the robotics auditors the workforce of the future giridhar ......risk triggers ia will enhance their...
TRANSCRIPT
The Robotics Auditors –The Workforce of the Future
Giridhar LS – CEO
Table of contents
`
IA fast forward 20251
RPA – Key Concepts2
How does RPA fit into risk?3
Demo4
IA Fast Forward: WHAT will be the areas of focus of
IA in 2025?
IA quick response through
- dynamic risk
assessment process,
- enabled by
technology,
1 2 3
IA will employ a variety of
dynamic outputs, on a more
real-time basis, to deliver its
messages to different
stakeholders
IA professionals to apply
more judgment in their
work and lesser on the
existence of processes
and controls
IA Fast Forward : HOW will internal audit tools & technologies
change in 2025?
Analytics based testing will
shift the focus from
traditional sample based
audit procedures to the
whole population
1 2 3
The adoption of continuous
monitoring, will shift IA’s
focus from detecting to
predicting control failure and
risk triggers
IA will enhance their
capabilities with bots and
machine learning to handle
the accelerating volume,
speed and complexity of data
IA Fast Forward: WHO will be the future of internal audit
in 2025?
Changing workforce
dynamics will require
internal audit to develop
more flexible, adaptive and
collaborative work
environment
1 2 3
Creative problem-solving,
innovative mindset and
social intelligence will
become more valuable than
technical knowledge
By 2025, the IA workforce
will consist of an even-split
between full-time
employees, machines and
technology staff
Skills of TomorrowCreative problem-solving, innovative mindset and social intelligence will become more valuable than technical knowledge
Skills of Tomorrow ? for workforce of the future
Talent Acquisition
► Campus
► Experienced
► Traditional, Center Based, Contingent
► Experiences, Learning, Coaching
► Feedback, Counseling, Career Progression
► Diversity, Inclusivity, Flexibility
Talent Development and Engagement
Technical
skills
Core skills
Internal
Audit skills
Skills of Todayfor current workforce
Artificial Intelligence & Blockchain
Process
Automation
Excel –
Power
User
Business
Diplomats
Data
Analytics
AI & Blockchain
Foundation: Domain Knowledge and Expertise
Future of the IA workforceBy 2025, the IA workforce will consist of an even-split between full-time employees, machines and contract staff
New ways of working and new
workforce models, enabling
internal audit to focus on
purposeful, value add work
Embedding Robotic Process Automation (RPA)
Benefits
Contingent
Workforce
Virtual
Workforce
Digital
Workforce
Traditional
WorkforceEmployee
Experience
Employee
Engagement
Efficiency
Accuracy
Collaboration Productivity
21
4
3
5 6
Robots do the what, freeing up humans to focus on the why
Ranging from 20–60% of baseline FTE cost
Taking the robot out of the human
jobs will be replaced by a smart machine by 2025,
including knowledge jobs
1 in 3 Creating an “anywhere, anytime”
workforce
Robotic Process Automation (RPA) Key Concepts
What is Robotic Process Automation?
RPA?What is
RPA is the use of a software ‘robot’ (a program) that replicates the actions of a human being interacting with the user interface of a
computer system.
The Institute for Robotic Process Automation (IRPA) defines RPA as the application of a technology. This technology allows employees
in a company to configure computer software or a robot to capture and interpret the existing applications for processing a transaction,
manipulating data, triggering responses and communicating with other digital systems.
As a renewal of the existing IT landscape is not
required, a high level of automation can be
reached without major effort. RPA uses
established control mechanisms and can
communicate with all systems. Therefore, no
interface has to be created.
RPA is integrated in an existing IT infrastructure
RPA is a computer software that runs
repetitive, rule-based processes. The
software is trained based on functional
specifications and can be adjusted at any
time.
RPA is a software
The software robot has access to diverse
applications with an ID or a password. The
robot can gather information or change data.
Consequently, business and administrative
processes can be fully automated.
RPA simulates an employee
How does it work?
