Risk Management For and By the BOT. Secured BOT Series

Similar documents
Online Risk and Digital Reputation Management. September Risk Advisory

Online Risk and Digital Reputation Management For private circulation only. Risk Advisory

Global In-House Centers Mitigating Risks. Enhancing Reputation. Optimizing Returns.

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

Next Generation Controls(NGC) Moving towards a Robust Control Framework. August Risk

Grant effectiveness and efficiency. Impact through delivery

EU General Data Protection Regulation (GDPR) A Point of View. For private circulation only. Risk Advisory

EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.

Procure to Pay (P2P) Risk Analytics. Risk Advisory

Next Wave of Continuous Control Monitoring solution A Point of View. For Private circulation only

Data Explorer for Road Assets Risk Analytics

Intelligent automation and internal audit

Robotic Process Automation. In Risk and Compliance for Banking and Finance. Risk Advisory

Cement Industry Risk Analytics For Private circulation only June Risk Advisory

How prepared is Corporate India to tackle fraud? An analysis of responses to Deloitte Forensic India s Fraud Risk Score self-assessment tool.

Types of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA

CFO Perspectives India CFO Newsletter December 2017

Deloitte Shared Services Conference 2018 Extended lab 4: Internal controls managing risk in the age of digitalisation Ani Sen Gupta and Edward

Internal audit insights High-impact areas of focus

TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018

Accelerating application management services automation Time to break out the bots?

Taking labs to the next level with cloud and IoT VELP Scientifica tightens the customer connection

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Generating value within the Risk Ecosystem Risk powers performance

Reimagine everything Accelerate digital enterprise transformation

Decoding the future IT Risk Management. Disrupted. Exploring the future of IT risk management By Chris Recchia, Tom Bigham and Rob Dighton

Internal Audit and Technology Sustainable Analytics

Global Trade Advisory Trade Automation Innovation

Supply chain as source of value in converting the omni-channel customer

CoE in a Box - Enablement and Controls. The key get rights vital to successful RPA CoE Program

CFO Perspectives CFO Speaks

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

Blockchain: A revolutionary change or not?

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Compliance Risk Management Powers Performance

Deloitte Shared Services Conference 2018 Lab: Imagine RPA David Wright, Kim Burton and Dupe Witherick, Deloitte

The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,

Managing Tax. Balancing current challenge with future promise Session 5. The Grand Hyatt, Singapore 16 February 2017

Indirect Tax Conference Developing your Customs Function

Managing risks of the growing RPA jungle

Emerging Technology and Security Update

IT Risk Advisory & Management Services

Mid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte

Reimagining IT: Leading technology organizations into the future The Dbriefs Technology Executives series

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

A guide to assessing your risk data aggregation strategies. How effectively are you complying with BCBS 239?

Three dimensions of application management services automation After determining why automation is needed, consider the questions of what, how, and

How can you turn digital risk into a source of competitive advantage?

Deloitte Leading Practices Solution for Utilities (DLeaPS-U) Empowering innovation at the core

Transformation in the Internal Audit Function Neil White October 5, 2017

CFO Perspectives India CFO Newsletter November 2017

1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview

Welcome to the postmodern era for public sector ERP

4/26. Analytics Strategy

Real Time Close. Case Study and Demo

Partnering with the business to create a successful self-service analytics framework

Western Australian Public Sector Reform The technology dimension of amalgamations

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

CFO Perspectives CFO Speaks

The Robots Are Here! RPA Services in Greece

Minimizing fraud exposure with effective ERP segregation of duties controls

How to Stand Up a Privacy Program: Privacy in a Box

Risk Advisory Services Developing your organisation s governance for competitive advantage

Third Party Governance and Risk Management

Ramifications of the New COSO Framework & Recent PCAOB Actions

Leading financial institutions are transforming the way they manage IT risk

Data rich and regulation wary

Emerging & disruptive technology risks

Enabling a Comprehensive Platform for BCMP that integrates People, Process and Technology

Effective Data Governance & GDPR Compliance for the Nonprofit CFP

Adopting automation in internal audit Using robotic process automation and cognitive intelligence to fortify the third line of defense

Internal audit insights High impact areas of focus

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011

HR Metrics and Model for Modern Times

A View from the C-Suite: The Value Proposition of Shared and Global Business Services The Conference Board 20th Annual Global Business and Shared

Due for a transformation Accounts payable optimization with machine learning

Building a culture of innovation through automation

Internal audit insights High impact areas of focus

Audit Committee and other Board Committees Roles and responsibilities under the Companies Act, 2013

Information governance for the real world

Software Asset Management Reducing costs, mitigating risk, gaining control. Ninety years in the Middle East

ERP IMPLEMENTATION RISK

Insurance Accounting & Systems Association (IASA): NY/NJ Chapter Spring 2014

Information Technology Risks in Today s Environment

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

Corporate Background and Experience: Financial Soundness: Project Staffing and Organization

Global Trade Advisory M&A Deloitte Tax LLP

Enterprise compliance Acting on today s risks to avoid tomorrow s crises

Machine First Delivery Model TM. Driving Business 4.0 TM, Intelligently

Why Is Third Party Risk Management Important?

