governance of technology - uni-due.de...(ci) semi-cognitive robotic process automation (rpa)...
TRANSCRIPT
![Page 1: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/1.jpg)
Governance of Technology
Univ.-Prof. Dr. Marc Eulerich
Mercator School of ManagementChair for Internal Auditing
Univ.-Prof. Dr. Marc Eulerich 1
![Page 2: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/2.jpg)
1. Introduction
“The pace of change is so great, there is always something else going on. What that says to me is that you have to have strategic vision and
peripheral vision. Strategic vision is the ability to look ahead and peripheral vision is the ability to look around, and both are important.”
–Carly Fiorina (former Hewlett-Packard CEO) –
• With the adoption of innovative technologies and practices comes an evolving set of risks that must be assessed and managed.
è What innovations and disruptions have affected organizations and their governance?
è How has the company responded (or struggled to respond) to these innovations?
1. Introduction
Univ.-Prof. Dr. Marc Eulerich 2
![Page 3: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/3.jpg)
1. Introduction: Current Innovations
Univ.-Prof. Dr. Marc Eulerich 3
5448
38 35 3328
16 14 11 10
44
0
10
20
30
40
50
60
Data Analytics
Cloud Computing
Agile Proce
sses
Drones /
Mobile
Technology
Robotic Pro
cess
Automation…
Continuous A
uditing
Corporate Stra
tegy Changes
Artific
ial Intellig
ence
Regulatory Change
Digitaliza
tion
Other Innova
tions
DRIVING TECHNOLOGIES% of Participants
Internal Auditors’ Response ƚŽ��ŝƐƌƵƉƟǀĞ�/ŶŶŽǀĂƟŽŶ.........................................................................................................................
Margaret H. Christ, PhD, CIAMarc Eulerich, PhDĂŶĚ��ĂǀŝĚ��͘�tŽŽĚ͕�WŚ�
![Page 4: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/4.jpg)
2.1 Data Analytics
• IT-enabled data analysis techniques used to draw insights from raw information sources
• Data analytics is not necessarily new to many of the organizations, participants agree that it has been transformative for their organizations and the extent of its use continues to increase and evolve
• The most frequent risks faced due to the implementation of data analytics was risks related to data integrity.
• The most frequent tools used were Tableau and ACL. The next most recommended tools included R, Python, and SQL.
Univ.-Prof. Dr. Marc Eulerich 4
![Page 5: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/5.jpg)
2.1 Data Analytics
Best Practices: • Training: Survey respondents described a requirement to learn
and improve data analytics as part of the audit scope and the team's performance goals. Thereby, the IAF was better able to improve performance using data analytics.
• Maintain Strong Data Governance: Organizations should require and enforce the documentation of data libraries, which helps when staff leave their position. Also, spend upfront time to have and to keep data access and to structure the data in a controlled, meaningful way.
• Control of analyses: There is no control over what analyses are done, saved, shared, and relied upon. Thus, duplication and duplicitous analyses that have different results are possible. Providing control over who can perform analyses and how these analyses are reviewed/stored is critical.
Univ.-Prof. Dr. Marc Eulerich 5
![Page 6: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/6.jpg)
2.2 Automatisierung und KI
Univ.-Prof. Dr. Marc Eulerich 6
ACT
like a human
RULESLEARN
REASON
Basic process automation
– Built-in knowledge repository
– Learning capabilities
– Ability to work with unstructured data
– Pattern recognition– Reading source
data manuals
– Natural language processing
Enhancedautomation
– Artificial intelligence– Natural language
recognition and processing
– Self-learning (sometimes self optimizing)
– Processing of super data sets
– Predictive analytics/hypothesis generation
– Evidence-based learning
Cognitive automation
THINK
like a human
![Page 7: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/7.jpg)
2.2 Automatisierung und KI
Univ.-Prof. Dr. Marc Eulerich 7
Automatisierung
— Künstliche Intelligenz
— Spracherkennung und -verarbeitung
— Selbstoptimierung von Algorithmen
— Vorhersage von Analysen und Entscheidungsautomatisierung
— Selbstlernfähigkeiten
— Verarbeitung von nicht strukturierten Daten
— Mustererkennung und -verarbeitung
— Sprachverarbeitung
— Desktop-Anwendung
— Makrobasierte-Anwendung
— OCR und Bildschirmverarbeitung
KognitiveAutomatisierung
Entscheidungsfindung
Erweiterte Automatisierung
Maschinelles Lernen
Mer
kmal
eAn
biet
er
Einfache Automatisierung
Transaktionsbeschleunigung
SAP Nutzungs-
grad Work FlowRPA/ Screen
Scraping
— Desktop-Anwendung
— Richtlinien-digitalisierung
— Entscheidungs-modellierung
— Workflow-Automatisierung
— Nutzung der Möglichkeiten durch individuelles & angemessenes Customizing und Einrichtung von Stammdaten
Machine Learning
Artificial Intelli-gence
![Page 8: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/8.jpg)
2.3 Robotic Process Automation (RPA)
• Automation that allows the user to design a “bot” that performs routine, systematic tasks
• “When we have a [bot] collecting data then we need to understand what is happening. If everything is automated, there is a lot of risk around it, because as soon as the bot or drone starts doing something wrong, it’s going to keep doing it wrong until we catch it. That is the risk around bots in general. They are great because they don’t have human error, but they also don’t have the human brain.“ (CAE from the oil and gas industry)
Univ.-Prof. Dr. Marc Eulerich 8
But these...
