Message-ID: <5434642.1075855830626.JavaMail.evans@thyme>
Date: Thu, 20 Apr 2000 09:30:00 -0700 (PDT)
From: donna.lowry@enron.com
To: sally.beck@enron.com, wes.colwell@enron.com, ted.murphy@enron.com, 
	rick.carson@enron.com
Subject: Business Risk Management Reporting
Cc: richard.lauer@enron.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Bcc: richard.lauer@enron.com
X-From: Donna Lowry
X-To: Sally Beck, Wes Colwell, Ted Murphy, Rick L Carson
X-cc: Richard Lauer
X-bcc: 
X-Folder: \Sally_Beck_Dec2000\Notes Folders\Discussion threads
X-Origin: Beck-S
X-FileName: sbeck.nsf

As a follow up to the meeting with AA on Friday, April 14, Richard and I 
discussed with AA (Sorrells, Grutzmacher and Brown) how the monthly BRM 
controller's meeting deliverables and database deliverables should be 
prepared.  The proposal I think we should recommend to AA is the following:

Opening and closing meeting with front line managers and discussion of all 
items, regardless of priority ratings (high, medium, low)
Report generated to the Business Risk Managers at the monthly controller 
meeting in the "Project Doorstep" style, incorporating existing controls and 
observations/action steps to be taken on the critical issues (those with a 
high rating) and identify responsible person(s) and target date
Follow up matrix report relating to the specific project audited in the 
manner consistent with the BRM database indicating priority ratings (the high 
issues should match the issues reported in the monthly controller meetings)
Eliminate the summary report that has typically be presented at the monthly 
controller meetings

Once the "Project Doorstep" style report presented by  AA is received at the 
monthly controller meeting, compliance will input the issues into the second 
database to enable the reminder notifications to be sent to the person(s) 
responsible for the action step.  In addition, a monthly progress report will 
be generated from compliance to the Business Risk Managers to show the 
critical (high) issues and implementation detail, if any.

It will be imperative that AA issue final reports on the projects immediately 
after they have been completed and deliver the matrix  within two (2) weeks 
after the monthly controller meetings to Compliance for inputting to the BRM 
database.  If this information is not received within the two week time 
period, compliance will notify the BRM's and AA of the deficiency.

It will also be necessary for you, the Business Risk Managers, to notify your 
front line personnel that they will be receiving the email notifications on 
action plans with specific target dates and with the expectation that the 
responsible persons will be expected to respond to the email with the status 
report of the issue.

If you are in agreement with this reporting plan, please indicate so in a 
return email message to me and I will coordinate all responses and 
communicate this to AA.  I feel that this process will provide the BRM's the 
necessary information that you have indicated you want to hear in the 
controller's meetings, including the candid discussions as well as provide 
compliance with the necessary information to maintain the database so the 
information is available for the corporate needs.

If you have any questions, please do not hesitate to call me at 31939. Thank 
you for your attention.  Donna Lowry