PETRONAS Integrated Assurance Project

©Petroliam Nasional Berhad (PETRONAS) 2018 1

PETRONAS Integrated Assurance Project

Integrated Assurance Roadshow

© 2018 PETROLIAM NASIONAL BERHAD (PETRONAS)

All rights reserved. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means (electronic, mechanical, photocopying, recording or otherwise) without the permission of the copyright owner.


Process Simplification efforts group wide are driven via 5 Guiding Principles and Lean Six Sigma methodology to increase efficiency and productivity

Process Simplification

Towards greatereffectiveness & efficiency

5 Guiding Principles

• Standardisation• LEAN Work Process• Empowerment• Self Assurance• Continuous

Improvement

• LEAN• Six Sigma

Efficiency Productivity

LSS Methodology

Sustaining our competitiveness by striking down costs and simplifying the way we do business

1

Need to tackle inefficiencies through process simplification

2

Open

CACTUSCash – tAlent – projeCt – Technology – cUlture - Simplification


Integrated Assurance is one of the initiative steered by 5 Guiding Principles in delivering effective and efficient assurance in PETRONAS

All 5 GPs are described in Integrated Assurance

Continuous Improvement

Continuous Improvement

Standardization

Lean Work Process

Self Assurance

Empowerment

Open


Integrated Assurance Project is a PETRONAS Groupwide initiative as part of Project CACTUS

In 2016, Project CACTUS Lab#4 Integrated Assurance had been established as a spin off from CACTUS Project’s Cost efficiency and Process Simplification Work stream and PETRONAS Integrated Assurance Framework were agreed by ELT in Aug 2016.

Integrated Assurance Project (IAP) has been established to provide new ways in conducting assurance at all levels through a structured and consistent approach in which internal controls are documented and periodically evaluated for effectiveness

Open


What is “ Integrated Assurance” ?

Based on a methodical

process

Provides an overall view of risk assurance

Promotes risk management and its

assurance as an integrated process

Key characteristics of Integrated Assurance:


The case for change in current assurance programs

Rethinking Assurance – Case for Change

Open

Assurance and Audit Fatigue

Poor Planning

No standardized

process

Mandate Self Assurance

Standardized approach for self assessment at OPU levels

Corporate Driven Assurance

Structured Assurance Program based on risk based strategy

Assurance FunctionsRoles & responsibilities in executing assurances

Good GovernanceGovernance

documents in managing risk and internal

controls

Digital Assurance

Enabling end to end assurance process via

digital

+

No Line of Sight &

Oversight

RM 60 Mil costs!

Quality of Assurance and Audit?


Why do we need Integrated Assurance in PETRONAS?

Reliable & fast and informed

decision making

Focused and risk based strategic

assurance

Compliance Culture

Efficiency & Productivity

(Simplification)

Holistic assurance to management

& shareholders

Operating Discipline


The simplification and standardization of processes is conducted through each assurance processes through elimination of redundancy and duplication and; strengthening the ownership & accountabilities at operating levels.

Redundancy and duplications for improvement were identified

Reduce Remove Enhance Introduce

Business Assurance Functions

Functional Checklist

Tiering Process(Tier 1, 2 & 3)

Key Assurance Process

Redundant Process Governance

Document

Line of Assurance

Oversight & Line of Sight

Single Masterplan

“Gemba Walk” exercise & Value Creation Processes to simplify and standardize processes towards value assurance

Single Framework &

Standard

Assurance No.

Digital


The overall benefits is anchored to six focused areas of CACTUS to evaluate its ROI

• 51% improvement of assurance process from 65 assurance steps to 32 assurance steps via digital system

• Reduce 235,000 man-hours (33%) for assurance programs from corporate and business. 300 programs reduced to 100 program a year.

• RM43 mil cost saving derived from overhead costs reduction for assurance programs and reduction of man-hours for assurance programs from corporate and business

• 1.9% improvement of active work hours at operating unit by reducing hours spent for audit from 4.5% to 2.7%

• Reduction of reported operational issues

CostHow to optimize cost?

