Advance

RPA

By DCoE, TP
DIBS
#DIBSToDisrupt
 In today’s session

A quick recap of last session

Best practices in Process Capture and Diagnostics

Best practices in Functional Solution Design

Infrastructure / hosting models and security

Pareto of Automation

#DIBSToDisrupt
 Recap
1. What is Robotic process automation?
● Standardized process | Computer Script | Mimics Human actions
2. What is driving this change?
● Customer Experience | Efficiency | Compliance and Control
3. Modes of Automation
● Attended (RDA) | Unattended (RPA) | Hybrid (RDA + RPA)
4. Identify which process is best candidate for automation
● Manual | Repetitive | Low Exceptions | Stable Ops | Standardised inputs / formats | No projects with scope
overlap
5. How to approach your RPA Journey?
● APDLO Automation Framework
6. Benefit calculation
● Payback period - <9 months
7. Team Structure - Building a Robotic Operating team
● PM | BA | SA | DEV | TA | CM | Ops TL | Support TL
8. BOT Mortality
● Overlapping projects | Value not delivered | Process / System changes | Change in Business priorities etc

#DIBSToDisrupt 1
Process Capture
and
Diagnostics
#DIBSToDisrupt 4
Factors driving Automation potential

2. Process Type 3. Standard input

● Manual & Repetitive – A process which is ● Input are standard – Inputs are standard if the
performed by user and most of the process steps content is positioned in the same place even if
are same of all cases or transactions. the input types are different. E.g. Position of 4. Process or applications used
details in an invoice like invoice number, date,
● Semi Manual & Repetitive – A process which is amount, Name etc. in an input type(PDF, Word ● The process or applications used to process a
performed by user and also involves any etc. )are always fixed. case going to change within 3-6 months. E.g.
automation mechanism like Macro, Outlook plug- Major upgrading in ERP system, process re-
● Input are NOT standard – Inputs are considered
ins, etc. engineering etc.
● Automated – A process is already automated 3
as not standard when the position of content
varies in the input type(s).
specify using what in comments
● Manual But Not Repetitive – A process which is
performed by user and process steps for each case
will not be same. 3
4

2
1. Rule Based 2 5. Unknown Exceptions%
● Agent/user doesn’t use his/her experience to
1 5 ● %age of the total volume revived cannot be
take any judgment or make decisions while 5 processed which cannot be processed which
processing a case but on the business rules and cannot be processed without an external factor
pre defined logic query/approval.

#DIBSToDisrupt 2
 Laying out ‘As-Is’ process flows
What to capture? And How to Capture?

Detailed – L4
High Level

Customer Sales Management Credit department

AS-IS
Credit
Buy Product Sales Call
Department

Process steps Step 1 Step 2 Step 3 Step 4 Bad Credit

Create Form Order Entry Credit Check
Application 1 Application 1 Application 1 Application 1
Application 2 Application 2 Application 2 Application 2
Order form High
Application 3 Application 3 Application 3 Application 3
Applications used OK balanc
e
5 mins 2 mins 3 mins 6 mins Review Accounts
receivable
Balance
AHT
OK

Credit issued Calculate

report Credit

OK

Terms
Approved

#DIBSToDisrupt 3
Process Maps
Address Change Request

#DIBSToDisrupt 4
Exercise : How many paths are there in this process map

Start

Step 1

Step 2 Decision 1 Step 3 Step 4

Step 5 Stop

Decisi
Step 6
on 2

#DIBSToDisrupt 5
 Exercise : How many paths are there in this process map

A
Start

Step 1

Step 2 Decision 1 Step 3 Step 4

C
F
Step 5 Stop
D
Path Effort

A-B-F 10% 33 Decisi

Step 6
on 2
A-C-D-F 20% 22

A-C-D-E-F 70% 11
E
#DIBSToDisrupt 6
Exception Handling

Exception
● Mandatory details are missing
Handing ● Application stops responding
or incomplete/ unidentifiable
● Email attachment is not ● System login failure
available

