Robotic process automation (RPA) is among the hottest topics in today’s enterprise. RPA simplifies business processes by mimicking human actions and automating repetitive tasks without altering existing infrastructure and systems. Nearly every day, we hear stories of organizations streamlining operations and optimizing costs with RPA.
Why is this technology gaining such attention? Because it has the potential to make enterprise-wide business transformation a reality.
As directors continue to rethink and address their organization’s strategy, RPA should be considered as one component of an array of emerging technologies that are changing the game. These solutions include artificial intelligence, cognitive computing, and machine learning. Many call this the Fourth Industrial Revolution, and for good reason. Nearly half (47%) of US jobs could be impacted by computerization, according to a 2016 report authored by Oxford University and Citibank.
Sitting on the sidelines is no longer an option. Robotics technology has moved beyond proof of concept, and the business benefits are increasingly clear and attainable. In a recent example, EY worked with the Robotics Center of Excellence for a major U.S. bank to scale robotics on a global level. Results included a significant reduction in full-time employees (FTEs) across back- and middle-office business processes and decreased runtimes for automated processes. Leading organizations will focus on the long game, planning for scale, speed and pace of adoption on the automation journey.
Boards will play an important role in helping organizations seize automation’s full advantages—reduced redundancies, improved accuracy, speed to market, and the ability to free human staff for high-value work. Vigilant corporate governance will help promote the establishment of a robust operating model and provide oversight of controls and risk management. From the highest levels, the enterprise must successfully manage changes in technology, processes, and people to seize opportunity while enhancing risk management.
The Need for Strategic Vision
Boards looking to enhance oversight of corporate strategy in response to these disruptive forces can learn from the industry’s early successes and failures.
Despite industry promises of rapid, low-cost success, automation is not a one-size-fits-all journey. The board must guide leadership to make certain that a robust operating model exists for leveraging the best-fit technologies to meet the organization’s needs.
The operating model must adapt to support a hyper-agile implementation approach. EY recently worked with the C-suite of a leading financial services corporation to design a centralized automation strategy. This strategy established a common framework to support its federated environment. Ensuring that the company has adopted the right operating model is key to accelerating technology adoption and streamlining change management to succeed in an environment that is continually evolving.
The automation journey should also be results-driven, with an emphasis on return on investment. For one global insurer, EY developed a proof-of-value to explore opportunities to automate labor-intensive back-office processes. The results helped management make an informed decision based on tangible outputs. When implemented, robotics cut the cost to deliver high-frequency tasks in half. If properly designed, the automation journey can be self-funding using a laddered process, with the cost savings realized on initial programs used to fund successive initiatives. This contrasts with the enterprise-wide implementation model common with many legacy solutions.
A robust operating model can also help mitigate risk. For example, because many automation solutions are engineered to work with current enterprise software, the operating model must account for changes in an organization’s software layer. If changes are made without considering the automation tools, they can quickly crash important processes.
The Human Equation
Along with planning for the technology changes, boards must foresee the human elements of transformation and embrace the workforce of the future.
It is not uncommon for today’s powerful RPA technology to reduce the number of humans needed on a data-intensive process from 50 people to five. A robot costs approximately one-third the price of an offshore FTE and as little as one-fifth the price of an onshore FTE, according to the Institute for Robotic Process Automation. Boards must think strategically about a company’s entire workforce mix—from where people are located to who (or what) performs specific roles.
Yes, the opportunity for cost optimization exists. But forward-thinking companies will seize the advantages of reallocating and retraining people currently in rote functions to higher-value tasks that generate business insight. The board should set clear expectations for managing human capital beyond layoffs—to leverage people to gain a competitive advantage.
The bottom line is that workforce transformation enabled by automation is coming quickly. In fact, it’s already happening. The boards that realize this soonest and come prepared to lead management on a journey that optimizes both technology and people will position their organizations to win in the long run.
Anthony Caterino is vice chair and regional managing partner of the Financial Services Organization at EY. Steve Klemash is a leader in the EY Center for Board Matters in the Americas.
While technical defenses might help stave off some attempted hacks, sooner or later a company will become a victim of cybercrime, and a contingency plan for communicating about the aftermath of an attack is critical for any organization. RANE recently reached out to several experts for their advice to companies for managing the flow of information and maintaining control of an organization’s reputation in the event of a breach.
