advertisement
Five Steps to Fortifying a GRC Foundation
September 22, 2008
Upclose: Aera Energy, one of California’s largest oil and gas producers, is a joint venture of Shell and ExxonMobil that operates as a stand-alone company with more than $2 billion in annual revenue. To help meet the regulatory requirements of its parent companies, Aera has developed GRC monitoring capabilities made possible by several foundational elements. Starting with tone at the top, each of the succeeding capabilities enables the capability that resides above it:
| Capability | Example |
| Ongoing GRC Monitoring | Business process analysts receive monthly alerts regarding any potential segregation of duties (SoD) issues in their areas. |
| GRC Automation | Company uses GRC Access Control to limit SoD issues and to monitor all ERP system access and changes. |
| Finance–IT–Operations Collaboration | Process owners, finance, and IT professionals work together (and often sit together) while identifying how information systems can support specific business processes and needs. |
| Organizational Structure | In 2000, company created a formal process organization tasked with standardizing business processes across the enterprise while working closely with partners in operations, finance, and IT. |
| Tone at the Top | Taking a cue from the parent company, Aera Energy’s executive leaders made the elimination of SoD issues a priority in the early 2000s — well before the Sarbanes-Oxley Act thrust SoD and other internal controls challenges into the spotlight. |
Bookmark/Search this post with:
Whitepapers
Webcasts
advertisement
Recent Posts
advertisement