How to simply processes?

CashHow to increase profit and

generate more cash?

TalentHow to identify and develop

talent?How to develop yourself and

further improve?

TechnologyHow do we be more

innovative and creative in delivering our work?

CultureHow to create better day

to day experience?

ProjectHow to deliver focused

execution?

Open

• Standardization of assurance processacross Corporate & Business

• Integrated Assurance Planning eliminate duplication and overlapping

• Consistent implementation of assurance programs at Corporate and Business levels

• Clear accountabilities and responsibilities to deliver ownership for compliance at site

• Digital technology to simply and facilitate the assurance processes and provide oversight via intelligent and real time performance visualization on effectiveness of internal controls.

• Upskill people towards for effective implementation of assurance programs at Corporate and OPU/Asset/Country.

• Inculcate compliance culture through assurance process and ownership

• Compliance to governance requirement and assurance activities providing check and balance towards delivering superior performance assets

ROI


Integrated Assurance Project involves all the Assurance Providers responsible for the 12 applicable focused risk areas as per the PETRONAS Resiliency Model

Governance Providers

1 Group Technical Data

2 Group Research & Technology

3 Group Technical Solutions(GTS)

4 Group Project Delivery(GPD)

5 Group Health, Safety & Environment (GHSSE)

6 Group Security (GHSSE)

7 Group Legal (GL)

8 Group Procurement (GP)

9 Group Human Resource Management (GHRM)

10 Group Technical Capability Management (GTCM)

Governance Providers

11 Group Strategic Communication (GSC)

12 Corporate Strategy Planning (CS)

13 Group Risk Management

14 Group Integrity

15 Group Info. Comm. & Technology (GICT)

16 Malaysia Petroleum Management (MPM) (2)

17 Group Finance

18 Group Tax

19 Group Insurance

Notes : 1) Finance is to be managed via GRC system. 2) For upstream activities in Malaysia, 2nd line assurance will be conducted in Malaysia Petroleum Management (MPM)3) Source : IA Corporate Governance as of 5/2/2018

Financial Supply ChainPlant & Facilities

Project HSELegal &

Regulatory

Human Capital ICT Security ReputationStrategy & Portfolio

Country

Open


A structured assurance approach based on three (3) lines of assurance that play distinct roles to ensure that the risks and internal controls are effectively managed at all levels within PETRONAS.

Three (3) Lines of Assurance is introduced for PETRONAS Assurance Programs

Assu

ran

ce

Au

dit

Regulators

External Audit

Internal Audit

Assurance vs. Audit levels within PETRONAS Assurance Programs

Regulators

External Audit

Third Line of Assurance

Second Line of Assurance

First Line of Assurance

Corporate

Business Unit

Asset/Country/OPUs

Self Assurance

Empowerment

AUDIT

Evaluating and Investigating

Aspects of Your Organization

ASSURANCE

Building Confidence by Examining the

Credibility of Information

Source: I.S Partners website

Open


The First Line Assurance which mandates self-assurance lies within OPU who owns and manages risk and internal control on day-to-day basis.

First Line Assurance

Asset:

OPU management

Own management

OPU: PCG

PFK MTBEABF

BU management

BUSINESS UNIT

OPERATING UNIT

• Conduct analyses on business performance

• Provide advisory & support

Conduct Self Assessment

• As per OPU internal controls

• Operation-based sampling approach with 100% check of all risk areas

• Every quarterly

BUSINESS UNIT

OPERATING UNIT

Open


Formalising self assurance for better ownership and compliance at Operating Units

Job Activities

Asset Operation

Internal Controls

Established work procedure, maintenance

plan, etc. to direct, manage and control the

risk of each plant operations

Site Sampling & Observation to check activity compliance based

on “Heart & Mind” Program(Behavior Based)

Functional Checklist

to check effectiveness

& compliance of

internal controls

Compliance check on activities against Internal

Controls & Behaviors

Management System

Effectiveness to

evaluate effectiveness

& compliance of risk

and internal controls

Adequacy & Effectiveness Review on activities against

established Process & Controls

Open


Assurance Team

How does Self Assurance work?

