Professional Documents
Culture Documents
Executive Summary: Scope of Work How We Can Help
Executive Summary: Scope of Work How We Can Help
A typical Robotic Process Automation application provisions the interface with multiple systems that impacts the underlying system control environment.
RPA offers a broader spectrum of internal and external application integration may lead to manual override or unauthorized changes which often goes
undetected. RPA is a risk based implementation approach to effectively manage and monitor the risks arising from automation.
We will bring a fresh perspective to our approach and partner with you through every step of the process to bring you
the right outcomes on this project.
1
Detailed Approach: User Access Creation and Modification process
• Testing Team requests for population of User • BOT is configured on centralized UAM tool which • With the application of BOT, testing can be done
access provisioning / roles modified per is interfaced with all the applications. for 100% of the population as against a sampled
application • BOT will extract population for all new/modified testing approach under manual testing. This
• Testing Team selects samples based on size of access granted during audit period. would give more comfort on the testing
population • BOT will test all tickets for new access or conducted
• Testing Team requests for approval evidences modified access with the respective approvals in • Testing time for a sample user request under
for samples selected for testing each application manual approach would take ~20 minutes. This
• Testing Team manually checks for all approvals • BOT will throw an exception report for all time would be reduced to ~2 minutes by
for user access provisioning / roles modified unauthorized accesses granted or access applying a BOT
• Testing Team manually checks whether access granted prior to approvals • Testing would be on a continuous basis without
granted is prior to approvals provided • BOT will collate exceptions for all applications for intervention of IT and business teams thus
• Testing Team follows the same process per further deficiency evaluation saving efforts on data extraction and evidence
application for all in-scope applications gathering
• Testing Team would collate all exceptions • BOT would directly throw the exception report so
manually for deficiency evaluation that the tester can devote time to the exception
handling
2
Detailed Approach: User Access Revocation
• Testing Team requests for User access policy on • BOT is configured on centralized UAM tool which • With the application of BOT, testing can be done
access revocation is interfaced with all the applications. for 100% of the population as against a sampled
• Testing Team requests for population of User • BOT checks for User access policy on access testing approach under manual testing. This would
exits per application revocation give more comfort on the testing conducted
• Testing Team selects samples based on size of • BOT picks up population of User exits per • Testing time for a sample user request under
population application manual approach would take ~20 minutes. This
• Testing Team manually checks whether user • BOT checks all cases of user exits and whether time would be reduced to ~2 minutes by applying
access is revoked within the SLA defined in user access is revoked within the SLA defined in a BOT
policy policy • Testing would be on a continuous basis without
• Testing Team would collate all exceptions • Testing Team would collate all exceptions intervention of IT and business teams thus saving
manually for deficiency evaluation manually for deficiency evaluation efforts on data extraction and evidence gathering
• BOT would directly throw the exception report so
that the tester can devote time to the exception
handling
3
Detailed Approach: User access review
• Testing team checks for User access review • BOT will review the policy document for User • With the application of BOT, testing can be done
policy for the frequency to conduct User access access review for 100% of the population as against a sampled
reviews • BOT will draft emails requesting evidences from testing approach under manual testing. This
• Testing team requests for User access review the IT teams for User access review performed for would give more comfort on the testing conducted
samples for each application to the IT team each application in scope • Testing time for a sample request under manual
• Testing team follows up for evidences with the • BOT will send reminders to the IT teams for any approach would take ~20 minutes. This time
IT team of each application in-scope User access review evidences not received in time would be reduced to ~2 minutes by applying a
• Testing team checks whether the User access • BOT will review the User access review evidences BOT
review is performed by each functional head for for each application and check whether the review • Testing would be on a continuous basis without
their respective functions was performed by functional heads for each intervention of IT and business teams thus saving
• Testing team collates the issues for further application efforts on data extraction and evidence gathering
discussion • BOT will highlight issues for access review not • BOT would directly throw the exception report so
performed and collate issues for further discussion that the tester can devote time to the exception
handling
4
Detailed Approach: Incident Management Process
• Testing team will download population of • BOT will extract population of all incidents from • With the application of BOT, testing can be done
change requests from the Incident reporting the Incident Reporting Tool for 100% of the population as against a sampled
tool • BOT will search folders and check evidences for testing approach under manual testing. This would
• Testing team would select 1 sample for Design root cause analysis (RCA) and remedial actions give more comfort on the testing conducted
testing and samples for operating effectiveness taken • Testing time for a sample request under manual
testing based on sampling approach. Incidents • BOT check if the incidents were resolved as per approach would take ~20 minutes. This time
would be selected based on severity or any defined SLA for severities noted would be reduced to ~2 minutes by applying a
other criteria • BOT will flag out exceptions for change requests BOT
• Testing team would follow up for evidences on not complying with the defined process • Testing would be on a continuous basis without
root cause analysis (RCA) and remedial actions • BOT will check for any repeat incidents which can intervention of IT and business teams thus saving
taken be passed on for problem management and efforts on data extraction and evidence gathering
• Testing team would check if the incidents were investigation • BOT would directly throw the exception report so
resolved as per defined SLA for severities that the tester can devote time to the exception
noted handling
• Testing team would collate all exceptions
manually based on the type of deficiencies
noted
5
Detailed Approach: Change Management Process
• Testing Team will download population of • BOT will be implemented to collect population of • With the application of Bot, testing can be done
change requests from the Change request tool change requests from the Change request tool for 100% of the population as against a
• Testing Team would select 1 sample for Design • BOT can be configured to analyze the sampled testing approach under manual testing.
testing and samples for operating parameters for change requests used such as– This would give more comfort on the testing
effectiveness testing based on sampling Normal change or Emergency change, Low, • Testing time for a sample change request under
approach Medium or High level change manual approach would take ~20 minutes. This
• Testing Team would manually check • BOT would test below controls for: time would be reduced to ~2 minutes by
Segregation of environments for all • Segregation Of Environments: BOT will collect IT applying a Bot
applications in scope by requesting evidences environment details for development, test and • Testing would be on a continuous basis without
• Testing Team would manually check for production environment. intervention of IT and business teams thus
Segregation of duties for each application in • Segregation of duties : BOT will check whether saving efforts on data extraction and evidence
scope developer has access to Production environment gathering
• User Acceptance Testing (UAT): Testing Team • Migration Approval : Bot will check for migration • BOT would directly throw the exception report so
would manually check for UAT sign off for all approvals and authenticate with the Delegation that the tester can devote time to the exception
applications in scope for Design effectiveness of Authority matrix for the changes to be handling
as well as for operating effectiveness for deployed in production environment.
samples selected • BOT will gather evidences for User Acceptance
• Migration approval: Testing Team would testing
manually request for migration approvals for • BOT will flag out exceptions for change requests
all applications in scope not complying with the defined process
• Testing Team would collate all exceptions
manually based on the type of deficiencies
noted 6