Robotics process automation (RPA):
A software solution that runs unattended, working like a virtual employee with legacy applications performing repetitive tasks reliably at the UI level
Other automation technologies:
A broad set of complementary technologies that can be brought together to automate a process
Divide up a task into pieces to be solved by
technology, low-cost resources, and high-skill
resources
Keyword-based character recognition
Optical character recognition (OCR)
Completion of auditable activity logs
Entering data into a system
Composing and sending emails
Rules-based processing and decision
making
Comparing data sets
Reading, copying, aggregating data
Automation of clicks, data entry
Machine learning
Variable format processing
Adaptive behavior
Mathematical validations
• Robotics process automation (RPA) can provide advanced solutions to eliminate manual work – especially if used with other complementary technologies
• RPA integrates with other technology to significantly reduce manual work:
RPA transforming businesses
Software
Robotics
Why Software Robotics?
Software Robotic Automation provides significant benefit for cost
reduction and service improvement:
► Significant cost reduction for repetitive manual tasks
► Improved quality, consistency and reduced risk
► Tactical solution for automation and system integration where
strategic programs have long lead-times
Why agile, business-led approach?
► IA understand their processes in detail
► Operational processes change regularly with short lead-
times; this is generally why they have not been automated
using traditional methods
► An agile approach allows rapid benefit delivery, incremental
improvement, and rapid response to change
How does it fit with Lean, or other initiatives?
► Efficiency - Significantly reduced cost and business impact
from a single pass / assessment of operating model and
existing processes
► Outcome - Better outcome as all options are considered
during target operating model and process re-design
Robots work
with existing
IT landscape
Cuts data
entry costs
by up to 70%
Robots can
be trained by
IA users
Automated
solution can
work 24/7
Double-digit
reduction in
error rates
Robots and
People: a powerful
combination
► Robots deliver
repetitive,
deterministic,
high-volume tasks
efficiently
► People build
relationships,
provide subjective
judgement, deliver
low-frequency and
exception tasks,
and manage
change and
improvement
Software Robotic Automation can dramatically reduce costs,
while improving service levels, data quality and reducing risk
1/3 of the
cost of
offshore FTE
What are the RPA triggers?
Need for more quality and predictability in
controls execution, risk management
Desire for speed and precision in risk and
security orchestration
Need to perform more knowledge work to add
value to the business
Cost reduction program
Workforce reduction creating strain on people
and process execution
Lack of agility in workforce to adopt to changing
to systems landscape
New ERP or major system changes including
migration, upgrades
BPO contract renewals or renegotiations
Increased regulation and changing processes
and high administrative burden Large number of systems requiring data
handling and system manipulation
How does RPA fit into risk?
RPA uses and hotspots
Audit• Effective challenge of RPA program
and robots
• Process modifications
• Impact to existing audit strategy
• Controls baselining, testing, reporting
Controls, Governance and
Compliance• Controls testing
• Enterprise GRC enablement
• Application security enforcement
Audit• Evidence collation, issue isolation
• Controls evaluation
• Reporting
• Regulatory compliance
RiskSecurity• Digital Identity & access
• Data identification & protection
• Security operations
• Software product & security
Controls, Governance and
Compliance• RACM, ITGC, policy & procedure
maintenance
• Governance framework enablement,
extension
ImplicationsApplications
Security• IAM
• Secure development
• Threat & vulnerability management
RPA
How RPA fits into Risk?
How RPA fits into Risk?Most suitable Risk processes to implement RPA
Start with looking at how your teams are
deployed. Where are resources…
► manually accessing and gathering data
from several different applications to
complete their activities?
► manually moving data from one system to
another?
► manually checking the consistency of
data between multiple systems?
► manually updating the same information
in multiple systems?
► waiting for alerts/events to initiate their
activities?
► manually remediating data across several
accounts?
Robots provide flexibility and connectivity between applications, increase the effectiveness of applications, and complete
routine activities that previously required manual effort, but they do not replace existing computing capabilities, and they do not
generally replace entire roles.
Preliminary ideas for consideration:
► Control execution
► Controls testing
► Compliance monitoring
► Risk data aggregation
The 3 Lines of Defense
Risk Compliance Internal
Audit
Level of Risk
Management
Controls
1st Line of Defense
Control Design &
Implementation
2nd Line of Defense
Risk and Compliance
Oversight
3rd Line of Defense
Independent
Assurance
Ex
tern
al
Au
dit
Reg
ula
tor
Governing Body/Board/Audit Committee
Senior Management
How will this
change with the
advent of RPA,
Data analytics
and AI?