Staff

• Management

• Executives

• Management

• Executives

• Non-executives

Annually

MS or OEMS

Competent Assessors

Minimum Quarterly

As per Risk Areas

Based on Functional Checklist

All Staff

FUNCTIONAL CHECKLIST

MANAGEMENT SYSTEM CHECKLIST


The new assurance process provides more ownership and accountabilities at OPU to drive self assurance programs using a structured approach for a better line of sight and oversight for effective informed decisions.

Key differences of current and future assurance process in PETRONAS

Tier 3Corporate

(1 year to 5 years)

Tier 2BU

Min. annually

Tier 1OPU

Min. Quarterly

Risk Based Assurance

Management System

Effectiveness

Operational Assurance(Checklist)

Report to Corporate &

Plant Management

Report to BU & Plant

management

Report to Plant

Management

AssuranceCorporate

(3 years to 5 years)

Self AssuranceOperating Unit

Risk Based Assurance

MS & Functional Checklist

Report to IA, PETRONAS LT,

Corporate, BU & OPU

Report to Own Management &

Oversight to BU & Corporate

Ratings Opinion Ratings

GOOD FAIRUNSATISFACT

ORY

UNACCEPTA

BLE EFFECTIVE

SOME

IMPROVEMENT

NEEDED

MAJOR

IMPROVEMENT

NEEDED

Current New Assurance

Open


What’s in it for me?

The assurance efforts I do is no longer redundant!

I can focus on my compliance activities and deliver high quality work!

My management will recognize me when they see the results of my assurance report!

I get to be more productive in my daily work as there will no longer be multiple visits from

Corporate to conduct assurance!

Open

STAFF


What’s in it for me?

Open

I can see what is happening at the ground level as the assurance results and findings will be real-time

at my fingertips!

I can see the self assurance that has been conducted and the status of the corrective

actions.

I can save cost as cost spent on assurance and audit activities will be significantly reduced!

I get to perform my everyday tasks better as visits from Corporate for assurance and audit activities

will be planned and coordinated.

I can generate reports automatically via myASSURANCE.

I elevate my business performance through compliance culture.

MANAGEMENT


My boss will be able to see my non-compliance in the system

I will be called by my boss to have a “Compliance Conversations” on the issue

I may be given a disciplinary action due to my non compliance!

What if I DON’T comply?

Open

EVERYONE


APs & PETRONASmanagement

CORPORATE ASSURANCE PROVIDERS

OPU BU

Conduct assurance Support

BGRC Internal Audit

Support

Second Line Assurance lies with the Corporate Assurance Provider to

evaluate the established risk management and internal controls.

Second Line Assurance

• Assist in development of OPU risk management and control systems

• Conduct assurance on first line assurance

• Report on adequacy and effectiveness of risk management and internal controls

Frequency:

• 3 to 5 years

CORPORATE ASSURANCE PROVIDERS

AP AP AP AP AP AP

AP AP AP AP AP AP

Open


BAC

INTERNAL AUDIT

OPU BU CORPORATE

Conduct assurance

Third Line Assurance is the internal audit function that provides an

independent, objective assurance and consulting activity designed to add

value and improve the businesses’ operations.

Third Line Assurance

• Report on and provide independent assurance on the adequacy and effectiveness governance, risk management and internal controls

INTERNAL AUDIT

GIA KLCCH MISC PCG

PDB PLISB MHB ENGEN

Open


5 key processes to govern assurance activities at all lines of assurance

Integrated Assurance Processes

• Integrated Planning

• 1+4 years Masterplan

• Risk Based Strategy for Second & Third Line Assurance

• Assurance Preparation

• Assurance Plan Memorandum

• Resource allocations prior to assurance fieldwork

• Assurance field work at site

• Validation and verification of system adequacy & effectiveness

• Assurance Report preparation and issuance

• Assurance findings and action items monitoring & tracking

• Closure of action items

Assurance Annual

Planning

1Assurance Planning

2Assurance Fieldwork

3Assurance Reporting

4Post

Assurance & Monitoring

5

Open


Line of Sight for better reporting and transparency of assurance performance.

