Robot design and maintenance departments are subject to different risk and control standards, and they won't always know all the correct procedures. External and internal audits seek a solid governance structure to support each robot delivery model. Always revolving around clear organizational oversight standards, business justification, and development standards defined by a center of excellence.
There is a risk that some robotic process automation could actually decrease the effectiveness of controlling a process. In this case, the benefits of RPA may not outweigh the investment cost and the proliferation of robots may lead to a more vulnerable and fragmented technological environment. There must be a structured way to assess which processes are suitable for automation. This must depend on predetermined factors, such as risk inherent to the underlying process, degree of complexity of the process, degree of subjectivity and variability in decision results, and stability of the IT environment. These factors must be weighted against the expected benefits, for example, the delivery of greater efficiency and cost reduction.
The robots may also fail to achieve the established objectives. In addition, since they cannot naturally assess anomalies and irregularities as a human being would, they are capable of generating inappropriate results. Therefore, data quality is fundamental to the effectiveness of a robot and, therefore, data governance controls will be fundamental in design , even for simple robots. This will include controls over maintaining source data, as well as ensuring data integrity and providing security and confidentiality, which is essential for public credibility. External and internal audits must verify that the process mapping, which includes the life cycle and data quality, is complete.
O Robot development must comply with standard organizational principles for IT development, including appropriate testing before implementation. This must include a proof of concept and a transition phase of parallel executions of the automated and non-automated process to compare results. Monitoring and error handling routines must be incorporated into the processing to ensure that operational problems and anomalies are detected early and answered automatically whenever possible.
Another point of attention is the behavior of the robot in production, often executing a high error rate. Depending on the risk, robots will require varying levels of human oversight by the process owner, based on dedicated metrics. External and internal audits should review whether the list of available key risk indicators is complete in relation to the underlying process and provide assurance about the accuracy of management metrics, identifying new insights about the operation of the process. It should also test the effectiveness of the robot's alerts and switches to instantly stop it in the event of a problem, review quarantined exceptions to ensure timely action by a human monitor, and analyze problem and complaint records to assess whether themes can be attributed to the robot's performance.
External and internal audits must assess whether there is a clear responsibility of who must determine when changes are necessary to the robot and who must reassess the risk. They will need to review whether there is a structured change management process and whether it includes restrictions on who can execute the changes.
Finally, the widespread use of robots can create a dependency that makes businesses vulnerable if they become disabled, especially if the business loses key knowledge of the process. One risk is that if the robot fails, there may not be enough personnel to operate processes manually in your absence. In this case, external and internal audits should seek documentation that articulates a clear business continuity plan to capture backup procedures and the data sources needed to complete the work. In addition to reviewing whether the business continuity plan defines how activities will resume, whether there are regular system capacity tests and whether there is a process to ensure that impacted areas are notified of the robot's incapacity. Robots will evolve over time, and periodic risk assessments will also be necessary to determine if the robot should be removed.
To learn more about the topic, contact TATICCA — ALLINIAL GLOBAL, which provides integrated auditing, accounting, tax services, corporate finance , Financial Advisory , Risk Advisory , technology, business consulting and training. For more information, visit www.taticca.com.br or email taticca@taticca.com.br. Our company has professionals with extensive experience in the market and has certified methodologies for carrying out activities.