BDO Agentic flow for requesting leave hours

Project description

How can an AI agent be best implemented in the current existing and future environment of BDO to improve the user experience of the current existing HR Process?

Currently, BDO employees must manually check vacation balances in CoProf and submit requests through AFAS, a time-consuming multi-step process. This project implements an AI-powered HR Vacation Assistant that enables employees to query balances, calculate vacation hours, and submit requests through natural language conversation.

Key challenges include: secure data access with row-level filtering, accurate vacation calculations based on FTE and schedules, preventing prompt injection and hallucinations, and designing a future-proof architecture within BDO's Azure environment.

Context

BDO is an international professional services firm specializing in audit, tax, and advisory services. This project falls within the Human Resources (HR) domain, focusing on employee self-service processes for vacation management.

The project was conducted for BDO's Data Science & AI team in Eindhoven, where HR operations rely on two primary systems: CoProf for tracking vacation balances and AFAS for submitting and approving leave requests. The organization operates within a Microsoft Azure cloud environment, using Azure OpenAI and related services for AI initiatives.

The broader context involves enterprise AI adoption, where organizations seek to improve employee experience while maintaining strict data security and GDPR compliance. The solution must handle Dutch-specific requirements such as local holidays and bilingual support (Dutch/English).

Results

The project delivered a functional HR Vacation Assistant prototype along with comprehensive documentation for future development.

Products Delivered:

1. Working Chatbot Prototype: built with Microsoft Semantic Kernel, Flask, Azure OpenAI, and Twilio SendGrid. Employees can check vacation balances, calculate requested hours based on their FTE and schedule, and send vacation requests to managers via email.
2. Technical Manual: providing setup instructions, code documentation, configuration guides, and troubleshooting procedures for deployment and maintenance.
3. Implementation Plan: describing the architecture, phases, testing approach, and handover process.
4. Advice Document: outlining seven recommendations for production deployment including Microsoft Entra ID SSO, AFAS live integration, and automated balance updates.

Key Insights:

• Row-level data filtering at the application layer effectively prevents employees from accessing other users' HR data, addressing a critical security requirement.
• Semantic Kernel's auto function calling enables natural conversation flow while maintaining accurate calculations through deterministic backend logic.
• Prompt injection attacks can cause response buffering; implementing warning messages resolves this issue.
• Dutch language date interpretation (e.g., "tot" meaning "until") requires explicit handling for accurate vacation hour calculations.
• Organizational email security policies may block Microsoft Graph API; SendGrid provides a reliable alternative for email delivery.

Validation:

Testing validated all core functionalities with documented findings. Two issues were identified and fixed during testing: Dutch date interpretation and prompt hacking response buffering. Response times averaged approximately 3 seconds, meeting usability requirements.

TRL Positioning:

The solution is positioned at TRL 6 (technology demonstrated in relevant environment). The prototype operates with realistic mock data in BDO's Azure environment, demonstrating feasibility for production deployment pending live AFAS integration and enterprise authentication.