pepsico experience

Pepsico Experience

Governance in Practice

Paul O’Callaghan

CIO WWTO PepsiCo

National Technology & Business Conference 30 November 2005

An example of IT strategy withina large and complex organisation.An example of IT strategy withina large and complex organisation.

2

Net Revenues $29 billion

USA $19 billion

International $10 billion

3

16.1 Bn

5.1 Bn

5.0 Bn

3.7 Bn

3.6 Bn

1.7 Bn

1.6 Bn

2.6Bn

2.4Bn

1.6 Bn

1.5 Bn

1.1 Bn

1.6Bn

1.6Bn

1.1 Bn

Retail Sales over $1 billion

4

Scope of Worldwide Technical OperationsR&D , Concentrate and Quality

Cork

China

India

Cidra

Barrington, IL (USA) Valhalla, NY (USA)

Petersborough (Canada)

Somers, NY (USA)

Chicago, IL (USA)United States (CP)

Canada (CP)

Concentrate Plants:

13

Trade Quality Labs:

8Satellite Locations:

3Distribution Centers:

*4

Worldwide TechnicalOperations

Pakistan

Turkey

Toronto

Arlington

Mexico

Venezuela

Brazil

Uruguay

ACO

Bangkok

Shanghai

5

World –wide13 Concentrate plantsFranchise system

Cork300 Employees at 2 plants Sell to over 100 countries

Concentrate Operations

6

For PepsiCo,

IT Governance is an integrated set of processes

providing oversight for how IT resources will be

invested and managed to deliver business objectives

in support of PepsiCo’s strategic imperatives.

What is Governance?

Governance is being used as the term to describe how IT is managed across a large organisation.

Governance is being used as the term to describe how IT is managed across a large organisation.

7

PepsiCo’s Key Governance Processes

IT Strategy, Planning &

Management

Portfolio & Program Management

Managing Risk& Compliance

Project Analysis & Design

INTEGRATED PROCESSES, ORGANIZATION & TECHNOLOGY

IT GOVERNANCE

Aligning IT with Business Strategy

8

Approaching Governance

Strategic IT Governance is focused on ensuring that:

IT business risks are being managed

IT investments are allocated properly

Business objectives are being enabled by IT

Tactical IT Governance is focused on ensuring that:

IT project risks are being managed

Formalised stage gate reviews and approvals

Process designs meet objectives

Applications and requirements support processes

IT standards and target architectures are being followed

9

IT Governance

Our Governance methodology must address the following key questions:

What decisions must be made to effectively manage & use IT resources?

Who should make these decisions and how will these decisions be made

How will performance be measured & monitored?

Governance of IT activities: Investments & Retirements Baseline

Reporting Enhancements: Common PI IT Chart of Accounts Period Briefing Note & Scorecards Quarterly Investment Scorecard

Common Planning/ IT Planning Tool

People management processes

CIO Governance Council

• Bi weekly CIO call

• Bi weekly CTO call

• Monthly global call

• Quarterly Region Reviews

• Aligned Strat Plan process

• Aligned AOP process

10

Architecture Governance

Applications Governance

GlobalLeadership

Team

PI CIO Reports

Governance Framework

PI CIO & SC – Prioritization, Standards & Monitoring

PI IT Region Level Governance

(Region CIO/CTO/ PMO, Business, Budgeting)

Escalation PointInvolvement of:

Region CFO’s. PI CFOFunctional VP’sPBSG Functions

Escalation Point Involvement of:

Region PresidentsPI CEO, CFO

• Region teams are empowered to make decisions PI IT Governance

framework ensures that project leaders will have accountability and a method to obtain alignment, approvals, risk mitigation and report progress

PI CIO Council Business/ IT

Governance

90%

10%

90%

Resolution

Resolution

10%

11

Investment Governance

Initiation

- Formal/ Informal- Strat Plans/ AOPs- Emails/ Interviews- IT functional projects

Project Definition

- Preliminary project abstract

Prioritization

- Project diagnostic- Risk diagnostic- Weighted scores- Project tiers Approvals

- Project abstract- Financial planning- Project profile, Tech Profile- Project timeline- PI Fin. Policies & Approval matrix- CAR/ Capex (if required)

Reporting & Reviews

- Financial/ timeline reviews- Project diagnostic- Risk diagnostic- Quarterly investment scorecards- Quarterly PI CIO reviews

Project Management

- Project mgmt methodology- Phase-gated funding- Region PMO’s

PI CIO CouncilGlobal/ T1 Only

Locked intoStrat Plan,

AOP or newForecast

12


Initiation


Project Definition


Prioritization



Reporting & Reviews


Project Management




AOP or newForecast

13


Initiation


Project Definition


Prioritization



Reporting & Reviews


Project Management




AOP or newForecast

14


Initiation


Project Definition


Prioritization



Reporting & Reviews


Project Management




AOP or newForecast

15


Initiation


Project Definition


Prioritization



Reporting & Reviews


Project Management




AOP or newForecast

16


Initiation


Project Definition


Prioritization



Reporting & Reviews


Project Management




AOP or newForecast

17

Final Project Abstract

12/11/2004 8:07:07 PM

Overview & Objectives

Application Scope

PI IT and Customer Required Resources

••••

Economic Analysis

AlternativesWhat if you don’t do this project?

