2012 - controls awareness training - course booklet

7/27/2019 2012 - Controls Awareness Training - Course Booklet

1/28

Controls Awareness Training

Course Booklet2012


2/28

Table of Contents

Course Topics & Learning Objectives

Course Slides

Welcome, Class Introductions, Agenda Slides 1-4

Purpose & Function of Controls Slides 5-21

Core Controls Principles Slides 22-33

Control Standards Slides 34-42

Organizational Responsibil ities Slides 43-48

Application of CIMS Slides 49-61

Summary & Additional Resources Slides 62-67

Post Class Exercise


3/28

Controls Awareness TrainingCourse Topics & Learning Objectives

During this session, we will examine a series of topics designed to provide youwith a fundamental knowledge of ExxonMobils basic controls processes. A post-class exercise is also included to reinforce the training topics, encourage opendialogue with your supervisor, and challenge you to assess your role inExxonMobils controls environment.

Topics

Definition, purpose, and function of controls The seven core controls principles ExxonMobils Controls Framework, including System of Management

Control, Delegation of Authority Guide, Compliance Checks Controls Integrity Management System (CIMS) and its applications Additional resources

Learning Objectives

Understand the purpose and function of controls Develop familiarity with the core controls principles and their applications

Explain the purpose and describe each element of ExxonMobils ControlsFramework Recognize the CIMS elements and their application in daily activities Know where to locate additional resources and appropriate contacts Describe and understand your role in the controls process


4/28

Slide 2

Class Introductions

Name

Operating Function and Job Title

Length of Employment with ExxonMobil

Example of a Control Used in Your Personal Life

Slide 3

Agenda

Section 1: Purpose & Function of Controls

Section 2: Core Control Principles

Section 3: Control Standards

Section 4: Organizational Responsibilities

Section 5: Controls Integrity Management System (CIMS) Applications

Additional Sources of Information


5/28

Slide 4

Training Objectives

Develop an understanding of the following:

Purpose and function of controls

ExxonMobils Controls Framework & System of Management Control

Principles of control

Delegation of Authority Guide (DOAG)

Checks on the systems effectiveness

ExxonMobil Controls Integrity Management System (CIMS)

Be able to recognize applications of these tools and concepts inyour work position and ExxonMobil

Know where to go for assistance and further information

Describe and understand your role in the controls process

Slide 5

SECTION 1:PURPOSE & FUNCTION OF CONTROLS

Slide 6

Here is an Interesting Quote:

Rex Tillerson (Chairman & CEO)

"Every day, employees at ExxonMobil are committed tothe pursuit of operational excellence. We do this by

delivering safe, reliable operations, improving energyefficiency, and maintaining strong business controls .

Excerpt from 2008 Financial and Operating Overview

SECTION 1: PURPOSE & FUNCTION OF CONTROLS


6/28

Slide 7

Key Concepts of Controls

What are controls? The systems and procedures devised by an organization to:

DirectRestrainGovernCheck

the performance of business activities

Systems and procedures include:PoliciesTrainingReporting responsibilitiesCommunicationAuthorities


Slide 8

Key Concepts of Controls

Why controls? Controls are designed to ensure:

Business is conducted in accordance with managements directivesEffectiveness and efficiency of operationsReliability of financial reportingAssets (including information) are safeguarded and their integrity maintainedCompliance with applicable laws and regulations

Legal requirements (Sarbanes-Oxley Act of 2002):Management to report on effectiveness of internal controls and financialreporting proceduresCompanys external auditors to report on and attest to managementsinternal controls


Slide 9

Severity

High Medium Low

High

I

IIIII

LowIV

ProbabilityRisk

Exposure

A

B

Controls and Risk ExposureSECTION 1: PURPOSE & FUNCTION OF CONTROLS

Risk results from a combination of: An exposure The probability of an undesirable outcome occurring

Controls are intended to mitigate the risk by lowering theprobability and/or the severity of an occurrence Point A in the red area reflects an unmitigated risk situation. Risk

exposure can decrease to point B in the green area by having theproper controls in place.


