1 / 8

London 28 November, 2005

DISCUSSION DOCUMENT. SOX404 Embedding in Downstream Operationalising the GRA function. London 28 November, 2005. This document is confidential and is intended solely for the use and information of the client to whom it is addressed.

senwe
Télécharger la présentation

London 28 November, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DISCUSSION DOCUMENT SOX404 Embedding in Downstream Operationalising the GRA function London 28 November, 2005 This document is confidential and is intended solely for the use and information of the client to whom it is addressed

  2. Operationalising of the GRA function across Downstream is now starting – there are clear Ground Rules underpinning this effort • The SOX Project will deliver a clean set of SOX404-compliant controls – these will have been • Documented • Tested • Remediated • The Embedding team will deliver the design and resource assessment for the Downstream Transition Organisation that will sustain the SOX requirements through 2006 and further • Key roles in the Transition Organisation, including key GRA positions, are to be in seat by end Q1 2006 in time for the dry-run management assessment • we are currently helping the AoOs design and deliver their resourcing strategies • The GRA organisation, although nominally responsible from 1 January 2006 for delivering and maintaining SOX compliance, will be heavily supported and trained during Q1 2006 by the Project team. The practicability of the 1/1/06 date would need to be considered in context of the transition planning.

  3. The split in responsibilities of the GRA function between RDS and the Businesses has been defined and agreed Overview of GRA responsibilities

  4. In the Downstream Business this translates to a set of SOX-related activities to be performed at each organisational level Key SOX404 GRA Activities • Monitor changes in the Downstream environment affecting SOX 404 and disseminate new information • Perform RESM / FARM assessments and review with group • Drive continuous improvement in processes & controls • Provide guidance and subject matter expertise for SOX methodology, Self testing, Business wide remediation plans, and QA • Drive and coordinate embedding : overall planning and coordination, recruiting, training, communication, and tools • Drive Transition Organisation to the fully embedded state Downstream CoB/S • Translate relevant changes, continuous improvement efforts, and other information affecting SOX 404 compliance from DS GRA to CoB • Synthesize global testing & remediation planning and results for the controls in CoB scope • Monitor common deficiencies and initiate appropriate action • Communicate upward to DS GRA • Effort needed at CoB/S/Regional/Country level estimated to be low (most additional work needed in AoO’s) • Monitor AoO changes and disseminate RDS and Business changes that effect SOX404 compliance • Support RESM and FARM risk assessments • Provide guidance and support to control owners and executors on methodology and execution of SOX activities, and on sign-off to AoO CoB lead and country controller • Perform QA on planning, testing and remediation work • Perform AoO synthesis of planning and test results • Ensure ongoing SOX capabilities building in the AoO, including behaviours effort • Ensure AoO is resourced for executing SOX activities AoO

  5. The 2006 SOX404 Programme Plan – updated 25 November 2005 jan feb mar apr may jun jul aug sep oct nov dec Q4 2005 Q1 2007 Complete 2005 OE testing + remediation (no retest) 2005 year end controls 2006 scope definition (confirm RESM + FARMs) 2007 Scope definition Documentation updated, tested & remediated for design effectiveness Q1 Sign off (End May) Initiate required SAS70’s – report on design effectiveness Q2 Sign off (Mid Aug) Operating effectiveness tested (incl OE report on SAS70’s) DE + OE annual controls Roll forward testing Q3 Sign off (End Oct) Q4 Sign off Remediation + retesting IAF complete 2005 programme + scope 2006 IAF design and operating effectiveness testing 2006 IAF close out 2006 activities EA design and operating effectiveness Reviews and testing EA high risk activities + Year end assessment EA 2005 Controls Assurance and scope 2006 Management Assessment Pilots 05 Management AssessmentTrial Complete Assessment 06 Dry run Preliminary deficiency identification 2006 Continuous deficiency identification Recruitment, Training and execution transition plan

  6. In order to operationalise the GRA function in Downstream as quickly as possible, we are working within an aggressive timeplan (FLT/DLT)

  7. Appendix

  8. 20,000 Analysis of Downstream SOX404 controls (source: Greenlight – confirmation required regarding finalisation of information Number of Downstream Controls (GL – 25 November 2005) Preliminary Source: Greenlight 25 November 2005

More Related