Bottler Company Caselet - Técnico Lisboa - Autenticação · ISACA has designed and created the...

© 2014 ISACA. All rights reserved. 1

Bottler Company Caselet: Using COBIT® 5

© 2014 ISACA. All rights reserved.


ISACA has designed and created the Bottler Company Caselet: Using COBIT® 5 (the ‘Work’) primarily as an educational resource for educational professionals. ISACA makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, security governance and assurance professionals should apply their own professional judgment to the specific circumstances presented by the particular systems or information technology environment.

ISACA

3701 Algonquin Road, Suite 1010

Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545

Fax: +1.847.253.1443

Email: [email protected]

Web site: www.isaca.org

2


© 2014 ISACA. All rights reserved. No part of this publication may be used, copied,

reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any

form by any means (electronic, mechanical, photocopying, recording or otherwise) without the

prior written authorisation of ISACA. Reproduction and use of all or portions of this publication

are permitted solely for academic, internal and non-commercial use and for

consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work.

Provide Feedback: www.isaca.org/basic-concept-caselets

Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center

Follow ISACA on Twitter: https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Reservation of Rights

3


Author

Krishna Seeburn, Ph.D., CFE, CIA, CISSP, FBCS, LLM, PMP, Riesling Consulting Group, Mauritius

Board of Directors

Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, Australia, International President

Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK, Vice President

Juan Luis Carselle, CISA, CGEIT, CRISC, RadioShack Mexico, Mexico, Vice PresidentRamses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt, Dell, Spain, Vice

PresidentTheresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CPA, US House of

Representatives, USA, Vice President Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, Kumar & Raj, India, Vice President Jeff Spivey, CRISC, CPP, PSP, Security Risk Management Inc., USA, Vice PresidentMarc Vael, Ph.D., CISA, CISM, CGEIT, CRISC, CISSP, Valuendo, Belgium, Vice PresidentGregory T. Grocholski, CISA, The Dow Chemical Co., USA, Past International PresidentKenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, Past International

PresidentChristos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, DirectorKrysten McCabe, CISA, The Home Depot, USA, DirectorJo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, BRM Holdich, Australia, Director

Credentialing and Career Management Board

Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK, Chairman

Bernard Battistin, CISA, CMA, Office of the Auditor General of Canada, CanadaRichard Brisebois, CISA, CGA, CanadaTerry Chrisman, CGEIT, CRISC, GE Money, USAErik Friebolin, CISA, CISM, CRISC, CISSP, PCI-QSA, ITIL, USAFrank Nielsen, CISA, CGEIT, CCSA, CIA, Nordea, Denmark Hitoshi Ota, CISA, CISM, CGEIT, CRISC, CIA, Mizuho Corporate Bank, JapanCarmen Ozores Fernandes, CISA, CRISC, BrazilSteven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission, USA

AcknowledgementsProfessional Standards and Career Management Committee

Steven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission,

USA, Chairman

Christopher Nigel Cooper, CISM, CITP, FBCS, M.Inst.ISP, HP Enterprises Security

Services, UK

Ronald E. Franke, CISA, CRISC, CFE, CIA, CICA, Myers and Stauffer LLC, USA

Alisdair McKenzie, CISA, CISSP, ITCP, I S Assurance Services, New Zealand

Kameswara Rao Namuduri, Ph.D., CISA, CISM, CISSP, University of North Texas, USA

Katsumi Sakagawa, CISA, CRISC, PMP, JIEC Co. Ltd., Japan

Ian Sanderson, CISA, CRISC, FCA, NATO, Belgium

Timothy Smith, CISA, CISSP, CPA, LPL Financial, USA

Todd Weinman, CPS, The Weinman Group, USA

Academic Program Subcommittee

Kameswara Rao Namuduri, Ph.D., CISA, CISM, CISSP, University of North Texas, USA,

Chairman

Umesh R. Hodeghatta, Xavier Institute of Management, India

Matthew Liotine, Ph.D., CBCP, CSSBB, MBCI, University of Illinois at Chicago, USA