7/28

Slide 10

SECTION 1: PURPOSE & FUNCTION OF CONTROLSComponents of ExxonMobils Controls Framework

Corporate Policies

System of Management Control - Basic Standards (SMC)

Controls Integrity Management System (CIMS)

Compliance Checks

In-Line Controls CONTROL

FRAMEWORK

+PROPER

EXECUTION

=EFFECTIVE

CONTROL

ENVIRONMENT

(e.g. Delegation of Authority Guide (DOAG))

(e.g. Internal Assessments)

Slide 11

ExxonMobils SMC Basic Standards

System of Management Control (SMC) Foundation document of ExxonMobils controls system Provides management with basic criteria, knowledge, and tools for

establishing effective management controls


System ofManagementControl

Basic Standards

ExxonMobil

Includes core policies, basic controlexpectations and a structure for ensuringthat controls are functioning

Broad rules of the road for running thebusiness

Sufficiently broad to allow flexibilityto localconditions

Management required to establishsystems/procedures to meet/exceedstandards

Compliance is mandatory; exceptions mustbe reported and reviewed by Audit

Slide 12

In-Line Controls

Employees should understand the purpose and operation ofthe specific controls associated with their specific jobresponsibilities

These controls are called In-Line Controls

You should be aware that: Using SMC as a guide, control mechanisms are introduced as

procedures to govern day-to-day activities In-line Controls are designed and owned by

process owners and are an integral part ofeach employee's activities

Two types of In-Line Controls Preventative Controls Detective Controls



8/28

Slide 13

SECTION 1: PURPOSE & FUNCTION OF CONTROLSIn-Line Controls: Preventative and Detective

Preventative Controls Occur before the transaction or event has been completed Examples include:

Access controls (e.g., building access, computer systemaccess)Credit checksJob handover checklists

Detective Controls Occur after the transaction or event has been completed Examples include:

Review of control reportsReconciliation of accountsAnalysis of operating results

Always execute detective controls in a timely fashion tominimize losses and corrective efforts

Slide 14

Controls in Practice

Credit To ensure we extend credit only to credit worthy customers

Payroll To ensure employees are paid accurately, on time, and with the proper

deductions

Product To ensure our products always have the right quality and proper

quantity when we sell them to our customers


Slide 15

Responsibility for Controls

Line Management Ultimate responsibility and ownership for all actions taken within its area

of responsibility including the design, operation and maintenance of costeffective control mechanisms

Controllers Provide guidance and support to line management in the design,

implementation and maintenance of the overall controls system. Controllers has an oversight responsibility to ensure that the controls

system is functioning effectively

All Employees Act as business owners, taking overall responsibility for the

effectiveness of controls within their scope of respon sibility



9/28

Slide 16

SECTION 1: PURPOSE & FUNCTION OF CONTROLSGeneral Guidelines for Controls

You should understand a few general guidelines that apply toall controls

All controls must be: Documented

Communicated

Understood (existence, meaning, and use) by all those concerned

Supported by processes to ensure compliance

Supported by management

Slide 17

Control Breakdowns

What can cause control breakdowns?

Need for controls not recognized

Inadequate instruction/ training

Insufficient capital or human resources provided

Improper priorities assigned

Attitudes of employees, supervisors & managers

Human error

Management unaware of problem

Supervisors not monitoring ongoing processManager not informed


Slide 18

Financial Irregularities

Antitrust ActivitiesFCPA Violations

Data Privacy

Other

Discrimination

It Cant Happen to Us, Right?SECTION 1: PURPOSE & FUNCTION OF CONTROLS


10/28

Slide 19

The primary purpose of a Unit Internal Assessment (UIA) is totest the integrity of a Units business process controls system,the effectiveness of execution of controls, and compliance withthe Controls Integrity Management System (CIMS) Each UIA occurs at the mid point of the audit cycle

The UIA tests compliance with management defined controlpractices documented in business specific controls catalog

Consider a control concern exposure scenario and ask thequestion: What could go wrong and what is the impact (i.e. inherent risk)?

Use a controls catalog to determine the control steps:What should be done to manage the risk?What are the mitigating steps?How can control concerns be prevented or detected or the impact reduced?

Use a controls catalog to determine the control tests:How do you v erify if its working?

