NNPCL GRC Quality Assurance PDF
Document Details
Uploaded by ReplaceableSalmon
null
2023
null
null
Tags
Summary
This document details the quality assurance processes and procedures for NNPC Limited in January 2023. It outlines the governance of the quality assurance and monitoring function, quality assurance improvement program, reporting framework, and performance management. The document also includes an appendix with a quality assurance review tool and a glossary of terms.
Full Transcript
NNPC Limited Quality Assurance Processes and Procedures QUALITY ASSURANCE PROCESSES AND PROCEDURES NNPC Limited January 2023 NNPC Limited Quality Assurance Processes and Procedures Document Review, Check, Endorsement & Approval Issue 1 Signature Name Position Date Issue, Modificatio n PIA Im...
NNPC Limited Quality Assurance Processes and Procedures QUALITY ASSURANCE PROCESSES AND PROCEDURES NNPC Limited January 2023 NNPC Limited Quality Assurance Processes and Procedures Document Review, Check, Endorsement & Approval Issue 1 Signature Name Position Date Issue, Modificatio n PIA Implementati on Team CCO SLT SMT 19/01/2023 19/01/2023 19/01/2023 19/01/2023 Prepared Checked Endorsed Approved Page 92 of 347 NNPC Limited Quality Assurance Processes and Procedures Table of Contents 1.0 Introduction ..................................................................................................................................................... 2 2.0 Governance of the Quality Assurance and Monitoring Function ................................. 0 3.0 Quality Assurance Improvement Program ................................................................................ 0 4.0 Reporting Framework .............................................................................................................................. 0 5.0 Performance Management .................................................................................................................. 0 5.1 Appendix - Quality Assurance Review Tool ................................................................................. 3 NNPC Limited Quality Assurance Processes and Procedures Glossary of Terms Term/ Abbreviation Meaning GRC GRC Function ERM Enterprise Risk Management IIA Institute of GRCors IPPF International Professional Practices Framework NNPC Nigerian National Petroleum Company Limited QAIP Quality Assurance and Improvement Program QA Quality Assurance Function RM Risk Management SBU Strategic Business Unit Page 1 of 347 NNPC Limited Quality Assurance Processes and Procedures 1.0 Introduction 1.1 Background NNPC Limited understands that there is a need to obtain assurance that its GRC processes are: Credible and standardized across NNPC Limited and its subsidiaries. In line with the frameworks that have been developed to guide GRC and each of its sub-units. In line with leading practice requirements including the International Professional Practices Framework (IPPF). One of the critical success factors to meeting these expectations is a comprehensive Quality Assurance and Improvement Program (QAIP) that includes ongoing assessment and monitoring of GRC’s performance and effectiveness. Considering the above, the Quality Assurance (QA) unit has been established within the GRC Function, to provide continuous monitoring, evaluation and improvements to the activities of the GRC Function within NNPC Limited and its subsidiaries. 1.2 Objectives The objective of the Quality Assurance Policies and procedures is to enable the QA unit to: a. Provide internal assurance over the effectiveness of the GRC Function b. Ascertain that the GRC processes are being conducted in accordance with the guiding frameworks in line with the GRC Charter and Manual. Page 2 of 347 NNPC Limited Quality Assurance Processes and Procedures The aim of the Quality Assurance Policies and procedures is to cover all the main aspects of quality assurance and the key measures aimed at ensuring that the Company’s GRC practices are in line with leading standards. To operate at this level, GRC staff need a higher level of credibility with their stakeholders. The policies highlight the role of the Quality Assurance and Monitoring Function within the GRC Function of NNPC Limited and its subsidiaries. 1.3 Structure of the Policy The policy contains a high-level Mandate, the SIPOC (Supplier-InputProcesses-Output-Customers) Model, and Relationship Map for the GRC Function. This is followed by 2 core chapters (processes), each of which is organised in line with the following structure: Introduction: Gives an overview and scope of the process and sets out the key sub-processes covered. Objectives: States the main purposes that the process intends to accomplish. Policies: Outlines the main operating policies guiding the execution of various activities and tasks. Procedures: Provides a detailed breakdown of the main activities in the process, including tasks, responsibilities and job aids/tools. Input and Output Documents: Outlines the documents that serve as inputs into the process, the outputs and key reports generated. Key Performances Indicators: Sets the performance measures used to determine the efficiency and effectiveness of the processes. Page 3 of 347 NNPC Limited Quality Assurance Processes and Procedures Process Flow Map: Provides a pictorial summary of the outlined procedures 1.4 Compliance Compliance with this Policy is mandatory for the GRC Function. However, there may be exceptional circumstances, where it is impracticable to comply with a particular policy or procedure. In such instances, a prior written waiver will be required from the approving authority The Policy and Procedure has been designed as an adaptation of the IPPF* to meet the requirements and characteristics of a quality GRC Function. Where the need arises, the GCEO is authorized to grant exceptions to the application of this policy, and thereafter seek ratification from the NNPC Limited Board. *N.B: The IPPF consists of the Mandatory and the Recommended guidance, and broadly comprise four (4) elements: Core Principles, Definition of Internal Audit , Code of Ethics and Standards. 