Energy: fixed overhead or controllable input?

IT Audit Process Prof. Liang Yao Week Three IT Risk Assessment

Mining Solutions Driving innovation in mining

Enterprise Risk Management in Health Care

International Finance Corporation

Managing interdependencies in Current Expected Credit Loss (CECL) implementations

Sarbanes-Oxley Compliance Kit

Reducing fraud, bribery and corruption in your private business: 6 things you can do now

Shine a light on media accountability

Transcription:

Secured BOT Series 2018

Contents Risk Management For and By the BOT Setting context for RPA Risk Management Deloitte's Risk Framework For RPA Risk Management For the BOT Risk Management By the BOT How can we help? Contacts 03

04

Risk Management For and By the BOT RoBOTs have sooner become a reality than most of us thought. In the current avatar, Robots are making your business more responsive, cost effective, compliant and efficient. Many of us already see these digital clicks happening around us. We are already entering an era where BOTs are doing intelligent work and building efficiencies. While technology makes our life efficient, it also opens new risks to the business environment. A typical Robotics Process Automation (RPA) system design provisions interconnection between multiple systems and hence also has an impact on underlying system control environment. Lets examine its relevance to business environments. Opportunity: Can you make your digital platforms more secured and compliant through RPA? Threat: How secured is your RPA environment from internal and external threats? It is essential for an organization to build a secure BOT strategy when they move from a POC to Production environment. 05

Setting context for RPA Risk Management Typical risks in an RPA environment RPA brings its own inherent risks as well the ones which are resultant of the business environment it automates. 01 02 03 04 05 06 RPA offers broader spectrum of internal and external application integration, and may lead to enhanced cyber threats. Automation of process through RPA without embedding/ aligning control design may lead to manual override or unauthorized changes which often goes undetected. Generic BOT ID often poses risk of non compliance to software licenses due to potential indirect usage. BOTs stores credentials of multiple applications, which are often empowered with extensive access. Unauthorized access and use of BOT credentials may lead to data, security, privacy and fraud risks. Due to high processing capability of BOTs, a delayed response to cyber incidents may lead to inappropriate processing of high volume/ value transaction. BOTs are often not built for intent identification, hence detection of security breach may be a challenge. Deloitte's Risk Framework for RPA A secured and compliant BOT environment requires an effective management and monitoring of key risk domains. Depending on the relevance, each of these domain would help strengthen security and controls in your RPA environment. Business Risk RPA Specific Risk Considerations Server security configurations Network Vulnerabilities Logical security controls Penetration testing Code Reviews Ensuring protection of data across the RPA ecosystem Consent record and validity Private data identification Cross border data transfers Current Software License contracts lack clarity to allow BOT access to target application Penalties due to non compliance Indirect usage License Compliance Data leakage and Privacy Alignment with organizational business continuity strategy and priorities Crisis mitigation planning Business continuity during process outages Disaster Recovery Strategy implementation planning Cyber Security Incident Management and Business Continuity Regulatory Compliance Deloitte s Risk Framework for RPA Regulatory compliance reporting requirements Mandatory controls/ validation in solution Document/ change management controls Data lineage and traceability Identity and access management Secured Business process Access Security strategy for and by BOT Segregation of Duties and sensitive access BOT IAM risks and measures Weaker process / sox controls Possible manual override on BOT automation Weak change management process of BOT configurations Strategic Technology Financial Operational Regulatory 06

