Part Four in a Series: Managing Risks of Technologies Emerging as Business Opportunities: Robotic Process Automation

Are you tired of sending the same email every week? How about searching for information from past audit documents? Lucky for you, a resolution for these work woes (and many more) has arrived.  Companies are taking efficiency and cost saving to another level thanks to an emerging digital technology called Robotic Process Automation (RPA), more informally known as: bots.

RPA works by using rules-based software robots, or bots, to automate business processes to increase efficiency, decrease human error, and save on staffing costs. Furthermore, RPA can work with Enterprise Resource Planning (ERP) systems in order to automate a plethora of business processes.

For example, bots can take information from the aforementioned weekly email and insert it into an ERP system to be used companywide across various systems. According to the CIO.com article, “What is RPA? A Revolution in Business Process Automation,” some of the biggest names in the game such as Walmart, Deutsche Bank, Anthem, Walgreens, Vanguard, AT&T and American Express Global Business Travel are among the many companies already seeing the benefits of using bots.

However, RPA may not be for every company. As we continue further into the digital age, technology seems to be slowly taking over jobs once managed by thousands of employees. Therefore, management must grapple with the decision of potentially saving on staffing costs versus eliminating jobs for its employees. Additionally, proper installation and set-up of bots can be highly complex and take significant resources. At this point, the long-term economic effects of implementing RPA is far from certain.

Although RPA can provide efficiency for companies, they also come with additional risk considerations for internal auditors that span across every risk area. Some of these risk considerations can include:

  • Management’s identification of fraud risks associated with the implementation of RPA
  • Oversight and governance over the RPA
  • Ineffective change management and security controls over  the RPA
  • Compliance or regulatory risks associated with using RPA
  • Inadequate enterprise risk and control methodology; inconsistent monitoring as a result of employing RPA
  • Ineffective employee training on RPA which can result in inefficient use of the RPA and/or non-compliance with company policies
  • User access abilities and segregation of duties related to the RPA
  • RPA’s impact on financial reporting and disclosures

While RPA may seem to be solely the IT department’s territory, it is critical that internal auditors engage in discussions with company management regarding their implementation of RPA and become aware of the potential risks posed to the company in order to properly plan and execute auditor responsibilities.

If you have additional questions related to RPA, we welcome the opportunity to discuss and advise on risk assessment.  Please visit our Risk Advisory Services page.

Sources: Boulton, C. (2018). What is RPA? A revolution in business process automation. [online] CIO. Available at: https://www.cio.com/article/3236451/business-process-management/what-is-rpa-robotic-process-automation-explained.html.

Emerging Technologies. (2018). An Oversight Tool for Audit Committees.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
The Impact of the Baltimore Key Bridge Disaster on Supply Chain
IPE 101 – Assessing Management IPE Controls and Report Risks
IPE 101 – Differentiating Populations and Key Reports
IPE 101 – Defining and Understanding Information Produced by Entity
SEC Adopts Final Climate Disclosure Rules
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×