Beruflich Dokumente
Kultur Dokumente
Table of Contents
Course Topics & Learning Objectives Course Slides
Welcome, Class Introductions, Agenda Purpose & Function of Controls Core Controls Principles Control Standards Organizational Responsibilities Application of CIMS Summary & Additional Resources
Slides 1-4 Slides 5-21 Slides 22-33 Slides 34-42 Slides 43-48 Slides 49-61 Slides 62-67
Topics Definition, purpose, and function of controls The seven core controls principles ExxonMobils Controls Framework, including System of Management Control, Delegation of Authority Guide, Compliance Checks Controls Integrity Management System (CIMS) and its applications Additional resources
Learning Objectives Understand the purpose and function of controls Develop familiarity with the core controls principles and their applications Explain the purpose and describe each element of ExxonMobils Controls Framework Recognize the CIMS elements and their application in daily activities Know where to locate additional resources and appropriate contacts Describe and understand your role in the controls process
Class Introductions
Name Operating Function and Job Title Length of Employment with ExxonMobil Example of a Control Used in Your Personal Life
Slide 2
Agenda
Section 1: Purpose & Function of Controls Section 2: Core Control Principles Section 3: Control Standards Section 4: Organizational Responsibilities Section 5: Controls Integrity Management System (CIMS) Applications Additional Sources of Information
Slide 3
Training Objectives
Develop an understanding of the following:
Purpose and function of controls ExxonMobils Controls Framework & System of Management Control
Principles of control Delegation of Authority Guide (DOAG) Checks on the systems effectiveness ExxonMobil Controls Integrity Management System (CIMS)
Be able to recognize applications of these tools and concepts in your work position and ExxonMobil Know where to go for assistance and further information Describe and understand your role in the controls process
Slide 4
Slide 5
"Every day, employees at ExxonMobil are committed to the pursuit of operational excellence. We do this by delivering safe, reliable operations, improving energy efficiency, and maintaining strong business controls.
Slide 6
Slide 7
Slide 8
Controls are intended to mitigate the risk by lowering the probability and/or the severity of an occurrence
Point A in the red area reflects an unmitigated risk situation. Risk exposure can decrease to point B in the green area by having the proper controls in place.
Risk Exposure
High High I
Probability
Medium
Low
Severity
II III
Low IV
Slide 9
+
PROPER EXECUTION
In-Line Controls (e.g. Delegation of Authority Guide (DOAG)) Compliance Checks (e.g. Internal Assessments) Controls Integrity Management System (CIMS)
=
EFFECTIVE CONTROL ENVIRONMENT
Slide 10
Broad rules of the road for running the business Sufficiently broad to allow flexibility to local conditions Management required to establish systems/procedures to meet/exceed standards Compliance is mandatory; exceptions must be reported and reviewed by Audit
Slide 11
ExxonMobil
In-Line Controls
Employees should understand the purpose and operation of the specific controls associated with their specific job responsibilities These controls are called In-Line Controls You should be aware that:
Using SMC as a guide, control mechanisms are introduced as procedures to govern day-to-day activities In-line Controls are designed and owned by process owners and are an integral part of each employee's activities
Slide 12
Detective Controls
Occur after the transaction or event has been completed Examples include:
Review of control reports Reconciliation of accounts Analysis of operating results
Always execute detective controls in a timely fashion to minimize losses and corrective efforts
Slide 13
Controls in Practice
Credit
To ensure we extend credit only to credit worthy customers
Payroll
To ensure employees are paid accurately, on time, and with the proper deductions
Product
To ensure our products always have the right quality and proper quantity when we sell them to our customers
Slide 14
Controllers
Provide guidance and support to line management in the design, implementation and maintenance of the overall controls system. Controllers has an oversight responsibility to ensure that the controls system is functioning effectively
All Employees
Act as business owners, taking overall responsibility for the effectiveness of controls within their scope of responsibility
Slide 15
Slide 16
Control Breakdowns
What can cause control breakdowns?
Need for controls not recognized Inadequate instruction/ training Insufficient capital or human resources provided Improper priorities assigned Attitudes of employees, supervisors & managers Human error Management unaware of problem Supervisors not monitoring ongoing process Manager not informed
Slide 17
Discrimination
Slide 18
The UIA tests compliance with management defined control practices documented in business specific controls catalog Consider a control concern exposure scenario and ask the question: What could go wrong and what is the impact (i.e. inherent risk)?
Use a controls catalog to determine the control steps:
What should be done to manage the risk? What are the mitigating steps? How can control concerns be prevented or detected or the impact reduced?
Controls Catalog
Slide 20
Summary
Controls are all the methods to direct, restrain, govern, and check that business activities are conducted in accordance with managements directives The System of Management Control (SMC) Basic Standards is the foundation document of ExxonMobils controls system Line management, employees, and contractors have specific roles and responsibilities for designing, implementing, and maintaining cost-effective controls
Thoughts to Consider:
Who is in your line management? Who is the Controller/Controls Advisor for your group?