The Initial Response
Ann Walker Marchant
“There’s a lot to gain or lose when you approach the equity you’ve built in your brand—and trustworthiness is part of the value of your brand,” says Ann Walker Marchant, CEO of The Walker Marchant Group. After a breach, an organization’s leadership must keep in mind all of the people who have placed trust in the brand. The impacted enterprise must convey that it is “willing to do whatever it takes to ensure you minimize risk to them,” she adds.
“You have to understand that it’s most important you’re communicating with your own people internally,” Christopher Winans, executive vice president and general manager at Hill+Knowlton Strategies, argues. Organizations should not allow internal stakeholders to learn about a crisis from external sources. “When your own people are finding out through press reports, it harms confidence within your [entire organization].”
“With a cybersecurity breach, you often don’t know what’s been compromised, at least at the very beginning,” Walker Marchant explains. Often, the best bet is to expect the worst. “You’ve got to assume they’ve got everything and act accordingly without appearing to create fear and panic with your internal and external audiences,” while simultaneously dealing with pressure from various audiences and stakeholders, Walker Marchant said.
Reaching Out to Regulators
A client update published by Debevoise & Plimpton LLP, titled “How to Disclose a Cybersecurity Event: Recent Fortune 100 Experience,” states that Fortune 100 companies disclosed 20 “incidents of major data breaches or cybersecurity events between January 2013 through the third quarter of 2015.” Most of the affected organizations made initial public announcements via news reports instead of a current report on Form 8-K. Debevoise & Plimpton notes that companies that did go the Form 8-K route “most often did so where the breach involved customer financial information.” Organizations, the report’s authors add, “should also be mindful of selective disclosure issues and their obligations under Regulation FD.”
Debevoise & Plimpton also warns against the risk of disclosing incomplete information regarding a breach, noting that “the ‘known’ facts may represent a small piece of the cybersecurity risk mosaic, which can require significant forensic research to assemble.” Potential inaccuracies in any disclosure represent yet another risk for organizations.
Subsequent reporting of updated cyber risk factors were largely contingent upon how breaches were initially disclosed in periodic corporate reports. In annual reports that come after a material breach, the Debevoise & Plimpton report notes, many corporations “view their annual report as an opportunity to update and tailor risk factors more generally, and the occurrence of an intervening cybersecurity event provides fodder for such fine tuning.”
Differing Perspectives Within an Organization
Caution is important, although any delay in responding in a timely manner also presents a risk for targeted enterprises. At the outset of planning the response, Winans adds, “It is better to tell your constituencies what you don’t know than it is not to tell them anything.”
However, there are often conflicting viewpoints of how to act in the immediate aftermath. “The tech guys will weigh in and say the best thing the company can do is get a hold of the FBI and find all the things in the network that are screwed up so they can take action to fix it,” says Steven Bucci, a visiting fellow for special operations and disaster management at The Heritage Foundation. “But you’d be hard pressed to find any lawyers to give their leaders that advice; instead, they’ll say it will hurt the company’s bottom line, it’ll hurt the company’s stock, and it could open up the organization to claims by competitors. While all of that, frankly, is true, that leaves the organization as vulnerable as they were before the breach—and probably also in violation with the Securities and Exchange Commission, as well as open to potential lawsuits from customers or clients.”
Still, it’s understandable that a cautious approach may appeal to many who don’t want to create panic, or those who are simply conflicted over the best course of action, Walker Marchant says. On the other hand, any delay in crafting a measured public response can result in harm to an organization’s brand equity. “Stakeholders will want to know who knew what, when, and why didn’t you tell us?”
Winans says that a clear organizational response plan that involves upper management is crucial before a crisis. “The very first thing you need to do is create a team, a coordinating committee, that is made up of all the functional parts of the company—the C-suite, the CEO or COO. Ideally, it’s got to be the leader of the company that takes charge of the situation, and you have to have people from HR, legal, operations, IT and investor relations.” For a company that answers to a variety of regulators, it’s even more important to get people in different roles together.
“That’s a team that needs to meet every day,” Winans adds. And before an actual breach takes place, that same team should be practicing how they will respond to a worst-case scenario. Winans proposes a “flight school.” “We set up people to actually play out an actual scenario,” he says. “The whole thing is designed to feel like an actual crisis.”
