Denay HuddlestonDenay Huddleston

NameName PositionPosition Year of Year of ServiceService Alma MaterAlma Mater

Denay Denay HuddlestonHuddleston

Supervisor, Training Supervisor, Training & Functional & Functional DevelopmentDevelopment

2.52.5

Safety Moment Safety Moment

Source: http://www.safetymoment.org/SafetyPresentation/Home/HomeGeneralSafety.pdf

ConocoPhillips is an international, integrated energy ConocoPhillips is an international, integrated energy company with interests around the worldcompany with interests around the world

Headquartered in Houston, TXHeadquartered in Houston, TX 30 countries30 countries Approximately 30,000 employeesApproximately 30,000 employees $153 billion of assets and $149 billion of revenues as of $153 billion of assets and $149 billion of revenues as of

Dec. 31, 2009Dec. 31, 2009 Website: www.conocophillips.comWebsite: www.conocophillips.com

About ConocoPhillipsAbout ConocoPhillips

7

14 14 petabytes storage capacitypetabytes storage capacity35,000 35,000 SAP user IDs SAP user IDs 40,200 40,200 personal computers supported personal computers supported 52,770 52,770 e-mail accountse-mail accounts61,500 61,500 user IDs managed for employees, contractors user IDs managed for employees, contractors

and service accountsand service accounts60 million 60 million SAP transactions monthlySAP transactions monthly

13,00013,000 viruses prohibited monthlyviruses prohibited monthly

43,800 43,800 IT Service Desk requests monthlyIT Service Desk requests monthly

1,280,000 inbound e-mails daily; 75% spam1,280,000 inbound e-mails daily; 75% spam

1,800,0001,800,000 intrusion attempts blocked dailyintrusion attempts blocked daily

140 140 other companies’ other companies’

networks daily networks daily

372 372 vendors andvendors and business partners daily business partners daily

34,000 34,000 external users external users

support

receive

connect

IT Services

What you need to know What you need to know for the project…for the project…

SOXSOX

Sarbanes – Oxley Act 2002. Standards act for all US public

companies Strengthen public accounting controls

Segregation of DutiesSegregation of Duties

Segregation of duties is critical to effective internal control because it reduces the risk of mistakes and inappropriate actions. It helps fight fraud by discouraging collusion.Separation:

Approval Accounting/reconciling Asset custody

A detailed supervisory review of related activities is required as a compensating control activity if these functions cannot be separated in smaller departments. 

Source: http://map.ais.ucla.edu/portal/site/UCLA/menuitem.789d0eb6c76e7ef0d66b02ddf848344a/?Source: http://map.ais.ucla.edu/portal/site/UCLA/menuitem.789d0eb6c76e7ef0d66b02ddf848344a/?vgnextoid=06e56d221c4c0110VgnVCM100000dcd76180RCRDvgnextoid=06e56d221c4c0110VgnVCM100000dcd76180RCRD

Mitigating ControlsMitigating Controls

Type of control used in auditing to discover and prevent mistakes that may lead to uncorrected and/or unrecorded misstatements that would generally be related to .

Comparison of the Economic Measures of MeritComparison of the Economic Measures of MeritNet Present Value (NPV)Net Present Value (NPV)

StrengthsStrengths Properly accounts for the time value of moneyProperly accounts for the time value of money Yields estimated picture of project profitability – uses Yields estimated picture of project profitability – uses

after tax cash flowafter tax cash flow Broadly used in industryBroadly used in industry

WeaknessesWeaknesses Gives no indication of magnitude of project (large or Gives no indication of magnitude of project (large or

small investments can give large or small NPV)small investments can give large or small NPV)

Does not measure investment efficiency – project with Does not measure investment efficiency – project with highest NPV not necessarily the best project highest NPV not necessarily the best project

Comparison of the Economic Measures of MeritComparison of the Economic Measures of MeritAverage Annual Rate of Return (AARR)Average Annual Rate of Return (AARR)

StrengthsStrengths Properly accounts for the time value of moneyProperly accounts for the time value of money Yields estimated measure of Return on Investment – uses Yields estimated measure of Return on Investment – uses

after tax cash flowafter tax cash flow Can be compared to a minimum ROI for an accept/reject Can be compared to a minimum ROI for an accept/reject

decisiondecision Broadly used in industryBroadly used in industry

WeaknessesWeaknesses Gives no indication of magnitude of project (large or small Gives no indication of magnitude of project (large or small

investments can give large or small AARR)investments can give large or small AARR) Negative - Positive – Negative cash flows create multiple Negative - Positive – Negative cash flows create multiple

AARR’sAARR’s

Comparison of the Economic Measures of MeritComparison of the Economic Measures of Merit Profitability Index (PI)Profitability Index (PI)

StrengthsStrengths Properly accounts for the time value of moneyProperly accounts for the time value of money Provides indication of investment efficiencyProvides indication of investment efficiency Can be compared to a minimum PI for an accept/reject Can be compared to a minimum PI for an accept/reject

decisiondecision Preferred tool for ranking projectsPreferred tool for ranking projects

WeaknessesWeaknesses Gives no indication of magnitude of project (large or small Gives no indication of magnitude of project (large or small

investments can give large or small PI)investments can give large or small PI)

15

Current ProcessCurrent Process

Paper approval form action steps Business Unit (BU) or Staff Group (SG) fills out exception request

and mails the request to SOX coordinator SOX coordinator approves or denies, signs, and forwards request

to SOX director SOX director approves or denies, signs, and forwards request to

General Manager (GM) General Manager approves or denies, signs, and forwards

request back to SOX director to keep and log all the requests

BU or SG request

SOX Coordinator

SOX Director

General Manager

SOX Coordinator

SOX Director

BU or SG

IssuesIssues

Labor Intensive Inefficient - Could take up to a month to get roles

approved Constant need for ‘Pushing’ request through

Lack of reporting functionality Requesters don’t know the state of the requests

Project GoalProject GoalThe goal of the project is to achieve global implementation of a software application to detect and prevent Segregation of Duties (SOD) conflicts within SAP and across other non-SAP applications.

•Document required mitigating controls •Document the approval to Internal Control Standards (ICS) exceptions •Enhance controls relating to SAP “Super Users,” to and improve SAP user access provisioning. •Replace the existing laborious, inefficient and manual processes currently employed to identify, prevent and monitor SOD, mitigating controls, approved ICS exceptions and user provisioning

ProjectProject

Use AARR of 10%Use AARR of 10% Assume need to look at over 1000 rolesAssume need to look at over 1000 roles

Note: These are suggested only for the case of this classroom project. Do not represent actuals.

QuestionsQuestions