Click HERE to download this section
Robotic Process Automation
Trends
- RPA, also known as software robotics (“bots”), uses automation to mimic back-office human tasks and essentially represents digital workers in an organizations’ business unit.
- Several industries are at the forefront of leveraging RPA technology to streamline their operations, including banking and financial services, insurance, retail, and healthcare.33 Many major banks, for example, use RPA solutions to automate tasks, such as customer research, account opening, inquiry processing, and tasks aimed at preventing and detecting fraud and money laundering/terrorist financing. Banks typically deploy thousands of bots to automate manual, high-volume data entry and analysis. These processes entail a plethora of tedious, rule-based tasks that automation streamlines.34
- In today’s businesses, bots are already performing data entry, generating reports, reading PDF documents and invoices, sending emails, etc. The use of IPA to enable the bot to learn as it processes transactions, remains less common, although such use is on the rise. Consider, for example, the rise of anti-money laundering and anti-terrorism assessments that use AI-enabled automation.35
- Accordingly, demand for roles in areas such as data entry, bookkeeping, and administrative support is decreasing as automation and digitization in the workplace increase.36 In this regard, it is observed that roles in such areas (e.g., bookkeeping, including the preparation of reconciliations, etc.) tend to be routine or have welldefined steps to follow or are repetitive. For the accounting profession, in particular, there will be wide-ranging impacts, with some estimating that 94% of U.S. accountant and auditor jobs are likely to be impacted by automation.37 Roles such as strategy formulation, business development, strategic decision support, and risk management are less likely (20% or less) to be automated in the foreseeable future.38
Opportunities
- Whereas automation does impact some traditional PA roles, it also means that there are new roles created to enable the delivery of activities using technology and opportunities for PAs to undertake some of these less mundane tasks and provide more value-added services. For example, stakeholders observed that PAs are in an ideal position to enable RPA implementation as they have the knowledge of both the business processes and activities being automated, and the governance process risks related to RPA implementation, such as (a) operational, (b) financial, (c) regulatory, (d) organizational, and (e) technological risks.39 The overall key components to enabling good RPA governance include setting in place appropriate governing bodies and organizational constructs, and determining the appropriate operational life cycle, internal controls, technology governance, performance management, and vendor management.
- The Working Group notes that a PA’s adherence to the fundamental principles of the Code, and skillset in exercising ethical decision-making (for example, through having an inquiring mind and exercising professional judgement when applying the Code’s conceptual framework),40 help facilitate an effective and ethical RPA implementation. In addition, stakeholders reported that the most successful RPA implementations occur when PAs work closely with IT professionals to advise them on the intricacies of the business processes, the inputs available, the impact desired, and the outputs required from the RPA solution.
Impact/Risks
- Implementing RPA without fully understanding how its functionality fits business needs might result in digital transformations and related internal controls that are not suitable for their intended purpose. Stakeholders noted that when PAs have a good understanding of the capability of RPA, better adapted controls can be implemented and digital transformation through RPA can be enabled more effectively and efficiently. For example, segregation of duties from an internal control perspective becomes less about what the bot has access to, and more about what the human directing the inputs to the bot’s activities has access or authority to do. In addition, there are new segregation of duties considerations created around bot creation (i.e., programming what the bots do) versus orchestration (i.e., running the bots).
- Stakeholders also emphasized consideration of whether there is over-reliance on the RPA and, accordingly, whether there is sufficient, competent human oversight over such automated processes and their outputs. In this regard, the Working Group notes that if a PA is using RPA, the PA might consider the following in determining whether there are threats to compliance with the fundamental principles:
- Is the PA competent to oversee the reasonableness of the output of the technology?
- Is the PA aware of the extent of reliance on the bot (potential automation bias or over-reliance on the technology)?
- Is management taking responsibility for the bot’s decisions, such as authorizing transactions and whether the task being automated requires little or no professional judgment?
- In addition, stakeholders pointed out that selecting and prioritizing the right automation opportunities are key for successful RPA implementation. Some questions they suggested a PA might ask when determining whether RPA implementation is appropriate include:
- Is the relevant data readily available, standardized, and of appropriate quality? For example, if the entity has a low level of digitalization, then the error rate might be comparatively higher as paper documents will need to be scanned to enable RPA, which could introduce errors.
- Is the business process highly manual and repetitive?
- Is the process mature, with definable criteria, rule-based with a low exception rate? For example, in automating the accounts payable process, the conditions around payment should be well-defined and documented – including processes over the verification of the vendor, vendor payment details, validity of the transaction (e.g., goods received match the invoice and purchase order), etc.
- What is the impact of automating the process on the overall control and regulatory environment?
- What value is created by deploying RPA, for example, financial, better staff utilization, or others?
- What are the potential organizational or business unit process implications of automation?41 For example, impact on human resources, the potential of automating a poorly designed process, or the cascading effects of poor-quality data entering the system.
- Finally, stakeholders also highlighted that another factor to enable successful automation is the importance of appointing a change or transformation officer with a mix of business and technology understanding to document current processes and develop a roadmap for shifting towards automation. However, it was also noted that significant communication gaps between departments (IT and the business function) frequently exist, leading to a lack of understanding and poor specificity of needs and timelines.
Endnotes
33 IBM Cloud Education. “Robotic Process Automation.” IBM, 22 October 2020, https://www.ibm.com/cloud/learn/rpa.
34 Ibid.
35 Rundle, David. “AI and Algorithms in Financial Services – Future Areas of Focus.” JDsupra, 6 July 2022, https://www.jdsupra.com/legalnews/ai-andalgorithms-in-financial-services-1487837/.
36 See, for example, “The Future of Jobs Report 2020.” World Economic Forum, 20 October 2020, WEF_Future_of_Jobs_2020.pdf (weforum.org). and Poulsen, Justin. “The Robots are Coming for Phil in Accounting.” The New York Times, 6 March 2021, https://www.nytimes.com/2021/03/06/business/the-robots-are-coming-for-phil-in-accounting.html.
37 Ibid.
38 Presentation on “Transforming the Finance Function with RPA.” IFAC, 9 November 2021, https://www.ifac.org/system/files/uploads/IESBA/RPATransforming-Finance-Function.pdf.
39 Operational risks: insufficient exception handling in process workflows or inefficient operational delivery from poor bot resource management. Financial risks: poorly defined requirements for bots leading to financial misstatements or inaccurate payments. Regulatory risks: humans directing bot activities in a fraudulent manager for government reporting. Organizational risks: Inadequate change management, documentation, or business continuity planning. Technological risks: instability of integrating applications and the effect that might have on bot performance, cybersecurity risks, inappropriate access controls
40 Section 120 The Conceptual Framework of the Code
41 See also Nunes, Ashley. “Automation Doesn’t Just Create or Destroy Jobs — It Transforms Them.” Harvard Business Review, 2 November 2021, https://hbr.org/2021/11/automation-doesnt-just-create-or-destroy-jobs-it-transforms-them.