Business System
Exception Exception

Known Un-Known Known Un-Known

New situation never encountered

before, which can be caused by
New situation never encountered
Previously encountered. external factor and cannot be
Experienced previously, action plan before, or may happened
A scenario is defined with clear predicted with precision.
or workaround available for it. independent of the applications
action/ workarounds for each case. However if it occurs, it must be
sed in the process.
communicated to and authorized
person for evaluation.
#DIBSToDisrupt 7
Functional Process Maps / Swim lanes

#DIBSToDisrupt 8
 Volume Forecast : Effort Chart basis volume forecast

Project start Project payback period

9,000

8,000
Assumed effort for this year
7,000

6,000
Man hours

5,000

4,000

3,000 Assumed effort for this year

2,000

1,000

0
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Months
Queue 1 Queue 2 #DIBSToDisrupt 9
Complexity factors

Type of Application - java Applications, Structured Inputs - Machine readable and Free Text - Flow of Information as free
Mainframe applications, SAP, Web based digital inputs, Scanned PDF Image/free text (Unstructured informational flow)
applications, Dotnet applications, MS flow texts in Emails are unstructured within the process
office Etc. inputs

Number of screens - involved Variations/scenarios - within Standard Inputs - Images based automation –
in a process can be taken as a the process (Number of If Templated inputs, same VDI/remote desktops/ Citrix
proxy for number of steps Else king of Rules) format or type of inputs
across cases

#DIBSToDisrupt 10
Functional Solution
Design

#DIBSToDisrupt 14
Best Practices

Define tasks to be done by Human

and tasks to be done by bot

Avoid too many hand-offs

between bots and humans

Logically group steps

#DIBSToDisrupt 12
How to maximize saves

Goal :
Average Handle Time reduction of the overall case / transaction / call?
Or
Reduce the human effort even in cases where we are not able to reduce the
overall AHT
Scenario #1 Scenario #2 Scenario #3
Limited benefit because of agent wait time Maximizing benefit by logical grouping steps Despite of no reduction in handle time we can
while attended bot is working and moving them to unattended bots maximize benefit

Step Unattended Attended Human Unattended Unattended

Bot Bot Step Attended Bot Human Step Attended Bot Human
Bot Bot

1     1 1     1 1     1

2   1   2     1 2 9    

3   2   3     1 3      

4     1 4 2     4      

Processing Time before automation 10 Processing Time before automation 10 Processing Time before automation 10

Processing Time post automation 5

(Human) Processing Time post automation (Human) 3 Processing Time post automation (Human) 1

Save % 50% Save % 70% Save % 90%

#DIBSToDisrupt 13
Infra & Hosting Models

#DIBSToDisrupt 17
RPA
Infrastructure
and Ecosystem

#DIBSToDisrupt 18
Infrastructure types and their components

On
On Premise
Premise Cloud
Cloud based
based

Set up requiring a physical environment for hosting data and A multitenant environment provided by a third party service
associated components provider making computer resources available as and when
needed and in whatever capacity.
Hardware Components Network Components
Desktops / Laptops Switches
Server / Storage Routers
Routers / Switches Access point
Firewall Servers
Fixed line or Wi Fi Solutions

● All the software and data resides within premises ● Publicly shared virtualized ● Privately shared virtualized
● Needs extra security since organisation is responsible to resources resources
maintain the solution ● Supports multiple customers ● Cluster of dedicated
● Upscaling can be cost intensive ● Supports connectivity over customers
● Managing & maintaining the infra leads to high OPEX owning to internet ● Connectivity over internet,
server hardware, space & power consumption ● Suitable for less confidential fibre and private network
● Difficult to cross-utilize the infra for organizations managing information ● Suited for secured confidential
multiple client information and core systems

#DIBSToDisrupt 19
On-premise & cloud solution in the RPA deployment

Database Orchestration
server server

UNASSISTED BOT MACHINES

Database server(Optional)
UNASSISTED BOT MACHINES

ASSISTED BOT MACHINES

ASSISTED BOT MACHINES

#DIBSToDisrupt 20
Automation Ecosystem

Studio Orchestrator Robot

● Desktop application that enables users to ● Enterprise architecture server platform. ● Windows service that executes automation
automate with highly intuitive tools; not code Supports the following: instructions
● Includes the following: o release management
o process recorders o centralized logging
o drag & drop widgets o reporting, auditing, monitoring tools
o best practices templates o remote control
o centralized scheduling
o queue/robot management

