Risk managers can identify pitfalls related to automating specific processes.
Design principles that can help increase confidence in RPA implementations
Usually, the root cause lies in the inattention to risk and internal control considerations in the bot-development life cycle and the re-designed, bot-enabled processes. Therefore, it is important to instill a risk optimization mind-set and embed trust into services and products from the outset. There are five simple design principles that can help increase confidence in RPA implementations:
- The less risky processes should be prioritized for automation. Sensitive processes, such as those related to finance and compliance should come later. An additional layer of monitoring controls should be considered for all mission-critical processes.
- RPA practitioners should adopt a “what-cannot-go-wrong?" mindset. For instance, if bots are posting transactions to an enterprise’s core technology platform, users and administrators with access to these bots should not have the ability to execute conflicting transactions, such as placing an order and approving the payment.
- Bots need to undergo robust risk-based functional testing. This, however, is sometimes not adhered to during the software development life cycle. An investment bank discovered that a bot emailing end-of-day trade confirmations to customers was “dangling" because fields that were supposed to contain email addresses were empty.
- Watertight processes around bot security are critical. Like humans, bots too have user-names and passwords. Ensuring that these are encrypted and accessed by employees according to their assigned privileges is key to preventing unauthorized access and potential misuse, including fraud.
- Finally, implementing robust change-control processes is critical. RPA teams need to be made aware of changes to system interfaces so that they can make timely updates. As companies expand automation efforts, risk management functions need to serve as critical lines of defense in the governance of these programs.
Risk managers can identify pitfalls related to automating specific processes and pressure-test redesigned processes before they go live. They can implement early warning systems that can predict and, ultimately, prevent bot failures.
Leading risk functions, for instance, are deploying “supervisory bots" that monitor critical tasks performed by other bots. These supervisory bots proactively raise alarm bells if they suspect performance issues.
Indeed, a healthy dose of risk management can allow software robots to become trusted enablers in an organization’s digital transformation journey.
Summary
Robotic process automation (RPA) is being embraced globally. However, an EY study found that 30 to 50% of initial RPA projects fail, unleashing risks. Five simple design principles can help increase confidence in RPA and make software robots trusted enablers in an organization’s digital transformation journey.