Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Example of governance

advertisement 
An example of IT strategy within
a large and complex organisation.
Governance in Practice
Pepsico
Experience
Paul O’Callaghan
CIO WWTO PepsiCo
National Technology & Business Conference
30 November 2005
Net Revenues
$29 billion
USA
$19 billion
International
$10 billion
2
Retail Sales over $1 billion
16.1 Bn
2.6Bn
1.6Bn
5.1 Bn
2.4Bn
1.6Bn
5.0 Bn
1.7 Bn
1.5 Bn
1.6 Bn
1.1 Bn
3.7 Bn
3.6 Bn
1.6 Bn
3
1.1 Bn
Scope of Worldwide Technical Operations
R&D , Concentrate and Quality
Canada (CP)
United States (CP) Toronto
Chicago, IL (USA)
Barrington, IL (USA)
Arlington
Mexico
Petersborough
(Canada)
Valhalla, NY (USA)
Somers, NY (USA)
Cork
Turkey
Pakistan
Cidra
India
ACO
China
Shanghai
Bangkok
Venezuela
Brazil
Worldwide Technical
Operations
Concentrate Plants: 13
Trade Quality Labs:
8
Satellite Locations:
3
Distribution Centers: *4
Uruguay
4
Concentrate Operations
World –wide
13 Concentrate plants
Franchise system
Cork
300 Employees at 2 plants
Sell to over 100 countries
5
What is Governance?
For PepsiCo,
IT Governance is an integrated set of processes
providing oversight for how IT resources will be
invested and managed to deliver business objectives
in support of PepsiCo’s strategic imperatives.
Governance is being used as the term to
describe how IT is managed across a
large organisation.
6
PepsiCo’s Key Governance
Processes
IT GOVERNANCE
IT Strategy,
Planning &
Management
Portfolio &
Program
Management
Managing Risk
& Compliance
Project Analysis &
Design
INTEGRATED PROCESSES, ORGANIZATION & TECHNOLOGY
Aligning IT with Business Strategy
7
Approaching Governance


Strategic IT Governance is focused on
ensuring that:

IT business risks are being managed

IT investments are allocated properly

Business objectives are being enabled by IT
Tactical IT Governance is focused on ensuring
that:

IT project risks are being managed

Formalised stage gate reviews and approvals

Process designs meet objectives

Applications and requirements support processes

IT standards and target architectures are being
followed
8
IT Governance


Our Governance methodology must address the following key questions:

What decisions must be made to effectively manage & use IT resources?

Who should make these decisions and how will these decisions be made

How will performance be measured & monitored?
Governance of IT activities:



Reporting Enhancements:





