1 / 21

OP SOX Webcast

OP SOX Webcast. 16 December 2005 GMT 10am and 3pm. Agenda. Status Company Level Controls Signoff Management Assessment Embedding. From project to embedded state License to be a public company and a legal obligation Include in 2006 GPAs. SOX 404 remains a Downstream Priority. Benefits.

zuriel
Download Presentation

OP SOX Webcast

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OP SOX Webcast 16 December 2005 GMT 10am and 3pm

  2. Agenda • Status • Company Level Controls • Signoff • Management Assessment • Embedding

  3. From project to embedded state License to be a public company and a legal obligation Include in 2006 GPAs SOX 404 remains a Downstream Priority Benefits • Regulatory compliance • Reputation • Controls framework • Standardisation, simplification • Compliance culture • Professionalism • Better documentation and understanding of controls/processes

  4. Project Overview • 2005 PROJECT CLOSE - IT • 97% of work completed • 92% of controls available for testing - tested and remediated • 2005 PROJECT CLOSE - BUSINESS • 85% of controls tested • 60% of these effective • BUSINESS SLIPPAGES • Burn-in for 500 monthly/quarterly controls • SoD remediation: AU, PH, UK & Brasil • EUC remediation in U.S. • IT SLIPPAGES • Burn-in time- 200 monthly/quarterly controls • Late scope changes • Y/e change freeze delays

  5. The 2006 challenge is to complete most work by June Q4 05 jan feb mar apr may jun jul aug sep oct nov dec Q1 07 Complete 05 work 07 Scope Q1 Sign off Define 06 Scope Update, test and remediate documentation Q2 Sign off Roll forwrd. test DE + OE ann.cntrls. Test operating effectiveness, incl. SAS 70s Q4 Sign off Q3 Sign off Remediate and re-test IAF complete 05 work + 06 scope IAF - test design/ operating effectiveness IAF close out 06 work EA 2005 Controls Assurance + 06 scope EA high- risk work EA design /operating effectiveness reviews and test and y/e assess. 05 Mgt. Assess. Trial Mgt. Assess. Pilots Complete Assess. 06 Dry run Identify 06 deficiencies Recruit, train and execute transition plan

  6. Success factors and hot spots for SOX compliance Success Factors • Leadership • “Tone from the top” • SOX methodology and programme • Stable and timely • Early lockdown of 2006 scope • Detailed and resourced 2006 plan • Embedding • Quality transfer to transition organization • Clear deliverables, roles and responsibilities • Tight change control protocol • Availability / quality of training modules/resources Hot Spots • Germany and U.S. • SSSCs • Streamline • Tax • SOD

  7. 70 “Top Down Risk Based Approach” DS OLA 700 AoO OLA 1,400 AoO D1 21 K 140 AoO D2 + D4 AoO transaction controls in scope for detailed testing AoO transaction controls not in scope for detailed testing due to reliance on CLCs 12,000 6,800 Company Level Controls (CLCs) have a wide impact Why are CLCs important? What are CLCs? • Controls • in control environment (OLA) • monitoring operation results (D4) • monitoring other controls • centralised • Mgt. risk assessment process • Centralised processing • Period-end financial reporting process (D1) Who owns these CLCs? • OLA: DLT (DS level) and CCT (AoOs) • D1: CoBs -- controllers have overall coordination/accountability • Compliance: everyone & always

  8. Signoff starts in the AoOs How are controls assigned to a class of business/function? • By control owner’s CoB/F What happens next? • CoB/F leaders in an AoO sign off for integrity of GreenLight data for controls owned by their respective AoO CoB/F organisations. • AoO Controller signs off for function controls on behalf of the functions. • GRA community - facilitates validation of data in GreenLight for the CoB/F signatories. • Signoff for an individual AoO = all signoffs of the AoO CoB leads plus the AoO controller. • Roll-up to a DLT signoff in support of DS Executive Director and DS EVP-FN, providing assurance to certifying officers.

