DCT Internal Control Update At-A-Glance March 28, 2008

While the changes in the DCT SOX program may reduce annual SOX time commitment from certain CET Owners, your accountability for controls within the CET is unchanged. As part of the LRA process, each of the Segment/Function DCT VPs and the DCT GVP/CIO (Dana Deasy) make quarterly assertions on our controls. They will continue to look to each of the S/F Control Leads and CET Owners for assurance that they can do so. With your help, we look forward to another outstanding year.

A Message From Your ICDT Lead

GC (Group Control) has released the updated AGC and ITGC control frameworks for 2008. Changes are relatively minor. They include simplified wording of Control Objectives, the addition of one AGC Key Control Activity and deletion of another. These updates will automatically be incorporated in FCM when it comes online in April.

CET Owners are expected to refresh their control documentation in FCM to reflect the updated framework and throughout the year as changes occur. As such, CETs can continue to be updated prior to the FCM framework changes. Any changes made will be saved and available when the changes to the framework are loaded into FCM. Watch for communication from your S/F Control Lead regarding specific 2008 Control Framework timing and annual refresh processes.

The upcoming web cast titled “What’s New in 2008” will review the framework changes and refresh requirements. Go to Announcements on the DCT CET Owners SharePoint site for dates and times of upcoming web casts, updates on the Control Framework, and release of the revised Control Dictionaries.

2008 Control Framework is Now Avail-able!

Significant Changes in BP’s Overall Management Assessment Process

Everyone involved in the DCT SOX program has worked to establish effective internal controls over our applications and infrastructure. We will leverage this work in 2008 to simplify and improve the efficiency of our SOX compliance approach.

Historically, BP’s Management Assessment process has relied on Self Assessment and assertion by CET Owners to the design and operating effectiveness of their controls. This was the most challenging and time consuming CET Owner accountability. As a benefit, it has established a broad-based understanding of the Key Control Activities and compliance requirements.

No More Self Assessment by CET Owners Beginning in 2008, our Management Assessment process will no longer require CET Owners to perform a Self Assessment with detail testing. Instead, the detail testing required for SOX compliance will be performed centrally by the Control Advisory & Review (CAR) team, which is part of our Group Control (GC) group in the Finance organization.

CAR is expected to perform testing on 100% of our AGC and ITGC CETs (historically only 1/3 have been tested). CAR will be testing all of the Key Control Activities covered by these CETs in DCT. This shift in responsibility will entail CET Owner support of reviews by the CAR team, and continued support of any reviews by our external auditor (E&Y) or Internal Audit that might be required.

No More Annual Assertion by CET Owners CET Owners will no longer be required to complete an annual assertion as to the design and operating effectiveness of their controls. Instead, they will perform a sign-off confirming that they have performed their key accountabilities. These include: • Maintenance of control documentation • Reporting and remediating all known gaps • Performing any monitoring that is required by their Segment/

Function Internal Control team • Retain evidence of control performance • Provide S/F Control Lead with ongoing assurance controls are

performing as designed. (Note that Monitoring is not required by DCT for SOX compliance, but the DCT Segments/Functions may use monitoring for other purposes, and your S/F Control Lead will clarify the approach, what you are required to document, and what evidence you must retain to provide assurance on your controls.)

What's New in 2008 CET Owner Webcasts will be held on April 10 and 17. They will highlight what is new in the DCT SOX program in 2008. (1.5 hour webcasts held at 3 times to accommodate Europe, Africa, the Middle East, the Americas and Asia Pac) Topics to include: • Control Framework and FCM changes • Self-Assessment changes – no more Self Assessment • CAR Review changes – increase in coverage • Change in approach for assertion/sign-off

This will be the only course offered focusing on what’s new in SOX for DCT. Therefore, it is highly recommended that every AGC and ITGC CET be represented at the “What’s New” webcasts. If the CET Owner is unable to attend, a delegate or support person should attend on behalf of the CETO. Please contact DCTSoxComms@bp.com if you did not receive an invitation.

What’s New in 2008 DCT SOX Web-cast!!!!

• April 10 and April 17th… “What’s New in 2008” webcasts for DCT CET Owners.

• By April 30, FCM available with 2008 Control Framework. • By May 15th, update your CET in FCM. • When requested, support Control Review, and possible audit

by E&Y. • Throughout the year identify, report and remediate any gaps

throughout the year. • Q4 webcast on “Sign off Guidance”. • No later than Dec. 1, complete sign-off in FCM.

2008 Key Dates for CET Owners