Investments & Retirements
Baseline
Common PI IT Chart of Accounts
Period Briefing Note & Scorecards
Quarterly Investment Scorecard
Common Planning/ IT Planning Tool
CIO Governance Council
• Bi weekly CIO call
• Bi weekly CTO call
• Monthly global call
• Quarterly Region Reviews
• Aligned Strat Plan process
• Aligned AOP process
People management processes
9
•
Governance Framework
Region teams are empowered to make decisions PI IT Governance
framework ensures that project leaders will have accountability and a method to
obtain alignment, approvals, risk mitigation and report progress
Resolution
Resolution
Business/ IT
Governance
PI CIO Council
10%
Escalation Point
Involvement of:
Global
Leadership
Team
Region Presidents
PI CEO, CFO
PI CIO Reports
Escalation Point
Involvement of:
90%
Architecture
Governance
Applications
Governance
10%
Region CFO’s. PI CFO
Functional VP’s
PBSG Functions
PI CIO & SC – Prioritization, Standards & Monitoring
90%
PI IT Region Level Governance
(Region CIO/CTO/ PMO, Business, Budgeting)
10
Investment Governance
Initiation
Reporting & Reviews
- Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
Project Definition
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
- Preliminary project abstract
Prioritization
Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMO’s
Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies & Approval matrix
- CAR/ Capex (if required)
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
Locked into
Strat Plan,
AOP or new
Forecast
11
PI CIO Council
Global/ T1 Only
Investment Governance
Initiation
Reporting & Reviews
- Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
Project Definition
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
- Preliminary project abstract
Prioritization
Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMO’s
Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies & Approval matrix
- CAR/ Capex (if required)
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
Locked into
Strat Plan,
AOP or new
Forecast
12
PI CIO Council
Global/ T1 Only
Investment Governance
Initiation
Reporting & Reviews
- Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
Project Definition
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
- Preliminary project abstract
Prioritization
Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMO’s
Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies & Approval matrix
- CAR/ Capex (if required)
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
Locked into
Strat Plan,
AOP or new
Forecast
13
PI CIO Council
Global/ T1 Only
Investment Governance
Initiation
Reporting & Reviews
- Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
Project Definition
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
- Preliminary project abstract
Prioritization
Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMO’s
Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies & Approval matrix
- CAR/ Capex (if required)
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
Locked into
Strat Plan,
AOP or new
Forecast
14
PI CIO Council
Global/ T1 Only
Investment Governance
Initiation
Reporting & Reviews
- Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
Project Definition
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
- Preliminary project abstract
Prioritization
Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMO’s
Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies & Approval matrix
- CAR/ Capex (if required)
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
Locked into
Strat Plan,
AOP or new
Forecast
15
PI CIO Council
Global/ T1 Only
Investment Governance
Initiation
Reporting & Reviews
- Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
Project Definition
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
- Preliminary project abstract
Prioritization
Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMO’s
Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies & Approval matrix
- CAR/ Capex (if required)
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
Locked into
Strat Plan,
AOP or new
Forecast
16
PI CIO Council
Global/ T1 Only
Investment Project Abstract
Project Name:
Final Project Abstract
BUSINESS PERSPECTIVE
Division/Layer
Sponsor Name
IT Owner
Strategic
Op. Necessity
FINAL
Productivity
Function Funded
AOP Funded
Pre-Flight
In-Flight
Shared Services
Overview
& Objectives
•
Cap ($'M)
Labor
Software
Hardware
Other
Total
•
•
•
Benefits
& Payback to the Business
•
•
•
EXP ($'M)
Labor
S/W & H/W
Other
Total
TOTAL C/E
Thru '04
'05
'06+
0
0
0
'04
'05
'06
0
0
0
0
Total
0
0
0
0
0
0
0
0
0
'02
'03
'04
Total
0
0
0
0
0
On-Going
Total CapEx
Headcount (annualized FTEs)
EEs - PI IT
- Customer
Cont/Consult.
Total
0
0
•
•
•
$
0
0
Risks - incl. HR considerations
PI IT and Customer Required Resources
•
•
•
•
•
•
•
•
Key dates, milestones & targets
•
•
Alternatives
What if you don’t do this project?
•
•
*Projected New Run Rate Annualized :
12/11/2004 8:07:07 PM
On-Going*
SAVINGS/ROI
Application Scope
IT PERSPECTIVE
Economic Analysis
Pre design
Post design
* Ongoing = Projected New Run Rate Annualized
17
Tier 1 & 2 Projects Status
VARIANCE (Tier 1, Tier 2)
Budget (AOP)
Vs. Approved
Route power functionality improvement
Sales Intelligence supervisor tool vapec
HHC Implementation Phase II
Network & Security PI
HR Convergence
Data mining platfom
RDK PI
Techrefresh for Tcomms & Security
Techrefresh for unix servers and storage
Plant & Fleet Maintenance System
Unix, Intel & TCOM TechRefresh
UPS for Sabritas Datacenter
Tech Refresh for Personal Computer
Tech Refresh for Personal Computer
Telecomm Synergies Project
Data Center DRP
Master Files & Data Integration
SUMMARY

●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Timeline
Vs. Approved
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Risk
Vs. Approved
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Fit
Vs. Approved
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Summarise key successes & opportunities referencing
 on-time/budget deliveries
 assistance required to “Get out of the red”
18
Sample Investment Financials
Spend by
category
Expense
Capital
F/Y Budget
(AOP)
Tier 1
Tier 2
Tier 3
100
300
200
100
100
20
200
400
220
TOTAL INVESTMENTS
600
220
820
PORTFOLIO ANALYSIS
Strategic Initiative
Operational Necessity
Productivity
Cost savings
Expense
175
200
75
150
Capital
Tier 1
Tier 2
Tier 3
49%
Plan
175
200
75
150
25%
29%
Strategic Initiative
Operational Necessity
Productivity
13%
600

