1 / 14

SOX Transition Planning Lessons Learned from Lubes IT Pilot BUFP Principles – V4

SOX Transition Planning Lessons Learned from Lubes IT Pilot BUFP Principles – V4. Marty Stetzer & Jackey Gale Houston, Texas. Outline. Acceptance & sustainability model Insights to-date from Lubes IT pilot Vocabulary challenge Training content development challenge

decima
Télécharger la présentation

SOX Transition Planning Lessons Learned from Lubes IT Pilot BUFP Principles – V4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SOX Transition Planning Lessons Learned from Lubes IT PilotBUFP Principles – V4 Marty Stetzer & Jackey Gale Houston, Texas

  2. Outline • Acceptance & sustainability model • Insights to-date from Lubes IT pilot • Vocabulary challenge • Training content development challenge • BU work effort: varies with time • Transition plan to meet Lubes IT deadlines • Proposed BUFP model & role characteristics • Open discussion: Challenges & Lessons Learned

  3. “Sweet Spot” tailored to each Business Unit. Must fit into overall training and embedding strategy Business Unit Existing & New Business Processes Leverage SOX CR Teams RelevantSOX Content Targeted Training Lessons Learned Embedding means Sustainability Suggested acceptance & sustainability model…

  4. Lubes IT Embedding: Vocabulary Challenge Need better alignment and specifics with user department concerns… • Per Stan Mramor as a senior Lubes IT project owner… • “My key concern is that a transition plan is credible and actionable so that the receiving end can carry forward as the teams wind down this project.” • Current Embedding Definition • Change Management activities and processes to achieve an end state of successful SOX 404 attestation and ongoing operating and compliance activities resulting in improved business processes for the Shell Group

  5. C12 Register C11 Register • 3 Applications • 129 Controls • 680 Scripts • 14 Applications • 63 Controls • ??? Scripts Narrative 1 Flow charts 2 Controls 3 Scripts 4 X Technology Used • Excel - SPUD • Visio - LiveLink • Greenlight Level-of-Effort: Training Content Development Lubes IT: How to get SOX project team content accepted in the BU’s… • How much of testing & finalization user can absorb depends on quality (A) and complexity of scope (B) • Operational Roles • Change management • Incident & problem management • Configuration management • Process documentation • Understand evidence • SOX Technical Roles • Flow charts • Narratives • Monitor SOX Changes A B C = A X B Quality of Key Documents Tied to Methodology Scope of IT Effort

  6. User Department - Work Effort BU SOX embedding level of effort varies with time… User must: Generate, Maintain & Control Evidence Understanding the project team existing body of knowledge • New process • Reorganization • New control interpretations • Portfolio rationalization • Offshore/outsourcing • New IT applications • Upgrade of IT apps User Level of Effort • Updates & revisions to existing controls First Qtr 2006 Evergreen “Continuous Improvement” As needed defined by SOX “Triggers”

  7. 9 Switch key contractors or certain project team members to a Transition Team charge code Methodology Quick/Ref Handbooks 1 2 Deliverables - what worked for SOX teams C.12 Combined S/holder & Project Team Event(s) 10 Sustaining Activities 15 3 Plan developed Design & test pilot training 5 12 Training V2 4 Get resources 13 C.11 Combined S/holder & Project Team Event(s) 7 Stakeholder buy in 6 Identify SME’s Finalize role definition V1: Inputs: C. Brown, Team Leads, Embedding Team 8 Roles & Resources V2 11 14 Staffing Plan & Metrics Embedding team 16 17 SOPUS IT team 18 Best Practices – Lessons Learned Lubes IT: Proposed Transition Plan Deadlines Transition deadlines designed to help meet Lubes IT objectives… Xmas Content Development Training Roles Key Inputs & Coordination

  8. Preparing for Transition & Sustainability BU work effort and role composition changes at each stage… BU Organization Project Team Project Delivery Sustaining Transition Management • Requirements: • Stable Methodology • Coded-Accessible Repository • Defined Deliverables • Realistic Project Stage Gates • Improved Project Discipline • Requirements: • High quality products from team • Recognition that every control register differs in size, scope and complexity • Match roles & solutions to each unique BU • Requirements: • Updates to existing registers • Knowledge of SOX assessment process new items • Review of evidence • Understand 302 & 404 reporting Embedding: Training/Communications/Change Management

  9. Preparing for Transition & Sustainability Insert updated model from board… I will complete tomorrow.

  10. BUFP: Open Discussion A model: Need one focal point contact to get consistency… SOX Compliance Office Business Unit Participants BU Focal Point Project Team Knowledge Base & Lessons Learned New Interpretations & Best Practices Key Characteristics Business unit knowledge 1 SOX knowledge 2 • Technical knowledge, in Lubes IT • Applications • Infrastructure 3 Willing to accept responsibility 4

  11. AoO Owner Business Unit Process Owner Level 1 Control Review Business Unit Sub - Process Owner SOX (Support from Financial Manager) Project Level 2 Team Business Unit Level Control Owners Level 3 Business Unit Level Process Owners BUFP: Interfaces on the BU Side BU (SOX) participants defined early in 2005, as part of Control Review Process… SOX US

  12. Roles and Responsibilities BUFP role also defined early in 2005, as part of Control Review Process… • BU SOX Focal Point (one in each BU)… Look it over -Is this still correct??? • Is a member of the Level Two Control Review • Prime point of contact for SOX404 issues • Coordinates all SOX404 tasks • Works in concert with all BU employees to teach, facilitate, advise, and promote the culture and mindset of SOX compliance • Delivers training and communications targeted to their BU and its SOX processes • Assists the BU Fiscal Director, Process Owners, Process Executors, and Control Owners to exercise their responsibilities • Maintains, reviews, approves, and updates all SOX documentation in their BU • Coordinates Finance and Business Management SOX404 sign-off and will provide guidance on how to sign-off using Greenlight

  13. Lessons Learned from Lubes IT Pilot Things that must go right for BUFP to help with successful transition… • Start early…. It can take 4-6 weeks to get BU ready for transition from project team to BU SOX “owners”. • Ideal BUFP candidate knows the business and was closely involved with SOX project team. • For long term sustainability, best BUFP candidate is employee. • Embedding team will provide training guides and templates, • BUT examples, lessons learned, etc must come from your specific SOX project team.

  14. Thank You Any further questions, please contact: Jackey Gale – 713-546-XXXX Marty Stetzer – 713-419-6912

More Related