Skip to main content


Business & IT Value
Digital / IT Transformation
Governance Risk & Compliance

Robotic Process Automation: how to move on from the proof of concept phase?

A RPA governance framework

Many organizations struggle to scale up towards full implementation after the RPA proof of concept. The structured 6×6 RPA governance framework provides guidance and best practices for implementing and operating RPA. Key things learned from a client case are shared to help avoid common pitfalls and provide practical insights.


The growing range of automation solutions is providing new standards across industries. These solutions, also referred to as ‘digital labor’, include a range of robotic automation solutions. In general, we can distinguish between three categories of digital labor: 1) basic process automation, 2) enhanced process automation, and 3) cognitive automation. Robotic Process Automation (RPA) is a specific solution in the first category. RPA is currently the most mature and widely adopted robotic automation solution.

Many organizations grasp the variety of benefits that RPA can offer, but at the same time are still hesitant to ‘pull the implementation trigger’. The instinctive reaction of many executives and managers is one of high caution. This reluctance to move forward is almost always caused by a legacy of unsuccessful process optimization and IT implementation projects.

As a result, organizations often opt to start small by initiating a RPA Proof-of-Concept (PoC) instead of a full-blown company-wide implementation. The PoC provides a contained approach where one or two processes are robotized in a test environment, usually within the boundaries of a single department or business unit. Typically, the PoC is aimed at demonstrating: 1) the technical compatibility of the RPA software in the existing IT landscape, 2) the ease of development and functional effectiveness of the RPA solution, and 3) selection of the optimal RPA software provider.

These questions are usually fairly easy to answer. However, problems arise when not enough attention is given to investigating the value potential and the limitations of a full organizational RPA implementation. Issues tend to form around sourcing strategy, change management, optimal process selection and analysis, and proper embedment of RPA within the existing IT, risk and governance frameworks. These issues can be brought back to two dominant themes: 1) adoption of RPA in the organizational vision and strategy, and 2) effective implementation of RPA across the organization. In this article we introduce the 6×6 RPA implementation framework which helps organizations to address these themes.

RPA unlocks the long tail of automation

In order to effectively scale RPA within the organization it is important to fully understand how RPA is positioned within the broader landscape of enterprise IT automation. A common misconception within the traditional IT function is that RPA is to be used to replace the existing enterprise and legacy systems. While there are plenty of use cases where this is indeed a viable and beneficial possibility, especially for unlocking short-term benefits, this is not necessarily the primary objective of an effective, long-term RPA strategy and vision.


Figure 1. RPA enables the long-tail of automation. [Click on the image for a larger image]

When comparing RPA with traditional automation, there are two key differentiators. The first is that RPA expands beyond the realm of IT governed enterprise systems, and brings into scope processes that are (partially) run by business governed applications including web-based applications, Excel, email, reporting tools and so on. This distinction is important as it enables a far wider scope of automation possibilities, especially when combining the RPA solution with existing automation and Operational Excellence initiatives to optimize end-to-end processes rather than siloed processes.

The second key differentiator between traditional automation and RPA, is that RPA is characterized by much shorter development and implementation times, therefore enabling the business case for, again, a far wider scope of processes.


The inclusion of this ‘long-tail’ of business governed applications and processes prompts the reevaluation of the classic sourcing question: Do-It-Yourself (DIY) or Do-It-For-Me (DIFM)? While the delivery of the RPA software is defacto outsourced to RPA software suppliers, the performance of the RPA process analysis, development and maintenance activities can be integrated within the existing organization (DIY) or be (partly) outsourced to third-party consultants and BPO suppliers (DIFM).

Box 1. DIFM client case.

DIFM strategy case: robotization at an international electronics manufacturer


After a number of Proofs-of-Concept, the client decided to outsource the rollout to third parties. In order to manage this thoroughly and in a structured manner, KPMG was requested to advise on the implementation and operating framework. The client has centralized operations, governance, IT, risk and control management.


KPMG adapted the essential parts of the 6×6 model to the situation and applied it to the existing organization. This created awareness and understanding of the new collaboration with stakeholders.

In addition, the organization in identified and introduced the role and function of a ‘center of excellence’ (CoE) within the organization and in managing third-party relationships.

The outcome of the Proofs-of-Concept provided insight for the level of expertise and capacity required within the organization.

