Bottler Company Caselet:

Using COBIT 5

2014 ISACA. All rights reserved.

2014 ISACA. All rights reserved

ISACA has designed and created the Bottler Company Caselet: Using COBIT 5 (the
Work) primarily as an educational resource for educational professionals. ISACA
makes no claim that use of any of the Work will assure a successful outcome. The Work
should not be considered inclusive of all proper information, procedures and tests or
exclusive of other information, procedures and tests that are reasonably directed to
obtaining the same results. In determining the propriety of any specific information,
procedure or test, security governance and assurance professionals should apply their
own professional judgment to the specific circumstances presented by the particular
systems or information technology environment.
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Phone: +1.847.253.1545
Fax: +1.847.253.1443
Email: info@isaca.org
Web site: www.isaca.org

2014 ISACA. All rights reserved

Reservation of Rights
2014 ISACA. All rights reserved. No part of this publication may be used, copied,
reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any
form by any means (electronic, mechanical, photocopying, recording or otherwise) without the
prior written authorisation of ISACA. Reproduction and use of all or portions of this publication
are permitted solely for academic, internal and non-commercial use and for
consulting/advisory engagements, and must include full attribution of the materials source.
No other right or permission is granted with respect to this work.
Provide Feedback: www.isaca.org/basic-concept-caselets
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ

2014 ISACA. All rights reserved

Acknowledgements
Author
Krishna Seeburn, Ph.D., CFE, CIA, CISSP, FBCS, LLM, PMP, Riesling Consulting Group,
Mauritius
Board of Directors
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, Australia,
International President
Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK, Vice
President
Juan Luis Carselle, CISA, CGEIT, CRISC, RadioShack Mexico, Mexico, Vice President
Ramses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt, Dell, Spain, Vice
President
Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CPA, US House of
Representatives, USA, Vice President
Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, Kumar & Raj, India, Vice President
Jeff Spivey, CRISC, CPP, PSP, Security Risk Management Inc., USA, Vice President
Marc Vael, Ph.D., CISA, CISM, CGEIT, CRISC, CISSP, Valuendo, Belgium, Vice President
Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, Past International President
Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, Past International
President
Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, Director
Krysten McCabe, CISA, The Home Depot, USA, Director
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, BRM Holdich, Australia, Director
Credentialing and Career Management Board
Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK,
Chairman
Bernard Battistin, CISA, CMA, Office of the Auditor General of Canada, Canada
Richard Brisebois, CISA, CGA, Canada
Terry Chrisman, CGEIT, CRISC, GE Money, USA
Erik Friebolin, CISA, CISM, CRISC, CISSP, PCI-QSA, ITIL, USA
Frank Nielsen, CISA, CGEIT, CCSA, CIA, Nordea, Denmark
Hitoshi Ota, CISA, CISM, CGEIT, CRISC, CIA, Mizuho Corporate Bank, Japan
Carmen Ozores Fernandes, CISA, CRISC, Brazil
Steven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission, USA

Professional Standards and Career Management Committee

Steven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission,
USA, Chairman
Christopher Nigel Cooper, CISM, CITP, FBCS, M.Inst.ISP, HP Enterprises Security
Services, UK
Ronald E. Franke, CISA, CRISC, CFE, CIA, CICA, Myers and Stauffer LLC, USA
Alisdair McKenzie, CISA, CISSP, ITCP, I S Assurance Services, New Zealand
Kameswara Rao Namuduri, Ph.D., CISA, CISM, CISSP, University of North Texas, USA
Katsumi Sakagawa, CISA, CRISC, PMP, JIEC Co. Ltd., Japan
Ian Sanderson, CISA, CRISC, FCA, NATO, Belgium
Timothy Smith, CISA, CISSP, CPA, LPL Financial, USA
Todd Weinman, CPS, The Weinman Group, USA
Academic Program Subcommittee
Kameswara Rao Namuduri, Ph.D., CISA, CISM, CISSP, University of North Texas, USA,
Chairman
Umesh R. Hodeghatta, Xavier Institute of Management, India
Matthew Liotine, Ph.D., CBCP, CSSBB, MBCI, University of Illinois at Chicago, USA
Joshua Onome Imoniana, Ph.D., CGEIT, Universidade Presbiteriana Mackenzie, Brazil
Nebil Messabia, Canada
Kumar Srikanteswaran, CISA, CMA, PMP, India
Sadir Vanderloot, CISA, CISM, CCNA, CCSA, NCSA, Sheffield Hallam University,
Sweden
Ype van Wijk, Ph.D., RE, RA, Rijksuniversiteit Groningen, The Netherlands
Hiroshi Yoshida, Ph.D., CGEIT, CRISC, Nagoya Bunri University, Japan

2014 ISACA. All rights reserved

Student Book
This caselet was developed to support the
Basic Foundational Concepts Student Book: Using COBIT 5,
www.isaca.org/basic-concepts-student-book

2014 ISACA. All rights reserved

What is value
governance?
How does it
benefit an
enterprise?