Slide 21
Slide 22
020-004: Relationship to financial and accounting controls 020-005: Principles of control 020-006: Organizational responsibilities
Slide 23
Slide 25
1. Decentralization of Management
Each organizational unit is expected to:
Exercise the maximum practicable management responsibility and authority within its area of operations Be fully accountable for results
ExxonMobil's philosophy is that all employees should be empowered to get the job done following the broad direction provided by the Corporation
C O N T R O L
Slide 26
Access to systems and specific system privileges can be used to achieve adequate segregation, therefore passwords should not be disclosed
Slide 27
3. Documentation
Commonly documented items:
Operating procedures, business events, and transactions
Slide 29
5. Timeliness
Records, reports and reviews should be prepared or performed on a timely and scheduled basis Timeliness permits prompt detection and repair of process problems
Slide 30
6. Relevance to Risk
Design or extent of controls should be proportional to the nature of the risk Cost of controls should be related to the benefits Controls must also consider the following implications:
Policy Political Ethical Environmental Safety
Slide 31
Slide 32
Summary
Following the seven core controls principles used by ExxonMobil will produce an effective controls environment What are the seven core controls principles?
1. 2. 3. 4. 5. 6. 7. Decentralization of Management Segregation of Duties and Responsibilities Documentation Supervision and Review Timeliness Relevance to Risk Independence of Controls
Slide 33
Slide 34
Delegation of Authority Personnel Administration Long-term strategic planning Near-term Business Planning & Performance Monitoring Capital Investment Financing & Investment Foreign Exchange Operations Contracting Systems, Computing & Networks Safeguarding Information Other Operating Controls Derivative Instruments
Slide 35
Financial Accounting Banking & Cash Funds Cash Disbursements Materials Accountability Revenues Cash Receipts Credit & Collection Property, Plant & Equipment Payroll & Employee Benefits
Slide 36
SMC 040
SMC 050
GFCM Dictionary
Slide 37
Overriding Principles:
No organization or individual is to exercise more authority than that which has been delegated Authority is granted to positions, not individuals Authority is limited to expenditures and transactions made within ones area of responsibility for which stewardship exists
Slide 38
Person legally approving (signing) is responsible to ensure they have legal authority and all DOAG approvals are in place
DOAG Authority
Granted by: Entitys Board of Directors Includes review and endorsement requirements May require shareholder final review of some transactions Must be in place to transact business in accordance with entitys System of Management Control (SMC)
Slide 39
Legal Authority
Granted by: Local legal/statutory definitions Corporate By-Laws Board Resolutions Powers of Attorney Must be in place to sign documents and legally transact business on behalf of an entity
DOAG parts:
Overview Preamble Profile Assignments Transaction Schedules General Use Schedule (corporate) Specific Use Schedule (by function) Local Extension (unique country) Glossary
Slide 40
Transaction Schedules
Check Restricted column to be sure your Department has authority to final review this transaction Determine which job position has authority to approve Read and satisfy any restrictions or comments Check Endorsements column and get written ones, if needed
Use the procedure in the DOAG Overview to remind yourself of all appropriate steps!
Slide 42
Slide 43
Slide 44
Responsible Groups
Management
Responsible for complying with policies and procedures
Internal Audit
Provide independent appraisals of a control system and test the systems effectiveness
Audit Committee
Advise Board of Directors on the effectiveness of control systems Monitor the work of internal and external auditors
Board of Directors
Ultimately responsible to the shareholders for the controls environment Appoint (subject to ratification by shareholders) external auditors to render an opinion on ExxonMobils consolidated financial statement
External Audit
Next slide discusses in more detail
Slide 45
Selected key internal controls over financial reporting are reviewed to evaluate their functionality
ie: entity level controls , Period End Financial Reporting (PERF)
Focused generally on the same countries annually (U.S., Canada, Germany, Benelux, Japan, Singapore)
This letter also serves as support for the Corporation's yearend representation letters to the Board Audit Committee and various filings and certifications to the SEC
Slide 47
Compliance Checks
Other elements of ExxonMobils compliance program include:
Audit & Controls reviews Process to communicate policies to new employees Annual Business Conduct Program Business Practice Reviews (every 4 years) Irregularities Reporting (8010) Influence all business partners to conduct business with highest integrity
Slide 48
Slide 49
Objective of CIMS:
To provide management with the tools they need to fulfill their responsibility for establishing and maintaining a cost effective control environment
Benefit of CIMS:
The SMC provides the broad parameters for an effective control environment; CIMS provides a consistent process to efficiently introduce appropriate controls and to sustain them over time
Slide 50
Element 7
Controls Integrity Assessment
Element 2
Risk Assessment
Element 6
Reporting and Resolution of Control Weakness
Element 3
Business Process Management and Improvement
Element 5
Management of Change
Element 4
Personnel and Training
Slide 51
OBJECTIVES
STANDARDS
PROCEDURES
Suggested series of steps which, when executed properly, fulfill the Standards. Alternative procedures acceptable if Standards are met.