Key drivers behind the decision for either strategy are: retention of knowledge, level of control in the business, scalability, RPA expertise, speed of implementation and focus by the business on core activities. The optimal strategy mostly depends on the organizational strategy, business model, skills and capabilities and organizational culture; forgetting to consider these strategic drivers when forming the implementation approach is a recipe for failure, or in the best-case scenario will lead to underutilization of potential benefits and value.

In the remainder of this article we will introduce the 6×6 RPA framework. To provide some lessons learned and practical insights a client case has been incorporated. The client case applies to a Dutch bank which has fully implemented RPA throughout the entire organization. The client opted for a hybrid DIY & DIFM sourcing strategy, in order to capture both the benefits of knowledge retention and control in the business as well as scalability via an outsourcing partner. This makes the case study well suited to illustrate the effects of both strategies.

Box 2. DIY client case.

DIY strategy case: robotization at an international brewery group


The client had previously automated a number of processes at its head office, shared service centers and subsidiaries. The client wanted to run the robotization of processes smoothly and engaged KPMG to assist. The client has a decentralized setup with regard to its operations, governance, IT, risk and control management.


Using the 6×6 framework provided more awareness and a better understanding of the overall impact of implementing RPA and establishing centers of excellence, including process development training, within the organization.

A long-term RPA vision was formed to ensure that the DIY model fits within the long-term organizational and HR strategy.

Clear insight was provided into roles, responsibilities and the impact of robotization on secondary processes such as Finance, IT and BPM.

The 6×6 RPA governance framework

The mentioned RPA distinctions are not a stand-alone phenomenon, but rather are part of a wider trend of ongoing digitalization and increasing demand for flexibility and agility. IT and technology are no longer the exclusive domain of the IT function. As technology becomes more intuitive and user-friendly it becomes part of the day-to-day business. In addition, organizations no longer accept long-lasting and stretched-out development projects.


Figure 2. KPMG 6×6 RPA governance framework (simplified). [Click on the image for a larger image]

The KPMG 6×6 RPA governance framework is loosely based on the KPMG IT Target Operating Model (TOM) ([Koni16]), and consists of 6 levers, each consisting of 6 subjects constituting a structured RPA implementation and operating model. Part of the framework are the RPA vision (e.g. organizational vision, business drivers) and RPA strategy (e.g. sourcing strategy) which continuously drive evaluation of the levers. The levers act as a framework to help design the proper implementation approach and operating model.

1. Organizational Structure & Governance

A proper design of the organizational structure and roles, and the governance to support it, is critical for an effective adoption. Since RPA implementations contain elements of business process design, operational excellence and IT automation components, it cannot be overstated how paramount this is. In terms of governance, it is wise to make adjustments to allow for a more flexible, agile and business-driven approach. A common pitfall is the creation of a new governance framework, coexisting with the existing governance and control frameworks. It should preferably be approached as an addition to the existing governance framework to drive consistency and collaboration throughout the organization.

Choices have to be made between forming a central delivery team (CoE) and/or forming decentralized teams within business units or departments. The tradeoff between specialization and control versus flexibility and business integration are the differentiating drivers here. A proper design and implementation of reporting mechanisms, roles and responsibilities are key. Inclusion of IT, Risk and Compliance within the governance design process is a key success factor for ensuring compliance and in control processes.

Case study: a Dutch bank

In our client case a central RPA CoE was created within the Operational Excellence (OpEx) department. Process development is performed by KPMG (DIFM) while simultaneously training and adding process developers from the OpEx and IT function (DIY). The CoE forms the bridge between the business, which remains responsible for the robotized processes, and IT which governs the maintenance and technical support.

Controlled by the business, governed by IT

For this client the central delivery approach provided the benefits of 1) being able to quickly develop best development practices, 2) create flexibility in terms of scaling the team based upon demand from the business, 3) creating an optimal process selection methodology, prioritizing processes that deliver most value for the organization as a whole, and 4) allowing the business to focus fully on core business competences.

2. Process Delivery and Deployment

Process delivery and deployment is about setting up demand mechanisms, both bottom-up and top-down, and putting in place clear process analysis, selection and delivery mechanisms. Which processes can we robotize (feasibility) and which processes do we want to robotize (business case and value drivers)? A key success factor is to use the RPA capability within the context of a broader ‘optimization toolbox’. Rarely will entire end-to-end processes be eligible for RPA automation, very often though maximum value can be generated by robotizing the most transactional process parts while optimizing the more complex, or inefficient, manual process steps via OpEx and Lean methodology or IT change requests.