Unit Internal AssessmentsSECTION 1: PURPOSE & FUNCTION OF CONTROLS

Slide 20

Controls CatalogSECTION 1: PURPOSE & FUNCTION OF CONTROLS

Slide 21

SECTION 1: PURPOSE & FUNCTION OF CONTROLSSummary

Controls are all the methods to direct, restrain, govern, and checkthat business activities are conducted in accordance withmanagements directives

The System of Management Control (SMC) Basic Standards isthe foundation document of ExxonMobils controls system

Line management, employees, and contractors have specificroles and responsibilities for designing, implementing, andmaintaining cost-effective controls

Thoughts to Consider: Who is in your line management? Who is the Controller/Controls Advisor for your group?


11/28

Slide 22

SECTION 2: CORE CONTROL PRINCIPLES

SMC Section 020-005

Slide 23

SMC Section 020SECTION 2: CORE CONTROLS PRINCIPLES (020-005)

Four sections to the System of Management Control (SMC)- 020: Introduction- 030: Foundation & Framework- 040: Administrative & Operating Controls- 050: Internal Accounting Controls

SMC Section 020 includes these areas: 020-001: Document preface 020-002: SMC organization and structure 020-003: Brief discussion on the control environment

Factors involved in controlsResults of a poor controls environmentMethods of disseminating controls information

020-004: Relationship to financial and accounting controls 020-005: Principles of control 020-006: Organizational responsibilities

System ofManagementControl

BasicStandardsExxonMobil

Slide 24

Building Blocks of ExxonMobils SMC

System of Management Control (SMC) Four sections form the building blocks of ExxonMobils SMC

SECTION 2: CORE CONTROL PRINCIPLES (020-005)

020-006: Organizational Responsibilities

030: Foundation and Framework

040: Administrative & Operating Controls

050: Internal Accounting Controls

Section 020-005 identifies seven core controls principles All of ExxonMobils controls are based on these core principles


12/28

Slide 25

SECTION 2: CORE CONTROL PRINCIPLES (020-005)ExxonMobils 7 Pillars of Control

Slide 26

C

O

N

T

R

O

L

SECTION 2: CORE CONTROL PRINCIPLES (020-005)1. Decentralization of Management

Each organizational unit is expected to: Exercise the maximum practicable management responsibility and

authority within its area of operations Be fully accountable for results

ExxonMobil's philosophy is that all employees should beempowered to get the job done following the broad directionprovided by the Corporation

Slide 27

SECTION 2: CORE CONTROL PRINCIPLES (020-005)2. Segregation of Duties & Responsibilities

Custodianship and accounting for assets should be separated

No single function, department or employee should haveexclusive knowledge or control over any one transaction orgroup of transactions

Generally one must separate: Authorization Recording of transaction Custody Independent verification

Access to systems and specific system privileges can be usedto achieve adequate segregation, t herefore passwords shouldnot be disclosed


13/28

Slide 28

SECTION 2: CORE CONTROL PRINCIPLES (020-005)3. Documentation

Commonly documented items:

Operating procedures, business events, and transactions

Why is documenting these items important?

Establishes approval & verification responsibilities

Aids in proper accounting & reporting

Aids in analysis and recall process

Reduces chance of error

Assures compliance withContractsAgreementsRegulationsProcedures

Slide 29

SECTION 2: CORE CONTROL PRINCIPLES (020-005)4. Supervision and Review

Systematic and thoughtful supervision / review of work /performance helps to ensure that control procedures areunderstood and followed

Managers / Supervisors use controls to ensure: Results are in line with plans and objectives Deadlines are kept Policies and procedures are followed

Consult Manager / Supervisor to requestclarification or voice concerns

Slide 30

5. Timeliness

Records, reports and reviews should be prepared or performedon a timely and scheduled basis

Timeliness permits prompt detection and r epair of processproblems



14/28

Slide 31

SECTION 2: CORE CONTROL PRINCIPLES (020-005)6. Relevance to Risk

Design or extent of controls should be proportional to thenature of the risk

Cost of controls should be related t o the benefits

Controls must also consider the following implications: Policy Political Ethical Environmental Safety

Slide 32

7. Minimum Interdependence of Controls

Management controls should be structured to ensuredeficiencies in one control component will not compromise theeffectiveness of other controls in the t otal system


If one control does not work, itshould not compromise othercontrols

Each control should work on its own

Therefore, if an error manages toget through one control, othercontrols should still be able todetect it

Slide 33

SECTION 2: CORE CONTROL PRINCIPLES (020-005)Summary

Following the seven core controls principles used byExxonMobil will produce an effective controls environment

What are the seven core controls principles?1. Decentralization of Management2. Segregation of Duties and Responsibilities3. Documentation4. Supervision and Review5. Timeliness6. Relevance to Risk7. Independence of Controls


15/28

Slide 34

SECTION 3: CONTROL STANDARDS

SMC Sections 040 & 050

Slide 35

Building Blocks of ExxonMobils SMCSECTION 3: CONTROL STANDARDS (040 & 050)

Section 040 details: The basic standards required for administrative and operating activities

such as delegation of authority, planning, financing, contracting, etc.

