (it is not a Finance exercise) • Comply with Financial Authorities, Procurement Policies, Investment Decision Guide, etc… • Execute ICOFRs they operate • Evidence ICOFRs • Exercise due diligence for signoff (see back-up slide)

  10. What Do You Need for AoO Attestation? Attestation   X      • 1. GreenLight Sign-off Readiness: • Design and Operational Effectiveness Assessment Complete • Remediation Plans Implemented • Self Assessment Complete • IAF Testing • 2. Other Business Leader Attestation: • Supplemental Review and Sign-off by BU Sub-Process Owners and Control Owners • Personal Review: • Remediation Plans • Exceptions w/ Control Owners • Business Leaders

  11. What Constitutes Attestation? Effective Design and Operation Control Registers in GreenLight = Attestation by Designated Signatory Signs-off for AoO          

  12. SOX in OP – Due Diligence for Signoff • Ensure documentation reflects actual processes (interviews, Greenlight Reports,etc..) • Review self-testing documentation to determine level of compliance/deficiency (how many controls are working) • Determine if classification of control as (in)/effective is consistent with self-testing evidence. • Review quantification of impact ($$$) assessment for reasonableness • Signoff in Greenlight consistent with findings of step i to iv. 12 DS FN LT meeting – 15 & 16 June 05 (London)

  13. SOX in OP – Finance Roles and Responsibilities • Business FN and Controllers • Champion for ICOFR to the LOB (ie: technical support, establish and enforce expectations, etc…) Good controls = Good Business • Monitor and follow-up remediation plans (this is currently done by the project team, but will be embedded) • Be alert for changes to the Business model that have potential SOX implications (new Retail model, Mayflower, Sunrise, etc…) • Exercise due diligence for signoff 13 DS FN LT meeting – 15 & 16 June 05 (London)

More Related