Joshua Onome Imoniana, Ph.D., CGEIT, Universidade Presbiteriana Mackenzie, Brazil

Nebil Messabia, Canada

Kumar Srikanteswaran, CISA, CMA, PMP, India

Sadir Vanderloot, CISA, CISM, CCNA, CCSA, NCSA, Sheffield Hallam University,

Sweden

Ype van Wijk, Ph.D., RE, RA, Rijksuniversiteit Groningen, The Netherlands

Hiroshi Yoshida, Ph.D., CGEIT, CRISC, Nagoya Bunri University, Japan

4


This caselet was developed to support the

Basic Foundational Concepts Student Book: Using COBIT® 5,

www.isaca.org/basic-concepts-student-book

Student Book

5


• Value governance is way for enterprises to manage

benefits realised, resources, value and risk.

• Value management is framework that ensures that an

enterprise achieves the maximum value from its

investments at an affordable cost and at an acceptable

level of risk.

How does it

benefit a CIO?

6

How does it

benefit an

enterprise?

What is value

governance?


• Commonly, most enterprises treat IT and related projects as mainly cost centres, but by using and looking at value management throughout a project—from the initial thought, to the start, the implementation and the final deliverables—it is important to track and understand them.

• It is important to align investments with business objectives. By going through a value management process, you evaluate whether an investment in technology and supporting people, process and technology matches the objective and can deliver the right value or return on investments.

• For example, enterprise resource planning (ERP) projects often fail because the important risk has not been reviewed properly, which causes the ERP cost to be oversized (e.g., when a company might only need an invoicing system).

How does it

benefit a CIO?

7

How does it

benefit an

enterprise?

What is value

governance?


To be able to show management and senior management that

IT investments are realisable, every effort should be made to

ensure employer expectations are met, rather than getting

the ‘toy’ you want.

How does it

benefit a CIO?

8

How does it

benefit an

enterprise?

What is value

governance?


• Company Profile – Bottler Company LLC

• Background Information

• Your Role

• Your Tasks

• Notes

• Questions

9

Agenda


Bottler Company LLC – Profile

Large corporation that

consists of approximately

25,000 employees and

contractors

Publicly held company that

went public two years ago,

after a long tradition and its

foundation in 1935


Background – What We Do

• Largest independent bottler in the soft drink industry

• Knows that canning and bottling technology could make or

break the bottom line and it maintains the best and most high-

tech equipment

• On the other hand, information technology was something that

had been swept under the rug for some time and not kept

current.

• Since 1935, the bottler has been acquiring territory and

expanding the business. As a result, the need for better

information grew.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials


Background – Financials

Bottler Company has been profitable ever since its inception.

Last year, its gross revenue was US $180 million dollars, with a profit

margin of slightly less than 2 percent, while it was expecting a 10 percent

profit margin.

Bottler Company could charge more for bottling and canning and raise its

profit margin, but its competitive advantage would decrease and would

affect its general growth.

The cost of establishing new products is the main reason profit has still

been quite appreciable, but executive management has made the decision

to slow expansion.

Territorial growth was not a real consideration at the time, but addition of

new products is a main concern.

Reducing product development will be bad for the business.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials


Background – Org. Structure

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials

President/CEO

CFO

Financial Ops

Audit Accounting

COO

CIO

IT Staff Infrastruc-

ture

IT Staff Develop-

ment

Ad hoc IT Contract-

ors

PhySec/ Facilities

VP, Business

Business Units

Business Opera-tions

VP, Adminis-tration

HR Legal Compliance



The board of directors:

• Is composed of members from Bottler Company and from other

organisations, with outsiders comprising the majority. Most

board members have had some experience working within the

industry and are, for the most part, aware of the methods of

operation.

• Has low risk tolerance, although the business risk comfort level

of some members was exceeded by the past initiative to

concentrate on expansion rather than products.

• Has a president who is also the CEO.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials



The executive committee

• Consists of :

₋ Chief executive officer (CEO)/president

₋ Chief financial officer (CFO)

₋ Chief operating officer (COO)

₋ Vice president (VP) of business

₋ Vice president (VP) of administration

• Has a low risk tolerance, like the board.