Delegation of AuthorityPersonnel AdministrationLong-term strategic planningNear-term Business Planning &Performance MonitoringCapital Investment

Financing & InvestmentForeign Exchange OperationsContractingSystems, Computing & NetworksSafeguarding InformationOther Operating ControlsDerivative Instruments

Slide 36


Section 050 details: The basic standards established to ensure the integrity and objectivity of

the accounting records The basic standards established to ensure the objectives of

authorization, accounting, and asset safeguarding are met

Financial Accounting

Banking & Cash Funds

Cash Disbursements

Materials Accountability

Revenues

Cash Receipts

Credit & Collection

Property, Plant & Equipment

Payroll & Employee Benefits


16/28

Slide 37


Familiarize yourself with the control standards in thesesections that apply to your specific work processes

Our primary focus will be on authority delegation, a criticalsubject area of SMC Section 040

CorporatePlan

Process

Capital BudgetManual / Process

FinancialForecasts

EarningsReviews

CorporateAccountingManual

Functional Accounting Instructions

GFCM Dictionary

SMC 050SMC 040

Slide 38


The Delegation of Authority Guide (DOAG) is one of the key in-line controls w ithin ExxonMobil

The DOAG prescribes: The delegated authorities for specific business transactions so that

business is conducted in accordance with manag ements directives

Overriding Principles:

No organization or individual is to exercise more authority than thatwhich has been delegated Authority is granted to positions, not individuals Authority is limited to expenditures and transactions made within ones

area of responsibility for which stewardship exists

SECTION 3: CONTROL STANDARDS (040 & 050)

Slide 39

Legal Authority and DOAG Authority

BOTH legal authority and DOAG authority must be obtained toconduct some business transactions: Legal : Defined by local incorporated entity Operational : DOAG defined by local Board of Directors

Person legally approving (signing) is responsible to ensure theyhave legal authority and all DOAG approvals are in place

Legal AuthorityGranted by:

Local legal/statutory definitions

Corporate By-Laws

Board Resolutions

Powers of Attorney Must be in place to sign documents andlegally transact business on behalf of anentity

DOAG AuthorityGranted by:

Entitys Board of Directors Includes review and endorsement

requirements May require shareholder final review of

some transactions Must be in place to transact business inaccordance with entitys S ystem ofManagement Control (SMC)



17/28

Slide 40


DOAG details: Delegation of authority through 12 profiles assigned to job positions

across all functional / service organizations and affiliated compa nies Individuals granted authority are authorized to review only those

activities / transactions that fall directly within their stewardship / accountability

DOAG parts: Overview Preamble Profile Assignments Transaction Schedules

General Use Schedule (corporate)Specific Use Schedule (by function)Local Extension (unique country)

Glossary


Slide 41

Transaction SchedulesSECTION 3: CONTROL STANDARDS (040 & 050)

Schedules - always start with most specific:

Local Extensions (unique country transactions - LE noted) Specific Use Schedules (functional-specific transactions) General Use Schedule (corporate common transactions)

Organized by Key Transaction Categories:

1. Organization and Corporate Matters2. Budget3. Contracts, Agreements, Leases, and Commitments4. Disbursements5. Disposition and Write-down of Assets6. Customer Related Transactions7. Litigation and Claims8. Emergency Response to Third Parties9. Release of Information to Third Parties

10. Other Matters

Slide 42

How to Use the DOAG

Define delegation or decision to be made

Check transaction schedules in correct order to find thetransaction Always start with the most specific (LE, SUS, then GUS)

Check Restricted column to be sure your Department hasauthority to final review this transaction

Determine which job position has authority to approve

Read and satisfy any r estrictions or comments

Check Endorsements column and get written ones, if needed

Use the procedure in the DOAG Overview to remind yourself of all appropriate steps!



