Managing Risk
The Blue Prism ROM covers a number of possible risks and considers how they can be mitigated in any deployment.
Below are a list of risks which should be considered and prepared for at the beginning of any Digital Workforce deployment:
To mitigate this risk ensure a Head of RPA is in place to own design and deliver the vision for RPA
Blue Prism is being used to deliver tactical and low-value automations.
To mitigate this risk ensure the RPA vision is aligned with corporate strategic goals
To mitigate this risk ensure that RPA is communicated to the organisation from the top down to encourage cultural adoption.
- Ensure that the executive sponsor is engaged with the RPA vision and strategy and is the appropriate level of leadership
- Ensure that there is a sub-sponsor or appropriate hand-over in place in case of loss of sponsor.
No one is in control and driving the RPA activity within my organisation.
To mitigate this risk ensure a COE is established to provide centralised control and a Head of RPA is in place to own and deliver the vision for RPA. Ensure an empowered governance board is established with representation from IT, RPA and the business
Where the volume of automation opportunities outstrips the ability to develop the processes within a centralized model, a bottleneck may result. This may lead to disillusionment in those submitting processes for automation. Read more on the different organizational models here.
To mitigate this risk align your vision with corporate strategy and integrate your Digital Workforce into the organisation to facilitate business integration through cultural adoption.
To mitigate this risk ensure the Governance Board define a set of criteria that much be met before any process moves forward to the build prioritisation phase.
To mitigate this risk ensure the Governance Board meet regularly and predictably to discuss new candidates. RPA Evangelists ensure RPA capabilities are demoed to the organisation.
To mitigate this risk ensure a proven and tested opportunity assessment process has been signed off to identify, validate and prioritise process automation candidates. Also, ensure the Governance Board meet regularly and predictably to discuss new candidates.
To mitigate this risk ensure the Governance Board have responsibility for reviewing and approving changes as well as new automation requests.
To mitigate this risk ensure that the appropriate tracking tool is utilised. Processes can then be captured, added to the backlog, incubated and prioritised easily. This may be an internal SharePoint or spreadsheet, or the Blue Prism Process Assessment Tool which is available on the portal.
Not all business areas may be engaged during the discovery phase and therefore may not understand the art of the possible or the capabilities of Blue Prism.
To mitigate this risk ensure that a structured and planned approach to discovery workshops and that all stakeholders are educated in the art of the possible
Blue Prism Version 6.3 and above has the ability to import “Skills” - enabling Intelligent Automation and connected RPA.
The Decipher product provided by Blue Prism is a best in class document processing tools enabling connected RPA. Find it on our portal from early 2020.
Check out our Digital Exchange for the range of Skills available
To mitigate this risk it is essential that you ensure access controls are in place and defined by an effective access policy. Read more on access controls.
Business process changes and IT changes both reactive and proactive will cause my Digital Workers to terminate or process cases incorrectly. To mitigate this risk ensure that a mechanism in which CHANGE to both business processes and core IT application changes are communicated to the Blue Prism team in advance
To mitigate this risk ensure logical environment separation is in place. For example - development, test and production Blue Prism environments. You should also ensure that access to production processes are restricted via the Logical Access Model and releases are strictly controlled.
To mitigate this risk consider enabling multi-teams which ensures segregation of processes objects and runtime resources per business area.
To mitigate this risk ensure a Design Authority is in place to establish best practices and standards, and to review any proposed designs for new automations.
To mitigate this risk ensure a proven and tested formal design peer review process is in place. You should also:
- Ensure correct logging is in place
- Ensure correct exception handling is present in both design and build, including raising automated tickets for consistent system exceptions.
Because no design documentation is created, Developers choose how to build objects and processes during development, resulting in automations that do not follow best practices & standards. Reusability is not promoted.
To mitigate this risk ensure an established tried and tested delivery methodology is in place and adhered to.
To mitigate this risk ensure that Object Designs (ODIs) are created adhering to best practices and suitably peer reviewed. Establish an Object Design Library and review and update it at regular intervals
To mitigate this risk ensure a formal test approach is defined
This is likely caused by poor quality of Process Definition Documents.
To mitigate this risk ensure Process Definition Documents (PDD) are completed to a high standard and document every step at a click-by-click level.
When a new process is deployed into production, it becomes apparent details such as exception forwarding, operating hours and service level agreements were overlooked
To mitigate this risk ensure a completed Function Requirements Questionnaire is provided for all automation projects accompanying the process definition documents
To mitigate this risk ensure knowledgeable and experienced delivery leads are in place to mentor the delivery team. Partner resources could be leveraged for this. Build best practices can be found here.
To mitigate this risk:
- Ensure that all of Blue Prism’s control functionality and procedures are being followed in the supervision of an SME
- Ensure that the documentation and data being used to feed the automation is archived as classified and treated accordingly.
During operational downtime due to production outages, Blue Prism Support are not contacted and informed of problems, resulting in an impact on response times and turnaround.
To mitigate this risk ensure that a documented Blue Prism support agreement exists and is reviewed at regular intervals. You should also be aware of:
To mitigate this risk, ensure all members of the team know how to raise incidents with Blue Prism by following the instructions here.
Internal IT teams are not familiar or aware of Blue Prism infrastructure components. This could greatly effect troubleshooting environment problems.
To mitigate this issue ensure a documented IT support policy, including environment diagrams and descriptions, is in place and is reviewed regularly.
...or work is not being processed during production downtime by business teams.
To mitigate this risk ensure that DR and Business Continuity plans are in place and documented to handle exceptions during any Blue Prism downtime. Such plans should be tested at regular intervals.
To mitigate this risk ensure a segregation of duties exists where dedicated Blue Prism Controllers are in place to monitor production processes and react quickly
This can result in diminished benefits.
To mitigate this risk ensure suitable business analysts are in place and are responsible for finding the processes and business case and defining the requirements
To mitigate this risk ensure experienced Lead Developers have completed the Lead Developers' training path and studied the solution design guides. This will ensure solutions are designed in accordance with standard Blue Prism design principles and conventions.
To mitigate this risk ensure developers adhere to the Developer training path, revisiting training guides, tutorials and self-tests on the Blue Prism University where necessary.
To mitigate this risk ensure separate development, test and production Blue Prism environments exist.
To mitigate this risk ensure a Data Access Policy is in place and adhered to. Ensure appropriate process logging policies are in place and adhered to.
Ensure Work Queue Item IDs do not contain sensitive data.
To mitigate this risk ensure a Data Retention policy is in place and adhered to by all automations. Implement a “purge” process to maintain Blue Prism Work Queues and remove old data.
To mitigate this risk ensure you implement an archiving and backup policy for logs and data. Also ensure developers are adhering to the logging policy to ensure only essential logs are created.
To mitigate this risk ensure a Logical Access Model is defined and adhered to for Blue Prism users.
Permission to configure settings on Digital Worker Resource PCs such as disabling screen locking, disabling font smoothing, registry settings may be difficult to obtain from IT.
To mitigate this risk engage the IT department early during the RPA capability creation to agree policies for resource PC configuration .
- Pen testing which can be performed by 3rd party providers to ensure any security gaps in the environment set-up are highlighted
- A Blue Prism Technical Infrastructure Assessment (TIA) to highlight any best practices or performance gaps.
To mitigate this risk:
- Ensure that any new infrastructure implemented is designed with high availability in mind
- Ensure a disaster recovery process and plan is in place and regular fail-over tests are conducted.
Blue Prism’s Success Accelerator program combines various levels of mentorship and access to our Expert Services, Technology Ecosystem and Certified Partners based on the size and maturity of your digital workforce operations.