View
222
Download
0
Embed Size (px)
Citation preview
NameName PositionPosition Year of Year of ServiceService Alma MaterAlma Mater
Denay Denay HuddlestonHuddleston
Supervisor, Training Supervisor, Training & Functional & Functional DevelopmentDevelopment
2.52.5
Safety Moment Safety Moment
Source: http://www.safetymoment.org/SafetyPresentation/Home/HomeGeneralSafety.pdf
ConocoPhillips is an international, integrated energy ConocoPhillips is an international, integrated energy company with interests around the worldcompany with interests around the world
Headquartered in Houston, TXHeadquartered in Houston, TX 30 countries30 countries Approximately 30,000 employeesApproximately 30,000 employees $153 billion of assets and $149 billion of revenues as of $153 billion of assets and $149 billion of revenues as of
Dec. 31, 2009Dec. 31, 2009 Website: www.conocophillips.comWebsite: www.conocophillips.com
About ConocoPhillipsAbout ConocoPhillips
7
14 14 petabytes storage capacitypetabytes storage capacity35,000 35,000 SAP user IDs SAP user IDs 40,200 40,200 personal computers supported personal computers supported 52,770 52,770 e-mail accountse-mail accounts61,500 61,500 user IDs managed for employees, contractors user IDs managed for employees, contractors
and service accountsand service accounts60 million 60 million SAP transactions monthlySAP transactions monthly
13,00013,000 viruses prohibited monthlyviruses prohibited monthly
43,800 43,800 IT Service Desk requests monthlyIT Service Desk requests monthly
1,280,000 inbound e-mails daily; 75% spam1,280,000 inbound e-mails daily; 75% spam
1,800,0001,800,000 intrusion attempts blocked dailyintrusion attempts blocked daily
140 140 other companies’ other companies’
networks daily networks daily
372 372 vendors andvendors and business partners daily business partners daily
34,000 34,000 external users external users
support
receive
connect
IT Services
SOXSOX
Sarbanes – Oxley Act 2002. Standards act for all US public
companies Strengthen public accounting controls
Segregation of DutiesSegregation of Duties
Segregation of duties is critical to effective internal control because it reduces the risk of mistakes and inappropriate actions. It helps fight fraud by discouraging collusion.Separation:
Approval Accounting/reconciling Asset custody
A detailed supervisory review of related activities is required as a compensating control activity if these functions cannot be separated in smaller departments.
Source: http://map.ais.ucla.edu/portal/site/UCLA/menuitem.789d0eb6c76e7ef0d66b02ddf848344a/?Source: http://map.ais.ucla.edu/portal/site/UCLA/menuitem.789d0eb6c76e7ef0d66b02ddf848344a/?vgnextoid=06e56d221c4c0110VgnVCM100000dcd76180RCRDvgnextoid=06e56d221c4c0110VgnVCM100000dcd76180RCRD
Mitigating ControlsMitigating Controls
Type of control used in auditing to discover and prevent mistakes that may lead to uncorrected and/or unrecorded misstatements that would generally be related to .
Comparison of the Economic Measures of MeritComparison of the Economic Measures of MeritNet Present Value (NPV)Net Present Value (NPV)
StrengthsStrengths Properly accounts for the time value of moneyProperly accounts for the time value of money Yields estimated picture of project profitability – uses Yields estimated picture of project profitability – uses
after tax cash flowafter tax cash flow Broadly used in industryBroadly used in industry
WeaknessesWeaknesses Gives no indication of magnitude of project (large or Gives no indication of magnitude of project (large or
small investments can give large or small NPV)small investments can give large or small NPV)
Does not measure investment efficiency – project with Does not measure investment efficiency – project with highest NPV not necessarily the best project highest NPV not necessarily the best project
Comparison of the Economic Measures of MeritComparison of the Economic Measures of MeritAverage Annual Rate of Return (AARR)Average Annual Rate of Return (AARR)
StrengthsStrengths Properly accounts for the time value of moneyProperly accounts for the time value of money Yields estimated measure of Return on Investment – uses Yields estimated measure of Return on Investment – uses
after tax cash flowafter tax cash flow Can be compared to a minimum ROI for an accept/reject Can be compared to a minimum ROI for an accept/reject
decisiondecision Broadly used in industryBroadly used in industry
WeaknessesWeaknesses Gives no indication of magnitude of project (large or small Gives no indication of magnitude of project (large or small
investments can give large or small AARR)investments can give large or small AARR) Negative - Positive – Negative cash flows create multiple Negative - Positive – Negative cash flows create multiple
AARR’sAARR’s
Comparison of the Economic Measures of MeritComparison of the Economic Measures of Merit Profitability Index (PI)Profitability Index (PI)
StrengthsStrengths Properly accounts for the time value of moneyProperly accounts for the time value of money Provides indication of investment efficiencyProvides indication of investment efficiency Can be compared to a minimum PI for an accept/reject Can be compared to a minimum PI for an accept/reject
decisiondecision Preferred tool for ranking projectsPreferred tool for ranking projects
WeaknessesWeaknesses Gives no indication of magnitude of project (large or small Gives no indication of magnitude of project (large or small
investments can give large or small PI)investments can give large or small PI)
15
Current ProcessCurrent Process
Paper approval form action steps Business Unit (BU) or Staff Group (SG) fills out exception request
and mails the request to SOX coordinator SOX coordinator approves or denies, signs, and forwards request
to SOX director SOX director approves or denies, signs, and forwards request to
General Manager (GM) General Manager approves or denies, signs, and forwards
request back to SOX director to keep and log all the requests
BU or SG request
SOX Coordinator
SOX Director
General Manager
SOX Coordinator
SOX Director
BU or SG
IssuesIssues
Labor Intensive Inefficient - Could take up to a month to get roles
approved Constant need for ‘Pushing’ request through
Lack of reporting functionality Requesters don’t know the state of the requests
Project GoalProject GoalThe goal of the project is to achieve global implementation of a software application to detect and prevent Segregation of Duties (SOD) conflicts within SAP and across other non-SAP applications.
•Document required mitigating controls •Document the approval to Internal Control Standards (ICS) exceptions •Enhance controls relating to SAP “Super Users,” to and improve SAP user access provisioning. •Replace the existing laborious, inefficient and manual processes currently employed to identify, prevent and monitor SOD, mitigating controls, approved ICS exceptions and user provisioning
ProjectProject
Use AARR of 10%Use AARR of 10% Assume need to look at over 1000 rolesAssume need to look at over 1000 roles
Note: These are suggested only for the case of this classroom project. Do not represent actuals.