18/28

Slide 43

SECTION 4: ORGANIZATIONALRESPONSIBILITIES

SMC Section 020-006

Slide 44

Building Blocks of ExxonMobils SMCSECTION 4: ORGANIZATIONAL RESPONSIBILITIES (020-006)

SMC Section 020-006 defines the groups responsible for thecreation and proper functioning of controls within ExxonMobil Collectively, this forms the Checks on Systems Effectiveness Employees at all levels of the Corporation are in a position to observe

and participate in ExxonMobils control system

Slide 45

SECTION 4: ORGANIZATIONAL RESPONSIBILITIES (020-006)Responsible Groups

Management Responsible for complying with policies and procedures

Internal Audit Provide independent appraisals of a control system and test the

systems effectiveness

Audit Committee Advise Board of Directors on the effectiveness of control systems Monitor the work of internal and external auditors

Board of Directors Ultimately responsible to the shareholders for the controls environment Appoint (subject to ratification by shareholders) external auditors to

render an opinion on ExxonMobils consolidated financial statement

External Audit Next slide discusses in more detail


19/28

Slide 46

SECTION 4: ORGANIZATIONAL RESPONSIBILITIES (020-006)External Audit & SOX

PricewaterhouseCoopers ( PwC) is ExxonMobils external auditor Obligated to report any material weaknesses discovered in internal

accounting controls which could have potentially material impacts o nfinancial statements

Sarbanes-Oxley 404 (SOX) is an additional element of theexternal audit SOX represents a distinct part of the larger external financial audit

No separate SOX opinion issued

Selected key internal controls over financial reporting are reviewed toevaluate their functionality

ie: entity level controls , Period End Financial Reporting (PERF)

Focused generally on the same countries annually (U.S., Canada,Germany, Benelux, Japan, Singapore)

Other countries have enacted SOX-like legislation France, Italy, Korea, Japan, Switzerland

Slide 47

Compliance Checks: Representation Letter

An annual process requiring managers at multiple levels of theorganization to confirm in a letter to their supervisors that: Transactions, including receipts and expenditures, are executed in

accordance with management's genera l or specific authorizations All material information has been disclosed to the appropriate levels of

management in a timely manner Unauthorized acquisition, use or disposition of assets that could have a

material effect on the financial statements are prevented or detected ina timely manner

This letter also serves as support for the Corporation's year-end representation letters to the Board Audit Committee andvarious filings and certifications to the SEC

SECTION 4: ORGANIZATIONAL RESPONSIBILITIES (020-006)

Slide 48

Compliance Checks

Other elements of ExxonMobils compliance program include: Audit & Controls reviews Process to communicate policies to new employees Annual Business Conduct Program Business Practice Reviews (every 4 years) Irregularities Reporting (8010) Influence all business partners to conduct business with highest integrity

Red Book Exception Reporting

Controls Integrity Management System (CIMS) Well discuss CIMS in the next section

SECTION 4: ORGANIZATIONAL RESPONSIBILITIES (020-006)


20/28

Slide 49

SECTION 5: APPLICATION OF CIMS

Slide 50

SECTION 5: APPLICATION OF CIMSControls Integrity Management System (CIMS)

CIMS defined: A comprehensive management system structured to promote the

ongoing integrity of controls in our da y-to-day business

Objective of CIMS: To provide management with the tools they need to fulfill their

responsibility for establishing and maintaining a cost effective con trolenvironment

Benefit of CIMS: The SMC provides the broad parameters for an effective control

environment; CIMS provides a consistent process to efficiently introduceappropriate controls and to sustain them over time

Slide 51

SECTION 5: APPLICATION OF CIMSSeven Elements of CIMS

Element 1Management

Leadership Commitmentand Accountability

ControlsIntegrity

ManagementSystem

Element 4Personnel

and Training

Element 5Management

of Change

Element 3Business Process

Managementand Improvement

Element 6Reporting andResolution of

Control Weakness

Element 2Risk

Assessment

Element 7Controls Integrity

Assessment


21/28


22/28

Slide 55

Standards

ProceduresExpectedResults

Verification& Feedback

SECTION 5: APPLICATION OF CIMSElement 3: Business Process Management & Improvement

Controlsperformanceindicators

Businessperformanceindicators

Approved, globalprocesses are used

Controlsresponsibilities aredefined, understood,and effectivelyexecuted

Improvements sought

Document controlssteps and proceduresin controls catalogs

Utilize globalcommon processesand practices whereappropriate

Implement controlsconsistent with theSMC-Basic Standards

Maintain controlscatalogs & self-assessmenttemplates for highrisk businessprocesses

Appropriate Control Steps are Integrated into Business Process es &Control Improvements are Continuously Sought

What are some examples of control steps in your work processes?

