Are you tired of sending the same email every week? How about searching for information from past audit documents? Lucky for you, a resolution for these work woes (and many more) has arrived. Companies are taking efficiency and cost saving to another level thanks to an emerging digital technology called Robotic Process Automation (RPA), more informally known as: bots.
RPA works by using rules-based software robots, or bots, to automate business processes to increase efficiency, decrease human error, and save on staffing costs. Furthermore, RPA can work with Enterprise Resource Planning (ERP) systems in order to automate a plethora of business processes.
For example, bots can take information from the aforementioned weekly email and insert it into an ERP system to be used companywide across various systems. According to the CIO.com article, “What is RPA? A Revolution in Business Process Automation,” some of the biggest names in the game such as Walmart, Deutsche Bank, Anthem, Walgreens, Vanguard, AT&T and American Express Global Business Travel are among the many companies already seeing the benefits of using bots.
However, RPA may not be for every company. As we continue further into the digital age, technology seems to be slowly taking over jobs once managed by thousands of employees. Therefore, management must grapple with the decision of potentially saving on staffing costs versus eliminating jobs for its employees. Additionally, proper installation and set-up of bots can be highly complex and take significant resources. At this point, the long-term economic effects of implementing RPA is far from certain.
Although RPA can provide efficiency for companies, they also come with additional risk considerations for internal auditors that span across every risk area. Some of these risk considerations can include:
- Management’s identification of fraud risks associated with the implementation of RPA
- Oversight and governance over the RPA
- Ineffective change management and security controls over the RPA
- Compliance or regulatory risks associated with using RPA
- Inadequate enterprise risk and control methodology; inconsistent monitoring as a result of employing RPA
- Ineffective employee training on RPA which can result in inefficient use of the RPA and/or non-compliance with company policies
- User access abilities and segregation of duties related to the RPA
- RPA’s impact on financial reporting and disclosures
While RPA may seem to be solely the IT department’s territory, it is critical that internal auditors engage in discussions with company management regarding their implementation of RPA and become aware of the potential risks posed to the company in order to properly plan and execute auditor responsibilities.
If you have additional questions related to RPA, we welcome the opportunity to discuss and advise on risk assessment. Please visit our Risk Advisory Services page.
Sources: Boulton, C. (2018). What is RPA? A revolution in business process automation. [online] CIO. Available at: https://www.cio.com/article/3236451/business-process-management/what-is-rpa-robotic-process-automation-explained.html.
Emerging Technologies. (2018). An Oversight Tool for Audit Committees.