• Has an excellent reputation for hiring top talent, giving broad

guidelines and goals to key individuals, and then later

determining how well each person met the goals.

• Has a current major goal of becoming more profitable and

competitive to keep to the innovation edge over the

competition.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials


Background – Operational

Financial management is the responsibility of the CFO:

• It consists of financial operations, which, amongst other things,

handles contracts, procurement and disbursements,

accounting, and audit.

• The CFO is under pressure to cut costs to increase profitability.

• Further, the information recovered from actual IT systems does

not give a real-time view of the state of affairs.

Operations management is the responsibility of COO:

• It consists of plant and facility operations, physical security,

logistics (including transportation), IT and a few other smaller

functions.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials



IT management is the domain of the chief information officer

(CIO) and is not one of the four major functions within the

enterprise:

• The CIO oversees the IT systems and other ad hoc IT systems

by department and has no overall view of the system. Most

of the work is carried out by outside external consultants on

a needs basis.

• The CIO is not on par with the other C-level executives. He

reports to the COO.

• The CIO is there to run the day-to-day systems of the

company and does not have any strategic view in terms of

long- or short-term strategy all together.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials



• To keep up with company growth, new computer systems

were added in different departments as the need grew.

• As it grew, the different stand-alone systems became

more mismatched and the need for integrated systems

became apparent.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials


Background – Competition

• Bottler Company is more focused on innovative product

development than its competitors.

• It has organised and expanded massively in North and South

America. This enables Bottler Company to have constant,

reliable fixed costs.

• This cost savings is, in part, passed on to its main customers,

thereby making them the provider with the lowest prices and

quality products in the Americas.

• The product development and innovative focus plus a slight

inclination to expansion has given them the edge on quality

and knowing exactly what the market desires, and it has kept

them abreast of everyone in the industry.

• Consumers are always demanding more, and Bottler Company

needed and wanted to be prepared.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials


Background – Business Goals

• The number one business goal is to become more profitable,

because it is now a public company, and a value company for its

consumers, who are always demanding more.

• Proposing new product lines was important, but executives of

the company had continuously expressed their desire for

timelier financial information and decision-making tools from

the different departments.

What We Do

Org. Structure

Operational

Competition

Business Goals

Financials


• The existing systems were unable to handle requests such as decision making or timelier financial and other important information.

• Any customised reporting was developed from a multitude of sources and compiled manually.

• ERP gained recognition over the years. It became the topic of discussion as alternatives were contemplated and the company tried to formulate a solution that would meet the needs of the individual departments, be compatible companywide and facilitate the integrated communication that was desperately needed.

• These issues were significant enough to warrant an overall re-engineering of business practices, and the bottler decided to start researching viable options.

21

The Problems


• A great deal of time and money was spent to research options, outline necessary attributes and perform feasibility studies. Employees spent several months completing a study to justify expenditures for the new system, and this, along with the inherent need for a new, integrated system, led to the decision to implement ERP.

• After a great deal of research and discussion, an executive steering committee, with the guidance of outside consultants and the COO with the indirect help of the CIO/IT Department, decided to implement an ERP system.

• The idea was that the new system would be capable of handling company growth, communicating between departments and producing customisablerobust reports.

22

The Problems (cont.)


• The ERP vendor was ‘slicing and dicing’ capabilities for reporting that accompanied the software.

• The ERP vendor offered other features that were very attractive to the bottler. The financial module, with its abilities to track profit, forecast sales and manage cash flow, was also a feature the executives liked.

• They also liked the fact that the human resources and payroll modules would feed benefits and compensation and time and labor information as much as manufacturing and distribution information to the profit reports.

23



• Management appreciated the fact that production scheduling, cost of goods and inventory would all automatically update to the income statement.

• Once sold on the overall package, the executive committee gave a green light to go ahead with ERP implementation.