Slide 56

Standards



SECTION 5: APPLICATION OF CIMSElement 4: Personnel & Training

% of employeesreceiving SMC, SBC,and formal controlstraining

Use of a job hand-over process

Personnel know andunderstand thecontrols requirementsof their positions,especially those withcontrols functions inhigh-risk businessprocesses

Attend generalcontrols training!

Utilize job hand-overprocess forindividuals moved toa new position

Highlight controlsresponsibilities incontrols catalogs

Identify and providecontrols trainingconsistent with jobrequirements

Periodically reviewand assess controlstraining needs

Personnel have Sufficient Controls Knowledge & Experience to Fulfill the Control Requirements of their Position

Do you know and understand your controls requirements?

Slide 57

Standards



SECTION 5: APPLICATION OF CIMSElement 5: Management of Change

% of personnelmoves for which ajob hand-overchecklist wascompleted

Existence of changemanagement plansdeveloped andapproved in advance

Appropriate businesscontrols are in placeduring and after thechange

Monitoring processexists to confirm thatthe change wasproperly implemented

Establish R&R formanaging change

Identify potentialchanges that mayimpact businesscontrols

Define, document,approve, and managethe change

Evaluate the impactof change oncontrols and relatedrisks

Maintain controlsduring the change

Communicate anddocument impacts

A Systematic Change Management Approach is in Place

What are some consequences of poor change management?


23/28

Slide 58

Standards



SECTION 5: APPLICATION OF CIMSElement 6: Reporting & Resolution of Control Weaknesses

Audit & internalassessment gapsnot closed within 6months

Number of repeataudit comments &irregularities

Prompt identification,reporting, andresolution of controlweaknesses

Sharing of lessonslearned andcorrective actions

Reporting tool usedto track and reportcontrol weaknesses,action plans, andresolution

Report on businesscontrol plans andcontrols performanceindicators

Formal processexists to record,report, and resolvecontrols weaknesses

Issues and actionplans aredocumented

Steward resolutiontimeliness

Control Weaknesses, Irregularities, & Business Practice Issues are Promptly Communicated to Management & Addressed

What is your role in reporting and resolving control weaknesses?

Slide 59

Standards



SECTION 5: APPLICATION OF CIMSElement 7: Controls Integrity Assessment

Number of internalassessmentscompleted accordingto plan

Identification andclosure of controlgaps

CIMS assessmentscores

Internal assessmentsevaluate compliancewith agreed businesscontrols and includeCIMS assessment

Internal assessmentsare adequatelydocumented

Develop & maintainplan for regularinternal assessmentsat mid-point of audit

Conduct CIMSassessment andscoring concurrentwith internalassessment

Internal assessmentsand audits are part ofthe assessmentprocess

CIMS scoringmechanism is usedto measure CIMScompliance andmonitor progress

A Structured Approach is Used to Assess Compliance with CIMS

Do you have experience participating in an internal assessment?

Slide 60

CIMS Compliance Activities

How do you participate in CIMS compliance activities? Completion of this training module

Participation in periodic Unit Internal Assessments (UIA)

Use of job hand-over checklist

Attendance at Business Practice Reviews

Effectively and permanently closing identified control gaps

SECTION 5: APPLICATION OF CIMS


24/28

Slide 61

SECTION 5: APPLICATION OF CIMSSummary

CIMS is a structured and common process for establishingeffective controls, compliance monitoring, and the timely

resolution of control weaknesses What are the seven CIMS elements?