EXPECTED RESULTS
5 VERIFICATION AND FEEDBACK MECHANISM A process exists to: Monitor performance Improve effectiveness
Desired outcomes from effective system execution Senior management ensures effective System execution
Slide 52
SECTION 5: APPLICATION OF CIMS Element 1: Management Leadership, Commitment, & Accountability Management Establishes the Framework for an Effective Controls Environment
Foster an environment encouraging prompt notification of concerns
Internal Assessments, Audit & Control Reviews Number & severity of irregularities Business Practices Review sessions
Standards
All employees recognize the importance and value of controls CIMS framework in place and functioning Sustained satisfactory audit results
Expected Results
Procedures
Slide 53
Standards
Risk assessments are consistent and comprehensive Clear ownership and accountability for controls in high-risk business processes
Use the CIMS or other approved risk assessment tool to classify risk
Expected Results
Procedures
Identify, document, and assign ownership for high risk business processes
Slide 54
Standards
Maintain controls catalogs & selfassessment templates for high risk business processes
Approved, global processes are used Controls responsibilities are defined, understood, and effectively executed Improvements sought
Expected Results
Procedures
Slide 55
% of employees receiving SMC, SBC, and formal controls training Use of a job handover process
Standards
Personnel know and understand the controls requirements of their positions, especially those with controls functions in high-risk business processes
Attend general controls training! Utilize job hand-over process for individuals moved to a new position Highlight controls responsibilities in controls catalogs
Expected Results
Procedures
Slide 56
% of personnel moves for which a job hand-over checklist was completed Existence of change management plans developed and approved in advance
Standards
Appropriate business controls are in place during and after the change Monitoring process exists to confirm that the change was properly implemented
Establish R&R for managing change Identify potential changes that may impact business controls Define, document, approve, and manage the change
Expected Results
Procedures
Slide 57
Audit & internal assessment gaps not closed within 6 months Number of repeat audit comments & irregularities
Standards
Prompt identification, reporting, and resolution of control weaknesses Sharing of lessons learned and corrective actions
Expected Results
Procedures
Reporting tool used to track and report control weaknesses, action plans, and resolution Report on business control plans and controls performance indicators
Slide 58
Standards
CIMS scoring mechanism is used to measure CIMS compliance and monitor progress
Internal assessments evaluate compliance with agreed business controls and include CIMS assessment Internal assessments are adequately documented
Develop & maintain plan for regular internal assessments at mid-point of audit
Expected Results
Procedures
Slide 59
Slide 60
Summary
CIMS is a structured and common process for establishing effective controls, compliance monitoring, and the timely resolution of control weaknesses What are the seven CIMS elements?
1. 2. 3. 4. 5. 6. 7. Management Leadership, Commitment, & Accountability Risk Assessment Business Process Management & Improvement Personnel & Training Management of Change Reporting & Resolution of Control Weaknesses Controls Integrity Assessment
Slide 61
SUMMARY
Key Messages
Controls are designed to mitigate risk (financial, regulatory, reputation) and assure orderly and predictable execution of management plans Controls should always be practical and their purpose should be clearly understood by those who execute them Controls should always be cost effective; the cost of introducing and maintaining a control should not exceed the benefit to be derived or exposure to be mitigated More controls do not necessarily result in better control; we need to periodically evaluate the continued relevance of controls in place
SUMMARY
+
PROPER EXECUTION
In-Line Controls (e.g. Delegation of Authority Guide (DOAG)) Compliance Checks (e.g. Internal Assessments) Controls Integrity Management System (CIMS)
=
EFFECTIVE CONTROL ENVIRONMENT
Slide 63
SUMMARY
Slide 64
SUMMARY
Additional Resources
Policy Booklets (SMC, SBC, CIMS, Manuals) Corporate Controllers Intranet Departmental Line Management
Supervisor Manager
Slide 65
SUMMARY
Intranet Resources
Corporate Controllers Intranet
Slide 66
SUMMARY
Intranet Resources
Corporate Controllers Intranet
Slide 67
BACK UP
SHE Project Manager Project Superintendent Lead Engineer Engineer Admin Asst
Operations Superintendent Land Supervisor Field Supervisor Tech Staff Admin Asst
R&E Supervisor
9 10 11 12
Slide 70
2. What departmental guidelines or procedures does your workgroup have in place for controls? In your current assignment, how are you involved? Company Plan Process Representation Letter Process Business Practice Reviews Risk & Self Assessment Processes "Red Book" Exception Reporting Irregularities reporting
3. For a major business task that you perform, walk through the control principles involved. If a Controls Template or Catalog exists for the process, review the control principles.
4. What is an example of something you might need to look up in the DOAG? Show your understanding of how to look it up by explaining the process you would follow?