Download - PETRONAS Integrated Assurance Project
©Petroliam Nasional Berhad (PETRONAS) 2018 1
PETRONAS Integrated Assurance Project
Integrated Assurance Roadshow
© 2018 PETROLIAM NASIONAL BERHAD (PETRONAS)
All rights reserved. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means (electronic, mechanical, photocopying, recording or otherwise) without the permission of the copyright owner.
©Petroliam Nasional Berhad (PETRONAS) 2018 2
Process Simplification efforts group wide are driven via 5 Guiding Principles and Lean Six Sigma methodology to increase efficiency and productivity
Process Simplification
Towards greatereffectiveness & efficiency
5 Guiding Principles
• Standardisation• LEAN Work Process• Empowerment• Self Assurance• Continuous
Improvement
• LEAN• Six Sigma
Efficiency Productivity
LSS Methodology
Sustaining our competitiveness by striking down costs and simplifying the way we do business
1
Need to tackle inefficiencies through process simplification
2
Open
CACTUSCash – tAlent – projeCt – Technology – cUlture - Simplification
©Petroliam Nasional Berhad (PETRONAS) 2018 3
Integrated Assurance is one of the initiative steered by 5 Guiding Principles in delivering effective and efficient assurance in PETRONAS
All 5 GPs are described in Integrated Assurance
Continuous Improvement
Continuous Improvement
Standardization
Lean Work Process
Self Assurance
Empowerment
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 4
Integrated Assurance Project is a PETRONAS Groupwide initiative as part of Project CACTUS
In 2016, Project CACTUS Lab#4 Integrated Assurance had been established as a spin off from CACTUS Project’s Cost efficiency and Process Simplification Work stream and PETRONAS Integrated Assurance Framework were agreed by ELT in Aug 2016.
Integrated Assurance Project (IAP) has been established to provide new ways in conducting assurance at all levels through a structured and consistent approach in which internal controls are documented and periodically evaluated for effectiveness
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 5
What is “ Integrated Assurance” ?
Based on a methodical
process
Provides an overall view of risk assurance
Promotes risk management and its
assurance as an integrated process
Key characteristics of Integrated Assurance:
©Petroliam Nasional Berhad (PETRONAS) 2018 6
The case for change in current assurance programs
Rethinking Assurance – Case for Change
Open
Assurance and Audit Fatigue
Poor Planning
No standardized
process
Mandate Self Assurance
Standardized approach for self assessment at OPU levels
Corporate Driven Assurance
Structured Assurance Program based on risk based strategy
Assurance FunctionsRoles & responsibilities in executing assurances
Good GovernanceGovernance
documents in managing risk and internal
controls
Digital Assurance
Enabling end to end assurance process via
digital
+
No Line of Sight &
Oversight
RM 60 Mil costs!
Quality of Assurance and Audit?
©Petroliam Nasional Berhad (PETRONAS) 2018 7
Why do we need Integrated Assurance in PETRONAS?
Reliable & fast and informed
decision making
Focused and risk based strategic
assurance
Compliance Culture
Efficiency & Productivity
(Simplification)
Holistic assurance to management
& shareholders
Operating Discipline
©Petroliam Nasional Berhad (PETRONAS) 2018 8
The simplification and standardization of processes is conducted through each assurance processes through elimination of redundancy and duplication and; strengthening the ownership & accountabilities at operating levels.
Redundancy and duplications for improvement were identified
Reduce Remove Enhance Introduce
Business Assurance Functions
Functional Checklist
Tiering Process(Tier 1, 2 & 3)
Key Assurance Process
Redundant Process Governance
Document
Line of Assurance
Oversight & Line of Sight
Single Masterplan
“Gemba Walk” exercise & Value Creation Processes to simplify and standardize processes towards value assurance
Single Framework &
Standard
Assurance No.
Digital
©Petroliam Nasional Berhad (PETRONAS) 2018 9
The overall benefits is anchored to six focused areas of CACTUS to evaluate its ROI
• 51% improvement of assurance process from 65 assurance steps to 32 assurance steps via digital system
• Reduce 235,000 man-hours (33%) for assurance programs from corporate and business. 300 programs reduced to 100 program a year.