President(Incl. President Office)

SVP/EVP Levels

EVPs Business Units

Head of OPU(Business Sector/Assets)

Head of Plant/Assets

Respective Divisions/Department/Sec

Working Levels (Executive & Non Exec.)

Co

rp

orate

Level

Bu

sin

ess

Level

Op

erati

ng

Un

it L

evel

Corporate by Focus Area (GHSE)

Open i/p Overdue Closed

Total HSE Action

Item Status

Non

Compliance

Trend

2013 2014 2015 2016 2017

Overdue

Items

121

321

89

265

Business Level

Open

i/p Overdue Closed

All Department

Status

Non

Compliance

Trend

2013 2014 2015 2016 2017

Overdue

Items

523

678

462

762

OPU Head & Management

Open i/p Overdue Closed

All Department

Status

Non

Compliance

Trend

2013 2014 2015 2016 2017

Overdue

Items

52

23

41

93

myASSURANCE will provide transparency of assurance

performance based on Limit of Authority (LOA) for better

decision making

Open


To be appointed as assessor, the minimum requirements include:

There will be a minimum requirement for Integrated Assurance Team Composition selection for FY2019 implementation

Open

Working ExperienceJob Grade

Audit ExperienceSalary Grade

ASSESSOR

Training requirement will be included on top of the qualification above to ensure only competent assessors are appointed.


Letter of Declaration will be done digitally to inculcate Compliance Culture

Open

CORPORATE

MANAGEMENT

STAFF

• Head of SMEs (Corporate Head)

• Annually (digital)

Letter of Assurance

• OPU Heads• Annually (digital)

Assurance Declaration“Letter of Assurance”

• All staff• Annually (digital)

Letter of Declaration

Attestation to SORMIC

Attestation to SORMIC

Inculcate Compliance

Culture


myASSURANCE will be made available in January 2019

Assurance

• First Line• Second Line

myASSURANCE

Risk Management

Compliance Declaration& Statement of Risk

Management Internal control (SORMIC)

Knowledge Management

(Assurance Best Practices & Lesson

Learnt)

Audit

• Third Line• Regulator• External

myASSURANCE is a digital system introduced which centralizes all audit and assurance related activities into a single digital platform.

Open


myAssurance is a web-based platform using a cloud system which provide ultimate accessibility to all assets in PETRONAS via desktop and mobile devices.

myASSURANCE is a single digital platform for all audit and assurance in PETRONAS

Desktop view Mobile view

Accessible anytime and anywhere!

Open


myASSURANCE also provides dashboard views for analytics

Open


What happens to my existing system?

Deployment of myASSURANCE to all PETRONAS and subsidiaries

Dec 2018

Data Migration from existing system to myASSURANCE

Dec 2018 – Jun 2019

Phase out existing system Jan 2019 – Dec 2019

Interim Interface – Upstream only (UHSE) Dec 2019


Key Milestones of project deliverables prior to full implementation of Integrated Assurance in 2019

Full Commitment & Supports from OPU for a smooth implementation of integrated assurance

Open

WE ARE HERE!


What’s next for you?

Open

IA Training will commence end of June 2018.

Mark your calendar!

Watch out for Training Invites!

Calendar invites will be sent to your Outlook.

Attend training!

1

2

3

• IA Training• Functional Checklist Training• myASSURANCE Training


The Mastermind

IAP Steering Committee

Dzafri Sham AhmadChairman

Integrated Assurance Project Team

Ir. Mohd Zaparel AwangHead, Integrated Assurance Project

Strategy, Assurance System & Technology

Change Management, Capability Development & Governance

President/Executive Leadership Team (ELT)

Anuar B IbrahimHead Strategy, Assurance System

& Technology

Norliza A WahabHead CM & Capability Development &

GovernanceOpen

Documents

PETRONAS Integrated Assurance Project