Preparing Internal Audit for the New World of Robotics and Automation

Size: px

Start display at page:

Download "Preparing Internal Audit for the New World of Robotics and Automation"

Katherine Page
5 years ago
Views:

1 Preparing Internal Audit for the New World of Robotics and Automation

2 Why This Is Important

3 Bottom Line: Unprecedented Change The world is changing at exponential speed and so are risks that affect our organizations and Internal Audit. What has made our organizations and Internal Audit successful is not going to ensure continued success. Future Change Will Be Big And Fast

4 Today s Session Understand the impact that robotics and automation will have on the future workplace and the internal audit profession. Learn how to equip yourself and your team with the skills to audit these technologies as they are implemented by your internal audit customers. Share potential opportunities to implement these same tools to increase the effectiveness and efficiency of internal audits.

5 Change Is Coming For Our Organizations Technology disruption will be a major force for change within organizations. For example: Airbus Drone delivery 3D printer Our data shows that when it comes to technology innovation, many companies struggle to balance the need for speed and agility with the need for control. Excerpted from KPMG s 2018 Tech Risk Management Survey Report Disruption is the New Norm Internal Audit Mission: To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Change Is Coming For Internal Audit Whether happening now, soon, or later, these changes will impact Internal Audit: What we audit (implementations, technologies) Who we hire (innovators, IT skills,

6 Change Is Coming For Internal Audit Whether happening now, soon, or later, these changes will impact Internal Audit: What we audit (implementations, technologies) Who we hire (innovators, IT skills, change agents) How we audit (leveraging technology, embedding controls) Recognize that the speed of change may require a more agile approach to everything we do. Internal audit will need to also be agile to avoid being seen as an inhibitor.

7 So What Are These Future Technologies?

8 Future Technologies (cont d) A useful tool for identifying emerging technologies

9 Which Should I Be Concerned About For Now? These risks and their importance to our stakeholders and Internal Audit - are growing. Let s talk about two: Artificial Intelligence (AI) and Robotics Process Automation (RPA) Excerpted from KPMG s 2018 Disruption is the new norm - Tech risk management survey report

10 Robotic Process Automation (RPA)

11 RPA Audit Issues

12 Artificial Intelligence (AI)

13 AI Audit Issues AI is based on probability versus correctness Significant amount of data required Garbage in, garbage out Origin of data Data bias Data lakes Data leak Data drift System development risks

The Internal Audit Imperative CAEs need to lead the response to disruption with innovative strategies and an agile approach supported by the right talent.

14 The Internal Audit Imperative CAEs need to lead the response to disruption with innovative strategies and an agile approach supported by the right talent. Embrace the disruptive technology revolution; become part of the strategic transformation team. Deploy technologies within the audit function itself Enhances skills in all aspects of disruptive technology auditing. Reduce cost.

15 Let s Start The Journey 1) High-Level Roadmap 2) Examples 3) Tools

A High-Level Roadmap Assess the maturity of the department s existing technological capabilities. Form a team to develop a transformation program.

16 A High-Level Roadmap Assess the maturity of the department s existing technological capabilities. Form a team to develop a transformation program. Make sure the solution fits. Find partners. Create a budget. Quick wins are good, but expect changes. Practice change management communicate and align.

17 So What Technologies Can We Use?

18 A Word Or Two Of Caution Technologies will become cheaper over time

Using RPA Deloitte is currently using cognitive technology (e.g., data analysis, visualization, workflow automation, and RPA) to review contract terms and electronic documents.

19 Using RPA Deloitte is currently using cognitive technology (e.g., data analysis, visualization, workflow automation, and RPA) to review contract terms and electronic documents. The rapid reviews enabled by cognitive technology allow review and assessment of larger samples, or get to the point where auditors can review 100 percent of contracts. The reviews also can incorporate segmentation of documents. (e.g, contracts that include escalation clauses from those that do not.) Jon Raphael Deloitte & Touche LLP Chief Innovation Officer Excerpted from Creating a Cognitive Audit, by Tom Davenport and Jon Raphael

Using AI AI has been developed that has excellent predictive analytic capacities. (e.g., Amazon) Commercial AI solutions (e.g., feedzai) to combat fraud exist now.

20 Using AI AI has been developed that has excellent predictive analytic capacities. (e.g., Amazon) Commercial AI solutions (e.g., feedzai) to combat fraud exist now. Reduces number false positives and increases the speed and accuracy of fraud detection. Financial services use these techniques to investigate potential fraud. For example: Danske Bank, MasterCard, and RBS WorldPay AI can help auditors focus on the right behaviors to find fraud faster and more accurately.