#DIBSToDisrupt 21
Attended and Unattended Robots

ATTENDED ROBOT
ATTENDED ROBOT UNATTENDED ROBOT
UNATTENDED ROBOT
●● Assists
Assists human
human operators.
operators. ●● Doesn’t
Doesn’t require
require human
human intervention.
intervention.
●● Triggered
Triggered manually
manually and
and running
running locally.
locally. ●● Triggered
Triggered and
and running
running remotely.
remotely.
●● Fit
Fit for
for the
the manual,
manual, repetitive,
repetitive, rule-based
rule-based ●● Fit
Fit for
for manual,
manual, repetitive,
repetitive, rule-based
rule-based back
back office
office
activities, requires human intervention.
activities, requires human intervention. activities NOT requiring human intervention.
activities NOT requiring human intervention.
●
● Communication
Communication with with Server:
Server: bi-directional
bi-directional ●
● Communication
Communication with with Server:
Server: bi-directional
bi-directional
(restricted).
(restricted). (unrestricted).
(unrestricted).
●● Robot
Robot to
to Server:
Server: Execution
Execution logs,
logs, automated
automated ●● Robot
Robot to
to Server:
Server: Execution
Executionlogs,
logs, automated
automated
process upload.
process upload. process upload,
process upload, robot
robot status
status
●● Server
Server to
to Robot:
Robot: Automated
Automated process
process version
version ●● Server
Server to
to Robot:
Robot: Automated
Automated process
process version
version
deployment ONLY
deployment ONLY deployment, schedule, start, reset
deployment, schedule, start, reset
Features:
Features: Features:
Features:
●● Process
Process management
management (automatic
(automatic process
process ●● Process
Process management
management (automatic
(automatic process
process
update/rollback)
update/rollback) update/rollback)
update/rollback)
●
● Agent
Agent assisted
assisted mode
mode ●● Asset
Asset management
management
●● Centralized
Centralized logging,
logging, reporting
reporting and
and auditing
auditing ●● Centralized
Centralized logging,
logging, reporting
reportingand
and auditing
auditing
tools.
tools. FO and monitoring
and monitoring BO
#DIBSToDisrupt 22
Environment configuration order

D Development environment

UAT environment
U
P Production environment

#DIBSToDisrupt 23
Implementation
methodology -
Security

#DIBSToDisrupt 24
Authentication
Authentication of users

In Windows session
● The credentials use for authenticating the windows session and
starting the workflow will be stored into Orchestrator
● The robot does not require administrator privileges to run
● Various options for robot accounts: one generic account,
multiple technical accounts or user accounts
● Analyze the benefits of each approach for the automated
applications.

In applications
● The work done by the robot requires using credentials.
● The credentials can be stored locally, in the windows Credential store
in the Orchestrator Database, encrypted.
● Each robot can use its own set of credentials. Since the robot
operates as a human operator would, it can use SSO the same way.
● Besides the two described methods for storing credentials, a third
party solution for credential storing can be used.
#DIBSToDisrupt 25
Authentication
Authentication of users

With username and password

● Each Orchestrator user can log in with username and password
● The associated roles can be fully customized based on granular
permissions

Active Directory integration

● The login to Orchestrator can also be done using Active Directory
integration. This can be achieved by associating AD users to
groups and assigning Orchestrator roles to particular groups
● The members of the groups would be able to automatically log
into Orchestrator

#DIBSToDisrupt 26
Environment Setup

Robot Grouping Mentions

● Administration ease
By process ● Low flexibility
● Low robot utilization

By used applications ● Administration difficulty

● High robot utilization

Mixed approach ● Optimal choice

#DIBSToDisrupt 27
General Controls - Access to Program and Data S

Risk : Unauthorized access to program and data may result in improper changes to data or destruction of data.
Objectives : Access to program and data is properly restricted to authorized individuals only.

