Enabling Citizen automation: An Automation model for future

People encompasses dedicated training for the inventory of available Citizen Automation tools, the ‘Automation Lite’ delivery lifecycle initiative and a Citizen Automation scouting programme for pilot user groups. Pilot user groups are made up of the responsible developers, testers, and maintenance and control teams.

The adjustments required to the people pillar to accommodate Citizen Automation are as follows:

• Dedicated developer tiers should be created – Citizen (business user), Federated and Core Developer tiers
• Each developer group should have its own coding standards and training requirements. These include compliance standards, vendor training and certification, development, testing and maintenance minimum standards and approved automation ‘lite’ delivery lifecycle training
• The right trade-off between developer level of competence and the training commitment must be found for business users
• Solutions must be understandable by citizen developers’ peers to facilitate the handover process and allow for others to step in and maintain them if necessary
• Citizen automation should be limited to making recommendations to a qualified end user, who makes the final decisions and has responsibility
• Algorithm inputs should be clearly documented and reviewed to ensure they are not ethically biased
• Compliance approval is required for algorithm and method documentation to ensure regulatory compliance and to ensure that the training dataset is holistic and representative (inclusive of real-life scenarios).

Process ensures standardised automation lite delivery and requires that test, maintenance and reporting milestones be adhered to.

The adjustments required to the process pillar to accommodate Citizen Automation are:

• Clearly defined guidelines for control and process standardisation defined by the automation CoE
• The scope of automation should be recorded
• The scope should not exceed duties which the citizen developer performs as part of their access rights, to avoid additional risk
• Sufficient business and technical documentation must be provided and signed off for all Citizen Automation
• Restrict inbound data to data that the citizen developer is authorised to receive, review and process in their personal account
• Restrict data processing and storage to authorised employee folders
• Restrict data entry and output to local tools only i.e. no data entry to source systems, which should be restricted to normal developers. Case by case approval required for cloud data entry.
  

Technology involves creating an inventory of available Citizen Automation tools and reusable functions, defining system-enforced access rights and controls, and managing a suite of low-code development and monitoring tools appropriate for Citizen Automation.

The adjustments required to the technology pillar to accommodate Citizen Automation are:

• Easy-to-use Citizen Automation tools, as well as tools that support process analysis, access rights, testing and reporting to reduce roll-out complexity and the timeline
• Online inventory of Citizen Automation scripts (categorised by developer tier, automation script ID, etc.), including a library of reusable functions
• Restrict automation script access to and data extraction from any source system (i.e. applications that contain sensitive client information)
• Enforcement of data access rights (authentication of automation script IDs).