Lessons of a Real World Response
The Sony Pictures hack is an instance where the company was a little more forthcoming, at least with law enforcement, because they had no idea who could be penetrating their systems so extensively. Nevertheless, they suffered serious criticism and ridicule for how poorly they guarded their network.
“Exactly what the breach entailed wasn’t clear at the very beginning,” Walker Marchant says. “It was death by a thousand knife wounds because it was that trickle-down approach, because every day was something different.” Lists of salaries, copies of unreleased films, and sensitive e-mail from senior leadership were also part of the data theft. Still, Bucci argues that “while they did get beat up pretty badly,” in the end “they got through it faster and with far more sympathy from the public by saying, ‘We got hammered.’”
As recent examples of flawed responses by organizations following cyber breaches highlight the risks of incomplete or inaccurate information, boards have one clear warning: Doing nothing is not an option. The age of instant communications and 24/7 media coverage ensures that very little in the cybersecurity universe can reliably remain under wraps for long—lessons that others have already learned the hard way.
“I think the biggest mistake is deluding yourself that you can contain this and no one will find out,” Winans says. “The fact is that very often the worst thing that can happen to a company isn’t a crisis situation. It’s how they respond to it.”
About the Experts
Steven Bucci is a Visiting Fellow for Special Operations and Disaster Management, as well as primary instructor in leadership, at The Heritage Foundation.
Debevoise & Plimpton LLPis a premier law firm with market-leading practices, a global perspective and strong New York roots.
Ann Walker Marchant is recognized as a preeminent strategist and counselor with more than 20 years of experience developing and leading wide-ranging initiatives for the White House and Fortune 100 brands.
Christopher Winans, executive vice president and general manager at Hill+Knowlton Strategies in New York, has 22 years of experience in journalism, 10 of those at The Wall Street Journal.
RANE is an information services and advisory company serving the market for global enterprise risk management. Learn more at www.ranenetwork.com.
As part of the National Association of Corporate Directors’ (NACD) continuing mission to help directors understand disruptive technologies and trends, I joined more than 175,000 attendees at the 2017 Consumer Electronics Show (CES) in Las Vegas. My team was doing a little reconnaissance work on your behalf. NACD will host a director-focused, member-exclusive Technology Symposium this July, and we wanted to get an advanced look at the most pressing governance implications of new technology.
After three days of experiencing more than 3,800 vendors, you start to see past the shine of the latest gadgets and understand how the technology that underpins these products is poised to change the world. How those technologies are leveraged by companies is key to understanding the future of disruption, and as we discussed at last year’s Global Board Leaders’ Summit, convergence is the order of the day.
Voice and Motion-Enabled Artificial Intelligence (AI) Are Here to Stay
A booth showcased one of many partnerships between Amazon and consumer products companies, including Whirlpool.
From controlling the radio volume with a wave of your hand to voice-controlled appliances, AI was everywhere. In fact, the most talked-about company at CES this year didn’t even have a booth. The Amazon logo appeared on products ranging from innovations by Whirlpool to debuting devices from smaller start-ups.
Why? Alexa, Amazon’s AI assistant, was ubiquitous on the show floor.
Alexa is leading the way in enhancing consumer products that implement voice-enabled technology. It is anticipated that Alexa will soon be programmed to power and interact with everything from your toaster to your Toyota.
It became apparent at CES that the future of voice-enabled AI is a person’s ability to speak naturally and rely on the computer to accurately transcribe information. This has significant impact for everyone from office workers to doctors who could rely on the technology to dictate notes to medical records.
John Hotta, a director in the healthcare space and NACD Board Leadership Fellow, was also on hand at CES. “Innovations in voice-activated technology also have huge implications for products, services, and the nature of work, as smart speakerphones or personal assistants such as Google Home or Amazon Dot replace direct user interface with a computer,” Hotta said.
Computer, You Can Drive My Car
CES exhibitors demonstrated the growing sophistication of autonomous vehicle technology. Last year Ford Motor Company CEO Mark Fields promised to turn the automaker from a car company to a mobility company. That strategy was on full display as Ford partnered with San Francisco-based start-up Chariot to show off one of its autonomous mini-buses, a vehicle that Ford hopes will “reinvent mass transit for commuters, companies, and fun-seekers with reliable and affordable service.”
A wealth of connected, autonomous vehicles were on display.