1.5 Users This policy applies to the Quality Assurance and Monitoring unit 1.6 Updates to the Policy It is intended that this policy will be updated every two years unless there is a specific requirement for an immediate revision in line with changes in NNPC Limited’s business. Such updates will be duly communicated to all relevant departments Page 4 of 347 NNPC Limited Quality Assurance Processes and Procedures NNPC Limited Quality Assurance Processes and Procedures Page 1 of 347 NNPC Limited Quality Assurance Processes and Procedures Page 2 of 347 NNPC Limited Quality Assurance Processes and Procedures 2.0 Governance of the Quality Assurance and Monitoring Function 2.1 Introduction 2.1.1. Vision “To be regarded as a reliable business advisor to NNPC Limited and its subsidiaries through the institutionalization of best practices within the GRC Function.” 2.1.2. Mission “To provide the Board and Management of NNPC Limited and its subsidiaries with the added assurance that all GRC activities have been conducted in accordance with standard practices across NNPC Limited and its subsidiaries.” 2.1.3. Scope of the QA Unit The QA Unit shall support the management of the GRC Function to coordinate quality assurance activities for the GRC. Its services shall cover NNPC Limited and its subsidiaries. 2.1.4. Structure* NNPC Limited Quality Assurance Processes and Procedures The Quality Assurance and Monitoring Function within NNPC Limited reports to the Head of Global Compliance and ultimately to the Chief Compliance Officer. The Quality Assurance Manager is saddled with the following responsibilities: a. To implement and monitor compliance with the internal quality management system for enhancing the value of GRC services provided by GRC to business units. b. To set and monitor strategy and policy within GRC Function. c. To ensure maintenance of an up-to-date database system for the GRC Function. d. To manage corporate performance, including maintaining a database of information for reporting on the Key Performance Indicators for the GRC Function. 2.2 Objective The objective is to consolidate and standardize the tasks, and responsibilities to ensure effect execution of QA reviews in line with the standards and stakeholder expectation 2.3 Policy Policies S/N Description Page 1 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies 1. Overall Responsibilities of the QA Unit The overall responsibilities of the QA Unit shall be to: a) Standardize GRC activities by ensuring that the policies and procedures are adequate and aligned with leading best practices. b) Establish and manage appropriate mechanisms for obtaining feedback from stakeholders on the effectiveness of the GRC Function. c) Review compliance with the GRC’s policies and procedures and proffer recommendations for possible gaps noted. d) Facilitate the performance of periodic external assessments (if any) of the GRC Function in line with regulatory and professional standards as well as leading practices. e) Facilitate capacity development by coordinating training and periodic knowledge sharing sessions among staff and personnel of the GRC. f) Facilitate setting and monitoring of strategy within GRC Function and coordinate performance assessment of staff. g) Serve as primary point of contact for external service providers including independent consultants. h) Facilitate the preparation and reporting of the Division’s Key performance Indicators. i) Strengthen the management of internal control system, to minimize operational surprises and losses. Page 2 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies j) Instil a risk-aware culture that engenders proactive identification and management of risks and opportunities. k) Ensure effective allocation and utilization of resources through a coordinated, and structured approach for risk management. Specific Roles and Responsibilities of the Sub-units under QA Quality Assurance a) Implement quality management systems for improved assurance advisory services and increased customer satisfaction with the GRC Function. b) Identify advisory service areas that do not meet best practice standards and drive improvement of such. c) Carry out continuous monitoring and periodic internal assessment on the level of effectiveness of the activities of the GRC Function, utilizing agreed metrics. d) Deploy periodic surveys, customer satisfaction questionnaires or structured performance feedback meetings with GRC internal customers, to elicit their views on the effectiveness of the GRC Function at least annually. e) Conduct quality assurance review of GRC reviews. Systems and Strategy Page 3 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies a) Ensure the existence and adequacy of policies, standards and procedures covering the activities of GRC and all other processes along NNPC Limited value chain b) Maintain an up-to-date database system for the GRC Function c) Coordinate the development an annual