• RM43 mil cost saving derived from overhead costs reduction for assurance programs and reduction of man-hours for assurance programs from corporate and business
• 1.9% improvement of active work hours at operating unit by reducing hours spent for audit from 4.5% to 2.7%
• Reduction of reported operational issues
CostHow to optimize cost?
How to simply processes?
CashHow to increase profit and
generate more cash?
TalentHow to identify and develop
talent?How to develop yourself and
further improve?
TechnologyHow do we be more
innovative and creative in delivering our work?
CultureHow to create better day
to day experience?
ProjectHow to deliver focused
execution?
Open
• Standardization of assurance processacross Corporate & Business
• Integrated Assurance Planning eliminate duplication and overlapping
• Consistent implementation of assurance programs at Corporate and Business levels
• Clear accountabilities and responsibilities to deliver ownership for compliance at site
• Digital technology to simply and facilitate the assurance processes and provide oversight via intelligent and real time performance visualization on effectiveness of internal controls.
• Upskill people towards for effective implementation of assurance programs at Corporate and OPU/Asset/Country.
• Inculcate compliance culture through assurance process and ownership
• Compliance to governance requirement and assurance activities providing check and balance towards delivering superior performance assets
ROI
©Petroliam Nasional Berhad (PETRONAS) 2018 10
Integrated Assurance Project involves all the Assurance Providers responsible for the 12 applicable focused risk areas as per the PETRONAS Resiliency Model
Governance Providers
1 Group Technical Data
2 Group Research & Technology
3 Group Technical Solutions(GTS)
4 Group Project Delivery(GPD)
5 Group Health, Safety & Environment (GHSSE)
6 Group Security (GHSSE)
7 Group Legal (GL)
8 Group Procurement (GP)
9 Group Human Resource Management (GHRM)
10 Group Technical Capability Management (GTCM)
Governance Providers
11 Group Strategic Communication (GSC)
12 Corporate Strategy Planning (CS)
13 Group Risk Management
14 Group Integrity
15 Group Info. Comm. & Technology (GICT)
16 Malaysia Petroleum Management (MPM) (2)
17 Group Finance
18 Group Tax
19 Group Insurance
Notes : 1) Finance is to be managed via GRC system. 2) For upstream activities in Malaysia, 2nd line assurance will be conducted in Malaysia Petroleum Management (MPM)3) Source : IA Corporate Governance as of 5/2/2018
Financial Supply ChainPlant & Facilities
Project HSELegal &
Regulatory
Human Capital ICT Security ReputationStrategy & Portfolio
Country
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 11
A structured assurance approach based on three (3) lines of assurance that play distinct roles to ensure that the risks and internal controls are effectively managed at all levels within PETRONAS.
Three (3) Lines of Assurance is introduced for PETRONAS Assurance Programs
Assu
ran
ce
Au
dit
Regulators
External Audit
Internal Audit
Assurance vs. Audit levels within PETRONAS Assurance Programs
Regulators
External Audit
Third Line of Assurance
Second Line of Assurance
First Line of Assurance
Corporate
Business Unit
Asset/Country/OPUs
Self Assurance
Empowerment
AUDIT
Evaluating and Investigating
Aspects of Your Organization
ASSURANCE
Building Confidence by Examining the
Credibility of Information
Source: I.S Partners website
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 12
The First Line Assurance which mandates self-assurance lies within OPU who owns and manages risk and internal control on day-to-day basis.
First Line Assurance
Asset:
OPU management
Own management
OPU: PCG
PFK MTBEABF
BU management
BUSINESS UNIT
OPERATING UNIT
• Conduct analyses on business performance
• Provide advisory & support
Conduct Self Assessment
• As per OPU internal controls
• Operation-based sampling approach with 100% check of all risk areas
• Every quarterly
BUSINESS UNIT
OPERATING UNIT
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 13
Formalising self assurance for better ownership and compliance at Operating Units
Job Activities
Asset Operation
Internal Controls
Established work procedure, maintenance
plan, etc. to direct, manage and control the
risk of each plant operations
Site Sampling & Observation to check activity compliance based
on “Heart & Mind” Program(Behavior Based)
Functional Checklist
to check effectiveness
& compliance of
internal controls
Compliance check on activities against Internal
Controls & Behaviors
Management System
Effectiveness to
evaluate effectiveness
& compliance of risk
and internal controls
Adequacy & Effectiveness Review on activities against
established Process & Controls
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 14
Assurance Team
How does Self Assurance work?