24%
27%
33%
Cost savings
Financial Analysis – Measurement
19
IT Controls for SOX compliance
Business
Process
with
Financial
Statement
Impact
Annual - Application Controls
- Access Controls - who has
access?
• Segregation of duties - what can
they do? (“Supersuser” Access,
sensitive & significant
transactions)
• Masterfile data updates - what
significant data was updated?
• Software configuration
parameters
• Automated procedures (e.g.,
approvals)
• Exception and Management
reports
• Interfaces to other systems
Supporting
Application
interacts with
server, database
and network
Supporting
Application
Server stores data as well as
key settings:
- Configurable Infrastructure
Controls
- Application Controls and
Application Access Controls
Governance
Annual - General Controls
• General Controls Risk Control
Matrices (RCMs) (Cobit-based
Controls relevant to SOX
only)
Development
Change Management
Backup and Recovery Procedures
Security Administration
Integrity of application
and data are
dependent upon
underlying IT
processes and
controls
Quarterly - Changes
• Changes to application controls
(access, segregation of duties,
masterfile updates,
configuration parameters,
procedures, reports and
interfaces) for Financial
Applications
20
Accountability Model
Proportional Ownership
Control
Owner
Monitoring
Control Activities
Risk Assessment
Process
Owner
SOX
Process Disclosure Certifying
Coordinator Executive Committee Executive
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Control Environment
Everyone is responsible for Information and communication.
PepsiCo requires all key controls to be tested/reported on a Quarterly basis
21
Our Sarbanes Oxley Experience

Benefits

Improved control environment
Enhanced Systems Security and Systems Access Controls
Improved process documentation
Better understanding and improvement of segregation duties
Increased awareness and ownership of controls and processes

Watch Outs

Manual Process


The majority of key controls that have been implemented are manual and resource
intensive - aim to automate critical controls.
Segregation of Duties
Small IT teams do not have absolute role segregation, this has introduced controls to
gate keep the developer/support role in a production environment which will slow down
the change management process.
Audit
Both internal and external audit are focused on controls and will always strive for the
tightest controls - retain focus on scope and risk.
National Technology & Business Conference
22
30 November 2005
Benefits Of Governance





Ensures IT Focus is where it should be
Provides a framework for measuring value and
effectiveness of IT
Raises the bar for Controls in IT - Audits less painful
Business and IT Fusion
 Bridges gaps between IT and Business
 Transforms business from critics to owners
 Educates the business on IT as a function /enabler
Drives IT to think and plan more strategically
National Technology & Business Conference
23
30 November 2005
Governance - Watch Outs






Needs to be driven from the Top
Mindset change in IT & Business
Stakeholders require education on the new
processes.
New skills and resources often needed.
Some things will take longer
Needs to fed and watered – improvements
National Technology & Business Conference
24
30 November 2005
Going Forward
Governance becomes a natural way of
how we operate
Planning
Operations
Compliance
ITIL Framework on Service Delivery
Balanced Scorecards
National Technology & Business Conference
25
30 November 2005
Thank You !!
National Technology & Business Conference
26
30 November 2005
Related documents
CRITICAL REVIEW FORM: DIAGNOSTIC TEST
CRITICAL REVIEW FORM: DIAGNOSTIC TEST
Summer PSAT Practice 1) Diagnostic Test a. Take the Diagnostic
Summer PSAT Practice 1) Diagnostic Test a. Take the Diagnostic
of information to include when writing a case report
of information to include when writing a case report
Terry Amsler's PowerPoint presentation
Terry Amsler's PowerPoint presentation
3 December
3 December
HUMAN RESOURCES MANAGEMENT
HUMAN RESOURCES MANAGEMENT
Download
advertisement