More Related Content Similar to What, Why and How of Governance in RPA (20) What, Why and How of Governance in RPA1. What, Why and How of Governance in
Automation?
Simen Munter and Mohit SharmaGROW FOR TOMORROW
22nd November 2016
2. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
2
Speakers
Simen Munter is leading one of the biggest robotic work force in multiple countries for a
leading global bank. He is an early adopter of multi-site RPA based automation at scale,
across four locations with ~6k FTEs and hundreds of robots deployed widely across most of
their processes. Simen is a ‘lean geek’ and deeply interested in the role of RPA in enabling
lean processing and the role of Machine Learning in high volume process. He has a passion for
sailing, skiing and tractors (don’t ask).
Mohit has over 20 years of experience working in Strategy, Corporate Finance, and Risk
Management Solutions for Deloitte, PwC, and EY. Mohit has authored and published one of the
first and most comprehensive research on Robotics and Process Automation. Mohit provides
advisory services to leading global financial and non-financial organization in US, Australia, UK,
and India on their journey for Automation and Artificial Intelligence. Mohit loves cricket and
food, in that order. Mindfiels has done more than 6 RPA live projects in Aus, and 2 in US
Simen Munter
General Manager Group
Hubs ANZ
Mohit Sharma
Managing Director
Mindfields
3. Webinar 22nd Nov 2016© 2016 Mindfields. All rights reserved.
Mindfields Business Mode (Click here to watch video)((link to video)
3
Artificial IntelligenceRobotic Process AutomationMachine Learning
Educate
Execute
Consult
Research
4. Webinar 22nd Nov 2016© 2016 Mindfields. All rights reserved.
Our Value Proposition
Thought Leader in RPA
Domain
Independent and Vendor
agnostic
RPA software agnostic Advisory focussedSuccess based pricing
4
5. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
5
Background Service delivery have historically been changed through following 5 transformational levers:
People >>>> Process >>>> Technology
Centralise physical facilities and budgets
Standardise business processes across business units
Optimise processes to reduce errors and waste
Relocate from high cost to low cost destinations
Enablement of Technology e.g. Self service portals
Enhancement of Technology e.g. software robots (RPA) and Artificial Intelligence
Sixth transformational lever
6. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
6
What is governance in automation means?
People >>>> Process >>>> Technology
7. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
7
People >>>> Process >>>> Technology
Poll 1: What stage of RPA journey your organisation is currently at ?
8. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
8
People >>>> Process >>>> Technology
Aligning business strategy
Organisational Structure
Roles
Mechanism
Business case and value
Non human component
What is different in Governance for automation?
What is governance in automation means?
Overlapping of IT and Business domains
Evolving technologies
Security and Privacy
9. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
9
People >>>> Process >>>> Technology
Poll 2: Do you think Governance for automation should be different from conventional strategic initiatives?
10. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
10
People >>>> Process >>>> Technology
People
1
2
3
4
5
Agenda
Purpose
Investments
Process and
Technology
Who are
deployed to
RPA work?
Where are
you
deploying
most
resources?
Why are
you
deploying
RPA?
Making it
simple to
get good
outcomes
The right
infrastructure
and approaches
making it simple
to get good
outcomes and
maximise
learning.
Enabling Delivery
Multilevel empowerment is core to sucess in all
transformation activities.
A good governance approach works by
empowering the levels below, enabling them to
get on and do things without having to revert
back up for approval.
Ideally, empowerment is done to the lowest
level (e.g. The people whom are creating RPA
solutions) whom are authorised to progress as
long as they are following the right patterns.
What to Govern?
RPA should form part of a digital transformation journey map
11. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
11
People >>>> Process >>>> Technology
If you dont know why you are deploying RPA you will struggle
to get and maintain momentum, and your initiatives will be
pulled in all directions. A CoE should ensure that RPA is
deployed where it will give the best business value.
Developing RPA vision and plans
Not only provide guidelines and rules, active participation in
delivering RPA solution will ensure that governance is working
in the real world and is adapting to where the organisation is
on the maturity journey.
Developing RPA Governance
By developing standard patterns the CoE provide concrete
design guidance for implementing individual solutions. Patterns
provide better guidance than rules and enable many design
decisions to be premade.