Value governance is way for enterprises to manage

benefits realised, resources, value and risk.
Value management is framework that ensures that an
enterprise achieves the maximum value from its
investments at an affordable cost and at an acceptable
level of risk.

How does it
benefit a CIO?

2014 ISACA. All rights reserved

What is value
governance?
How does it
benefit an
enterprise?
How does it
benefit a CIO?

Commonly, most enterprises treat IT and related projects

as mainly cost centres, but by using and looking at value
management throughout a projectfrom the initial
thought, to the start, the implementation and the final
deliverablesit is important to track and understand
them.
It is important to align investments with business
objectives. By going through a value management process,
you evaluate whether an investment in technology and
supporting people, process and technology matches the
objective and can deliver the right value or return on
investments.
For example, enterprise resource planning (ERP) projects
often fail because the important risk has not been
reviewed properly, which causes the ERP cost to be
oversized (e.g., when a company might only need an
invoicing system).
7

2014 ISACA. All rights reserved

What is value
governance?
How does it
benefit an
enterprise?
How does it
benefit a CIO?

To be able to show management and senior management that

IT investments are realisable, every effort should be made to
ensure employer expectations are met, rather than getting
the toy you want.

2014 ISACA. All rights reserved

Agenda
Company Profile Bottler Company LLC
Background Information
Your Role
Your Tasks
Notes
Questions

2014 ISACA. All rights reserved

Bottler Company LLC Profile

Large corporation that

consists of approximately
25,000 employees and
contractors

Publicly held company that

went public two years ago,
after a long tradition and its
foundation in 1935

10

2014 ISACA. All rights reserved

Background What We Do
What We Do
Financials
Org. Structure
Operational
Competition
Business Goals

Largest independent bottler in the soft drink industry

Knows that canning and bottling technology could make or
break the bottom line and it maintains the best and most hightech equipment
On the other hand, information technology was something that
had been swept under the rug for some time and not kept
current.
Since 1935, the bottler has been acquiring territory and
expanding the business. As a result, the need for better
information grew.

11

2014 ISACA. All rights reserved

Background Financials
What We Do

Bottler Company has been profitable ever since its inception.

Financials

Last year, its gross revenue was US $180 million dollars, with a profit
margin of slightly less than 2 percent, while it was expecting a 10 percent
profit margin.

Org. Structure
Operational
Competition
Business Goals

Bottler Company could charge more for bottling and canning and raise its
profit margin, but its competitive advantage would decrease and would
affect its general growth.
The cost of establishing new products is the main reason profit has still
been quite appreciable, but executive management has made the decision
to slow expansion.
Territorial growth was not a real consideration at the time, but addition of
new products is a main concern.
Reducing product development will be bad for the business.
12

2014 ISACA. All rights reserved

Background Org. Structure

President
/CEO

What We Do
Financials
Org. Structure
Operational
Competition

CIO

IT Staff
Infrastructure

PhySec/
Facilities

IT Staff
Development

VP,
Administration

VP,
Business

COO

Business
Operations

Business
Units
Ad hoc IT
Contractors

HR

Legal

Compliance

CFO

Financial
Ops

Audit

Accounting

Business Goals

13

2014 ISACA. All rights reserved

Background Org. Structure

What We Do
Financials
Org. Structure
Operational
Competition
Business Goals

The board of directors:

Is composed of members from Bottler Company and from other
organisations, with outsiders comprising the majority. Most
board members have had some experience working within the
industry and are, for the most part, aware of the methods of
operation.
Has low risk tolerance, although the business risk comfort level
of some members was exceeded by the past initiative to
concentrate on expansion rather than products.
Has a president who is also the CEO.

14

2014 ISACA. All rights reserved

Background Org. Structure

What We Do
Financials
Org. Structure
Operational
Competition
Business Goals

The executive committee

Consists of :

Chief executive officer (CEO)/president

Chief financial officer (CFO)
Chief operating officer (COO)
Vice president (VP) of business
Vice president (VP) of administration

Has a low risk tolerance, like the board.

