3 minute read 5 Nov 2019
Businesswoman with tablet in a modern factory hall

Five design principles to help build confidence in RPA implementations

By

Nitin Bhatt

EY Global Advisory Risk Transformation Leader & India Technology Sector Leader

Digital trust evangelist. Diversity & Inclusiveness champion. Classic rock buff.

3 minute read 5 Nov 2019

Show resources

Despite widespread global adoption of RPA, an EY study reveals that 30% to 50% of initial RPA projects fail. Read how infusing Trust by Design can help organizations overcome this challenge.

Robotic process automation, or RPA, has emerged as a potent productivity-enhancing innovation that has been embraced globally by almost every industry sector. Hardly surprising, given digital labor can work around the clock, 365 days a year, and never needs a day off. 

That said, is RPA delivering on its promise of seamlessly automating routine tasks so that humans can focus on ideas, innovation and higher-value work? The jury’s still out. Many companies are experiencing significant productivity gains from embracing RPA. However, an EY study found that 30% to 50% of initial RPA projects fail, unleashing innumerable risks. 

Let’s consider a few examples:

  • A telecom company deployed bots for managing its complaints-handling process. However, coding errors led to many grievances being diverted to an incorrect queue, resulting in a backlog of complaints. 
  • A global conglomerate deployed bots in its finance and accounts function to automate the accruals process. Its auditors, however, noticed that the accruals had been materially under-reported for a whole quarter. Incorrect rule-set definitions in the bots had led to the problem. 

Information security is also at risk: There have been reports of malicious employees launching cyberattacks on bots to access sensitive company data. While critics blame the underlying technology, this is seldom the case.

Risk managers can identify pitfalls related to automating specific processes.

Design principles that can help increase confidence in RPA implementations 

Usually, the root cause lies in the inattention to risk and internal control considerations in the bot-development life cycle and the re-designed, bot-enabled processes. Therefore, it is important to instill a risk optimization mind-set and embed trust into services and products from the outset. There are five simple design principles that can help increase confidence in RPA implementations:

  1. The less risky processes should be prioritized for automation. Sensitive processes, such as those related to finance and compliance should come later. An additional layer of monitoring controls should be considered for all mission-critical processes.
  2. RPA practitioners should adopt a “what-cannot-go-wrong?" mindset. For instance, if bots are posting transactions to an enterprise’s core technology platform, users and administrators with access to these bots should not have the ability to execute conflicting transactions, such as placing an order and approving the payment.
  3. Bots need to undergo robust risk-based functional testing. This, however, is sometimes not adhered to during the software development life cycle. An investment bank discovered that a bot emailing end-of-day trade confirmations to customers was “dangling" because fields that were supposed to contain email addresses were empty.
  4. Watertight processes around bot security are critical. Like humans, bots too have user-names and passwords. Ensuring that these are encrypted and accessed by employees according to their assigned privileges is key to preventing unauthorized access and potential misuse, including fraud.
  5. Finally, implementing robust change-control processes is critical. RPA teams need to be made aware of changes to system interfaces so that they can make timely updates. As companies expand automation efforts, risk management functions need to serve as critical lines of defense in the governance of these programs. 

Risk managers can identify pitfalls related to automating specific processes and pressure-test redesigned processes before they go live. They can implement early warning systems that can predict and, ultimately, prevent bot failures. 

Leading risk functions, for instance, are deploying “supervisory bots" that monitor critical tasks performed by other bots. These supervisory bots proactively raise alarm bells if they suspect performance issues.

Indeed, a healthy dose of risk management can allow software robots to become trusted enablers in an organization’s digital transformation journey.

Summary

Robotic process automation (RPA) is being embraced globally. However, an EY study found that 30 to 50% of initial RPA projects fail, unleashing risks. Five simple design principles can help increase confidence in RPA and make software robots trusted enablers in an organization’s digital transformation journey.

About this article

By

Nitin Bhatt

EY Global Advisory Risk Transformation Leader & India Technology Sector Leader

Digital trust evangelist. Diversity & Inclusiveness champion. Classic rock buff.