Managing RPA Patterns
By making it easy for participants to find solutions already
implemented the CoE helps speed up deployment and reduces
rework.
Library of RPA based services
By looking at the pipeline of enterprise technological change,
current and projected business volumes continously re-plan
which RPA solutions to prioritise and where to retire.
Planning the Future
Role of RPA Centre of Excellence or Expertise?
John Bersin – 2016- “Future of Work”
92% of organizations believe their organizational design is not working
”The answer, as we have discovered, is to empower people in small teams, link these teams together, and build an organizational culture that keeps people aligned
and lets people innovate, deliver, and serve customers on the front line.”
12. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
12
Why we need governance in automation?
People >>>> Process >>>> Technology
13. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
13
People >>>> Process >>>> Technology
To mitigate Strategic and Operational Risk
Regulatory Compliance
Knowledge management
Vendor management
Escalation management
Why we need governance in automation?
14. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
People >>>> Process >>>> Technology
PeopleTechnologyStrategy
CompliantSecureSafe
1 Strategy Alignment & Measurement
Deployments are aligned to enterprise strategy and is
resulting in meaningful progress
2 Technology
Technology platforms and development patterns
defined and continously ”groomed” to ensure
relevance
3 People
Install, Motivate and Lead the wider teams involved in RPA
1 Safe
Automations deployed are using patterns which ensures
operation within Operational Risk appetite (software
deployment)
2 Secure
Deployments supports accountability and is not
bypassing key controls (e.g. UAM/Dual Control)
3 Compliant
Deployments do not result in breaches of regulations in any
market for which RPA is doing work
Control freaks hell-bent on frustrating business or Real Value Add to your program?
Must do thisShould do this
Why we need governance in automation?
15. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
15
How we can implement governance for automation?
People >>>> Process >>>> Technology
16. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
16
People >>>> Process >>>> Technology
Centralised or Decentralised
Ownership and Sponsorship
Target Operating model ( Different for Captives, Already outsourced or currently in house)
Controlling and Reporting
Change Management (Robot)
How we can implement governance for automation?
Change Management (Process)
17. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
17
People >>>> Process >>>> Technology
In cases where processes are relying
on human dual control, RPA solutions
must ensure that this principle is not
infringed by e.g. Enabling approvers to
submit data for execution by the RPA
tool.
RPA approach is deployed in a way
which minimises the risk of multiple
capture of the same dataset. This is
the most common cause of
operational loss due to RPA.
RPA tool ensures that it is operating on
the right screen prior to execution and
that the system is available.
Real clarity on whom has done what
automation on which systems available
centrally and electronically.
If you process or store data in the solution
you might be exposed to info security breach
– solutions must meet enterprise information
policy requirements
Ensure that all RPA deployments are
following a clear policy which ensures that
only fully documented, tested, versioned and
signed off solutions are going live.
Clear Ownership
Data Protection
Clear Deployment Policies
Dual Control
Replicated Execution Control
Right Screen Controls
Check list of Key Elements
18. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
18
People >>>> Process >>>> Technology
Clarity around how access controls will be enforced (to the
robot, and by the robot to underying systems). Availability
of relevant audit trails.
Access Control and audit trails
What will happen if the tools is not available? What will
happen if the site where the tool is running is not available?
Are we meeting recovery timelines
BCP Considered
Assess impact of various failure modes on overall process risk
score – should improve from manual process
Operational Risk Impact
In case of operating on a regulated activity, are we confident
that we are meeting any particular regulatory requirements set
following the deployment of the RPA solution
Regulator Considerations
Check list of Key Elements (contd)
19. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
19
People >>>> Process >>>> Technology
Poll 3: Who is guiding your organisation in its RPA journey?
20. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
20
People >>>> Process >>>> Technology
Audit Trail
Centralised Security
Task Repository
Versioning
Reporting and Escalations
Less programming
Ensure that all
instances are running
latest versions
Centralised User
Management across all
deployments
Oversigh over what
tools are deployed
where
You know who did what
Error trapping and
reporting across all
deployments
Typically configuration
rather than code
writing
RPA
Vs
Macro
Significant step up from EUC
21. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
21
People >>>> Process >>>> Technology
What are the different governance models currently in use across IT and EUC/business? Gains and Pains?
