No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

RPA: First Steps to Greater Internal Audit Efficiency

by Andrew Struthers-Kennedy
November 16, 2018
in Featured, Internal Audit
robot hand holding magnifying glass over invoice

Why IA Leaders Should Care About Robotic Process Automation

Robotic process automation (RPA) is drawing significant interest from Chief Audit Executives and internal audit leaders seeking to learn more about how to use it from a business improvement standpoint, as well as how to audit RPA in their organizations. Protiviti’s Andrew Struthers-Kennedy and Angelo Poulikakos discuss why RPA use remains low among internal audit departments and how organizations can change the tide to save costs and time.

with co-author Angelo Poulikakos

As the popularity of robotic process automation (RPA) increases, internal audit departments are starting to realize that this relatively simple and affordable technology can make their work more effective and efficient by improving audit coverage and automating many routine audit tasks. This, in turn, can free up time for more strategic, value-adding work that requires a depth of evaluation and judgment not available through RPA solutions.

That said, there remains little adoption of RPA within internal audit. In some cases, this is due to a gap in understanding exactly how and where RPA should be applied to internal audit activities. In others, the awareness of RPA as an efficiency tool is tempered by an inherent reluctance to innovate.

Consider a Structured Approach, But Don’t Overcomplicate It

The best way to determine where RPA can deliver maximum return on investment (ROI) is to take a structured approach to identify, evaluate, categorize and prioritize automation candidates.

For example, suitable tasks for automation are those that are routine, manually intensive, prone to human error and rules-driven (i.e., not overly subjective) and for which supporting data is readily available and easily readable.

Control-testing automation or use of automation to expand coverage (e.g., through testing larger sample sizes or full populations) are obvious areas to explore, but also consider routine internal audit activities, such as document request management, artifact gathering, interactions with GRC platforms, process and control owner follow-ups and reminders, issue validation and even initial report generation. These more administrative-type tasks are often collectively the most time-consuming while also delivering little value compared to the effort required. Asking the audit group to hold an automation-opportunity brainstorming session usually yields a medium-to-long RPA candidate list fairly quickly.

Next, evaluate this list to determine which candidates are likely to offer the best ROI by looking at the automation potential of each, both in terms of technical feasibility and the expected value that automation can deliver through increased efficiency and coverage/effectiveness.

In evaluating the ROI of potential RPA scenarios, look beyond traditional measures, such as employee reduction or cost savings, to less tangible metrics, like increased visibility and credibility for the internal audit organization; increased insight, breadth and depth of coverage; ability to provide more real-time monitoring; and ability to focus on more value-add activities. These metrics are important because they impact the quality of internal audit’s interactions with its key stakeholders.

A good outcome might also include expanded audit capabilities. In the case of control testing, for example, RPA allows internal audit teams to move beyond traditional detective or preventative methodologies of periodic artifact requests to continuous auditing, making almost instantaneous an audit cycle that may have previously taken several weeks. Auditees also benefit because they can spend more time on their business-as-usual activities and, in the event of a control deficiency, they get closer to real-time results and have longer runways for remediation.

Automated artifact gathering can also position internal audit to be more autonomous: for example, IA functions can partner with the business to understand the process followed to generate audit artifacts (including the systems involved) and subsequently work to automate these processes.

Generated artifacts can be stored in a centralized repository on a routine schedule (e.g., monthly) or RPA bots can be designed to generate the information at will. Additional bots can be designed to tick-mark evidence to aid the internal audit testing process. The measuring of the ROI of automated artifact gathering and testing should consider the time and effort saved on both the audit and business sides.

A word of caution: Often an existing process may require some tweaks to make it a better candidate for automation. Streamlining processes should always be done prior to automating them.

Once the candidates have been identified and prioritized, it is relatively simple to group them by commonalities and then develop a prioritized roadmap outlining which controls/activities will be automated and in what order.

Take the First Steps Now

An old Chinese proverb says every journey begins with a single step. RPA is among the hottest technologies in the market, and there is no reason for internal audit to fall behind in its evaluation and adoption. Taking the first steps often involves tasking an IA team member with a strong aptitude in technology and interest for innovation to take a lead role in developing the automation capability for the broader IA team. Generally, this starts by providing the entire IA team with an initial RPA-awareness session so that everyone understands the technology, the benefits and the processes fit for RPA.

From there, additional in-depth sessions can be provided related to the roles and responsibilities of RPA stakeholders (e.g., business analyst, bot developers), the functions of a Center of Excellence and the overall robotic operating model. Most RPA vendors make (often free) training resources available on their websites for both technical and nontechnical resources. Alternatively, an organization can jump-start its RPA efforts by engaging a third party, but building long-term sustainability requires in-house expertise.

RPA is not a cure-all. Bots, while good at handling highly manual and repetitive rules-based processes, are not the right answer for all activities. A bot is a point solution that can sometimes perpetuate rather than address issues of legacy environments and “technical debt.” Implementing RPA is not a substitute for core platform modernization — though it often can make the process of bridging legacy systems more efficient prior to a modernization project. Nor is every process or task a good automation candidate. Finally, automating a broken process can potentially expose companies to the real risk of making bigger mistakes even faster.

Among the risks associated with implementation of RPA are:

  • Picking the wrong activities or process for automation
  • Workforce disruption and/or loss of knowledge capital
  • Masking legacy environment issues and technical debt
  • Insufficient governance and oversight, resulting in lost ROI and increased operational risk
  • Insufficient consideration of bot impacts on existing technology and infrastructure

Tags: Robotic Process Automation (RPA)
Previous Post

Thomson Reuters Completes Acquisition of Integration Point

Next Post

Keeping Your Whistleblower Hotline Alive

Andrew Struthers-Kennedy

Andrew Struthers-Kennedy

Andrew Struthers-Kennedy is a Managing Director leading Protiviti’s global IT Audit practice. Based in the metro Washington D.C. area, Andrew works with clients to help drive efficiency, effectiveness and enhanced risk mitigation in their IT and business operations. Andrew works with clients across a cross section of industries to deliver outsourced and co-sourced internal audit services, as well as technology and risk management consulting services. Andrew is actively working with a number of organizations to establish the platform for delivery of next-generation internal audit services through the use of analytics, automation and other emerging tools.

Related Posts

Gartner Identifies the Legal & Compliance Technologies to Focus on Post COVID-19

Gartner Identifies the Legal & Compliance Technologies to Focus on Post COVID-19

by Corporate Compliance Insights
October 5, 2020

Gartner’s New Hype Cycle for Legal and Compliance Technologies Helps General Counsel to Focus on the Most Meaningful Technology Innovations...

black binoculars on yellow background

Reassessing the GRC Industry Outlook Well Into 2020

by Matt Kunkel
September 23, 2020

With normal, day-to-day business processes interrupted and organizations increasingly adopting cloud infrastructure services, the GRC landscape is rapidly changing. LogicGate...

virtual display of digital globe with text reading internal audit

Getting More From Internal Audit in the Digital Age

by Jim DeLoach
August 24, 2020

With digitization fueling innovation and change, two questions arise: Is internal audit adjusting quickly enough to innovate and embrace underlying...

artificial intelligence, robot futuristic face

Auditing Artificial Intelligence

by James Bone
July 27, 2020

The use of AI is projected to grow exponentially in the near future. James Bone discusses what this means for...

Next Post
red landline phone hanging on dark background

Keeping Your Whistleblower Hotline Alive

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT