Enabling Citizen automation: An Automation model for future

The Rise of Citizen Automation

We are now witnessing the start of the era of Citizen Automation. Historically development aimed at optimising business processes was carried out by core IT teams, limiting the scope and pace at which processes could be automated. But enhancements to automation tools over the last 20 years have made them simpler to use so that it is now possible for business users to automate repetitive and rule-based components of their work. The business user working with modest coding or drag and drop functionalities can now create their own automations. This in turn means that their processes can be made more accurate and efficient, freeing up the time currently spent on menial tasks to allow businesses to focus on more value-added work.

In the past, coding platforms required coders to work in a set-up determined by a coding language to create full programmes and packages. Low-code platforms, which started to appear in the middle of the past decade (see Figure 1), simplified the developer user interface and introduced basic drag and drop functionality. But they still needed to be customised by users with technical skills and knowledge of coding languages. Today’s simplified drag and drop platforms, however, represent a further advance and allow the business user with limited coding skills to create solutions using standardised functions that ensure good governance and security.

Figure 1: The evolution of automation tools

Figure 2: The differences between Enterprise and Citizen Automation

Three key pillars of the Citizen Automation governance model

People encompasses dedicated training for the inventory of available Citizen Automation tools, the ‘Automation Lite’ delivery lifecycle initiative and a Citizen Automation scouting programme for pilot user groups. Pilot user groups are made up of the responsible developers, testers, and maintenance and control teams.

The adjustments required to the people pillar to accommodate Citizen Automation are as follows:

  • Dedicated developer tiers should be created – Citizen (business user), Federated and Core Developer tiers
  • Each developer group should have its own coding standards and training requirements. These include compliance standards, vendor training and certification, development, testing and maintenance minimum standards and approved automation ‘lite’ delivery lifecycle training
  • The right trade-off between developer level of competence and the training commitment must be found for business users
  • Solutions must be understandable by citizen developers’ peers to facilitate the handover process and allow for others to step in and maintain them if necessary
  • Citizen automation should be limited to making recommendations to a qualified end user, who makes the final decisions and has responsibility
  • Algorithm inputs should be clearly documented and reviewed to ensure they are not ethically biased
  • Compliance approval is required for algorithm and method documentation to ensure regulatory compliance and to ensure that the training dataset is holistic and representative (inclusive of real-life scenarios).

Process ensures standardised automation lite delivery and requires that test, maintenance and reporting milestones be adhered to.

The adjustments required to the process pillar to accommodate Citizen Automation are:

  • Clearly defined guidelines for control and process standardisation defined by the automation CoE
  • The scope of automation should be recorded
  • The scope should not exceed duties which the citizen developer performs as part of their access rights, to avoid additional risk
  • Sufficient business and technical documentation must be provided and signed off for all Citizen Automation
  • Restrict inbound data to data that the citizen developer is authorised to receive, review and process in their personal account
  • Restrict data processing and storage to authorised employee folders
  • Restrict data entry and output to local tools only i.e. no data entry to source systems, which should be restricted to normal developers. Case by case approval required for cloud data entry.

Technology involves creating an inventory of available Citizen Automation tools and reusable functions, defining system-enforced access rights and controls, and managing a suite of low-code development and monitoring tools appropriate for Citizen Automation.

The adjustments required to the technology pillar to accommodate Citizen Automation are:

  • Easy-to-use Citizen Automation tools, as well as tools that support process analysis, access rights, testing and reporting to reduce roll-out complexity and the timeline
  • Online inventory of Citizen Automation scripts (categorised by developer tier, automation script ID, etc.), including a library of reusable functions
  • Restrict automation script access to and data extraction from any source system (i.e. applications that contain sensitive client information)
  • Enforcement of data access rights (authentication of automation script IDs).


Set up a suitable governance model before rolling out Citizen Automation

Citizen Automation allows organisations to unlock the full potential of automation across all business users and processes. Taking full advantage of this possibility may be challenging. Approaching governance in the right way and establishing a symbiotic relationship with the existing enterprise automation function is crucial.

At Deloitte we believe that creating a strong and tailored Citizen Automation governance model will enable you to reap the full benefits of automation.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?