How RPA fits into Risk?Top Implementation Opportunities – 3rd Line of Defense
Data collection, through robotics authentication, for data aggregation of disparate
technology assets where configured data feeds or analytics do not exist.
Automated testing of attributes against defined rules. (e.g., automated testing of
application, OS, server access terminations against HR termination data feeds)
Configuration testing of application, OS, server against configuration standards.
Such tests may also be applied to robot implementations/configuration
100% population testing. Robotics has the ability to move beyond sample or
risk/analytics-based testing strategies, to test 100% of populations where appropriate
based on process or control risk
Continuous auditing enablement. Robotics has the ability to audit processes more
efficiently and at a higher throughput, to move closer to true “continuous auditing”
1
2
3
4
5
A lack of robotics governance can lead to ineffective and inefficient process
automation and an inability to support and meet business requirements.
Robotics access management is ineffectively managed leading to the compromise of systems, applications and their associated data.
Process automation requirements are not appropriately or accurately identified and documented leading to robotics developments that do not meet business needs or support the business/IT strategy resulting in a negative impact on business processes and financials.
Robotics implementations are not appropriately designed and tested leading to
requirements not being met or a negative impact on production systems resulting in a
negative impact on the business and financial losses.
Automation problems are not timely identified and managed leading to a delay in their
resolution and resulting in a negative impact to business processes.
1
2
3
4
5
A Robotics Governance framework is defined and maintained,
including leadership, processes, roles and responsibilities,
information requirements and organizational structure required
to ensure support is aligned to business objectives.
Due diligence is performed over robotics vendors to evaluate
the risk of the vendor at the onset of the relationship and on a
periodic basis
Robotics access control is managed and proper authentication
methods are implemented and consistently enforced to prevent
unauthorized access.
Robotics change and development requirements are clearly
and concisely documented and mapped to business needs to
ensure that the changes agree with the business strategy.
Implementation, testing, and support requirements are
developed and communicated to both business and IT
stakeholders.
Automation problems and errors are evaluated, corrected,
tracked and communicated in a timely manner through
resolution.
Top RPA Risks Illustrative Controls for Top Risks
6 Risks are not effectively mitigated for robotics vendor relationship and outsourced
services, leading to financial and reputation exposure.
Auditing Bots
How RPA fits into Risk?
Demo
Generation of reports to email
Internal Audit Program with Advanced Analytics
4. Reporting
3. Fieldwork
2. Planning
1. Foundation
Risk Assessment
Audit Planning
Execution (Fieldwork)
5. Quality
• A balanced view that helps stakeholders
better understand the underlying business
risks.
• A consistent and repeatable approach
that ensures no surprises
• An Internal Audit Plan that are aligned
with your stakeholder needs
• Comprised of risk-based planning,
stakeholder feedback, proprietary tools
and methods, and talent.
• Actionable recommendations,
mitigated risk and improved controls
Why is this so important today?
► Company expectations: Maximizing the use of technology to increase coverage, quality and business impact, while managing
a finite audit budget
► Competitive landscape: Competitors continue to strengthen their capabilities and seek new talent
► Value/Relationship: Insights open the door for deeper discussion on issues and develop/strengthen relationships
► Talent development and appeal: Effective integration of analytics will strengthen the business skills of auditors
► Audit/Business Partnership: Innovation and resulting methods could be ultimately transitioned into the business
► Regulatory Expectations: Audit need to get stronger assurance and quantifiable results
Not always Tracked to Amounts:
► Development saved compared to traditional BI
► Audit hours saved (fieldwork review)
► Expenses minimized
► Revenue found
What are the major benefits?
Qualitative:
► Higher quality management conversations
► Risk focused testing
► Visual focus on trends and outliers
► Adoption by broader IA dept
Quantifiable:
► Development saved compared to traditional BI
► Audit hours saved (fieldwork review)
► Expenses minimized
► Revenue found
1. Increase coverage, quality, and business impact
2. Establish competitive advantage in industry
3. Create deeper discussion on issues and develop/strengthenrelationships
4. Strengthen the business and technical skills of auditors
5. Cultivate an audit/business partnership
What are the
benefits?