plan highlighting the various activities to be conducted by the department. d) Provide periodic reports to the GRC Function on the status of implementation of the annual plan. e) Coordinate budgeting and financial administrative activities such as training within the GRC Function. f) Oversee the resourcing of staff with the Function, including job rotation and management development programs. g) Develop SMART performance metrics to drive and improve the effectiveness and efficiency of the Function. h) Coordinate the development of standardized policies, procedures, manuals, work programmes and reporting templates to be utilized by the Function in delivering consistent services across NNPC Limited and its subsidiaries. In addition, coordinate periodic reviews of these documents and propose recommendations for process improvement, where required. i) Oversee the staff development, including administration of the performance evaluation and job rotation processes in the Function. j) Recommend relevant training for GRC staff (to HR Division through the Group Head of GRC) to address identified skill gaps and enhance their ability to carry out their functional responsibilities. Page 4 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies k) Oversee the consolidation and preparation of periodic reports to be issued by the Function to senior management, management committees and the Board Audit committee. l) Assist the GRC Function in keeping current on changes and emerging best practices of the profession; undertake research into other emerging issues and opportunities. m) Collaborate with an external assessor (to be decided upon by the Chief Compliance Officer) once every three (3) years to assess the GRC Function within NNPC, in line with the IIA Standards and Nigerian Code of Corporate Governance. 2. Monitoring of GRC Function’s Key Performance Indicators (KPI) The QA Unit shall be responsible for monitoring the KPIs for the GRC. The same shall be reported to GRC leadership annually. The key performance indicators are: People This covers satisfaction, retention, and quality of development of the GRC staff. The KPIs in this section include, but not limited to: a) Staff turnover (relative to other divisions) b) Percentage of certified staff c) Training cost as a % of GRC budget d) Minimum training hours per GRC staff e) Minimum number of GRC staff rotated into the business in one year Page 5 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies f) Minimum number of process owners rotated into GRC in one year g) Minimum number of process owners rotated into GRC in one year Processes This covers the effectiveness of GRC processes in fulfilling its mandate and expectations of its stakeholders. The KPIs in this area include but not limited to: a) % implementation of recommendations that have fallen due b) % implementation of recommendations from external quality assurance (if any) that have fallen due in the quarter c) % of processes within the process universe that are data & analytics enabled d) % of reviews with cycle time from kick-off meeting to issuance of draft report within the threshold of the approved timeline e) % of reviews with cycle time from close-out meeting to issuance of final report within two (2) weeks f) Circulation of quarterly board papers at least one week before Board meeting Plan (Efficiency) This covers the efficiency of GRC processes in achieving the GRC plan within its approved budget. The KPIs in this area include but not limited to: a) % completion of GRC plan Page 6 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies b) Controlled GRC cost per budget Stakeholder Management This covers the ability of GRC to meet the expectations of its stakeholders. Feedback from the Business units should be obtained at least annually via a Customer Satisfaction Survey. The objective of the questionnaire is to obtain feedback from the Business units on the execution of GRC audit/review projects. The survey will be distributed, collected, and analysed by the Quality Assurance and Monitoring Function. The KPIs in this area include: a) Average customer satisfaction score for all processes reviewed during the year b) Board Audit Committee Chairman’s appraisal rating/score of GRC effectiveness (after taking feedback from the GCEO and other members of Board into consideration). Page 7 of 347 NNPC Limited Quality Assurance Processes and Procedures 3.0 Quality Assurance Improvement Program 3.1 Introduction Quality Assurance Improvement Program (QAIP) enables an evaluation of the GRC activity’s conformance with the Definition of Auditing and the International Standards for the Professional Practice of Auditing (Standards) and an evaluation of whether GRC staff apply the code of Ethics 3.2 Objectives The objective of the QAIP process is to ensure: a. The effectiveness of the GRC activity, including consulting engagements, as found in the mandatory elements of the IPPF are continually monitored b. ongoing and periodic internal assessments as well as external assessments by a qualified independent assessment team, are conducted 3.3 The QA Framework The three major elements of the Quality Assurance and Improvement Program are highlighted in the schematic below: 1 Internal Assessment 2 External Assessment 3 Knowledge Sharing and Communication NNPC Limited Quality Assurance Processes and Procedures 3.4 Policy Policies S/N 1. Description Internal Assessment Internal Assessments are quality assurance assessments which shall be conducted by the Internal Quality Assurance