Area Control Design How to Test/Validate

A formal process for granting or modifying system access (based on appropriate

User access provisioning level of approval) is in place. Review an evidence of approval

A formal process for disabling access for users that are transferred or separated is in Compare existing user accounts with a list of users that are
User access de-provisioning
place. transferred or separated

Periodic access reviews of users, administrators, and third-party vendors are

Periodic access reviews performed. Review an evidence of periodic reviews

Password requirements Unique (to individual) and strong passwords are used. Assess password rules enforced

Privileged user accounts Accounts having privileged system access rights (e.g. servers, databases, Review accounts with privileged access rights
applications, and infrastructure) are limited to authorized personnel.

Only authorized personnel are allowed to access secured areas and computer
Physical access facilities. Walkthrough of areas (e.g. data center, backup storage etc.)

High level encryption protocols protect the management details of the credential Review the encryption type\strength and collect necessary
Encryption vault. Encryption deals with protection of the company from external malicious
evidence
attacks.

Logging facilities and log information shall be accessible to only authorize Users. All  All logs shall be maintained for a period of one year (or) as
Audit logs per the client specification, whichever is longer. Untampered
devices, wherever possible, shall have audit logs enabled with retention period.
logs shall be archived to centralized server.
Only required IP’s and port has to be allowed for communication and ensure Firewall Ruleset review specific to Source and Destination
Network security security attributes for all network services to protect information from IP’s. Evidences of Network Security Controls and Monitoring
unauthorized access. All traffic flowing in both direction shall be monitored. logs.
#DIBSToDisrupt 28
General Controls - Program Changes \ Program Development S

Risk : Inappropriate system\program (or) changes to systems\program (or) any development\implementation may result in inaccurate data
Objectives : All changes to existing systems are properly authorized, tested, approved, implemented and documented.
New systems/applications being developed or implemented are properly authorized, tested, approved, implemented and documented.

Area Control Design How to Test/Validate

Change management Review/assess change management procedures and validate

control A formal process for proper change management is in place. that procedures are followed
Change documentation All changed made to systems (e.g. servers, databases, applications, batch jobs and
Review change logs
infrastructure) are documented and tracked.
Post change/
implementation testing and Appropriate level of testing is performed. Review an evidence of test plans and results
reviews
Appropriate approval is required prior to migration to production. Client
Approval involvement and Client Infosec Sign off is necessary along with Internal security Review the mail evidences, request and approvals
team approval.

Migration Access to migrate changes into production is appropriately restricted. Verify that a separation of duties (SOD) between developers
and operators ( making changes) exist
All the system and their version shall be tested on a test
Version controls All software and firmware has to be up to date, Previous version of the software environment prior to implementing them on live production
shall be retained as a contingency measure for critical system software.
systems.

#DIBSToDisrupt 29
General Controls – Operational Security S

Risk : Systems or programs may not be available for users or may not be processing accurately
Objectives : Systems and programs are available and processing accurately.

Area Control Design How to Test/Validate

Source code shall not reside on the local workstation or on
Software program source code are protected from unauthorized access and to the deployment server, except for web application. All such
Secure Code Review code shall be stored in secured repository. Need based
maintain the confidentiality.
access shall be provided to the relevant digitization team
member.
Vulnerability Assessment \ Vulnerability Scanning has to be done for the servers and applications and for Public Review the VA report and closure of each vulnerability and
Penetration Testing IP’s. External Vulnerability Scan and Penetration testing is mandatory their frequency
Review the Retention requirement and storage period of
Retention of Database Retention period of data and purging process has to be documented and followed data
Backup and recover Backups for critical data and programs are available in the event of an emergency. Review/assess procedures for backup and recovery and
validate that procedures are followed
A formal process for problem/incident handling is in place in order to ensure timely
Problem/incident identification, escalation , resolution and documentation of problem and ensuring Review/assess procedures for problem/incident
management management and validate that procedures are followed
protection against malware and Trojans
BCP shall be carried out by the implementation team under
Disaster Recovery Plan Business continuity management is carried out by BC plan and it is verified by the guidance of ISMS team and shall be reviewed and
(DRP) and Business
conducting periodic drills. authorized by the committee. It reviewed at least on annual
Continuity Plan (DRP) basis.
Operating System and Application has to be installed with latest patch and ensure Review the patch management process and collect the
Patch management
testing is done before implementing on production system evidence related to testing and implementation.