We’re not talking about these kinds of
robots …
Although we tend to use these as a visual.
![Page 9: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/9.jpg)
2.3 Robotic Process Automation (RPA)
Univ.-Prof. Dr. Marc Eulerich 9
01 Scoping bestimmen
04 Prüfung eines/einer …
Test of Design
Test of Effectiveness
je BOT je BOT
Test of Design
Test of Effectiveness
je ITAC je ITAC
BOT
ITAC
02 GITCs Identifikation und Testing
03 Operating Model
Um die durch Automatisierung veränderte Risiko-position des Unternehmens einschätzen zu können, ist zunächst eine Abgrenzung von RPA gegenüber anderen Automatisierungen sinnvoll. Im Unterschied zu künstlicher Intelligenz und neuronalen Netzen ist Automatisierung mit RPA üblicherweise regel- basiert und deterministisch. Es handelt sich bei RPA um eine vorkonfigurierte Software instanz. Diese verwendet Geschäftsregeln und vordefi-nierte Aktivitäts-Choreografien, „die autonom eine Kombination von Prozessschritten, Aktivitä-ten, Transaktionen und Aufgaben in einem oder mehreren unabhängigen Softwaresystemen ausführen, um ein Ergebnis oder eine Digitalisie-rung mit menschlichem Ausnahme-Management zu liefern“.1
Unternehmen können mithilfe von RPA bei ver- gleichsweise geringem Entwicklungs- und Imple-mentierungsaufwand große Effizienzsteigerungen realisieren – und zwar ohne dass RPA ihr Umfeld, also den betreffenden Prozess oder die Entschei-dungsfindung, verändert.
Und RPA automatisiert nicht nur, sondern kann auch Kontrollaktivitäten durchführen. Dabei eignen sich sowohl Geschäftsprozesse als auch Kontrollen dann besonders gut zur Automatisierung, wenn ein klar dokumentierter und stabiler Prozess vorliegt und es!sich um regelbasierte, repetitive Tätigkeiten mit hohem Volumen und großer Häufigkeit handelt.
Neben den Vorteilen birgt RPA (umgangssprach-lich oft „Bot“ genannt) auch Risiken, die in den bestehenden internen Kontrollsystemen bisher nicht angemessen adressiert sind. Der Zugriff des!Bots auf Systeme und seine Rechte sollte dabei klar definiert werden. Und auch den mensch-lichen Zugriff (ob direkt oder indirekt) auf die Bot-Applikation und den Bot selbst sowie dessen Betrieb gilt es mit geeigneten Freigaberoutinen zu!steuern, um unberechtigte Eingriffe zu verhin-dern. Dazu sind eine ganzheit liche RPA- und Digitalisierungsstrategie sowie die Einbindung der!Anwendungen in das bestehende Interne Kontrollsystem erforderlich.
1 IEEE Corporate Advisory Group 2017
Abbildung 2: Prüfungshandlungen im RPA-Umfeld
»
»
Neben der notwendigen ganzheitlichen Betrachtungs-weise braucht es auch einen!für RPA geeigneten Prüfungsansatz.
14 CGO 07 | 2019 Robot Process Automation und IKS CGO 07 | 2019 15
© 2019 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative („KPMG International“), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten. Der Name KPMG und das Logo sind eingetragene Markenzeichen von KPMG International.
© 2019 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative („KPMG International“), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten. Der Name KPMG und das Logo sind eingetragene Markenzeichen von KPMG International.
![Page 10: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/10.jpg)
2.3 Robotic Process Automation (RPA)
Best Practices: • Recognize your limitations and focus on what you know: While some
companies suggested that auditors feel confident that they know enough about technology to perform an effective audit of RPA, others cautioned against overreaching. Auditors should focus on what they know well and not try to audit a technology that they do not truly understand.
