Skip to Content

Have you considered the risks and controls before implementing RPA?

Ajay Gupta
2019-01-23

Across organizations, stakeholders – including the board, functional heads, and internal auditors – are exploring ways to reduce costs by automating their processes. More often than not, however, organizations tend to either ignore or sideline the security and risk considerations, while implementing robotic process automation (RPA) solutions focused primarily on cost reduction and speedy development.

With RPA characterized by no or very little intervention by human beings, risk management plays a pivotal role in RPA implementation. Here are some key risks and controls you should consider while implementing RPA or planning our RPA journey:

  • A lack of standardization of processes – this often leads to solutions being customized to countries and business units, resulting in errors and increased cost of automation. Prior to RPA implementation, organizations should first standardize the major part of their process the processes across geographies and business units.
  • A lack of ownership, roles and responsibilities – functional heads tend to think that a particular technology solution is owned by IT, while IT think of themselves as just the enabler and the functional heads as solution owners. This leads to a situation where nobody owns the errors and problems of automation. Organizations should clearly define the ownership, roles, and responsibilities of each of the stakeholders within any RPA solutions they adopt.
  • Data privacy and cyber security – RPA implementation comes with a number of risks and internal privileged access rights that have the potential to be exploited. This can lead to the confidentiality, integrity, and reliability of data that an organization processes being compromised. Organizations should deploy adequate cybersecurity and data privacy controls, depending on the data exposure and extent of personal data available within the organization.
  • A lack of effective change management process – as the level of automation within an organization develops, data mapping and configuration will also change. If the related configurations and data mapping aren’t updated within the automated solution, it will deliver inaccurate results and an incorrect output. Organizations should define and adopt a strong change management process to mitigate this risk.
  • Process documentation – in many cases, process documentation is not updated, making it difficult to manage changes at a later date in the application. Organizations should ensure that all documents, supplier information, inputs, RPA logic processing, outputs, customer information is updated, which enables any changes to be easily implemented, when required.
  • Selection of the automation tool and partner – failure to invest in the right tools and partner can directly impact the viability and outcome of an organization’s automation journey. Inappropriate investment can lead to a waste of time and money. Organizations should perform adequate due diligence while selecting a RPA partner and automation tool.

In subsequent blogs, I will share my views on the risks, challenges, and methodology that need to be considered before implementing RPA, as well as go into more detail into some of the ideas above. I’ll leave you with a simple question – how many of these risks and controls have you considered on your automation journey?

To learn how Capgemini can help your organization analyze the risks prior to RPA implementation, contact: ajaykumar.r.gupta@capgemini.com

Learn more about how Capgemini’s Automation Drive brings a unified, open and dynamic suite of intelligent automation tools, services, and expertise that serve your business as a continuously evolving source of innovation and value.

Ajay Gupta has diversified and rick experience in risk management, governance, risk, and compliance, automation and process transformation. He is currently the Head of Shared Service for Nordic countries at Capgemini.