1. Management Leadership, Commitment, & Accountability2. Risk Assessment3. Business Process Management & Improvement4. Personnel & Training5. Management of Change6. Reporting & Resolution of Control Weaknesses7. Controls Integrity Assessment

Slide 62

Key Messages

Controls are designed to mitigate risk (financial, regulatory,reputation) and assure orderly and predictable execution ofmanagement plans

Controls should always be practical and their purpose shouldbe clearly understood by those who execute t hem

Controls should always be cost effective ; the cost ofintroducing and maintaining a control should not exceed thebenefit to be derived or exposure to be mitigated

More controls do not necessarily result in better control; weneed to periodically evaluate the continued relevance ofcontrols in place

Bottom line is : Controls must make business sense

SUMMARY

Slide 63

SUMMARYComponents of ExxonMobils Controls Framework

Corporate Policies

System of Management Control - Basic Standards (SMC)

Controls Integrity Management System (CIMS)

Compliance Checks

In-Line Controls CONTROL

FRAMEWORK

+PROPER

EXECUTION

=EFFECTIVE

CONTROL

ENVIRONMENT

(e.g. Delegation of Authority Guide (DOAG))

(e.g. Internal Assessments)


25/28

Slide 64

Your Roles and Responsibilities

Know your business objectives

Know and understand the controls and processes which applyto you and your job

Know your risk areas

Follow policies and procedures dont make changes withoutreview and approval

Dont sign/approve unless completely satisfied

If in doubt, ask or report!

SUMMARY

Slide 65

Additional Resources

Policy Booklets (SMC, SBC, CIMS, Manuals)

Corporate Controllers Intranet

Departmental Line Management Supervisor Manager

Controls Advisor

Controller

Area Audit Manager

SUMMARY

Slide 66

Intranet ResourcesSUMMARY


DOAG

SMC

CIMS

MPI

SOX

Rep Letter


26/28

Slide 67

Intranet ResourcesSUMMARY


Standards ofBusinessConduct

BusinessPractices

Review

BACK UP


27/28

Slide 70

Sample Profile List - UpstreamSECTION 3: CONTROL STANDARDS (040 & 050)

Exploration Development -Project

Production Gas & PowerMarketing

Res earch Bus . Serv.

1 Corp Corp Corp Corp Corp Corp

2 President President President President President -3 Exec. V.P. Exec. V.P. Exec. V.P. - - -

4 V.P. V.P. V.P. V.P. V.P. V.P.

5 Op er at ions Mgr P roj ec tExecutive

Pro du ct io n Mgr O pera ti on sManager

R&E D iv. Mgr U /S Treas urer

6 Business AnalysisMgr

P roj ec t Mgr Pr oduc ingOperations Mgr

BusinessAnalysis Mgr

Research Mgr GroupController

7 P ro je ct Mgr P ro je ct En gi ne er O pe ra ti on s Mg r Ma na ge rs CommercialResources

- CountryController -

Large

8 CommercialTransactions Mgr

SHE ProjectManager

OperationsSuperintendent

Supervisors CommercialResources

R &E S up er vi so r C oun tr yController

Small

9 Business UnitSupervisor

ProjectSuperintendent

L an d Sup ervi so r Sup pl y A dv is ors Tra in in gSupervisor

RevenueAccounting Mgr

10 - Lead Engineer Field Supervisor - Shop Supervisor AccountingSupervisor

11 - Engineer Tech Staff - Team Lead Advisor

12 Admin Asst Admin Asst Admin Asst Admin Asst - Admin Asst


28/28

Controls Awareness TrainingPost-Session Exercise

This exercise should be completed as soon as possible after you return from class. Youshould work it with your supervisor or a person designated by your supervisor (such as aControls Advisor). The exercise should take approximately one hour, and this exercise isdesigned to help you apply the control concepts learned in class to your current assignment.

Post-Class Exercises:

1. In your current job, when might you need to access the following items? ExxonMobil's System of Management Controls: Basic Standards (Red Book) Delegation of Authority Guide (DOAG) Applicable Accounting Manuals

2. What departmental guidelines or procedures does your workgroup have in place forcontrols? In your current assignment, how are you involved?

Company Plan Process Representation Letter Process Business Practice Reviews Risk & Self Assessment Processes "Red Book" Exception Reporting Irregularities reporting

3. For a major business task that you perform, walk through the control principles involved. If aControls Template or Catalog exists for the process, review the control principles.

4. What is an example of something you might need to look up in the DOAG? Show yourunderstanding of how to look it up by explaining the process you would follow?

2012 - controls awareness training - course booklet

Documents