#DIBSToDisrupt 30
Pareto of Automation

#DIBSToDisrupt 31
Pareto of Automation : 16 Blocks of RPA S

Consolidate info from Rule based decision making / Calculation OCR (or) Download Upload
multiple apps / website processing bot bot screen scraping Files

Validate Rule based Investigation Disposition/ Checklist Bot Data entry Understand free text / Write to file (any format –
phrases with dictionary / NLP doc classification example)

Add Notes / document Classification - Emails / Docs Generate Dashboards Agent Assistant
Mode

#DIBSToDisrupt 32
How to leverage RPA in Customer Service

Voice domain
Unified screen – Combining the information from multiple screen to one, Faster information access if same
Workflow Automation –Routing requests to back-office , Automated notes, locating cust info, Recommendation engine Read and interpret information
Visual IVR – Visual display of IVR options for an interactive and user-friendly interface
Improving web & mobility solutions to drive self service - App and website enhancements, Building connectivity b/w application
Analytics & Performance Management – Voice analytics to reduce dependency on manual QC and faster insights, Mobile and visualized dashboards

Backoffice and support domains

Back-office Automation RPA robots can greatly enhance productivity by handling tedious and productivity-draining tasks such as opening trouble tickets, inputting
data, or filing claims Compliance RPA agents can maintain compliance with regulations such as PCI, HIPPA and SOX, as they are not subject to the costly mistakes
that live agents sometimes make, breaching compliance regulations and exposing the business to lawsuits
● Fraud Detection RPA can reduce social engineering, match against watch lists, detect potential fraud, notify customers of potential fraud attempt, and then
take further action based on the customer response
● Personalization When used alongside sales agents, RPA agents can provide real-time guidance and provide targeted, personalized information that will help live
agents increase sales
● Security RPA agents can be used to increase security, for example, by performing the multiple logins that are sometimes required for other personnel to access
multiple systems or applications, as well as monitor for exception handling. In addition, because they are “virtual,” RPA agents also can access data that is
restricted to personnel, thus bypassing a security hurdle to complete a process

#DIBSToDisrupt 33
Getting started
with RPA

#DIBSToDisrupt 34
Implementation Journey - Ownership matrix
Prepare RPA Solution Design Build PRA Solution Test RPA Solution Stabilize RPA Constant Improvement

Inventory of the PDD Creation Performance

Automate Process Perform UAT Move to Production
Process and signoff assessment

Process Owner RPA IT+ RPA Developer+ Business Analyst +

Business Analyst Business Analyst RPA Developer support solution architect PM+PO
Opportunity assessment Training + Procedures
Create Test Scenarios Prepare Test data Bug fixing Benefits tracking
for RPA & User Manuals
BA + Dev + Process
Business Analyst Business Analyst/QA Process owner + IT RPA Developer Process Owner
Owner
Decision regarding Process and robots Process and robots Coordinating testing &
Production monitoring Managing changes
pipeline Prioritization architecture architecture Record Test results

Business Solutions architect Business Analyst Business Analyst RPA Support COE+

Planning & Prepare UAT Prepare signoff for Measuring the Expected
Security & infra review
communicate changes enviroment production vs Actual results

PM IT IT Business Analyst Business Analyst

Prepare Dev Test Documenting Lessons

environment Learned

RPA Developer COE+

Handover Documents
Prioritized pipeline finalized Automation Automated Release in Monitor and
business benefits requirements processes production Improve
Business Analyst
#DIBSToDisrupt 35
Follow us
teleperformancedibs.com

/Company/TPDIBS

/TPDIBS

@TPDIBS

@tpdibs

/teleperformance

blog.Teleperformance.com

#DIBSToDisrupt 36