Case Study - SoX fuels growth for energy giant

Regulatory Change mandated by external bodies is forcing organisations to make significant operational changes. Such mandates are brought about either by new legislation and regulation, or by the emergence of de facto standards in the form of changing industry practices. SEPA can be argued as combining both; as the EPC directive enforces the change that requires a new industry-wide practice for processing cross-border payments in the European Union.

PIPC has a proven approach to delivering mandatory change that combines effective stakeholder engagement and ongoing management, with a focus on delivering tangible business and customer outcomes form mandatory change programmes. This in itself creates a change in mindset towards delivering the programme, from a pure ‘compliance’ mindset to a more commercially-aware, benefits-focused approach. In order to achieve this, a simple five-point checklist has been developed;

1. Establish dialogue with the regulator so that the organisation has the opportunity to influence the final form of any regulatory change and has early sight of the changes. This avoids ambiguity from the outset, and ensures that the requirements can be clearly articulated from programme inception.
2. Ensure all internal departments are engaged in and understand the change. This should generate the motivation to make the change successful and avoid the negative publicity these projects sometimes attract by focusing on the business and customer outcomes.
3. A positive approach to mandatory change provides good marketing public relations opportunities to highlight the advantages the organisation stands to gain over slower-to-act competitors. As a counter measure, identifying the ‘cost of inertia’ is another important element to emphasise.
4. Establishing strong governance will underpin project delivery. This alongside a robust control framework will ensure any changes made are delivered in a timely, cost-effective and efficient manner.
5. Communication with the regulator is an integral part of the design and mobilisation stage activity. This ensures the correct focus on the required outcome, and sets a prioritised agenda for trouble-free delivery. Again centring on creating a positive impression, the organisation will often be held up as a best practice exponent by the regulator, particularly where competitors are finding the change problematic to introduce.

This approach, combined with PIPC’s proven track record of successfully delivering complex change programmes, significantly de-risks the potential impact of non- or late compliance with the regulatory change.

The Challenge

A global Oil & Gas corporation employing over 100,000 people and operating in 100 countries, was mid-way through implementing the process and technology changes required to meet Sarbanes Oxley (SOx) requirements. The Act came into effect in November 2004, preceded by a flurry of restructuring work, with chief financial officers across the globe bogged down in streamlining accounting processes.

The client’s challenge in facing SoX compliance was compounded by the sheer size of its organisation. Restructuring its core Oracle ERP system to cope with necessary changes in its financial reporting processes, for example, was potentially debilitating.

The ERP system manages annual transactions valued at over $100bn and has 9,000 users across its 26 global sites. Any changes could not impact the day-to-day running of the company, but they had to be made, and the SoX deadline was fast approaching. Given the importance of the programme, the fact that the clock was already ticking and the potential disruption to the business, there was one key instruction: it couldn’t fail.

The Solution

The project was at a critical stage when PIPC were asked to take accountability for delivering the change, and turning around the confidence of key stakeholders. Our approach focused on eliminating bureaucracy and cementing business sponsorship, minimising documentation to provide a light and flexible governance structure, and sub-dividing the programme into many small modules of self-empowered teams with a common recovery ‘game plan’. This ensured that project objectives and outcomes were reconfirmed; the scope was clear and well managed. The project became ‘decision-point driven’ with clear checkpoints, and was articulated within a clear delivery roadmap leading up to the compliance deadline.

When PIPC assumed control of the programme delivery responsibility, there was uncertainty as to whether it would deliver at all, and certainty that it could not deliver in time. This outcome would have resulted in potential exposure to punitive measures from the regulatory authorities, not to mention significant adverse publicity and loss of customer and shareholder confidence.

The Results

“We were contracted in March and completed the programme by November, within timescales and budget,” comments Greg Hains, PIPC’s programme manager responsible for delivering the client solution. “No one, not even the client team thought we could achieve this in such a short space of time. It was a massive job but not delivering was not an option.”

Over 100 business and technical people around the world were involved in implementing the ERP SoX compliance programme directly, helping implement changes within specific business units. This saw all ERP users migrated to SoX compliant security measures. “We had to design and manage a programme to re-implement standard security measures on a global scale. This ensured that SoX compliant financial controls were enforced within the ERP,” adds Hains. PIPC turned the situation around, injecting pace into the delivery phase and completing the programme implementation –including all process change and IT remedial work within 6 months of being engaged- to successfully deliver the SOx requirements before the deadline.

“It was like pouring oil on troubled waters as PIPC came in and calmed the seas,” commented the client Programme Director referring to the SoX programme. “SoX projects can be complicated and time consuming but PIPC steered the ship home and helped make some important changes to the business that will stand us in good stead for the future.