• Although the ERP product seemed to be the solution to its problems, the bottler still had an enormous amount of work to do. No matter the size of the company, implementing an ERP system is not a trivial project.

• The bottler chose not to take the advice of the independent consultants it hired during the ERP product evaluation and recommendation phase, and instead chose its own path for the implementation effort.

24



• This lack of faith in the consultants’ advice made the implementation process even more challenging.

• With a young, inexperienced professional staff and a very limited IT staff, the undertaking was more than everyone bargained for.

• Too much time-consuming and technical work was assigned to employees who did not have ERP expertise or the proper training.

• In addition to this lack of expertise, employees were not provided assistance when it came to keeping up with their regular job duties.

• The bottler had a history of a ‘do-it-yourself’ philosophy for all projects undertaken.

25



• Due to enormous workload of the ERP implementation effort, a great deal of strain was placed on the employees involved in the project.

• Communications problems increased. Roles and responsibilities that had not been defined clearly started posing a problem, and the CIO had to take the driver’s seat without the right support to steer the project.

• Communication issues, including employee encouragement concerns, also added

to the burden of the human resources problem. Due to breakdowns in the

channel of communication and the lack of management support, many

constituents, including high-level employees, resigned. Some were voluntary;

many others were not.

• With already-looming challenges, the project was off to a shaky start. Choosing

the proper project team and planning its involvement would be the next major

issue at hand.

26



Your position: CIO

Experience: Worked in the

IT arena for more than 10

years.

Training: Completed the

Bottler Company LLC

internal management

training programme within

three months of starting

your position, and you

plan to enroll in IT

management and financial

courses soon.

27

Your team: The information technology department consists of two technical staff members and an assistant who report to you.

The team’s role: They deal with change requests, configuration management, and day-to-day report building and IT support issues, amongst other duties.

The previous contractor/consultant in the recommendation phase suggested part-time help be provided to your IT department and other departmental employees in the project, which was ignored by the executives because of the ‘do-it-yourself’ philosophy.

Your Role


1. Design a business process for the enterprise, list the workings and challenges of the enterprise, and understand its vision, mission and challenges/objectives.

2. Identify the relationships amongst principles, processes and practices.

3. Establish the pain points signaling the need for better value management as well as trigger events that would compel business leaders to begin building on value.

28

Your Tasks


5. Outline a typical ‘future state’ – what the common characteristics and outcomes of a value-driven enterprise look like.

6. Build a set of instructions on how to conduct an assessment of the enterprise’s current state.

7. Identify the most critical elements in managing organisational change that are required to sustain value over time.

29

Your Tasks (cont.)


• Many enterprises choose to acquire an ERP system to serve as a common system for their wide range of daily operations.

• Various business benefits can be realised from ERP investments due to operational performance improvements. For instance, ERP systems embed industry best practice processes, which enterprises can leverage to achieve a discontinuous improvement in performance.

• However, many ERP investments fail to deliver on their promised benefits due to deficient ERP investment appraisals caused by inflated expected benefits and underestimated cost and risk.

30

Notes


• Therefore, improved governance of enterprise IT (GEIT) in general, and governance of ERP system acquisitions in particular, are crucial for success. One of GEIT’s key practices is the development, maintenance and utilisation of a proper business case throughout an investment’s economic life cycle.

• What are the key elements of an ERP investment business case, and which GEIT best practices are relevant? Furthermore, do such practices resonate with management and finance best practices, which are expected by executive business leaders who control access to funds?

31

Notes (cont.)


Some of the questions that should be asked include:

1. What issues is the CIO facing?

2. Why have these issues surfaced?

3. Using the key components of a business case, define how you would use them

to define the key areas of benefits, risk, appraisal and cost.

4. Using COBIT 5 as a guide, identify the core domains that you would use to

manage and drive your project and then map them to the real-life actions you

would need to get the job done.

32

Discussion Questions

Date post:	01-Apr-2018
Category:	Documents
Upload:	dangnhu
View:	234 times
Download:	5 times

Bottler Company Caselet - Técnico Lisboa - Autenticação · ISACA has designed and created the...

Documents