case studies
Oil, Gas & Petrochemicals
Large ERP System Compliance with Sarbanes-Oxley Legislation for Segregation of Duties
- Client
- Major Oil and Gas Company
- Sector
- Oil, Gas & Petrochemicals
- Download as PDF
- Large ERP System Compliance with SOX Legislation for Segregation of Duties
Project description
The project was a major Global compliance program to ensure users of the client’s ERP system for Integrated Supply Planning (ISP) complied with the introduction of Sarbanes-Oxley (SOX) Legislation.
SOX compliance, including the SoD Program, was one of the key client objectives for 2005. The program aims were to ensure that all SoD violations that existed were either eliminated or mitigated, and access controls put in place in this major financial application.
Chaucer was asked by the client to provide program management support for the ISP SoD Program covering Europe, Africa, Middle East, Australia and the Far East - with some 9000 potential ISP users. We worked with the Finance, Control and Accounting (FC&A) department supported by the Digital Communications and Technology (DCT) function with the aim of ensuring the following: adequate and effective internal controls and procedures for ISP financial data and applications, ensuring all SoD user violations identified were eliminated, all violations that could not be eliminated had robust mitigation controls put in place. Additionally an overhaul of the current access controls was undertaken, and, going forward, clearer accountability for the ISP ERP systems was established.
Chaucer's scope
Align scope and deliverables between the two departments - FC&A and DCT. This was achieved by working with DCT in formulating their technical plan and ensuring this correlated with a developed implementation plan at local country level
Program management, governance and assurance
Planning, resource scheduling, progress monitoring and tracking
Production of local implementation plans, terms of reference and facilitating the appointment of 23 SoD local project managers
Co-ordination of the design and implementation of user access controls going forward
Assistance with operating process development and documentation.
Issue & risk management and mitigation
Meetings facilitation
Handover from central functions to local managers at project conclusion
Benefits
Chaucer’s wide experience of dealing with projects with global span, as well as harmonising the activities of two busy, strategic departments meant that the project remained focused on its objectives whilst interdependencies were effectively managed.
The project was very successful and met the client’s target for SOX compliance within the challenging 2005 deadline.
Chaucer’s methodologies for co-ordinating the disparate project managers - each operating within its own geographic culture, ensuring milestone deliverables were met
The Chaucer program support office further acted as the focal point for the sharing of best practices and the facilitation of workshops both in groups and via the web. This ensured that knowledge, methodology and key lessons learnt could be shared between the various local managers and implemented rapidly.
Once all violations at local country level had been eliminated or mitigated, Chaucer ensured a smooth hand-over between DCT and FC&A at local country level. This permitted day to day business to resume as soon as possible minimising negative impact on the local operations.
