pepsico experience governance in practice paul o’callaghan cio wwto pepsico national technology...
TRANSCRIPT
Pepsico Experience
Governance in Practice
Paul O’Callaghan
CIO WWTO PepsiCo
National Technology & Business Conference 30 November 2005
An example of IT strategy withina large and complex organisation.An example of IT strategy withina large and complex organisation.
2
Net Revenues $29 billion
USA $19 billion
International $10 billion
3
16.1 Bn
5.1 Bn
5.0 Bn
3.7 Bn
3.6 Bn
1.7 Bn
1.6 Bn
2.6Bn
2.4Bn
1.6 Bn
1.5 Bn
1.1 Bn
1.6Bn
1.6Bn
1.1 Bn
Retail Sales over $1 billion
4
Scope of Worldwide Technical OperationsR&D , Concentrate and Quality
Cork
China
India
Cidra
Barrington, IL (USA) Valhalla, NY (USA)
Petersborough (Canada)
Somers, NY (USA)
Chicago, IL (USA)United States (CP)
Canada (CP)
Concentrate Plants:
13
Trade Quality Labs:
8Satellite Locations:
3Distribution Centers:
*4
Worldwide TechnicalOperations
Pakistan
Turkey
Toronto
Arlington
Mexico
Venezuela
Brazil
Uruguay
ACO
Bangkok
Shanghai
5
World –wide13 Concentrate plantsFranchise system
Cork300 Employees at 2 plants Sell to over 100 countries
Concentrate Operations
6
For PepsiCo,
IT Governance is an integrated set of processes
providing oversight for how IT resources will be
invested and managed to deliver business objectives
in support of PepsiCo’s strategic imperatives.
What is Governance?
Governance is being used as the term to describe how IT is managed across a large organisation.
Governance is being used as the term to describe how IT is managed across a large organisation.
7
PepsiCo’s Key Governance Processes
IT Strategy, Planning &
Management
Portfolio & Program Management
Managing Risk& Compliance
Project Analysis & Design
INTEGRATED PROCESSES, ORGANIZATION & TECHNOLOGY
IT GOVERNANCE
Aligning IT with Business Strategy
8
Approaching Governance
Strategic IT Governance is focused on ensuring that:
IT business risks are being managed
IT investments are allocated properly
Business objectives are being enabled by IT
Tactical IT Governance is focused on ensuring that:
IT project risks are being managed
Formalised stage gate reviews and approvals
Process designs meet objectives
Applications and requirements support processes
IT standards and target architectures are being followed
9
IT Governance
Our Governance methodology must address the following key questions:
What decisions must be made to effectively manage & use IT resources?
Who should make these decisions and how will these decisions be made
How will performance be measured & monitored?
Governance of IT activities: Investments & Retirements Baseline
Reporting Enhancements: Common PI IT Chart of Accounts Period Briefing Note & Scorecards Quarterly Investment Scorecard
Common Planning/ IT Planning Tool
People management processes
CIO Governance Council
• Bi weekly CIO call
• Bi weekly CTO call
• Monthly global call
• Quarterly Region Reviews
• Aligned Strat Plan process
• Aligned AOP process
10
Architecture Governance
Applications Governance
GlobalLeadership
Team
PI CIO Reports
Governance Framework
PI CIO & SC – Prioritization, Standards & Monitoring
PI IT Region Level Governance
(Region CIO/CTO/ PMO, Business, Budgeting)
Escalation PointInvolvement of:
Region CFO’s. PI CFOFunctional VP’sPBSG Functions
Escalation Point Involvement of:
Region PresidentsPI CEO, CFO
• Region teams are empowered to make decisions PI IT Governance
framework ensures that project leaders will have accountability and a method to obtain alignment, approvals, risk mitigation and report progress
PI CIO Council Business/ IT
Governance
90%
10%
90%
Resolution
Resolution
10%
11
Investment Governance
Initiation
- Formal/ Informal- Strat Plans/ AOPs- Emails/ Interviews- IT functional projects
Project Definition
- Preliminary project abstract
Prioritization
- Project diagnostic- Risk diagnostic- Weighted scores- Project tiers Approvals
- Project abstract- Financial planning- Project profile, Tech Profile- Project timeline- PI Fin. Policies & Approval matrix- CAR/ Capex (if required)
Reporting & Reviews
- Financial/ timeline reviews- Project diagnostic- Risk diagnostic- Quarterly investment scorecards- Quarterly PI CIO reviews
Project Management
- Project mgmt methodology- Phase-gated funding- Region PMO’s
PI CIO CouncilGlobal/ T1 Only
Locked intoStrat Plan,
AOP or newForecast
12
Investment Governance
Initiation
- Formal/ Informal- Strat Plans/ AOPs- Emails/ Interviews- IT functional projects
Project Definition
- Preliminary project abstract
Prioritization
- Project diagnostic- Risk diagnostic- Weighted scores- Project tiers Approvals
- Project abstract- Financial planning- Project profile, Tech Profile- Project timeline- PI Fin. Policies & Approval matrix- CAR/ Capex (if required)
Reporting & Reviews
- Financial/ timeline reviews- Project diagnostic- Risk diagnostic- Quarterly investment scorecards- Quarterly PI CIO reviews
Project Management
- Project mgmt methodology- Phase-gated funding- Region PMO’s
PI CIO CouncilGlobal/ T1 Only
Locked intoStrat Plan,
AOP or newForecast
13
Investment Governance
Initiation
- Formal/ Informal- Strat Plans/ AOPs- Emails/ Interviews- IT functional projects
Project Definition
- Preliminary project abstract
Prioritization
- Project diagnostic- Risk diagnostic- Weighted scores- Project tiers Approvals
- Project abstract- Financial planning- Project profile, Tech Profile- Project timeline- PI Fin. Policies & Approval matrix- CAR/ Capex (if required)
Reporting & Reviews
- Financial/ timeline reviews- Project diagnostic- Risk diagnostic- Quarterly investment scorecards- Quarterly PI CIO reviews
Project Management
- Project mgmt methodology- Phase-gated funding- Region PMO’s
PI CIO CouncilGlobal/ T1 Only
Locked intoStrat Plan,
AOP or newForecast
14
Investment Governance
Initiation
- Formal/ Informal- Strat Plans/ AOPs- Emails/ Interviews- IT functional projects
Project Definition
- Preliminary project abstract
Prioritization
- Project diagnostic- Risk diagnostic- Weighted scores- Project tiers Approvals
- Project abstract- Financial planning- Project profile, Tech Profile- Project timeline- PI Fin. Policies & Approval matrix- CAR/ Capex (if required)
Reporting & Reviews
- Financial/ timeline reviews- Project diagnostic- Risk diagnostic- Quarterly investment scorecards- Quarterly PI CIO reviews
Project Management
- Project mgmt methodology- Phase-gated funding- Region PMO’s
PI CIO CouncilGlobal/ T1 Only
Locked intoStrat Plan,
AOP or newForecast
15
Investment Governance
Initiation
- Formal/ Informal- Strat Plans/ AOPs- Emails/ Interviews- IT functional projects
Project Definition
- Preliminary project abstract
Prioritization
- Project diagnostic- Risk diagnostic- Weighted scores- Project tiers Approvals
- Project abstract- Financial planning- Project profile, Tech Profile- Project timeline- PI Fin. Policies & Approval matrix- CAR/ Capex (if required)
Reporting & Reviews
- Financial/ timeline reviews- Project diagnostic- Risk diagnostic- Quarterly investment scorecards- Quarterly PI CIO reviews
Project Management
- Project mgmt methodology- Phase-gated funding- Region PMO’s
PI CIO CouncilGlobal/ T1 Only
Locked intoStrat Plan,
AOP or newForecast
16
Investment Governance
Initiation
- Formal/ Informal- Strat Plans/ AOPs- Emails/ Interviews- IT functional projects
Project Definition
- Preliminary project abstract
Prioritization
- Project diagnostic- Risk diagnostic- Weighted scores- Project tiers Approvals
- Project abstract- Financial planning- Project profile, Tech Profile- Project timeline- PI Fin. Policies & Approval matrix- CAR/ Capex (if required)
Reporting & Reviews
- Financial/ timeline reviews- Project diagnostic- Risk diagnostic- Quarterly investment scorecards- Quarterly PI CIO reviews
Project Management
- Project mgmt methodology- Phase-gated funding- Region PMO’s
PI CIO CouncilGlobal/ T1 Only
Locked intoStrat Plan,
AOP or newForecast
17
Final Project Abstract
12/11/2004 8:07:07 PM
Overview & Objectives
Application Scope
PI IT and Customer Required Resources
••••
Economic Analysis
AlternativesWhat if you don’t do this project?
••
••• Risks - incl. HR considerations
••••
••••
Key dates, milestones & targets••
Benefits & Payback to the Business •••
Project Name: Investment Project Abstract
StrategicOp. NecessityProductivity
Pre design
Post design
*Projected New Run Rate Annualized :
Cap ($'M) Thru '04 '05 '06+ TotalLabor 0Software 0Hardware 0Other 0Total 0 0 0 0
EXP ($'M) '04 '05 '06 Total On-Going*Labor 0S/W & H/W 0 0 0Other 0Total 0 0 0 0
TOTAL C/E 0 0 0 0
'02 '03 '04 On-GoingSAVINGS/ROI
Total CapEx $
Function Funded
AOP Funded
Pre-Flight
In-Flight
Shared Services
Headcount (annualized FTEs)EEs - PI IT - CustomerCont/Consult.Total 0 0 0 0
Division/Layer Sponsor Name IT Owner
BU
SIN
ESS
PE
RSP
EC
TIV
EIT
PE
RSP
EC
TIV
E
* Ongoing = Projected New Run Rate Annualized
FINAL
18
Tier 1 & 2 Projects StatusVARIANCE (Tier 1, Tier 2) Budget (AOP) Timeline Risk Fit
Vs. Approved Vs. Approved Vs. Approved Vs. ApprovedRoute power functionality improvement ● ● ● ●Sales Intelligence supervisor tool vapec ● ● ● ●HHC Implementation Phase II ● ● ● ●Network & Security PI ● ● ● ●HR Convergence ● ● ● ●Data mining platfom ● ● ● ●RDK PI ● ● ● ●Techrefresh for Tcomms & Security ● ● ● ●Techrefresh for unix servers and storage ● ● ● ●Plant & Fleet Maintenance System ● ● ● ●Unix, Intel & TCOM TechRefresh ● ● ● ●UPS for Sabritas Datacenter ● ● ● ●Tech Refresh for Personal Computer ● ● ● ●Tech Refresh for Personal Computer ● ● ● ●Telecomm Synergies Project ● ● ● ●Data Center DRP ● ● ● ●Master Files & Data Integration ● ● ● ●SUMMARY ● ● ● ●
Summarise key successes & opportunities referencing on-time/budget deliveries assistance required to “Get out of the red”
19
Sample Investment Financials
Financial Analysis – Measurement
Spend by F/Y Budgetcategory Expense Capital (AOP)Tier 1 100 100 200 Tier 2 300 100 400 Tier 3 200 20 220
TOTAL INVESTMENTS 600 220 820
PORTFOLIO ANALYSIS Expense Capital PlanStrategic Initiative 175 175 Operational Necessity 200 200 Productivity 75 75 Cost savings 150 150
600
Spend by Tier
24%
49%
27%Tier 1Tier 2Tier 3
29%
33%13%
25% Strategic Initiative
Operational Necessity
Productivity
Cost savings
20
IT Controls for SOX complianceBusiness Process with Financial Statement Impact
Supporting Application
Development
Change Management
Backup and Recovery Procedures
Security Administration
Supporting Application interacts with server, database and network
Integrity of application and data are dependent upon underlying IT processes and controls
Server stores data as well as key settings:
- Configurable Infrastructure Controls
- Application Controls and Application Access Controls
Governance
Quarterly - Changes• Changes to application controls
(access, segregation of duties, masterfile updates, configuration parameters, procedures, reports and interfaces) for Financial Applications
Annual - Application Controls- Access Controls - who has
access? • Segregation of duties - what can
they do? (“Supersuser” Access, sensitive & significant transactions)
• Masterfile data updates - what significant data was updated?
• Software configuration parameters
• Automated procedures (e.g., approvals)
• Exception and Management reports
• Interfaces to other systems
Annual - General Controls
• General Controls Risk Control Matrices (RCMs) (Cobit-based Controls relevant to SOX only)
21
Monitoring
Control Activities
Control Environment
Risk Assessment
Info
rmat
ion
& C
omm
unic
atio
n
XXX
XXXXX
X
XXXXX
Certifying Executive
Disclosure Committee
ProcessExecutive
SOX Coordinator
Process Owner
Control Owner
Everyone is responsible for Information and communication.
Accountability ModelProportional Ownership
PepsiCo requires all key controls to be tested/reported on a Quarterly basis
22
Our Sarbanes Oxley Experience Benefits Improved control environment
Enhanced Systems Security and Systems Access ControlsImproved process documentationBetter understanding and improvement of segregation dutiesIncreased awareness and ownership of controls and processes
Watch Outs Manual Process
The majority of key controls that have been implemented are manual and resource intensive - aim to automate critical controls.
Segregation of DutiesSmall IT teams do not have absolute role segregation, this has introduced controls to gate keep the developer/support role in a production environment which will slow down the change management process.
Audit Both internal and external audit are focused on controls and will always strive for the tightest controls - retain focus on scope and risk.
National Technology & Business Conference 30 November 2005
23
Benefits Of Governance
Ensures IT Focus is where it should be Provides a framework for measuring value and
effectiveness of IT Raises the bar for Controls in IT - Audits less painful Business and IT Fusion
Bridges gaps between IT and Business Transforms business from critics to owners Educates the business on IT as a function /enabler
Drives IT to think and plan more strategically
National Technology & Business Conference 30 November 2005
24
Governance - Watch Outs
Needs to be driven from the Top Mindset change in IT & Business Stakeholders require education on the new
processes. New skills and resources often needed. Some things will take longer Needs to fed and watered – improvements
National Technology & Business Conference 30 November 2005
25
Going ForwardGovernance becomes a natural way of how we operate
Planning OperationsCompliance
ITIL Framework on Service Delivery
Balanced Scorecards
National Technology & Business Conference 30 November 2005
26National Technology & Business Conference 30 November 2005
Thank You !!