Risk Management For the BOT A holistic risk validation of the RPA is conducted from perspective all key domains of RPA risks. Deloitte s Secured RPA implementations and advisory services encompasses a wide range of process and compliance needs. Implementation Advisory Secured BOT Assurance Risk Management / Industry Solution Managed Services BOT Security Architecture Strategy, design and review Identity and access management Pre/ Post Go-live risk assessment Business Continuity Review Process standardization and Mapping Program governance and strategy Secured BOT Assurance Process and Access Control Design and implementation Functional and non functional Testing Vulnerability Management Secured code reviews Interface / API Security Vulnerability Assessment Compliance enablers (SoX, JSOX, FRC, IFC, IRDA, TRAI, GST, ISO27001, PCI DSS etc.) Business Risk Internal controls Monitoring Periodic Risk Assessment Application License Compliance Industry solutions CSA Framework Governance Strategy Center of Excellence - Managed Cyber security operations center Incident management and response Change Management validation IT Process Automation Standard Operating Procedures Controls Automation Our Secured RPA implementations and advisory services are designed to help you at varied stages of RPA implementation. It helps you get a comprehensive view of your RPA risks, maturity of risk management methods adopted along with desired state. Typical value delivered includes: Independent and comprehensive BOT risk assessment Adoption of leading practices for secured and compliant BOT Assess the current RPA Risk maturity level and desired state Illustrative RPA Risk Maturity Benchmarking Domains Initial Developing Defined Managed Optimized Cyber Security Data leakage and Privacy License Compliance Incident Management and Business Continuity Regulatory Compliance Identity and Access management Secured Business process Business Case Evaluation Legend# Current Maturity Target Maturity level 07

Risk Management By the BOT Industries today face a large number of internal and external compliance requirements. With the regulators adopting technology, the demand for timely and granular compliance is common. RPA provide a unique value proposition for many such requirements. A carefully designed RPA can improve the accuracy of records and response time. On the other hand, with 100% review of records, compliance monitoring through RPA improves the quality of reviews and enhance stakeholder confidence. Illustrative view of RPA amenable Risk Management use cases are highlighted below. IT Process Automation Banking Energy & Resources Life Sciences & Health Care Consumer & Industrial Products Periodic Risk Assessment Compliance reporting (SoX, ICFR, IRDA, TRAI, GST, ISO27001, PCI DSS etc.) System Change Management Master Data Management Regulatory Reporting Trade Surveillance Credit Monitoring Collateral Management Meter reading Management Billing and Invoicing CHP/OEM contract compliance monitoring Emission norms monitoring Maintenance schedule monitoring Computer System validations like application Analysis, Change management review Regulatory compliance for material movement Declaration of stocks and manufacturing plan to regulators 08

How can we help? Our RPA methodology is designed to help you throughout the RPA journey. Our team of risk and technology experts would help automate compliances as well secure your RPA environment. Leveraging RPA for secured and compliant Technology environment Making your RPA environment secured and compliant Design Its all in design. We bring our experience for enabling compliance across industries to help you choose the right candidates and design to-be processes. Maximum risk mitigation with optimal efforts. 01 02 Secured BOT Assurance for RPA implementation Secured BOT Assurance for RPA products Defiine Project managment Strategy and Roadmap Organizational Change Managment Operations and Maintance Maintain Governance Implementation Deliver Maintain Deploy Embedded controls is the best way to manage risks in any technology implementation. Our combined teams of technology and risk experts helps implement a secure RPA environment With ever evolving risk and threats to the technology environments our experts help you prevent, detect and manage risks and threats to RPA environment 03 04 05 06 RPA Risk Maturity Assessments BOT Identify and Access Management Managed Cyber security operations center Center of Excellence Incident management and response 09

Contacts Rohit Mahajan Partner Leader E-mail: rmahajan@deloitte.com Senthilvel Kaliyamurthy Partner E-mail: senthilvelk@deloitte.com Abhay Gupte Partner E-mail: agupte@deloitte.com Ashish Sharma Partner E-mail: sashish@deloitte.com Shree Parthasarathy Partner E-mail: sparthasarathy@deloitte.com Prasad Godbole Senior Manager E-mail: prasadsg@deloitte.com Anthony Crasto Partner E-mail: acrasto@deloitte.com 10

11

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms. This material has been prepared by Deloitte Touche Tohmatsu India LLP ( DTTILLP ), a member of Deloitte Touche Tohmatsu Limited, on a specific request from you and contains proprietary and confidential information. This material may contain information sourced from publicly available information or other third party sources. DTTILLP does not independently verify any such sources and is not responsible for any loss whatsoever caused due to reliance placed on information sourced from such sources. The information contained in this material is intended solely for you. Any disclosure, copying or further distribution of this material or its contents is strictly prohibited. Nothing in this material creates any contractual relationship between DTTILLP and you. Any mutually binding legal obligations or rights may only be created between you and DTTILLP upon execution of a legally binding contract. By using this material and any information contained in it, the user accepts this entire notice and terms of use. 2018 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited Deloitte Touche Tohmatsu India Private Limited (U74140MH199 5PTC093339), a private company limited by shares, was converted into Deloitte Touche Tohmatsu India LLP, a limited liability partnership (LLP Identification No. AAE-8458), with effect from October 1, 2015.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback