As automation moves from the factory floor to the business office, the CIO’s responsibility to ensure the integrity of business processes has grown. It’s no longer just a matter of automating processes through Business Process Management (BPM), digital process automation platforms, or even Robotic Process Automation (RPA). We’re looking more and more at the short- and long-term ramifications of automating parts of knowledge work done by people, through BPM, RPA, and artificial intelligence (AI).
This means that intelligence and know-how for certain types of work are increasingly being handled by software. The question is: How can we ensure that automation is in compliance with company governance, both at the project level and at the corporate level?
[ How can you automate more? Get the free eBooks: Getting Started with Kubernetes and O’Reilly: Kubernetes Operators: Automating the Container Orchestration Platform. ]
Here are some common mistakes and advice for CIOs regarding governance and business automation.
Mistake 1: Allowing too many functions to be automated without governance because it’s “easy”
The proliferation of SaaS and low-code tools has made it easier for business lines to get the capabilities they want without IT involvement. BPM tools aimed at “citizen developers” and the heavy push for RPA means that IT doesn’t always have eyes on what and how automation (especially task automation) is being integrated into business work and operational processes. Whether appropriate levels of security and project policies are followed comes down to whether or not the manager remembers to consider it.
[ Read also: 8 automation trends to watch in 2021.]
And once those services and tools became part of the business landscape, project leaders may come to IT looking to integrate them into existing systems. The role of the CIO is to be sure that organizational responsibility, quality control, financial compliance, security, and other governance requirements are understood well enough so that they are taken into consideration from the start by the responsible managers, or that those managers know when to ask the technical team for help to ensure compliance.
Whether appropriate levels of security and project policies are followed comes down to whether or not the manager remembers to consider it.
Good governance should include a wider view of what should be automated as well as how. Integrating RPA, for example, to automate tasks that are part of an inefficient process can result in a faster but still inefficient process, and multiple points connected to automation without reflection will multiply, not reduce, process inefficiencies.
[ Get no-nonsense definitions of RPA: How to explain Robotic Process Automation (RPA) in plain English. ]
Mistake 2: Waiting for business project leaders to ask for help
The technical team should work with business from the beginning on both process automation (BPM) and task automation (RPA) projects. Part of the project governance process itself should direct that IT and business are on the team together and that frequent communication is easy. Business’s job is to ensure that technologies comply with business processes and compliance rules; IT’s job is to help make sure that technologies are appropriately implemented – for example, that processes are secure and they don’t unintentionally expose sensitive information.
In organizations where business management understands and enforces good practices all the way down the organization, a CIO may not need to push so hard to remind everyone that decisions about automation and incorporation of solutions need to be considered with a larger view. But people are people, so it’s up to the CIO to assure that the IT team culture is one of cooperation with business as equals on the team, not a resource that’s deployed only when a need is perceived.
A well-integrated business-IT team means business isn’t afraid to ask for advice and help before making decisions to implement technical solutions, and IT is aware of and willing to help facilitate those decisions appropriately.
Mistake 3: Trusting that teamwork will just happen
It’s easy to say that IT and business teams should be well integrated, with a high level of trust and good communication – but saying it doesn’t make it so. So how can we actually help ensure that collaboration and trust are established so communication about automation decisions and governance happens in a timely fashion?
We have seen the most success with process automation in companies that establish a “Center of Excellence” (CoE) for their automation projects. A CoE includes key business and IT representation and responsibilities at multiple levels, from C-Suite to project leaders, and fosters collaboration by its nature.
A healthy CoE can help IT keep an eye on what and how automation is being integrated into business work through BPM, RPA, AI, and other implementations at various levels; it can circumvent the need for managers to ask for help or the need for IT constantly to assert its authority whether invited or not. And in the best case, corporate and project governance is “baked in” from the beginning of every project, whether carefully planned or ad hoc.
The CIO’s responsibility extends beyond technology. It may have always been so, but as technology capability moves more and more into the hands of business lines, full cooperation and teamwork all the way down is more important than ever. Establishing the rules and policies of corporate and project governance is a mutual responsibility, as is the implementation of “corporate guardrails” via technology in automation projects of all sizes.
Of course, CIOs know better than to not pay attention, wait for someone to ask, or to leave good teamwork to chance – but as with all best practices, stating them explicitly is a good way to center them for better action.
[ How can automation free up more staff time for innovation? Get the free eBook: Managing IT with Automation. ]