Univ.-Prof. Dr. Marc Eulerich 10
Pattern based machine learning
Statistical modelling
Improvedworkflow
Cognitive intelligence
(CI)Semi-cognitive
Robotic Process
Automation(RPA)
Structured data
interaction
Incr
emen
tal v
alue
Mimics human intelligence
Past
1990’s–2000’s
Present Future
Optimized processthrough automation
2015–2020 2020+
Augments human intelligenceMimics
human actions
![Page 11: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/11.jpg)
2.4 Artificial Intelligence (AI)
• Processes that use intelligent machines to work and react similarly to humans, characterized by machine learning
• One of the greatest risks identified of using AI is that individuals may usesome form of AI but not understand what the AI is actually doing. When a new scenario is introduced, the concern is that the AI can be misapplied because of this lack of understanding
• Finally, of all the innovations measured, respondents report that they are the least prepared and least effective in the area of AI.
Univ.-Prof. Dr. Marc Eulerich 11
Supervised Machine Learning
Reinforcement Machine Learning
Unsupervised Machine Learning
Artificial Neural Network
Time Series Forecasting
User Behavior Analytics
Genetic Algorithms
![Page 12: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/12.jpg)
2.4 Artificial Intelligence (AI)
Univ.-Prof. Dr. Marc Eulerich 12Trends in Internal Auditing and Corporate Governance - SS 2018
Comparing outcomes to another source(s)
Understand and evaluate the AI model(s)
Develop AI solution(s) in a controlled environment
But each approach has its limitations
01 02 03
• Another (reliable) source might not exist
• Not always feasible to replicate the model / develop an alternative
• And if you have another source: why develop the AI solution in the first place?
• Model might be too complicated to understand
• Model uses techniques such as deep neural networks that are notorious in terms of explainability.
• Skilled people using a rigorous methodology in a secure environment is no guarantee for quality outcomes
• Using a rigorous methodology is in tension with an agile and explorative approach that is common in data science.
A governance framework helps define the optimal combination of controls across these three approaches
![Page 13: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/13.jpg)
2.4 Artificial Intelligence (AI)
Best Practices:• Training: Internal auditors need training, and as one respondent described,
internal auditors must “understand the principles of AI not just [recognize] the phrase as a buzz-word.”
• Understand the organizational plan for AI: Another respondent recommended that internal audit functions get a road-map for how process owners and executive management plans to roll out AI in the future so internal audit can prepare.
Univ.-Prof. Dr. Marc Eulerich 13
![Page 14: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/14.jpg)
2.5 Digitalization
• Digitalization is changing a business model by the use of digital technologies to provide new, value-producing opportunities
• In particular, digitalization is associated with increased cybersecurity risks because now key data and inputs are collected, recorded, stored and processed electronically.
• There are key risks related to the functionality of the technology itself. Technology failure or obsolescence can have a major impact on operational performance or the value proposition of the organization.
Univ.-Prof. Dr. Marc Eulerich 14
Transformation und digitale Veränderungen (1/3).
Künstliche Intelligenz
Cloud Computing
Robotics (RPA)
SonstigeBlockchain
Big Data/Analytics
Source: PwC (2017). Confidence in the future: Emerging technology and the finance function.
![Page 15: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/15.jpg)
2.5 Digitalization
Best Practices:
• Hiring the right (technology-focused) skillset: As organizations move to digitalize their operations, it becomes more critical that the internal audit staff have the appropriate technical acumen and IT risk knowledge.
• Invest in your people: Innovation like digitalization requires a flexible, agile internal audit workforce. CAEs also recommend really investing in the existing audit staff by increasing targeted training and working to make them true experts in the field. Specific training/skills described include cyber-security and network security.
Univ.-Prof. Dr. Marc Eulerich 15
![Page 16: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/16.jpg)
3. Conclusion: Strong Governance / Role in ERM
Strong Governance• While “strong governance” seems like an obvious best practice for all
organizations, it becomes even more critical in organizations that are encouraging innovation.
Role in ERM• In general, this recommendation highlights the importance of the assurance
functions being knowledgeable about all organizational risks early enough such that it can prepare to address them as needed.
Univ.-Prof. Dr. Marc Eulerich 16
![Page 17: Governance of Technology - uni-due.de...(CI) Semi-cognitive Robotic Process Automation (RPA) Structured data interaction lue Mimics human intelligence Past 1990’s–2000’s Present](https://reader035.vdocuments.net/reader035/viewer/2022062607/60443f27c2badf4eef7651e5/html5/thumbnails/17.jpg)
Univ.-Prof. Dr. Marc Eulerich
0203/379-2600
Universität Duisburg-EssenMercator School of ManagementLehrstuhl für Interne RevisionLotharstraße 6547057 Duisburg
https://www.linkedin.com/in/marc-eulerich-52075718a
@
YOU CAN DOWNLOAD CURRENT RESEARCH PAPERS FOR FREE ON:SSRN.COM