team. Internal Assessments may involve one of the following: • In-flight (on-going) assessment • Post-mortem assessment 1.1 Inflight Assessment: An In-flight assessment refers to internal quality assessments which are conducted during or immediately after GRC assignments. The Quality Assurance team shall conduct internal quality assessment of select GRC assignments according to the annual QA plan or immediately a scheduled review is completed. The main aim of the ongoing assessment is to ensure quality and identify areas for capacity development 1.2 Annual Internal Quality Assurance Review (Post-Mortem) The QA Unit shall conduct an annual self-assessment of NNPC GRC Function to appraise its overall effectiveness and conformance with the IIA Standards at the end of every year. Page 1 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description The internal annual self-assessment shall seek to check that: • The GRC Function is efficient and effective, taking into consideration compliance with its charter, board and management expectations. • The GRC Function is in conformance with the IIA Standards. The QA Unit will take the following into consideration in conducting the annual self-assessment: • The outcome of the ongoing internal assessments in line with the annual QA plan • The outcome of an annual customer satisfaction survey to be conducted by the QA Team using any suitable platform and deployed to management personnel (Managers and above) across NNPC Limited and its subsidiaries. Alternatively, the results of the Business unit satisfaction survey conducted at end of the audit/reviews contained in the QA plan can be consolidated and used to evaluate the satisfaction of GRC’s stakeholders. Note: The QA team shall consolidate report(s) from ongoing internal assessment of GRC and present the result at the quarterly GRC performance review meetings. 2. QA Planning and Resourcing Strategy Planning Page 2 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description The QA Unit shall develop an annual plan for the ongoing internal assessments to be performed within a calendar year and the plan shall define the approximate resources and strategy necessary to accomplish the scope. In developing the QA plan: • The QA Unit should seek to ensure that at least one (1) GRC engagement review from each subsidiary and one (1) GRC engagement within each division at the NNPC Limited is selected for quality assurance in each calendar year. The input of GRC management must be considered in this process • The afore-mentioned plan is dependent on the activation of the resourcing strategy (contained in the subsequent section) such that there are sufficient personnel to execute the plan. Where this is yet to be activated, one review from each subsidiary and each division at NNPC Limited will be reviewed by QA annually • The selection of GRC reviews for purpose of quality assurance shall be risk based. Consequently, high risk processes will constitute majority of the processes to be selected in the QA plan • The QA Unit shall draft the annual QA plan during the period for developing the annual GRC plan and consolidated with Page 3 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description the overall GRC plan to be presented to the Audit Committee for approval • Similar to other elements of the GRC plan, the actual performance of the QA plan against the expected outcome per quarter shall be reviewed and communicated to the Audit Committee in GRC’s quarterly report to the Committee. Resourcing Strategy In resourcing talents for the execution of the QA plan and positioning the QA Unit as a centre of excellence within GRC, the Function shall adopt either of the models below or a combination of both as follows: In-sourcing: In this model, the QA Manager will work in conjunction with the GRC Leadership Team to develop and implement a resourcing strategy that will enable the Group Head of GRC to rotate staff in and out of the QA Unit. The QA staff will be responsible for conducting the quality assurance reviews and implementing the QA plan for the year. Peer-to-peer Review: In this model, an GRC staff will be assigned to the QA review of an GRC assignment executed by another team. This is a Page 4 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description temporary arrangement as this does not make the staff a permanent staff of the QA Unit. In safeguarding the objectivity of the appointed QA reviewer, the QA Unit shall give preference to reviewers without conflict of interest in either fact or appearance. This will include a preference for reviewers that have not worked with the team or subsidiary to be reviewed in the last three (3) years. The peer-to-peer model will ultimately enable QA to: • bridge any manning gaps • serve as a training ground for future leaders within the GRC Function and enlighten them of the quality expected from GRC assignments • 3. facilitate knowledge transfer among GRC staff External Assessment The IIA and the Nigerian Code of Corporate Governance require that an external assessment is carried out once every three (3) years for the Audit Function and not the GRC Function. Consequently, the GRC Function may choose to appoint a qualified external assessor to assess and report on its effectiveness every three (3) years or any suitable period of its choosing. Consequently, the external assessment team must demonstrate competence in two areas: the professional practice of Auditing and the external assessment process. Page 5 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description For avoidance of doubt, the Internal Assessment components of the Quality Assurance framework shall be carried out continuously between external assessments and its results could be considered by the external assessors based on their discretion. 