21 A Bit Of Surprise

22 Let s Walk Through A RPA Implementation

23 RPA Assessment Process Perform Ideation Sessions / Create list of ideas for automation Filter ideas using Automation Criteria Document prioritized opportunities on Short Form Questionnaire Set up meeting for demo of the process with SME Assess the vetted opportunity within the Automation Scorecard Complete Long Form questionnaire and forward to SME. SME to help as needed. Complete Initial Process Assessments (includes as is process, estimated complexity, and estimated value case) Agree on Initial Process Assessment and Value Case Finalize ROI, Cost Benefit, Risks, Project Plan, Project Team, and Proceed with frequent communication

24 Automation Criteria Revisited

25 Impact On The Audit Department

26 Learn Non-Audit Conferences Audit Conferences Related Assurance Conferences

27 Learn (cont d)

28 Participate and Volunteer What are your organization s current initiatives? Are you involved? Get invited? Volunteer yourself, your team, your department.

29 Innovate - Continuously

30 The Internal Audit Skills Now and Future Change Agent

31 What We Covered Discussed the impact that robotics and automation will have on the future workplace and the internal audit profession. Learned how to equip yourself and your team with the skills to audit these technologies as they are implemented by your internal audit customers. Shared potential opportunities to implement these same tools to increase the effectiveness and efficiency of internal audits.

32 Questions

33 Technology Is Moving Fast

34 Technology Is Moving Fast (cont d)

35 Feel free to contact us at:

36 The future is not something we enter; the future is something we create. Gary Barnett

37 BACK UP

38 Documenting Prioritized Opportunities Questions Process 1 Process 2 Describe the key steps required to complete the process. 1. Step 1 2. Step 2 3. Step 3 Who is the process owner? Who is the process SME (subject matter expert)? Total Headcount completing the process What percentage of the team's time is spent completing the process on average? (E.g. 50% of average working day) What is the target automation benefit? (E.g. # FTEs, estimated financial benefit ($), reduction in handling time, etc.) What is the exception rate in the process? (%). (E.g. how many times an unusual case which needs to be investigated or escalated occurs) What percentage of the process is Rules-Based? (E.g. The decisions or steps taken throughout the process follow a pre-defined set of rules.) What percentage of the inputs are: 1. Structured (Ex. Excel, Database) 2. Unstructured (Ex. Image file, Freeflow text) 3. Semi-structured (Ex. , PDF) To what extent is process documentation available? (Ex. Documented process flow, training documents, templates of inputs and outputs, desktop procedures) Please list the names of the applications and the type of applications. Do any applications require Citrix or SAP? Please list the application names for each Is a new system or major change initiative due to be implemented in the foreseeable future which will affect this process?

39 Automation Scorecard Description 1 - Low 4 - High Human (Rules Based) Human decison-making is needed in No or very low degree of decisionmaking more than 70% of the process steps and/or is spread over the process. needed in process execution and/or is concentrated in a specific area of the process Data Characteristics (Nature of Inputs) Unstructured data with varying formats. Not predefined inputs. Structured data, fixed and predefined inputs. Digitalization (Nature of Data) Standardization (Exception Handling) IT systems Inputs needed for the process is not digitized and paper work is required to a high extent. The process is adjusted frequently and/or there is no predefined decision tree that the pocess steps follow. Types of systems used are difficult for RPA to work with. All inputs and data are stored digitally. The process is not adjusted frequently and there is a predefined decision tree that the process steps follow. Types of systems used are easy for RPA to work with.

40 Automation Scorecard (cont d) # of Yearly Cases Volume (#FTE equivalent) Minutes per Case Execution Human Interpretation IT Systems Data Characteristics RPA Suitability Digitalization Value Suitability Readiness Weight 25% 50% 25% 50% 50% Standardization RPA Readiness Other Benefits Process #1 XX XX XX Process #2 XX XX XX Process #3 XX XX XX

41 Automation Scorecard (cont d)

42 Initial Process Assessment Questions Could the process possibly be extended to other functions (reusability)? What percentage of the team's time is spent completing the process on average? How often does the process run? What are the average daily / monthly / weekly volumes? What percentage, if any, of the current process is already automated? How is this process expected to create value outside of FTE savings? (E.g. Increased cash flow, more accurate billings) What percentage of the process is Rules-Based? (E.g. steps throughout the process follow pre-defined rules.) What % of the process involves Paper? Digital? Voice? What is the exception rate in the process? (%) What is the Maximum Tolerable Downtime the department could experience in the event this process was unavailable What would be the impact to the department in the event this process was unavailable? Do the process volumes increase during peak periods? Please provide details. Are there any prerequisites to automation? (E.g. upgrades, security requirements) Are there any sub-processes that need to be considered? Are there any specific financial, regulatory, or customer pain points within the process? Are there any data policies (data retention, integrity, etc.) that need to be considered?