Configuration and provisioning without automation is a major risk. Manual deployments could lead to improperly hardened resources posing a security risk. Financial approval could be circumvented. Operational issues could arise from divergent configurations and faulty or missing tags will severely mess up your administration. Automation is a powerful operational governance tool.
The CCoE should be masters of automation. They will assist development teams with template design and deployment scripts and they will try and test security and compliance scripts