4. Knowledge Sharing and Communications GRC Performance Review Meetings (Quarterly): Every quarter, members of the QA Unit shall organise a Knowledge Sharing Session (KSS) as a standing agenda item at the GRC performance review meetings. At this meeting, the result of QA reviews conducted within the quarter shall be presented. The QA Unit shall perform root cause analysis into most frequent issues noted from the review of assurance engagements in the Quality Assurance Review tool. The QA Unit shall present recommendations on managing prevalent issues/exceptions documented to prevent External Knowledge Sharing Session: On annual basis, the QA Unit shall also seek an extended KSS with the all staff of the GRC Function. During the extended KSS, the QA Unit will present the trends observed across the QA reviews that have been conducted during the year and recommended improvements. In addition, the QA Unit shall nominate any of the GRC review teams with outstanding quality assurance results, to present an Page 6 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description end-to-end view of a completed GRC review. This shall be aimed at the transfer of applicable information to other staff in the GRC Function Capacity Building The QA Unit shall assist in developing the annual training plan for GRC staff. In developing the specific plan (without prejudice to the general Human Resources plan), the Function will consider the: • The prevalent issues noted by the QA Unit during the year • The skill gaps of GRC staff as contained in their appraisal • The competence gaps between the current and target competence requirements to build an GRC Function of the future • Input received from GRC Heads overseeing GRC Functions of subsidiaries. • The QA Unit shall monitor execution of the approved training plan to ensure that specific trainings are provided to GRC staff to enhance overall quality and effectiveness 3.5 Procedures (Ongoing Assessment) Page 7 of 347 NNPC Limited Quality Assurance Processes and Procedures Procedures S/N Responsible Party Description Job Aid 1. QA Unit QA Checklist Office tools Using the completed QA checklist, fill out and attach all relevant documents which were either prepared or reviewed during the assurance work The Client Satisfaction Survey shall also be considered. 2. QA Unit Quality Assurance Review The NNPC Quality Assurance Review Office tools tool (see appendix 1) is the key tool designed to aid these checks on the quality assurance. – Results of this variance analysis or check shall be documented in the Quality Assurance Checklist with the next steps for each of the GRC team involved in the reviews. Note: a. The Manager, QA is expected to make inputs into the evaluation of all teams who conducted the various GRC engagements Page 8 of 347 NNPC Limited Quality Assurance Processes and Procedures 3.6Output Input & Output Documents S/N Document Description Completed 1. QA Type Frequen cy Source Recipient Input As QA Team QA required Lead Lead/Mana Checklist QA Team ger Checklist Input Variance Analysis As QA required Manager GRC – The checklist will 2. highlight the gaps noted in ongoing the review and the next steps Quality Assurance Output Quarterly QA Team GRC Report - A report 3. outlining the objectives, scope, approach, conclusions, all Page 9 of 347 NNPC Limited Quality Assurance Processes and Procedures Input & Output Documents S/N Document Description findings Type Frequen cy Source Recipient Output Annually QA Team GRC and recommendation s identified during the performance of the field work and next steps for the GRC team Executive 4. 3.7 Summary KPIs Key Performance Indicators S/N 1. Performance Measure Timeliness execution Basis Measurement of of % of ongoing QA reviews in line with the approved timeline Timeframe Target Per review TBD Page 10 of 347 NNPC Limited Quality Assurance Processes and Procedures NNPC Limited Quality Assurance Processes and Procedures 4.0 5.0 Reporting Framework Introduction Quality Assurance Reporting occurs through formal documentation and the respective meetings with the GRC Function 5.1 Objectives The objectives of QA reporting are: a. to document the outcome of the reviews of the GRC activity b. to effectively communicate the opinion on the quality of review assignment c. to agree action plans to resolve gaps noted during the reviews 5.2 Policy Policies S/N 1. Description Consolidation of In-Flight (Ongoing) Assessments Every quarter, the QA Unit shall present a consolidated report from QA reviews performed within the quarter. The report shall highlight assessment score for each category within the review for each subsidiary as well as a consolidated view of all subsidiaries reviewed within the quarter. In addition, the report shall highlight areas where prevalent issues were noted. The Quality Assurance Review tool shall provide the means for the consolidation. 