As stated earlier, the advantage of RPA from a delivery point of view is the ability to respond quickly to business needs and the high speed of development and deployment. In order to fully unlock these benefits, apply some best practices such as the use of proper development standards and conventions. This allows for reuse of ‘building blocks’ and consistent ‘layering’ of the robotized processes, enabling same-day adjustment of business rules when needed.

3. Technology

Some key subjects to consider as part of the implementation are the preparation of the technical infrastructure, setting up application servers, configuring robotic runtime resources and database configuration to support test and production environments.

Unique to RPA is the distinct focus on user ID and credential management. RPA is defacto about mimicking manual tasks via employees’ graphical user interface, therefore in some cases a robot may have several system credentials, opening the possibility for fraudulent actions if the robot were to be compromised. Encrypted credential management and clear agreements on role separation are the basis for a safe and effective development process.

Case study: a Dutch bank

Automation in general is often associated with cost reduction via FTE reduction, thereby underestimating the far broader range of benefits that RPA is able to unlock. In our client case several manual transaction and payment processes were robotized. Through iterative root cause analysis on remaining failure cases, the business rules were adjusted increasing first time right percentages to almost 100%, thus reducing rework and client complaints.

Build the best business case

In another example RPA was used to create new processes rather than automating existing ones; consolidated reports containing information from a set of enterprise systems and external web applications were prepared and sent out to clients daily. Several client reporting processes were improved by increasing both the frequency and predictability of delivery, as well as the amount of data points provided. As a final example, focus on the process selection approach on transactional processes with the ‘four-eyes principle’ provided both additional workload reduction and more in-control processes as the risks for human error and fraud were mitigated.

4. Vendor management

Another key success factor when scaling up to full implementation is the selection and management of the RPA vendor. There are many options in terms of contract and license agreements, offered support levels and SLA agreements. In terms of offered functionality there exist significant differences between the various suppliers. Some are specialized in so-called attended front-office robots, allowing individual employees to run ad-hoc processes in real-time, particularly suited for client-facing call center employees for example. More common currently are providers that offer unattended RPA tooling, aimed at processing large amount of batch processes via set schedules. A thorough analysis of the vendor requirements beforehand will significantly help to find the best suited vendor for the given organization.

5. Performance & Risk Management

In order to create adoption of RPA throughout the organization it is important to measure and visualize the benefits that are being realized. Formulation of the right KPIs is key, avoid focusing solely on work reduction, but rather focus on value adding KPIs such as quality, first time right, predictable service levels and client satisfaction.

In terms of being in control it is important to document the automated processes and create clear and concise process descriptions. Next to this simply being a compliance and (external) audit requirement, it also enables the hand-over of tasks, process maintenance, and ultimately will force the CoE and the business to regularly review in production processes for improvement opportunities.

6. People & Competences

A key part of managing the implementation is having a clear vision on why the change is needed and how this change will affect the workforce and employees; the case for change. It is paramount that the case for change is carried and communicated by the leadership, as this is a pre-condition for 1) adoption and cooperation from affected business units, and 2) clarity for all about what is expected and how employees can contribute to and be part of the change.

Employees have to be prepared for collaborating with and using robots. How can we involve the employees and strengthen future employability? Another aspect is long-term resource planning; how do you utilize the existing employees and what (new) competencies are expected. What is the impact on existing learning paths and education? The use of robots can impact the career and the remuneration of employees in teams in which robots and people collaborate. Strategic workforce planning is therefore key in building a sustainable organization. Ultimately employees will start to ask: ‘how can robotics help me to become more effective?’, rather than ‘will robotics help me to become more effective?’.


RPA is a powerful automation solution that offers a variety of opportunities to improve quality, increase control, add flexibility, and unlocks a wide scope of automation possibilities. However, a clear RPA vision and strategy, feeding into the implementation approach and operating model are prerequisites for success.

RPA adoption will continue to grow in the years to come. Meanwhile more advanced robotics solutions will continue to mature and be adopted across industries. Those organizations that are successful in scaling RPA are best positioned to advance to and reap the benefits of enhanced and cognitive automation solutions.


[Koni16] ir. T.C.M. de Koning RE, drs. Ing. O. Halfhide, drs. V.F.L. Bos, Next-Generation IT-operatingmodellen sluiten naadloos aan op de snelheid en flexibiliteit van de business, Compact 2016/2.