Where does governance of RPA normally and best sit within an organisation? Who owns it?
What are skillset required to effectively govern RPA? What needs to change in terms of training & hiring
Do you have examples of the best Governance practices?
Questions?
How to address concerns around governance of Security and Privacy?
What are lessons learnt? What did not you know when you started that you wish you would had?
What should be minimum MHC (meaningful Human Control) for an automated process?
What are useful metrics?
How is time freed up by automation best included in RPA governance model?
How maintenance of automated process governed ?
22. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
22
People >>>> Process >>>> Technology
How you ensure the controls are appropriate and acceptable to senior management related to risk profile?
Where does governance of RPA normally and best sit within an organisation? Who owns it?
How you deal with IP and knowledge management in a automated process environment?
How has RPA changed business thinking/approach to Quality Assurance and process design?
Questions?
How to govern and manage Robots in BAU?
What controls and reporting mechanisms can be used for change management ?
How RPA Governance ensuring improved customer experience?
How RPA Governance ensuring improved employee experience?
How RPA Gov paving the way for organisations to easily adopt inevitable business trends such as AI?
How does RPA Governance ensure a culture which promotes Innovation?
23. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
23
People >>>> Process >>>> Technology
What is in place in RPA governance to track tangible and non tangible benefits of automation?
How organisations are governing system variations which impact already automated process in production
How to select the right process for RPA?
Have you engaged consulting firm for your RPA journey and what role they play?
Questions?
On what basis RPA governance structure be designed- Location, Ownership, Process or Outcomes?
How can RPA governance be effective for resourcing, training and skillset management?
What are regulatory authorities viewing automation? Any insights?
How we can track business case using RPA governance framework?
What controls need to be in place when a Robot dies or divorced or incarnated?
How to incorporate controls in RPA governance when scaling up?
24. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
24
People >>>> Process >>>> Technology
Poll 4: What should be topic of our next webinar?
25. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
RPA can ”overpower” underlying systems - pushing much more work through than originally planned for. In reality, normal RPA
scripting will only proceed when the underlying system is confirming that it is ”ready”, so such issues will typically result in
“timeout” errors on the RPA side. If it is a capacity issue (e.g. Disk space), this would happen independent of capture method,
as the alternative would be through people.
RPA tool will not recognise that there have been changes in the underlying system, but instead of breaking, it could process
transactions erroneously. Unannounced system changes is normal (despite UAT procedures) and RPA tools are generally good
at coming up with approaches to deal with such situations and exit gracefully. RPA continue to leverage existing screen
validations and if screens are only partially filled in they will typically not be able to be processed by the underlying system.
RPA tool will cause increased spikes in system demand causing underlying systems to run out of resources as they “kick in
abruptly” and operate at a higher pace than humans. This is a variant of the above and mitigated the same way.
RPA tool can bypass built in security and update underlying systems in ways which cant be envisioned and which are not
replicable by human operators. Since we cant envision it, it is impossible to address. However, the toolsets are not granted any
higher level of security than its human counterparts. A variant of this is that the RPA tool can be compromised by external or
internal hackers and used as an attack vector. Whilst this is technically possible, it raises the issue if this is a likely attack vector in
case of an enterprise breach. Typically there are many other internal systems which have far higher value and which are less
protected.
A number of risks normally pops up in discussions, but not normally a real issue in practice
People >>>> Process >>>> Technology
Myths
26. © 2016 Mindfields. All rights reserved. Webinar 22nd Nov 2016
26
GROW FOR TOMORROW
AUSTRALIA
Level 7,
171 Clarence Street
Sydney NSW 2000
Telephone: +61 (02) 8034 6304
Facsimile: +61 (02) 8677 8400
Level 3, 480 Collins Street
Melbourne VIC 3000
Telephone: +61 (02) 8610 6327
Facsimile: +61 (02) 8610 6334
USA
276, 5th Avenue
Suite 704, New York
NY 10001
Telephone: +1 212 203 7209
Facsimile: +1 917 472 1489
INDIA
7, Barakhambha Road
Connaught Place
New Delhi 110006
703-706, 7th Floor, Arcadia
Plot No. 195, Nariman Point
Mumbai 400021
research@mindfields.net.au
www.mindfields.net.au
For more information please contact us at research@mindfields.net.au