300 likes | 696 Views
Pepsico Experience. An example of IT strategy within a large and complex organisation. Governance in Practice. Paul O’Callaghan CIO WWTO PepsiCo. National Technology & Business Conference. 30 November 2005. Net Revenues $29 billion. USA $19 billion International $10 billion.
E N D
Pepsico Experience An example of IT strategy within a large and complex organisation. Governance in Practice Paul O’Callaghan CIO WWTO PepsiCo National Technology & Business Conference 30 November 2005
Net Revenues $29 billion USA $19 billion International $10 billion
1.6Bn 16.1 Bn 2.6Bn 5.1 Bn 1.6Bn 2.4Bn 1.7 Bn 1.5 Bn 5.0 Bn 1.6 Bn 1.1 Bn 3.7 Bn 1.1 Bn 1.6 Bn 3.6 Bn Retail Sales over $1 billion
Cork Canada (CP) Petersborough (Canada) United States (CP) Chicago, IL (USA) Valhalla, NY (USA) Barrington, IL (USA) Somers, NY (USA) China Cidra India Worldwide TechnicalOperations Concentrate Plants: 13 Trade Quality Labs: 8 Satellite Locations: 3 Distribution Centers: *4 Scope of Worldwide Technical Operations R&D , Concentrate and Quality Toronto Turkey Pakistan Arlington Shanghai Mexico Bangkok Venezuela ACO Brazil Uruguay
Concentrate Operations World –wide 13 Concentrate plants Franchise system • Cork • 300 Employees at 2 plants • Sell to over 100 countries
What is Governance? For PepsiCo, IT Governance is an integrated set of processes providing oversight for how IT resources will be invested and managed to deliver business objectives in support of PepsiCo’s strategic imperatives. Governance is being used as the term to describe how IT is managed across a large organisation.
PepsiCo’s Key Governance Processes IT GOVERNANCE IT Strategy, Planning & Management Portfolio & Program Management Managing Risk & Compliance Project Analysis & Design INTEGRATED PROCESSES, ORGANIZATION & TECHNOLOGY Aligning IT with Business Strategy
Approaching Governance • Strategic IT Governanceis focused on ensuring that: • IT business risks are being managed • IT investments are allocated properly • Business objectives are being enabled by IT • Tactical IT Governance is focused on ensuring that: • IT project risks are being managed • Formalised stage gate reviews and approvals • Process designs meet objectives • Applications and requirements support processes • IT standards and target architectures are being followed
IT Governance • Our Governance methodology must address the following key questions: • What decisions must be made to effectively manage & use IT resources? • Who should make these decisions and how will these decisions be made • How will performance be measured & monitored? • Governance of IT activities: • Investments & Retirements • Baseline • Reporting Enhancements: • Common PI IT Chart of Accounts • Period Briefing Note & Scorecards • Quarterly Investment Scorecard • Common Planning/ IT Planning Tool • People management processes • CIO Governance Council • Bi weekly CIO call • Bi weekly CTO call • Monthly global call • Quarterly Region Reviews • Aligned Strat Plan process • Aligned AOP process
Governance Framework • Region teams are empowered to make decisions PI IT Governance framework ensures that project leaders will have accountability and a method to obtain alignment, approvals, risk mitigation and report progress Resolution Business/ IT Governance PI CIO Council Resolution Global Leadership Team PI CIO Reports 10% Escalation Point Involvement of: Region Presidents PI CEO, CFO 10% Escalation Point Involvement of: Region CFO’s. PI CFO Functional VP’s PBSG Functions Architecture Governance Applications Governance 90% PI CIO & SC – Prioritization, Standards & Monitoring 90% PI IT Region Level Governance (Region CIO/CTO/ PMO, Business, Budgeting)
Investment Governance • Initiation • - Formal/ Informal • Strat Plans/ AOPs • Emails/ Interviews • IT functional projects • Reporting & Reviews • Financial/ timeline reviews • Project diagnostic • Risk diagnostic • Quarterly investment scorecards • Quarterly PI CIO reviews Project Definition - Preliminary project abstract • Prioritization • Project diagnostic • Risk diagnostic • Weighted scores • Project tiers • Project Management • Project mgmt methodology • Phase-gated funding • Region PMO’s • Approvals • Project abstract • Financial planning • Project profile, Tech Profile • Project timeline • PI Fin. Policies & Approval matrix • CAR/ Capex (if required) Locked into Strat Plan, AOP or new Forecast PI CIO Council Global/ T1 Only
Investment Governance • Initiation • - Formal/ Informal • Strat Plans/ AOPs • Emails/ Interviews • IT functional projects • Reporting & Reviews • Financial/ timeline reviews • Project diagnostic • Risk diagnostic • Quarterly investment scorecards • Quarterly PI CIO reviews Project Definition - Preliminary project abstract • Prioritization • Project diagnostic • Risk diagnostic • Weighted scores • Project tiers • Project Management • Project mgmt methodology • Phase-gated funding • Region PMO’s • Approvals • Project abstract • Financial planning • Project profile, Tech Profile • Project timeline • PI Fin. Policies & Approval matrix • CAR/ Capex (if required) Locked into Strat Plan, AOP or new Forecast PI CIO Council Global/ T1 Only
Investment Governance • Initiation • - Formal/ Informal • Strat Plans/ AOPs • Emails/ Interviews • IT functional projects • Reporting & Reviews • Financial/ timeline reviews • Project diagnostic • Risk diagnostic • Quarterly investment scorecards • Quarterly PI CIO reviews Project Definition - Preliminary project abstract • Prioritization • Project diagnostic • Risk diagnostic • Weighted scores • Project tiers • Project Management • Project mgmt methodology • Phase-gated funding • Region PMO’s • Approvals • Project abstract • Financial planning • Project profile, Tech Profile • Project timeline • PI Fin. Policies & Approval matrix • CAR/ Capex (if required) Locked into Strat Plan, AOP or new Forecast PI CIO Council Global/ T1 Only
