Robotic process automation, or RPA, has emerged as a potent productivity-enhancement innovation that is being embraced globally by virtually all industry sectors. This is hardly surprising since a software robot (also known as a bot) can work around the clock at a fraction of an employee’s cost.
Is RPA delivering to its promise of having digital labour seamlessly replace humans? The evidence is mixed. Many companies are experiencing significant productivity gains, but research suggests that 30-50% of RPA projects fail, unleashing risks.
A telecom company had deployed bots for managing its complaints process. Coding errors led to many grievances being diverted to an incorrect queue, resulting in a backlog of complaints. A global conglomerate deployed bots in its finance and accounts function to automate the accruals process. Its auditors, however, noticed that the accruals had been materially under-reported for a quarter. Unfortunately, incorrect rule-set definitions in the bots had led to the problem. Information security is also at risk: There have been reports of malicious employees launching cyberattacks on bots to access sensitive company data.
While critics blame the underlying technology, this is seldom the case. Usually, the root cause lies in the inattention to risk and internal control considerations in the bot-development life cycle and the re-designed, bot-enabled processes. There are five simple design principles to increase confidence in RPA implementations.
First, the less risky processes should be prioritized for automation. Sensitive processes, such as those related to finance and compliance should come later. An additional layer of monitoring controls should be considered for all mission-critical processes. Second, RPA practitioners should adopt a “what-cannot-go-wrong?” mindset. For instance, if bots are posting transactions to an enterprise’s core technology platform, users and administrators with access to these bots should not have the ability to execute conflicting transactions, such as placing an order and approving the payment. Third, bots need to undergo robust risk-based functional testing. This, however, is sometimes not adhered to during the software development life cycle. An investment bank discovered that a bot emailing end-of-day trade confirmations to customers was “dangling” because fields that were supposed to contain email addresses were empty. Fourth, watertight processes around bot security are critical. Similar to humans, bots too have user-names and passwords. Ensuring that these are encrypted and accessed by employees according to their assigned privileges is key to preventing unauthorized access and potential misuse, including fraud. Finally, implementing robust change-control processes is critical. RPA teams need to be made aware of changes to system interfaces so they can make timely updates.
As companies expand automation efforts, risk management functions need to step up and serve as critical lines of defence in the governance of these programs. Risk managers can identify pitfalls related to automating specific processes, pressure-test redesigned processes before they go live, and implement early warning systems that can predict, and ultimately, prevent bot failures. Leading risk functions, for instance, are deploying “supervisory bots” that monitor critical tasks performed by other bots and proactively raise alarm bells if they suspect performance issues.
Indeed, a healthy dose of risk management can allow software robots to become trusted enablers in an organization’s digital transformation journey.
This article is shared by www.script.biz | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.