Traditional approaches to IT management have included centralized, decentralized, federal and distributed structures, which also serve as useful labels for IT governance models (Peppard and Ward, 1999; Schwarz and Hirschheim, 2003).
The centralized IT governance model relies on a strong, positive, capable IT steering committee that is able to interact with the board directly, or through a one-step intermediary. All infrastructure proposals emanate from this group and all IT proposals need to gain its backing. It will have substantial delegated authority. It may be chaired by the CEO, another executive director, or a senior business manager. IT risk is one of its key areas of responsibility (along with benefits and strategy) but, as an holistic approach is necessary, this will not mean that a subcommittee is formed. In each of its formal meetings, risk reports will be produced for the board. Urgent risk matters will be dealt with on a pre-arranged basis (chairman and two others, for example), and those risks beyond a specified level will require participation of the full committee. Each segment of the risk portfolio will be the responsibility of an individual, who reports to this committee. In smaller organizations one individual may take responsibility for several of the segments. This committee should have a formal meeting with the board on a regular basis, at least annually. (more…)
Popularity: 11% [?]
The need for compliance is driven by various governmental and regulatory demands. The high profile acts of today include SEC, Sarbanes-Oxley and Basel II which were primarily driven by experiences of email mismanagement. The UK and US Freedom of Information Act laws have increased the visibility of email retention and accessibility during 2005. Legislation commonly calls for retention periods but may demand deletion following expiration of the retention period.
C2C system in his paper said that the requirement is usually to copy away all emails relating to subjects, departments or individuals before a user has a chance to manipulate or delete the information, providing a fully secure and audited record of email activity. System performance and selective retention have nothing to do with compliance; a solution to aid compliance is generally working behind the scenes, invisible to the end-user and with the archived copies accessible only by certain permitted Officers. Regulations are requiring various industries to store electronic information for a period of time. These new standards are pushing the need to archive.
Non-compliance with regulations is serious. (more…)
Popularity: 7% [?]
It is very important for all Oil & Gas companies to be aware that Compliance is the new Key Word in Information & Data Management.
Why should Oil & Gas companies be worried?
- ENRON was an Oil & Gas Company as well as a trading company that did not comply with its company laws & procedures
- The ENRON, Andersen Consulting & WorldCom scandals captured the public & media attention
- The shock of these scandals has made directors, managers & compliance professionals all around the world ask whether their compliance programs could detect & prevent the next ENRON
- Shell’s recent reserve overestimation and subsequent share nosedive has caused focus to be brought back onto Oil & Gas
How Compliance affects Oil & Gas Data Management
- Over/Under-estimation of Reserves - proving & knowing the integrity of your data
- Company processes and procedures being complied with by all staff, not just management - having processes & procedures in place
- Being Compliant with DTI’s Petroleum Operators Notices (PON) - PON14a&b (oil & gas surveys and shallow drilling) - new reporting requirements & deliverables - PON9 - record & sample requirements for CDA data storage
- The two most pertinent Governance, Risk & Compliance attributes for oil & gas IT/IS departments are: (more…)
Popularity: 5% [?]
1. Plan & Scope
-Financial Reporting Process
-Supporting Systems
2. Perform Risk Assessment
-Probability & Impact to Business
-Size / Complexity
3. Identify Significant Controls
-Application Controls, over initiating, recording, processing & reporting
-IT General Controls (more…)
Popularity: 7% [?]
Sarbanes Oxley Act Key Provision are:
- Auditor independence
- Creation of PCOB
- End of other services
- Corporate Responsibility
- Special audit committee
- CEO and CFO self certification re financial statements
- Enhanced Financial Disclosures
- Written code of ethics
- Annual report stating management responsibility for adequate control structure
- Corporate and criminal fraud accountability
- No destruction of documents
- Whistleblowing protection
Detail summary of the Provisions of the Sarbanes-Oxley Act of 2002 can be found at aicpa.org.
Popularity: 5% [?]