Has an excellent reputation for hiring top talent, giving broad
guidelines and goals to key individuals, and then later
determining how well each person met the goals.
Has a current major goal of becoming more profitable and
competitive to keep to the innovation edge over the
competition.
15

2014 ISACA. All rights reserved

Background Operational
What We Do

Financial management is the responsibility of the CFO:

It consists of financial operations, which, amongst other things,

Financials
Org. Structure

handles contracts, procurement and disbursements,

accounting, and audit.
The CFO is under pressure to cut costs to increase profitability.

Operational
Competition

Further, the information recovered from actual IT systems does

not give a real-time view of the state of affairs.
Operations management is the responsibility of COO:

Business Goals

It consists of plant and facility operations, physical security,

logistics (including transportation), IT and a few other smaller
functions.

16

2014 ISACA. All rights reserved

Background Operational
What We Do
Financials
Org. Structure
Operational
Competition
Business Goals

IT management is the domain of the chief information officer

(CIO) and is not one of the four major functions within the
enterprise:
The CIO oversees the IT systems and other ad hoc IT systems
by department and has no overall view of the system. Most
of the work is carried out by outside external consultants on
a needs basis.
The CIO is not on par with the other C-level executives. He
reports to the COO.
The CIO is there to run the day-to-day systems of the
company and does not have any strategic view in terms of
long- or short-term strategy all together.

17

2014 ISACA. All rights reserved

Background Operational
What We Do
Financials
Org. Structure
Operational

To keep up with company growth, new computer systems

were added in different departments as the need grew.
As it grew, the different stand-alone systems became
more mismatched and the need for integrated systems
became apparent.

Competition
Business Goals

18

2014 ISACA. All rights reserved

Background Competition
What We Do
Financials
Org. Structure
Operational
Competition
Business Goals

Bottler Company is more focused on innovative product

development than its competitors.
It has organised and expanded massively in North and South
America. This enables Bottler Company to have constant,
reliable fixed costs.
This cost savings is, in part, passed on to its main customers,
thereby making them the provider with the lowest prices and
quality products in the Americas.
The product development and innovative focus plus a slight
inclination to expansion has given them the edge on quality
and knowing exactly what the market desires, and it has kept
them abreast of everyone in the industry.
Consumers are always demanding more, and Bottler Company
needed and wanted to be prepared.
19

2014 ISACA. All rights reserved

Background Business Goals

What We Do

The number one business goal is to become more profitable,

because it is now a public company, and a value company for its

Financials
Org. Structure
Operational
Competition

consumers, who are always demanding more.

Proposing new product lines was important, but executives of
the company had continuously expressed their desire for
timelier financial information and decision-making tools from
the different departments.

Business Goals

20

2014 ISACA. All rights reserved

The Problems
The existing systems were unable to handle requests such as decision making or
timelier financial and other important information.
Any customised reporting was developed from a multitude of sources and
compiled manually.
ERP gained recognition over the years. It became the topic of discussion as
alternatives were contemplated and the company tried to formulate a solution
that would meet the needs of the individual departments, be compatible
companywide and facilitate the integrated communication that was desperately
needed.
These issues were significant enough to warrant an overall re-engineering of
business practices, and the bottler decided to start researching viable options.

21

2014 ISACA. All rights reserved

The Problems (cont.)

A great deal of time and money was spent to research options, outline necessary
attributes and perform feasibility studies. Employees spent several months
completing a study to justify expenditures for the new system, and this, along
with the inherent need for a new, integrated system, led to the decision to
implement ERP.
After a great deal of research and discussion, an executive steering committee,
with the guidance of outside consultants and the COO with the indirect help of
the CIO/IT Department, decided to implement an ERP system.
The idea was that the new system would be capable of handling company
growth, communicating between departments and producing customisable
robust reports.

22

2014 ISACA. All rights reserved

The Problems (cont.)

The ERP vendor was slicing and dicing capabilities for reporting that
accompanied the software.
The ERP vendor offered other features that were very attractive to the bottler.
The financial module, with its abilities to track profit, forecast sales and manage
cash flow, was also a feature the executives liked.
They also liked the fact that the human resources and payroll modules would
feed benefits and compensation and time and labor information as much as
manufacturing and distribution information to the profit reports.

23

2014 ISACA. All rights reserved

The Problems (cont.)

