Pepsi-Cola Manufacturing International Ltd.
Pepsico Case Study: A Governance-Risk-Compliance (GRC) Program Read Full Case StudyPepsi-Cola Manufacturing International Ltd. (“PCMIL”) has successfully executed a compliance initiative supported by BPM technology in response to a need for more efficient compliance with the corporate Global Control Standard (GCS). Their primary objective for this initiative was to streamline their preparations for SOX activities and to ensure compliance with GCS requirements. Using Interfacing’s Enterprise Process Center® (EPC), PCMIL effectively integrated their GCS implementation with day-to-day operations in order to benefit from a unified approach to corporate governance and process management. They achieved significant cost savings for their internal GCS audit and extremely positive overall results.
Pepsico Case Study Desired Outcomes
In order to address the aforementioned challenges, PCMIL’s GCS compliance team sought to:
Improve Audits
Reduce preparation time, costs, and the risk of human error associated with GCS and SOX audits.
Process Improvement
Increase process clarity, transparency and improve visibility of risks to pass the GCS audit.
SOX Compliance
Clarify and document roles and responsibilities to ensure segregation of duties for SOX compliance.
Generate Reports
Automatically generate reports for: Control Matrix, GCS Matrix, Audit Trail, SoD Report and RACI Report.
Facilitate Compliance
Establish a clear audit trail to facilitate the compliance side of continuous process improvement; reduce the need for manual process updates and reporting.
BPMN Process Library
Create a Process Library including highest priority aspects of critical process areas using industry-standard best-practices for process modeling.
Manage Process Lifecycle
Facilitate management by including process-related information such as risks, controls, documents, business rules, roles, and resources.
Non-Technical Users
Critical Processes Mapped
Challenges Addressed
Without a formal and central documentation system, the preparation time – and, therefore, business disruption – for internal GCS audits and SOX reporting was very high, and inconsistent process knowledge was a source of insecurity as it pertained to the outcome of the audits. PCMIL also needed to address an acute lack of easy accessibility to the documentation and process flows for auditors and employees, as well as inconsistencies and gaps in their process documentation that were compounding problems associated with manual audit preparation. Although approximately 100 critical processes had been mapped with Microsoft® Visio® and role matrices had been documented in MS Excel®, processes were decentralized and managed manually and independently of GRC programs. PCMIL did not have a system in place to support their GCS implementation initiative, and frequent, manual process updates, as well as the audit process itself, were proving time-consuming and costly due to a lack of integration with business processes.
Outcomes Achieved
PCMIL met their primary objective by integrating global control and governance strategies at the process level. Rather than treating the internal audit process as a “one-time” or periodic project, they have integrated this GRC initiative as an ongoing part of business operations. The improved approach to GCS implementation was successful because it was easily adopted by employees at all levels of the organization; there are approximately 100 non-technical users accessing the system.
Due to the centralized EPC Process Library, roles and responsibilities are clearly defined and documented, enforcing the segregation of duties for SOX compliance. The EPC has ensured that process knowledge is visible and consistent across the organization and easily accessible to PCMIL employees and auditors. This has increased Management and employee confidence around the GCS audit, as those involved are able to give precise and detailed responses to process and control-related inquiries. Risks are immediately visible, and controls are linked directly to the appropriate processes, and are being actively monitored in the EPC. The project team is currently determining the average cost savings associated with eliminating the need for manual process updates and with automatic report generation as part of the additional project phases. In the Fall of 2010, PCMIL confidently passed their internal audit and received positive feedback from their corporate auditors, who commented on the clear audit trail left by the EPC and on the consistency of process knowledge across the organization.
Planned Next Steps
PCMIL is continuing to document processes in other areas, starting with HR and Payroll, IT, Customs and Duties, Travel and Entertainment, and Safety. They have plans to further enhance the efficiency of the annual GCS audit by automating control testing and audit scheduling processes using EPC Workflow.