Staff
• Management
• Executives
• Management
• Executives
• Non-executives
Annually
MS or OEMS
Competent Assessors
Minimum Quarterly
As per Risk Areas
Based on Functional Checklist
All Staff
FUNCTIONAL CHECKLIST
MANAGEMENT SYSTEM CHECKLIST
©Petroliam Nasional Berhad (PETRONAS) 2018 15
The new assurance process provides more ownership and accountabilities at OPU to drive self assurance programs using a structured approach for a better line of sight and oversight for effective informed decisions.
Key differences of current and future assurance process in PETRONAS
Tier 3Corporate
(1 year to 5 years)
Tier 2BU
Min. annually
Tier 1OPU
Min. Quarterly
Risk Based Assurance
Management System
Effectiveness
Operational Assurance(Checklist)
Report to Corporate &
Plant Management
Report to BU & Plant
management
Report to Plant
Management
AssuranceCorporate
(3 years to 5 years)
Self AssuranceOperating Unit
Risk Based Assurance
MS & Functional Checklist
Report to IA, PETRONAS LT,
Corporate, BU & OPU
Report to Own Management &
Oversight to BU & Corporate
Ratings Opinion Ratings
GOOD FAIRUNSATISFACT
ORY
UNACCEPTA
BLE EFFECTIVE
SOME
IMPROVEMENT
NEEDED
MAJOR
IMPROVEMENT
NEEDED
Current New Assurance
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 16
What’s in it for me?
The assurance efforts I do is no longer redundant!
I can focus on my compliance activities and deliver high quality work!
My management will recognize me when they see the results of my assurance report!
I get to be more productive in my daily work as there will no longer be multiple visits from
Corporate to conduct assurance!
Open
STAFF
©Petroliam Nasional Berhad (PETRONAS) 2018 17
What’s in it for me?
Open
I can see what is happening at the ground level as the assurance results and findings will be real-time
at my fingertips!
I can see the self assurance that has been conducted and the status of the corrective
actions.
I can save cost as cost spent on assurance and audit activities will be significantly reduced!
I get to perform my everyday tasks better as visits from Corporate for assurance and audit activities
will be planned and coordinated.
I can generate reports automatically via myASSURANCE.
I elevate my business performance through compliance culture.
MANAGEMENT
©Petroliam Nasional Berhad (PETRONAS) 2018 18
My boss will be able to see my non-compliance in the system
I will be called by my boss to have a “Compliance Conversations” on the issue
I may be given a disciplinary action due to my non compliance!
What if I DON’T comply?
Open
EVERYONE
©Petroliam Nasional Berhad (PETRONAS) 2018 19
APs & PETRONASmanagement
CORPORATE ASSURANCE PROVIDERS
OPU BU
Conduct assurance Support
BGRC Internal Audit
Support
Second Line Assurance lies with the Corporate Assurance Provider to
evaluate the established risk management and internal controls.
Second Line Assurance
• Assist in development of OPU risk management and control systems
• Conduct assurance on first line assurance
• Report on adequacy and effectiveness of risk management and internal controls
Frequency:
• 3 to 5 years
CORPORATE ASSURANCE PROVIDERS
AP AP AP AP AP AP
AP AP AP AP AP AP
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 20
BAC
INTERNAL AUDIT
OPU BU CORPORATE
Conduct assurance
Third Line Assurance is the internal audit function that provides an
independent, objective assurance and consulting activity designed to add
value and improve the businesses’ operations.
Third Line Assurance
• Report on and provide independent assurance on the adequacy and effectiveness governance, risk management and internal controls
INTERNAL AUDIT
GIA KLCCH MISC PCG
PDB PLISB MHB ENGEN
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 21
5 key processes to govern assurance activities at all lines of assurance
Integrated Assurance Processes
• Integrated Planning
• 1+4 years Masterplan
• Risk Based Strategy for Second & Third Line Assurance
• Assurance Preparation
• Assurance Plan Memorandum
• Resource allocations prior to assurance fieldwork
• Assurance field work at site
• Validation and verification of system adequacy & effectiveness
• Assurance Report preparation and issuance
• Assurance findings and action items monitoring & tracking
• Closure of action items
Assurance Annual
Planning
1Assurance Planning
2Assurance Fieldwork
3Assurance Reporting
4Post
Assurance & Monitoring
5
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 22
Line of Sight for better reporting and transparency of assurance performance.