  9. Management Assessment Management assessment is . . . • . . .quantification of the monetary impact of a deficient control • includes mitigating effects of effective compensating controls • . . . the aggregation and reporting of these deficiencies to the FRCC • Significant deficiencies -- reported to Audit Committee • Material weaknesses -- publicly reported Who performs management assessment? • Methodology being updated with results of a series of pilots • Expected: GRA community, with input from control owners; joint sign-off When? • First management assessment -- planned for Mar/Apr 2006

  10. The Business is accountable for embedding Embedding… the process to fully integrate steady state SOX404 requirements into the day2day operating & compliance activities

  11. Establishing the transition organisation is a first step Time (Not to scale)

  12. Draft Transition Organisation at Shell and DS Levels Main SOX404 Activities of GRA DS Sox Org Chart – Top Part CEO • Monitor changes and disseminate information • Group-wide reporting and planning • Support GRA in businesses EVP FN VP Control’r Shell Group GRA Mgr SOX Team EVP • Monitor changes and disseminate information • Support RESM / FARM • Drive continuous improvement • Guidance & expertise support for CoBs/AoOs • Coordinate embedding effort EVP DS FN Downstream Control’r GRA Mgr SOX Team CoB/F, Region, Country and AoO levels

  13. Draft Transition Organisation CoB/F and AoO Levels Main SOX404 Activities of GRA Downstream & Group Level Region • Translate changes, and information to CoB level • Synthesize testing & remediation results • Monitor common deficiencies • Communicate to DS and AoO GRA Reg. Control’r EVP CoB VP CoB FN Per CoB/F GRA Mgr Country SOX Co. Control’r • Monitor changes and disseminate information • Support RESM and FARM • Guide and support control owners • QA and synthesis on planning, testing and remediation • Resourcing and development of skills VP CoB Local Contrl’r AoO SOX Process Owner GRA Focal Pt. Control Owner Team/Pool

  14. Backup Slides

  15. Project Status by Class of Business

  16. Project Status by Function • Notes: • * “Blank” and “Other” controls are subject to final analysis and categorisation; they may be associated with either a CoB or a function. • IT numbers will decrease by 2200 with GreenLight cleanup.

  17. Progress has been made to contain slippage

  18. A few additional slippages are emerging

  19. Overview of Sign-Off Roll-up ROYAL DUTCH SHELL plc FRCC Functions Business EP/G&P/Downstream/GS/ Controller/Tax/CIO/Legal Trading/Renewables/Treasury Region/Class of Business/ Functions Region/ if appropriate Business Functions in AoO Internal Service Group Service - IT Providers Pro viders - in Functions AoO Pensions / SPS / Group Reporting Taxation - FCA / SSSC-Glasgow/ SSSC-KL Sign off cascade Confirmation to internal users via Green Light access

  20. Overview of Management Assessment Process Certifying Officers RDS Pl c. SOX 404 SOX 404 SOX 404 External auditors External Auditors Attestation Assessment Assessment A ssessment attestation CEO & CFO CEO & CFO • Review, evaluate, Financial challenge Audit Committee • Advise EC on assessment Reporting Controls Com. FRCC “ ” • Review / validate Business / Financial Controls Committee reports from • Interpret / evaluate Function businesses/functions deficiencies • Analyse / aggregate • Summarise / classify (via Region/ • Report to Central SOX 404 Team CoB as • Periodic sign off Advise FRCC • appropriate) Assurance • - Other controls data: Reporting of Reporting of • • Controls deficiencies / remediation • External audits • Periodic sign off - - • Assurance • Internal audits • BCIs GreenLight data OU /AoO OU / AoO Primary Reporting and Dialogue Information

  21. Embedding aims to deliver the DS Transition Organisation, with key positions filled, by 1 April 2006 Note:Tentative timeline - delivery dependent on effective mitigation of risks and issues

More Related