Autonomous vehicles also buzzed high above the heads of CES attendees. As drone technology continues to evolve for both commercial and industrial use, autonomous vehicle technology is being applied to those vehicles as well. In a convergence of these trends, Mercedes exhibited a fully autonomous delivery vehicle equipped with two roof-mounted drones that facilitate package delivery from the van to the doorstep.
Another trend emerged at CES: the use of autonomous vehicles as a tool for vehicle safety. Thanks to the convergence of AI and the Internet of Things (IoT), vehicle-to-vehicle technology has enabled cars to talk to their passengers and to other vehicles on the road. As attendees at the 2016 NACD Global Board Leaders’ Summit may remember, Chris Gerdes, head of innovation at the Department of the Transportation (DOT), discussed how DOT is piloting this technology in cities across the U.S. to slash traffic fatalities, and nearly every major automaker is now getting in on the act. Hyundai and Cisco announced a partnership to leverage IoT technology to improve safety and improve congestion by connecting vehicles to municipal infrastructure.
Collaboration is Key
Consumer products and technology companies are forging essential partnerships.
As technology becomes more ubiquitous and innovation becomes decentralized, companies are realizing they can’t go it alone. Consumer products companies are linking up with leading technology companies to build resilience to innovation. In addition to the proliferation of Alexa-linked products, Honda Motor Co. has teamed up with VISA to enable vehicle-based mobile payment systems that allow passengers to conduct transactions without leaving their cars. Apparel companies like Tory Burch and Fossil—companies that seem more at home at New York Fashion Week than at CES—also had large booths touting their new lines of wearables. And finally, in-house labs at big brands like Whirlpool are partnering with crowd-funding platforms like IndieGogo to launch new products. Like the auto companies profiled above, this is another example of convergence that directors would be wise to anticipate.
Private Eyes Are Watching You
The act of welcoming devices into our workplaces and homes that listen and watch our every move could revolutionize the way we live and work—and opens us to unprecedented privacy and security concerns. Coupled with a proliferation of smart products aimed specifically at tweens and children, smart devices present a whole host of liability issues that technology, legal, and regulatory experts are just starting to grapple with.
Amazon’s Alexa and Mattel have already made news for the unintended consequences of giving children access to this kind of technology. Additionally, U.S. courts are considering the legal implications of using recordings from these devices as evidence. One such case pits Amazon against prosecutors in who believe that data from an Amazon Echo might be key in solving a murder case.
In this rapidly evolving climate, directors should be asking questions about whether or not security is being integrated into product development now and in the future—from research and development, to plant upgrades, to policies that allow employees to use their own smart devices for work.
The Future of the Workforce
Ian Bremmer, president of Eurasia Group and a 2016 NACD Global Board Leaders’ Summit speaker, recently said, “Technology will surely create jobs. But virtually none of the people displaced will have the training for them.” The changing nature of the global economy threatens to make some American jobs obsolete. If CES made one point clear, it’s that the current concern over the decline in manufacturing and coal jobs pales in comparison to the potential changes that will come with widespread automation of jobs.
Volkswagen exhibits its electric, autonomous I.D. concept car.
Remember the self-driving delivery van with the automated drones that deliver packages mentioned above? Think about that technology and then look at this interactive map of the top jobs by state. Last August, Uber Technologies acquired Otto, a self-driving truck company, further showing how 1.7 million middle-class jobs could disappear in short order. The American economy is facing a potential employment crisis the likes of which may be unprecedented.
It’s not just delivery drivers who are in danger. As Jane Fraser, CEO of Citigroup’s Latin America business said at Fortune magazine’s Most Powerful Women Summit in October, “we are expecting 500 billion objects to become connected to the internet and this automation is going to hollow out middle and working class jobs.”
This shift has huge implications for the American economy and its ability to compete on a global scale. Consider, for instance, that automated delivery of packages is only helpful if your company has a customer base that can afford to spend money on products. A recent report by the President’s Council of Economic Advisers lays out the dual challenges of educating a workforce that is ready for the jobs of the future, and the uphill battle of transitioning to an AI-based economy. This report is great reading for directors as they consider the role of the corporation in society, and could help the board shape individual company strategy in critical areas like innovation, talent development, and long-term value creation.
You can see, hear, and learn more about these trends at the 2017 Global Board Leader’s Summit.Stay tuned for information about our new director-focused, curated tour of the 2018 CES show next January.