100 likes | 243 Views
SOPUS SOX Embedding Team Transition Planning Methodology: Activities, Deliverables and Targets. Presented to SOPUS Steering Committee November 15, 2005 Houston, Texas. Delivery, Transition & Embedding Stage Gates. Work effort depends on deliverable quality from the SOX team….
E N D
SOPUS SOX Embedding TeamTransition Planning Methodology: Activities, Deliverables and Targets Presented to SOPUS Steering Committee November 15, 2005 Houston, Texas
Delivery, Transition & Embedding Stage Gates Work effort depends on deliverable quality from the SOX team… CoB/CoS Organization Project Team Sustaining Project Delivery Project Delivery Transition Management • Requirements: • Coded-Accessible Repository • Recognition that every control register differs in size, scope and complexity • Match roles & solutions to each unique CoB/CoS • Requirements: • High quality products from team • Stable Methodology • Defined Deliverables • Realistic Project Stage Gates • Improved Project Discipline • Requirements: • Repeatable evidence • Clear management assessment process • Updates to existing registers • Knowledge of SOX assessment process for new “Trigger” items • Understand 302 & 404 reporting Embedding: Training/Communications/Change Management
12 Write new job descriptions (if applicable) Controls Organization Locations 13 Scope of any new project team(s) 10 User generates & maintains evidence 14 Set SOX COE (Compliance Office) structure Open items as of November 2005 15 Finalize OP GRA structure Management sign off & assessment 16 Auditor Attestation 17 Embedding Methodology: Steps in any Transition Key transition activities in any CoB/CoS to get to a sustainable SOX process… Stakeout the Critical Path with Focal Point: “Before Loss of Project Teams” 12/05 Sustainability 12/06 Set Scope Define Roles Set Training Audience Management Assessment 2 Line Management 6 Repository by register CoB to endorse Get staff “buy in” 8 11 Training evaluation & follow-up 1 3 Focal Points Train the Trainers 7 Deliver the training 9 4 Process Owner Control owner Control executor “Trigger” Events Periodic reviews & updates 5 Training curriculum module development Including specific control register (CR) case studies Highest level-of-effort for Embedding Team Effort more equally shared with CoB/CoS
Set Scope for CoB/CoS Transition 1 • “What’s it gonna take” work sessions • Control Register Scope (CR) • CoB/CoS organization & operations – especially geographically • Understand 2006/7 business plan for periodic and trigger events • Time line for one COB/CoS • Role of SOX Focal Point (SOXFP) • Commitment of time from SOXFP • Management introduction Define Transition & Sustaining Roles 2 3 4 • Roles & responsibilities work session(s) • Understanding Shell reporting matrix • Define who owns evidence and management assessment processes • Stakeholder analysis • Communication plan • Assessment of GRAE timing • Nominate SME’s for case studies and T-T-T (Activity 7) Specific Register Case Studies 5 • SME Work Sessions • CR team lead work sessions • Convert team work papers to training case studies • Need 1 case study for each CR • Include: CR, ACD, test scripts, evidence (hardcopy-electronic) Embedding Methodology – Plan Detail Transition and sustainability process: Activities & Deliverables… Step Activities Deliverable(s)
6 Specific Evidence Repository by Register • Match evidence repository to hardcopy evidence • Understand Greenlight, LiveLink & DFS file structure • SME/project team work sessions • Cross reference table • Summary training materials • Integrate with overall training modules 7 Train the Trainers • Develop case study exercises • Adapt existing presentation materials to suit personal style • Review available T-T-T video tapes • Adjust existing speaker notes • Get some jokes!!! • T-T-T role play/teach back session • How to teach from the material • Then add the war stories 8 Endorse Approach “Get Buy-in” • Observe attendees during training • Relate implantation to existing CoB/CoS “protocols” • Adapt to org and management style • Revise stakeholder map • Review communication plan • Feedback class reactions to CoB/CoS management • Build action plan Embedding Methodology – Plan Detail (cont’d) Transition and sustainability process: Activities & Deliverables… Step Activities Deliverable(s)
Deliver the Training 9 • Focus class on work, evidence & case studies • Use at least 2 person team: • SME for Control Register and Q/A • Trainer moves process along • CR/ACD/evidence handbook • Automated evaluation form • Manage attendee list • Report to CoB/CoS manager • Identify needed follow-up 10 User Generates Evidence • Build SOX activities in desk level job • Locate in appropriate repository • Report discrepancies to CoB/CoS management as they occur • Quarterly reviews with CoB/CoS management: • - Repeatable & routine evidence • - Spot-check of annual evidence 11 Write New Job Description (s) Training Evaluation and Follow-up 12 • Review existing roles & jobs • Recommend change to incorporate SOX activities • Coordinate with HR contact • Evaluate all SOX class outputs • Needs analysis w/BU management • Design & test follow-up activities • Revised job descriptions • Incorporate compensation changes • Transition to Shell Learning • Develop Web-based curriculum • Automate follow-up process Embedding Methodology – Plan Detail (cont’d) Transition and sustainability process: Activities & Deliverables… Step Activities Deliverable(s)
Scoping: What’s it gonna take for a CR in CoB/CoS 5 Role & Responsibilities Clarification 9 Deliver the Training 20 Sessions Train the Trainers 20 Sessions 5 7 1 Training Development 10 Modules Staff Hours Staff Hours Staff Hours Staff Hours Staff Hours Team 10 SME 20 Team 40 SME 40 Team 60 SME 60 Team 20-40 SME N/A Team 100 SME 100 Total 30 Total 80 Total 200 Total 120 Total 20-40 Staffing Requirements for BU Deliverables Staff hours estimate per CoB/CoS: Transition Team, CoB/CoS and SOX SME’s… Based on CoB/CoS training population of 45 per register
CoB/CoS evidence generation is forever… • Self Assessment • Testing • Scripts • Sampling Test of One Test of Many Evidence Guiding Principle: It’s about Evidence The SOX tools for Management Assessment: Documentation • Narrative • Flow Charts • Control Register Actual Control Description ACD (Only if referred to in ACD) * • Procedures • Records (P.O, Invoice)
CoB/CoS must: Generate, Maintain & Control Evidence Guiding Principle: CoB/CoS User Work Effort CoB/CoS user embedding level of effort varies with time… Understanding the project team existing body of knowledge • New process • Reorganization • New control interpretations • Portfolio rationalization • Offshore/outsourcing • New IT applications • Upgrade of IT apps User Level of Effort • Updates & revisions to existing controls First Qtr 2006 Evergreen “Periodic Reviews Continuous Improvement” As needed - defined by SOX “Triggers”
Process Owners Client Services Data Center Operations IT Infrastructure Manager Communications Database Technologies Server Technologies Client Services Client Services Server Technologies Data Center Operations Data Center Operations Server Technologies Database Technologies Communications Database Technologies Communications Gary Ramsey Mary Stuesser Jackey Gale 6 staff 7 staff 7 staff Pat Wray Cheryl Archie 5 staff Euan Sanguinetti Euan Sanguinetti Keith Milsap Clint Tate Rusty Rushton Kayoor Gajarawala Kevin Haden Cheryl Cowden 5 staff Overall Sign off Review & Sign off Generate Evidence Document & Test Guiding Principle: Hidden Population Summary One register, one department, one location requires 42 people to be trained. Converting roles to names… Control Owners Control Executors Desk Level Lubricants Infrastructure