Title: Pepsico Experience
1Pepsico Experience
Paul OCallaghan CIO WWTO PepsiCo
National Technology Business Conference
30 November 2005
2Net Revenues 29 billion
USA 19 billion International 10 billion
3Retail Sales over 1 billion
4Scope of Worldwide Technical Operations RD ,
Concentrate and Quality
Toronto
Turkey
Pakistan
Arlington
Shanghai
Mexico
Bangkok
Venezuela
ACO
Brazil
Uruguay
5Concentrate Operations
- World wide
- 13 Concentrate plants Franchise system
- Cork
- 300 Employees at 2 plants
- Sell to over 100 countries
-
-
6What is Governance?
For PepsiCo, IT Governance is an integrated set
of processes providing oversight for how IT
resources will be invested and managed to deliver
business objectives in support of PepsiCos
strategic imperatives.
7PepsiCos Key Governance Processes
IT GOVERNANCE
IT Strategy, Planning Management
Portfolio Program Management
Managing Risk Compliance
Project Analysis Design
INTEGRATED PROCESSES, ORGANIZATION TECHNOLOGY
Aligning IT with Business Strategy
8Approaching Governance
- Strategic IT Governance is focused on ensuring
that - IT business risks are being managed
- IT investments are allocated properly
- Business objectives are being enabled by IT
- Tactical IT Governance is focused on ensuring
that - IT project risks are being managed
- Formalized stage gate reviews and approvals
- Process designs meet objectives
- Applications and requirements support processes
- IT standards and target architectures are being
followed
9IT Governance
- Our Governance methodology must address the
following key questions - What decisions must be made to effectively
manage use IT resources? - Who should make these decisions and how will
these decisions be made - How will performance be measured monitored?
- Governance of IT activities
- Investments Retirements
- Baseline
- Reporting Enhancements
- Common PI IT Chart of Accounts
- Period Briefing Note Scorecards
- Quarterly Investment Scorecard
- Common Planning/ IT Planning Tool
- People management processes
- CIO Governance Council
- Bi weekly CIO call
- Bi weekly CTO call
- Monthly global call
- Quarterly Region Reviews
- Aligned Strat Plan process
- Aligned AOP process
10Governance Framework
- Region teams are empowered to make decisions
PI IT Governance framework ensures that project
leaders will have accountability and a method to
obtain alignment, approvals, risk mitigation and
report progress
Resolution
Business/ IT Governance
PI CIO Council
Resolution
Global Leadership Team PI CIO Reports
10
Escalation Point Involvement of Region
Presidents PI CEO, CFO
10
Escalation Point Involvement of Region CFOs.
PI CFO Functional VPs PBSG Functions
Architecture Governance
Applications Governance
90
PI CIO SC Prioritization, Standards
Monitoring
90
PI IT Region Level Governance (Region CIO/CTO/
PMO, Business, Budgeting)
11Investment Governance
- Initiation
- - Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
- Reporting Reviews
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
Project Definition - Preliminary project
abstract
- Prioritization
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
- Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMOs
- Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies Approval matrix
- CAR/ Capex (if required)
Locked into Strat Plan, AOP or new Forecast
PI CIO Council Global/ T1 Only
12Investment Governance
- Initiation
- - Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
- Reporting Reviews
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
Project Definition - Preliminary project
abstract
- Prioritization
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
- Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMOs
- Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies Approval matrix
- CAR/ Capex (if required)
Locked into Strat Plan, AOP or new Forecast
PI CIO Council Global/ T1 Only
13Investment Governance
- Initiation
- - Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
- Reporting Reviews
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
Project Definition - Preliminary project
abstract
- Prioritization
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
- Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMOs
- Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies Approval matrix
- CAR/ Capex (if required)
Locked into Strat Plan, AOP or new Forecast
PI CIO Council Global/ T1 Only
14Investment Governance
- Initiation
- - Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
- Reporting Reviews
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
Project Definition - Preliminary project
abstract
- Prioritization
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
- Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMOs
- Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies Approval matrix
- CAR/ Capex (if required)
Locked into Strat Plan, AOP or new Forecast
PI CIO Council Global/ T1 Only
15Investment Governance
- Initiation
- - Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
- Reporting Reviews
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
Project Definition - Preliminary project
abstract
- Prioritization
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
- Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMOs
- Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies Approval matrix
- CAR/ Capex (if required)
Locked into Strat Plan, AOP or new Forecast
PI CIO Council Global/ T1 Only
16Investment Governance
- Initiation
- - Formal/ Informal
- Strat Plans/ AOPs
- Emails/ Interviews
- IT functional projects
- Reporting Reviews
- Financial/ timeline reviews
- Project diagnostic
- Risk diagnostic
- Quarterly investment scorecards
- Quarterly PI CIO reviews
Project Definition - Preliminary project
abstract
- Prioritization
- Project diagnostic
- Risk diagnostic
- Weighted scores
- Project tiers
- Project Management
- Project mgmt methodology
- Phase-gated funding
- Region PMOs
- Approvals
- Project abstract
- Financial planning
- Project profile, Tech Profile
- Project timeline
- PI Fin. Policies Approval matrix
- CAR/ Capex (if required)
Locked into Strat Plan, AOP or new Forecast
PI CIO Council Global/ T1 Only
17Final Project Abstract
FINAL
18Tier 1 2 Projects Status
- Summarize key successes opportunities
referencing - on-time/budget deliveries
- assistance required to Get out of the red
19Sample Investment Financials
- Financial Analysis Measurement
20Sarbanes Oxley
21IT Controls for SOX compliance
Business Process with Financial Statement Impact
- Annual - Application Controls
- - Access Controls - who has access?
- Segregation of duties - what can they do?
(Supersuser Access, sensitive significant
transactions) - Masterfile data updates - what significant data
was updated? - Software configuration parameters
- Automated procedures (e.g., approvals)
- Exception and Management reports
- Interfaces to other systems
Supporting Application interacts with server,
database and network
Supporting Application
Server stores data as well as key settings -
Configurable Infrastructure Controls -
Application Controls and Application Access
Controls
Governance
- Quarterly - Changes
- Changes to application controls (access,
segregation of duties, masterfile updates,
configuration parameters, procedures, reports and
interfaces) for Financial Applications
Development
- Annual - General Controls
- General Controls Risk Control Matrices (RCMs)
(Cobit-based Controls relevant to SOX only)
Integrity of application and data are dependent
upon underlying IT processes and controls
Change Management
Backup and Recovery Procedures
Security Administration
22Accountability ModelProportional Ownership
Certifying Executive
Disclosure Committee
ProcessExecutive
SOX Coordinator
Process Owner
Control Owner
X
X
X
X
X
Monitoring
X
Control Activities
Information Communication
X
X
X
X
X
Risk Assessment
X
X
X
Control Environment
Everyone is responsible for Information and
communication.
PepsiCo requires all key controls to be
tested/reported on a Quarterly basis
23Our Sarbanes Oxley Experience
- Benefits
- Improved control environmentEnhanced Systems
Security and Systems Access ControlsImproved
process documentationBetter understanding and
improvement of segregation dutiesIncreased
awareness and ownership of controls and processes
- Watch Outs
- Manual ProcessThe majority of key controls that
have been implemented are manual and resource
intensive - aim to automate critical controls. - Segregation of DutiesSmall IT teams do not have
absolute role segregation, this has introduced
controls to gate keep the developer/support role
in a production environment which will slow down
the change management process. - Audit Both internal and external audit are
focused on controls and will always strive for
the tightest controls - retain focus on scope and
risk.
National Technology Business Conference
30 November 2005
24Benefits Of Governance
- Ensures IT Focus is where it should be
- Provides a framework for measuring value and
effectiveness of IT - Raises the bar for Controls in IT - Audits less
painful - Business and IT Fusion
- Bridges gaps between IT and Business
- Transforms business from critics to owners
- Educates the business on IT as a function
/enabler - Drives IT to think and plan more strategically
National Technology Business Conference
30 November 2005
25Governance - Watch Outs
- Needs to be driven from the Top
- Mindset change in IT Business
- Stakeholders require education on the new
processes. - New skills and resources often needed.
- Some things will take longer
- Needs to fed and watered improvements
National Technology Business Conference
30 November 2005
26Going Forward
- Governance becomes a natural way of how we
operate - Planning
- Operations
- Compliance
-
- ITIL Framework on Service Delivery
- Balanced Scorecards
National Technology Business Conference
30 November 2005
27Thank You !!
National Technology Business Conference
30 November 2005