What the rest of government can learn from DISA's RPA pilot

The Department of Defense is in the midst of an audit that requires it to have its 2017 financial statements ready and reviewable. For an agency with a budget topping $500 billion, this is a massive task.

The preparation process is time consuming, according to Barbara Crawford, the chief of the Defense Information Systems Agency’s Accounting and Readiness Division.

“We have a multitude of systems in DOD, and our folks were having to go into each of them and pull out specific information … before we could even start the analysis we needed to support the audit,” she said in an interview.

DISA starting looking for help from robotic process automation, which mimics and automates the highly repetitive tasks humans do on a computer or network. Last year, DISA piloted a few bots that automated different steps in the audit process. It celebrated the pilot's conclusion with a human-vs-bot race to pull documents required for an audit. In 15 minutes, the human pulled two items, while the bot pulled 150.

One of the pilot bots pulled supporting documentation to help analysts determine the cost of different assets. The bot would tap into various systems, including accounting, contracting, vendor invoice storage and workflow management for the required data.  Because the pilot bot was designed to collect and organize data from several specific systems, analysts who needed only part of information – just invoices, for example -- had to manually extract what they needed. 

One lesson DISA learned from the RPA pilot was that segmenting the bot programs into discrete tasks could increase the efficiency of a process.

“We have discovered that we could actually take some of the processes we developed, and if we broke them up into smaller processes they would be more useful to us,” Crawford  said.

By having a bot that worked only with accounting system or vendor invoices would allow for more flexibility, she added.

The bots at DISA are currently running at night on laptops, so information is waiting for people in the morning. But DISA is looking at moving them into a more unattended setting on the network.

The agency also wants to give the bots their own credentials – in the pilot the bot worked under the derived credentials of a human employee. Getting individual credentialing for the bots is “one of our primary objectives as we expand this program” and will allow the bots to run on their own … but "it is a heavy lift,” Crawford said.

“We’re relying heavily on our risk management folks to make sure that whatever we put in place has the appropriate security in it and around it," she said. "Obviously, we don’t want to create a problem with this process.”