Management appreciated the fact that production scheduling, cost of goods and
inventory would all automatically update to the income statement.
Once sold on the overall package, the executive committee gave a green light to
go ahead with ERP implementation.
Although the ERP product seemed to be the solution to its problems, the bottler
still had an enormous amount of work to do. No matter the size of the company,
implementing an ERP system is not a trivial project.
The bottler chose not to take the advice of the independent consultants it hired
during the ERP product evaluation and recommendation phase, and instead
chose its own path for the implementation effort.

24

2014 ISACA. All rights reserved

The Problems (cont.)

This lack of faith in the consultants advice made the implementation process
even more challenging.
With a young, inexperienced professional staff and a very limited IT staff, the
undertaking was more than everyone bargained for.
Too much time-consuming and technical work was assigned to employees who
did not have ERP expertise or the proper training.
In addition to this lack of expertise, employees were not provided assistance
when it came to keeping up with their regular job duties.
The bottler had a history of a do-it-yourself philosophy for all projects
undertaken.

25

2014 ISACA. All rights reserved

The Problems (cont.)

Due to enormous workload of the ERP implementation effort, a great deal of
strain was placed on the employees involved in the project.
Communications problems increased. Roles and responsibilities that had not
been defined clearly started posing a problem, and the CIO had to take the
drivers seat without the right support to steer the project.
Communication issues, including employee encouragement concerns, also added
to the burden of the human resources problem. Due to breakdowns in the
channel of communication and the lack of management support, many
constituents, including high-level employees, resigned. Some were voluntary;
many others were not.
With already-looming challenges, the project was off to a shaky start. Choosing
the proper project team and planning its involvement would be the next major
issue at hand.

26

2014 ISACA. All rights reserved

Your Role
Your position: CIO
Experience: Worked in the
IT arena for more than 10
years.
Training: Completed the
Bottler Company LLC
internal management
training programme within
three months of starting
your position, and you
plan to enroll in IT
management and financial
courses soon.

Your team: The information technology

department consists of two technical staff
members and an assistant who report to you.
The teams role: They deal with change requests,
configuration management, and day-to-day report
building and IT support issues, amongst other
duties.
The previous contractor/consultant in the
recommendation phase suggested part-time help
be provided to your IT department and other
departmental employees in the project, which was
ignored by the executives because of the do-ityourself philosophy.

27

2014 ISACA. All rights reserved

Your Tasks
1.

2.
3.

Design a business process for the enterprise, list the workings and challenges
of the enterprise, and understand its vision, mission and
challenges/objectives.
Identify the relationships amongst principles, processes and practices.
Establish the pain points signaling the need for better value management as
well as trigger events that would compel business leaders to begin building on
value.

28

2014 ISACA. All rights reserved

Your Tasks (cont.)

5.
6.
7.

Outline a typical future state what the common characteristics and

outcomes of a value-driven enterprise look like.
Build a set of instructions on how to conduct an assessment of the
enterprises current state.
Identify the most critical elements in managing organisational change that are
required to sustain value over time.

29

2014 ISACA. All rights reserved

Notes
Many enterprises choose to acquire an ERP system to serve as a common system
for their wide range of daily operations.
Various business benefits can be realised from ERP investments due to
operational performance improvements. For instance, ERP systems embed
industry best practice processes, which enterprises can leverage to achieve a
discontinuous improvement in performance.
However, many ERP investments fail to deliver on their promised benefits due to
deficient ERP investment appraisals caused by inflated expected benefits and
underestimated cost and risk.

30

2014 ISACA. All rights reserved

Notes (cont.)
Therefore, improved governance of enterprise IT (GEIT) in general, and
governance of ERP system acquisitions in particular, are crucial for success. One
of GEITs key practices is the development, maintenance and utilisation of a
proper business case throughout an investments economic life cycle.
What are the key elements of an ERP investment business case, and which GEIT
best practices are relevant? Furthermore, do such practices resonate with
management and finance best practices, which are expected by executive
business leaders who control access to funds?

31

2014 ISACA. All rights reserved

Discussion Questions
Some of the questions that should be asked include:
1. What issues is the CIO facing?
2. Why have these issues surfaced?
3. Using the key components of a business case, define how you would use them
to define the key areas of benefits, risk, appraisal and cost.
4. Using COBIT 5 as a guide, identify the core domains that you would use to
manage and drive your project and then map them to the real-life actions you
would need to get the job done.

32

2014 ISACA. All rights reserved