Standardizing Your Compliance Activities to Implement Data Analytics and RPA #AuditBoardWebinars
Jason Sechrist Director of Audit and Compliance Solutions AuditBoard Former Head IT Compliance and Internal Audit ▪ Volunteer Board/Audit Committee Member ▪ 16 years of IT Security Experience ▪ PwC / IT Risk Assurance / IT Consulting ▪ USAF Weather Systems ▪
▪ Define and differentiate data analytics, robotic process automation, and AI Learning ▪ Discuss best practices to standardize Objectives compliance activities in preparation for implementing RPA ▪ Understand how to leverage Data Analytics & RPA in IT Compliance to eliminate manual, redundant compliance activities, and improve overall efficiency and quality for control activities 3
Define and Differentiate Data Analytics, Robotic Process Automation, and Artificial Intelligence
Leveraging digital capabilities is a popular topic for internal audit teams, but many struggle to identify the right capability to use. 5
There are several key considerations when selecting what controls are eligible for analytics or automation. 6
With increased demand on the IA function, RPA and analytics present great opportunities to create efficiencies and drive value but often fall short of providing the anticipated value. 7
Companies are realizing significant value from adopting innovative technologies and insight tools. 8
A challenge for many organizations is the lack of resources and skill sets to drive a digital transformation journey forward 9
Data Analytics
Where to Start: Define what questions you want to answer using Data Analytics Sample Questions IT Audit/Compliance leaders should ask: • Where should your team be spending resources, personnel, and time? • What assets and what processes should I be prioritizing in my audit plan? • Could I use analytics to assess the effectiveness of controls? • Do I have a broad scope of things to assess (i.e. millions of transactions you need to sample from) where RPA could point out outliers and anomalies where you might find meaningful findings 11
Where to Start: Gathering Your Resources • Is there a data governance committee at your organization you can work with? • Can they help you identify what data you have, where it’s stored, and how it’s formatted? • Is there standardization around sources? • What technology is being used in different systems (will depend on the data and where it’s coming from) • Can I extract the data myself, or do I need a system administrator to get the data from the system? 12
Types of data sources that are helpful for doing data analytics in an IT Compliance context: Understanding the environment: • Where does the data reside? • Do you know path from source to data warehouse? Pull information from systems into a data analytics platform: • About assets (physical and data assets) from an inventory • Policy info from a content management tool • Controls/risks from GRC platforms and Jira • HR/Personnel data from TriNet or Workday 13
Where to Start: Data Completeness & Accuracy Data analytics will not be successful without a good data warehouse • GIGO: The data you work with is only as good as the source • Agreement on source of truth • Dealing with post-acquisition 14
Data Analytics Uses in IT Compliance Example: 15
Data Analytics Uses in IT Compliance Example: 16
Robotic Process Automation
Benefits of RPA Accurate Available 24/7 Consistent Instantly Scalable More time for creative, insightful, value-add activity 18
Challenges: Top reasons RPA fails during first implementation 1 2 Weak or no executive sponsorship Underestimate change management 3 4 Inadequate data completeness and Introduced too early within the accuracy transformation process 19
Challenges: Top reasons RPA fails during first implementation Challenge 1 Weak or no executive sponsorship • Executive sponsorship enables the program to – Solicit support from leadership within other departments – Navigate a politically sensitive environment – Effectively escalate when encountering resistance 20
Challenges: Top reasons RPA fails during first implementation Challenge 1 Weak or no executive sponsorship • Executive sponsorship enables the program to – Solicit support from leadership within other departments – Navigate a politically sensitive environment – Effectively escalate when encountering resistance Challenge 2 Change Management • Regardless the intentions of the program (FTE reduction, operational efficiency, etc), those impacted by RPA technology often react with anxiety upon first hearing of the tool. 21
Challenges: Top reasons RPA fails during first implementation Challenge 2 Change Management • Regardless the intentions of the program (FTE reduction, operational efficiency, etc), those impacted by RPA technology often react with anxiety upon first hearing of the tool. Challenge 3 Inadequate Data Completeness and Accuracy • RPA is only as good as your data! 22
Challenges: Top reasons RPA fails during first implementation Challenge 3 Inadequate Data Completeness and Accuracy • RPA is only as good as your data! Challenge 4 Introduced too early within the transformation process • Unfortunately, many companies try implementing RPA when they still have disparate, complex processes, yielding little to no ROI. • Therefore, RPA should be introduced once processes have been optimized. 23
When should you implement RPA? At the Tail End of Transformation R O A S E Robotize Optimize Automate Standardize Eliminate 24
The ESOAR methodology is a systematic framework used to enable transformation E Eliminate all unnecessary activities that impact time, cost, and effort. Addressing and eliminating the cause of waste and barriers to services shifts the focus to more value-added activities in your business operations, such as analysis. S Standardize similar routine processes in the same repetitive manner by using standard templates to run transactions with less time and effort. Standardization is a way to avoid the cost of ERP customization and drive best practices O Optimize using all the functions of existing tools to the maximum effect, including ERPs, processes, and workflows. Organizations often have the right tools, but don’t know to use them effectively. 25
The ESOAR methodology is a systematic framework used to enable transformation A Automate standardized manual processes – oftentimes possible with existing technology. Automation reduces or eliminates manual work, while delivering increased transparency and control over the process, with extremely high levels of accuracy. R Robotize to drive efficiency in any remaining manual, repetitive, rule-based activities by simulating the activities of a human operator. Through a structured review of operations ESOAR allows us to understand current process drivers and enables next level of growth through transformation 26
RPA Uses in IT Compliance 27
Final Thoughts
Organizations should start their digital transformation journey by defining specific objectives, measurable goals, and metrics that can be used to track against those items 29
Thank You! Contact: jsechrist@auditboard.com
Recommend
More recommend