President(Incl. President Office)
SVP/EVP Levels
EVPs Business Units
Head of OPU(Business Sector/Assets)
Head of Plant/Assets
Respective Divisions/Department/Sec
Working Levels (Executive & Non Exec.)
Co
rp
orate
Level
Bu
sin
ess
Level
Op
erati
ng
Un
it L
evel
Corporate by Focus Area (GHSE)
Open i/p Overdue Closed
Total HSE Action
Item Status
Non
Compliance
Trend
2013 2014 2015 2016 2017
Overdue
Items
121
321
89
265
Business Level
Open
i/p Overdue Closed
All Department
Status
Non
Compliance
Trend
2013 2014 2015 2016 2017
Overdue
Items
523
678
462
762
OPU Head & Management
Open i/p Overdue Closed
All Department
Status
Non
Compliance
Trend
2013 2014 2015 2016 2017
Overdue
Items
52
23
41
93
myASSURANCE will provide transparency of assurance
performance based on Limit of Authority (LOA) for better
decision making
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 23
To be appointed as assessor, the minimum requirements include:
There will be a minimum requirement for Integrated Assurance Team Composition selection for FY2019 implementation
Open
Working ExperienceJob Grade
Audit ExperienceSalary Grade
ASSESSOR
Training requirement will be included on top of the qualification above to ensure only competent assessors are appointed.
©Petroliam Nasional Berhad (PETRONAS) 2018 24
Letter of Declaration will be done digitally to inculcate Compliance Culture
Open
CORPORATE
MANAGEMENT
STAFF
• Head of SMEs (Corporate Head)
• Annually (digital)
Letter of Assurance
• OPU Heads• Annually (digital)
Assurance Declaration“Letter of Assurance”
• All staff• Annually (digital)
Letter of Declaration
Attestation to SORMIC
Attestation to SORMIC
Inculcate Compliance
Culture
©Petroliam Nasional Berhad (PETRONAS) 2018 25
myASSURANCE will be made available in January 2019
Assurance
• First Line• Second Line
myASSURANCE
Risk Management
Compliance Declaration& Statement of Risk
Management Internal control (SORMIC)
Knowledge Management
(Assurance Best Practices & Lesson
Learnt)
Audit
• Third Line• Regulator• External
myASSURANCE is a digital system introduced which centralizes all audit and assurance related activities into a single digital platform.
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 26
myAssurance is a web-based platform using a cloud system which provide ultimate accessibility to all assets in PETRONAS via desktop and mobile devices.
myASSURANCE is a single digital platform for all audit and assurance in PETRONAS
Desktop view Mobile view
Accessible anytime and anywhere!
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 27
myASSURANCE also provides dashboard views for analytics
Open
©Petroliam Nasional Berhad (PETRONAS) 2018 28
What happens to my existing system?
Deployment of myASSURANCE to all PETRONAS and subsidiaries
Dec 2018
Data Migration from existing system to myASSURANCE
Dec 2018 – Jun 2019
Phase out existing system Jan 2019 – Dec 2019
Interim Interface – Upstream only (UHSE) Dec 2019
©Petroliam Nasional Berhad (PETRONAS) 2018 29
Key Milestones of project deliverables prior to full implementation of Integrated Assurance in 2019
Full Commitment & Supports from OPU for a smooth implementation of integrated assurance
Open
WE ARE HERE!
©Petroliam Nasional Berhad (PETRONAS) 2018 30
What’s next for you?
Open
IA Training will commence end of June 2018.
Mark your calendar!
Watch out for Training Invites!
Calendar invites will be sent to your Outlook.
Attend training!
1
2
3
• IA Training• Functional Checklist Training• myASSURANCE Training
©Petroliam Nasional Berhad (PETRONAS) 2018 31
The Mastermind
IAP Steering Committee
Dzafri Sham AhmadChairman
Integrated Assurance Project Team
Ir. Mohd Zaparel AwangHead, Integrated Assurance Project
Strategy, Assurance System & Technology
Change Management, Capability Development & Governance
President/Executive Leadership Team (ELT)
Anuar B IbrahimHead Strategy, Assurance System
& Technology
Norliza A WahabHead CM & Capability Development &
GovernanceOpen