Investment Governance • Initiation • - Formal/ Informal • Strat Plans/ AOPs • Emails/ Interviews • IT functional projects • Reporting & Reviews • Financial/ timeline reviews • Project diagnostic • Risk diagnostic • Quarterly investment scorecards • Quarterly PI CIO reviews Project Definition - Preliminary project abstract • Prioritization • Project diagnostic • Risk diagnostic • Weighted scores • Project tiers • Project Management • Project mgmt methodology • Phase-gated funding • Region PMO’s • Approvals • Project abstract • Financial planning • Project profile, Tech Profile • Project timeline • PI Fin. Policies & Approval matrix • CAR/ Capex (if required) Locked into Strat Plan, AOP or new Forecast PI CIO Council Global/ T1 Only
Investment Governance • Initiation • - Formal/ Informal • Strat Plans/ AOPs • Emails/ Interviews • IT functional projects • Reporting & Reviews • Financial/ timeline reviews • Project diagnostic • Risk diagnostic • Quarterly investment scorecards • Quarterly PI CIO reviews Project Definition - Preliminary project abstract • Prioritization • Project diagnostic • Risk diagnostic • Weighted scores • Project tiers • Project Management • Project mgmt methodology • Phase-gated funding • Region PMO’s • Approvals • Project abstract • Financial planning • Project profile, Tech Profile • Project timeline • PI Fin. Policies & Approval matrix • CAR/ Capex (if required) Locked into Strat Plan, AOP or new Forecast PI CIO Council Global/ T1 Only
Investment Governance • Initiation • - Formal/ Informal • Strat Plans/ AOPs • Emails/ Interviews • IT functional projects • Reporting & Reviews • Financial/ timeline reviews • Project diagnostic • Risk diagnostic • Quarterly investment scorecards • Quarterly PI CIO reviews Project Definition - Preliminary project abstract • Prioritization • Project diagnostic • Risk diagnostic • Weighted scores • Project tiers • Project Management • Project mgmt methodology • Phase-gated funding • Region PMO’s • Approvals • Project abstract • Financial planning • Project profile, Tech Profile • Project timeline • PI Fin. Policies & Approval matrix • CAR/ Capex (if required) Locked into Strat Plan, AOP or new Forecast PI CIO Council Global/ T1 Only
Final Project Abstract FINAL
Tier 1 & 2 Projects Status • Summarise key successes & opportunities referencing • on-time/budget deliveries • assistance required to “Get out of the red”
Sample Investment Financials • Financial Analysis – Measurement
IT Controls for SOX compliance Business Process with Financial Statement Impact • Annual - Application Controls • - Access Controls - who has access? • Segregation of duties - what can they do? (“Supersuser” Access, sensitive & significant transactions) • Masterfile data updates - what significant data was updated? • Software configuration parameters • Automated procedures (e.g., approvals) • Exception and Management reports • Interfaces to other systems Supporting Application interacts with server, database and network Supporting Application Server stores data as well as key settings: - Configurable Infrastructure Controls - Application Controls and Application Access Controls Governance • Quarterly - Changes • Changes to application controls (access, segregation of duties, masterfile updates, configuration parameters, procedures, reports and interfaces) for Financial Applications Development • Annual - General Controls • General Controls Risk Control Matrices (RCMs) (Cobit-based Controls relevant to SOX only) Integrity of application and data are dependent upon underlying IT processes and controls Change Management Backup and Recovery Procedures Security Administration
Accountability ModelProportional Ownership Control Owner Process Owner SOX Coordinator ProcessExecutive Disclosure Committee Certifying Executive X X X X X Monitoring X Control Activities Information & Communication X X X X X Risk Assessment X X X Control Environment Everyone is responsible for Information and communication. PepsiCo requires all key controls to be tested/reported on a Quarterly basis
Our Sarbanes Oxley Experience • Benefits • Improved control environmentEnhanced Systems Security and Systems Access ControlsImproved process documentationBetter understanding and improvement of segregation dutiesIncreased awareness and ownership of controls and processes • Watch Outs • Manual ProcessThe majority of key controls that have been implemented are manual and resource intensive - aim to automate critical controls. • Segregation of DutiesSmall IT teams do not have absolute role segregation, this has introduced controls to gate keep the developer/support role in a production environment which will slow down the change management process. • Audit Both internal and external audit are focused on controls and will always strive for the tightest controls - retain focus on scope and risk. National Technology & Business Conference 30 November 2005
Benefits Of Governance • Ensures IT Focus is where it should be • Provides a framework for measuring value and effectiveness of IT • Raises the bar for Controls in IT - Audits less painful • Business and IT Fusion • Bridges gaps between IT and Business • Transforms business from critics to owners • Educates the business on IT as a function /enabler • Drives IT to think and plan more strategically National Technology & Business Conference 30 November 2005
Governance - Watch Outs • Needs to be driven from the Top • Mindset change in IT & Business • Stakeholders require education on the new processes. • New skills and resources often needed. • Some things will take longer • Needs to fed and watered – improvements National Technology & Business Conference 30 November 2005
Going Forward • Governance becomes a natural way of how we operate • Planning • Operations • Compliance • ITIL Framework on Service Delivery • Balanced Scorecards National Technology & Business Conference 30 November 2005
Thank You !! National Technology & Business Conference 30 November 2005