Standardizing Your Compliance Activities to Implement Data Analytics - - PowerPoint PPT Presentation

#AuditBoardWebinars

Standardizing Your Compliance Activities to Implement Data Analytics and RPA

Director of Audit and Compliance Solutions AuditBoard

Jason Sechrist

▪

Former Head IT Compliance and Internal Audit

▪

Volunteer Board/Audit Committee Member

▪

16 years of IT Security Experience

▪

PwC / IT Risk Assurance / IT Consulting

▪

USAF Weather Systems

3

Learning Objectives

▪ Define and differentiate data analytics, robotic process automation, and AI ▪ Discuss best practices to standardize compliance activities in preparation for implementing RPA ▪ Understand how to leverage Data Analytics & RPA in IT Compliance to eliminate manual, redundant compliance activities, and improve

• verall efficiency and quality for control

activities

Define and Differentiate Data Analytics, Robotic Process Automation, and Artificial Intelligence

5

Leveraging digital capabilities is a popular topic for internal audit teams, but many struggle to identify the right capability to use.

6

There are several key considerations when selecting what controls are eligible for analytics or automation.

7

With increased demand on the IA function, RPA and analytics present great opportunities to create efficiencies and drive value but often fall short of providing the anticipated value.

8

Companies are realizing significant value from adopting innovative technologies and insight tools.

9

A challenge for many organizations is the lack of resources and skill sets to drive a digital transformation journey forward

Data Analytics

11

Where to Start: Define what questions you want to answer using Data Analytics

Sample Questions IT Audit/Compliance leaders should ask:

• Where should your team be spending resources,

personnel, and time?

• What assets and what processes should I be

prioritizing in my audit plan?

• Could I use analytics to assess the effectiveness
• f controls?
• Do I have a broad scope of things to assess (i.e.

millions of transactions you need to sample from) where RPA could point out outliers and anomalies where you might find meaningful findings

12

Where to Start: Gathering Your Resources

• Is there a data governance committee at your
• rganization you can work with?
• Can they help you identify what data you have,

where it’s stored, and how it’s formatted?

• Is there standardization around sources?
• What technology is being used in different systems

(will depend on the data and where it’s coming from)

• Can I extract the data myself, or do I need a system

administrator to get the data from the system?

13

Types of data sources that are helpful for doing data analytics in an IT Compliance context:

Understanding the environment:

• Where does the data reside?
• Do you know path from source to data warehouse?

Pull information from systems into a data analytics platform:

• About assets (physical and data assets) from an inventory
• Policy info from a content management tool
• Controls/risks from GRC platforms and Jira
• HR/Personnel data from TriNet or Workday

14

Where to Start: Data Completeness & Accuracy

Data analytics will not be successful without a good data warehouse

• GIGO: The data you work with is
• nly as good as the source
• Agreement on source of truth
• Dealing with post-acquisition

15

Data Analytics Uses in IT Compliance Example:

16

Data Analytics Uses in IT Compliance Example:

Robotic Process Automation

18

Benefits of RPA

Accurate Consistent Available 24/7 Instantly Scalable

More time for creative, insightful, value-add activity

19

Challenges: Top reasons RPA fails during first implementation

Weak or no executive sponsorship 1 Inadequate data completeness and accuracy 3 Underestimate change management 2 Introduced too early within the transformation process 4

20

Challenges: Top reasons RPA fails during first implementation

Weak or no executive sponsorship

• Executive sponsorship enables the program to

– Solicit support from leadership within other departments – Navigate a politically sensitive environment – Effectively escalate when encountering resistance

Challenge 1

21

Challenges: Top reasons RPA fails during first implementation

Weak or no executive sponsorship

• Executive sponsorship enables the program to

– Solicit support from leadership within other departments – Navigate a politically sensitive environment – Effectively escalate when encountering resistance

Challenge 1 Change Management

• Regardless the intentions of the program (FTE reduction, operational efficiency, etc), those impacted by RPA

technology often react with anxiety upon first hearing of the tool.

Challenge 2

22

Challenges: Top reasons RPA fails during first implementation

Inadequate Data Completeness and Accuracy

• RPA is only as good as your data!

Challenge 3 Change Management

• Regardless the intentions of the program (FTE reduction, operational efficiency, etc), those impacted by RPA

technology often react with anxiety upon first hearing of the tool.

Challenge 2

23

Challenges: Top reasons RPA fails during first implementation

Inadequate Data Completeness and Accuracy

• RPA is only as good as your data!

Challenge 3 Introduced too early within the transformation process

• Unfortunately, many companies try implementing RPA when they still have disparate, complex processes,

yielding little to no ROI.

• Therefore, RPA should be introduced once processes have been optimized.

Challenge 4

24

When should you implement RPA? At the Tail End of Transformation

E

Eliminate

S

Standardize

O

Optimize

A

Automate

R

Robotize

25

The ESOAR methodology is a systematic framework used to enable transformation

E S O

Eliminate all unnecessary activities that impact time, cost, and effort. Addressing and eliminating the cause of waste and barriers to services shifts the focus to more value-added activities in your business operations, such as analysis. Standardize similar routine processes in the same repetitive manner by using standard templates to run transactions with less time and effort. Standardization is a way to avoid the cost of ERP customization and drive best practices Optimize using all the functions of existing tools to the maximum effect, including ERPs, processes, and workflows. Organizations often have the right tools, but don’t know to use them effectively.

26

The ESOAR methodology is a systematic framework used to enable transformation

Automate standardized manual processes – oftentimes possible with existing technology. Automation reduces or eliminates manual work, while delivering increased transparency and control over the process, with extremely high levels of accuracy. Robotize to drive efficiency in any remaining manual, repetitive, rule-based activities by simulating the activities of a human operator.

A R

Through a structured review of operations ESOAR allows us to understand current process drivers and enables next level of growth through transformation

27

RPA Uses in IT Compliance

Final Thoughts

29

Organizations should start their digital transformation journey by defining specific objectives, measurable goals, and metrics that can be used to track against those items

Thank You!

Contact: jsechrist@auditboard.com