••

••• Risks - incl. HR considerations

••••

••••

Key dates, milestones & targets••

Benefits & Payback to the Business •••

Project Name: Investment Project Abstract

StrategicOp. NecessityProductivity

Pre design

Post design

*Projected New Run Rate Annualized :

Cap ($'M) Thru '04 '05 '06+ TotalLabor 0Software 0Hardware 0Other 0Total 0 0 0 0

EXP ($'M) '04 '05 '06 Total On-Going*Labor 0S/W & H/W 0 0 0Other 0Total 0 0 0 0

TOTAL C/E 0 0 0 0

'02 '03 '04 On-GoingSAVINGS/ROI

Total CapEx $

Function Funded

AOP Funded

Pre-Flight

In-Flight

Shared Services

Headcount (annualized FTEs)EEs - PI IT - CustomerCont/Consult.Total 0 0 0 0

Division/Layer Sponsor Name IT Owner

BU

SIN

ESS

PE

RSP

EC

TIV

EIT

PE

RSP

EC

TIV

E

* Ongoing = Projected New Run Rate Annualized

FINAL

18

Tier 1 & 2 Projects StatusVARIANCE (Tier 1, Tier 2) Budget (AOP) Timeline Risk Fit

Vs. Approved Vs. Approved Vs. Approved Vs. ApprovedRoute power functionality improvement ● ● ● ●Sales Intelligence supervisor tool vapec ● ● ● ●HHC Implementation Phase II ● ● ● ●Network & Security PI ● ● ● ●HR Convergence ● ● ● ●Data mining platfom ● ● ● ●RDK PI ● ● ● ●Techrefresh for Tcomms & Security ● ● ● ●Techrefresh for unix servers and storage ● ● ● ●Plant & Fleet Maintenance System ● ● ● ●Unix, Intel & TCOM TechRefresh ● ● ● ●UPS for Sabritas Datacenter ● ● ● ●Tech Refresh for Personal Computer ● ● ● ●Tech Refresh for Personal Computer ● ● ● ●Telecomm Synergies Project ● ● ● ●Data Center DRP ● ● ● ●Master Files & Data Integration ● ● ● ●SUMMARY ● ● ● ●

Summarise key successes & opportunities referencing on-time/budget deliveries assistance required to “Get out of the red”

19

Sample Investment Financials

Financial Analysis – Measurement

Spend by F/Y Budgetcategory Expense Capital (AOP)Tier 1 100 100 200 Tier 2 300 100 400 Tier 3 200 20 220

TOTAL INVESTMENTS 600 220 820

PORTFOLIO ANALYSIS Expense Capital PlanStrategic Initiative 175 175 Operational Necessity 200 200 Productivity 75 75 Cost savings 150 150

600

Spend by Tier

24%

49%

27%Tier 1Tier 2Tier 3

29%

33%13%

25% Strategic Initiative

Operational Necessity

Productivity

Cost savings

20

IT Controls for SOX complianceBusiness Process with Financial Statement Impact

Supporting Application

Development

Change Management

Backup and Recovery Procedures

Security Administration

Supporting Application interacts with server, database and network

Integrity of application and data are dependent upon underlying IT processes and controls

Server stores data as well as key settings:

- Configurable Infrastructure Controls

- Application Controls and Application Access Controls

Governance

Quarterly - Changes• Changes to application controls

(access, segregation of duties, masterfile updates, configuration parameters, procedures, reports and interfaces) for Financial Applications

Annual - Application Controls- Access Controls - who has

access? • Segregation of duties - what can

they do? (“Supersuser” Access, sensitive & significant transactions)

• Masterfile data updates - what significant data was updated?

• Software configuration parameters

• Automated procedures (e.g., approvals)

• Exception and Management reports

• Interfaces to other systems

Annual - General Controls

• General Controls Risk Control Matrices (RCMs) (Cobit-based Controls relevant to SOX only)

21

Monitoring

Control Activities

Control Environment

Risk Assessment

Info

rmat

ion

& C

omm

unic

atio

n

XXX

XXXXX

X

XXXXX

Certifying Executive

Disclosure Committee

ProcessExecutive

SOX Coordinator

Process Owner

Control Owner

Everyone is responsible for Information and communication.

Accountability ModelProportional Ownership

PepsiCo requires all key controls to be tested/reported on a Quarterly basis

22

Our Sarbanes Oxley Experience Benefits Improved control environment

Enhanced Systems Security and Systems Access ControlsImproved process documentationBetter understanding and improvement of segregation dutiesIncreased awareness and ownership of controls and processes

Watch Outs Manual Process

The majority of key controls that have been implemented are manual and resource intensive - aim to automate critical controls.

Segregation of DutiesSmall IT teams do not have absolute role segregation, this has introduced controls to gate keep the developer/support role in a production environment which will slow down the change management process.

Audit Both internal and external audit are focused on controls and will always strive for the tightest controls - retain focus on scope and risk.


23

Benefits Of Governance

Ensures IT Focus is where it should be Provides a framework for measuring value and

effectiveness of IT Raises the bar for Controls in IT - Audits less painful Business and IT Fusion

Bridges gaps between IT and Business Transforms business from critics to owners Educates the business on IT as a function /enabler

Drives IT to think and plan more strategically


24

Governance - Watch Outs

Needs to be driven from the Top Mindset change in IT & Business Stakeholders require education on the new

processes. New skills and resources often needed. Some things will take longer Needs to fed and watered – improvements


25

Going ForwardGovernance becomes a natural way of how we operate

Planning OperationsCompliance

ITIL Framework on Service Delivery

Balanced Scorecards


26National Technology & Business Conference 30 November 2005

Thank You !!

pepsico experience

Documents

governance methodology

pepsico experience governance

project risks

project leaders

business strategy

business risks

decisions pi

region cfos