2. Interpretation of Ongoing Internal Assessment Result NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description At the end of each of the quality assessment conducted by the internal QA Unit, the QA Unit shall arrive at an opinion on the quality of a review assignment The Quality Assurance Review tool will provide a quantitative and standardised approach for assessing the adequacy of the documentation and the quality of the deliverables. A set of criteria has been set out in the tool to enable the QA reviewers arrive at an opinion on the quality of risk and/or compliance review; Below is the opinion for each category of score arrived at: Rating 3. Quantitative Definition Overall Definition Level 1 0-49% Unsatisfactory Level 2 50-74% Major improvement required Level 3 75-94% Minor improvement required Level 4 95-100% Satisfactory Corrective Action Plans Improvement is the aim of every quality assurance review. The entire goal of each review is to arrive at a point where area for improvements are identified to further enhance the effectiveness of the QA Unit. Hence, recommendations are expected to be included in the reviewed Quality Assurance checklist which must Page 1 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description have been completed by the GRC team members who carried out the reviews. A date shall be stated in the plan to indicate the timeline within which the agreed action points have been implemented. There is also a high-level – next step indicated in the Quality Assurance Review tool to indicate at a glance, the expectation of the stakeholders, given the result of the assessment. Rating Level 1 Level 2 Level 3 Level 4 Overall Definition Unsatisfactory Action Required Major improvement required Minor improvement required Satisfactory Trainings on activities performed below expectations Trainings on activities performed below expectations and repetition of the review within the next one (1) year Debrief sessions on areas of improvement with the GRC team No action required *Extract from the QA Review tool 4. Upon completion, the QA Unit will develop an executive summary which will be presented at the first performance review meeting of the subsequent year. The summary will highlight: Page 2 of 347 NNPC Limited Quality Assurance Processes and Procedures Policies S/N Description GRC’s compliance with its charter, policies, and procedures GRC’s conformance with the IIA Standards and other leading practices GRC’s performance against the key performance indicators (KPIs) of the division for the year Recommendations for improving the current practices of the GRC Function based on any identified gaps Page 3 of 347 NNPC Limited Quality Assurance Processes and Procedures 5.0 5.1 Performance Management Introduction Performance Management is a process performed by the QA Unit to identify, measure and develop the function’s performance within an agreed framework of objectives, standards and competency requirements. 5.2 Objective The objective of performance management is to ensure that the QA Unit adhere to the set performance standards and achieve expectations 5.3 Key Performance Indicators for Assurance and Monitoring Function the Quality The Quality Assurance and Monitoring Function is expected to set the pace around quality in GRC. Consequently, below are some of the indicators to be considered, measured, and reported by the QA Unit annually for its optimal effectiveness: S/N Goal/Objectives KPI/Metric Target 1 Timeliness of QA ongoing internal review Minimal deviation from QA plan triggered by delay in QA review Not later than six (6) months after completion of the selected GRC review/audit as contained in the annual QA plan. 2 Knowledge sharing and quality management Presentation of QA results and recommendations during performance Every quarter NNPC Limited Quality Assurance Processes and Procedures S/N Goal/Objectives KPI/Metric review meetings least quarterly 5.4 Target at 3 Participation of staff in the annual Customer Satisfaction Survey Level of response to the annual Customer Satisfaction Survey Not less than 20% of target respondents 4 Preparation of annual quality assurance report Timeliness of annual quality assurance report preparation Not later than first quarter of the succeeding year 5 Completion of QA plan Level of implementation of QA plan Not less than 80% 6 Implementation of training plan Level implementation training plan of of Not less than 80% 7 Implementation of GRC Projects Level implementation GRC projects of of Not less than 80% of commissioned projects and milestones 8 External assessment Conformance of the GRC Function with IIA Standards and other leading practices Full conformance with at least 70% of the IIA Standards Quality Incentive System To ensure the quality of the work performed by the GRC Functions within NNPC, the evaluation of each member of staff shall reflect the score from the overall assessment of each GRC engagement carried out during the financial year under review. The following incentives shall be adopted: Page 1 of 347 NNPC Limited Quality Assurance Processes and Procedures S/N Goal/Objectives Coverage 1 Integration of QA review result with Performance Management System for GRC staff All staff 2 Recognition of team with highest QA score by the Head of GRC during the GRC performance review meetings quarterly Team with highest QA score for the quarter 3 Recognition email from Head of GRC to all GRC staff Team with highest QA score for the year 5 Nomination to attend one (1) offshore training within the next one (1) year Team with highest QA score for the year This will assist in reinforcing the tone that drives each of the other assurance function to execute the work with utmost due care and quality. Page 2 of 347 NNPC Limited Quality Assurance Processes and Procedures 5.1 Appendix - Quality Assurance Review Tool NNPC GRC - Quality Assurance Review Tool (IA).xlsx Page 3 of 347