© 2020 RSM US LLP. All rights reserved.
Robotic process automation for the three lines of defense
Let bots do the heavy lifting around your manual-routine audit and compliance activities
Have you ever been frustrated by the number of compliance-related activities you are required to do on a regular basis that take away from your real job? Have you ever wished you had an army of interns that could follow you around and take care of all of the routine, mundane tasks that get in the way of you truly being productive?
Now imagine what you could do with your time if you really did have that army of interns doing those repetitive tasks for you—24 hours a day, seven days a week, without complaint. How much more enjoyable would that make your job, and how much more value could you provide? The only catch is that these interns are not human, but instead software bots or what we like to call digital workers.
That is the essence of robotic process automation (RPA), a simple, but powerful, technology tool that growing numbers of organizations are using to streamline compliance costs while liberating talented, experienced employees to solve more challenging problems that require human judgement. Across organizations, RPA enables organizations of all sizes to efficiently scale operations with minimal impact to existing business processes.
RPA employs software robots, known familiarly as “bots,” to complete structured, repeatable and logic-based tasks by mimicking the action taken by existing human staff.
How RSM can help
RSM can help you both implement bots to help your audit and compliance organization become more efficient, as well as assess and improve your organization’s use of bots. We not only understand the risks that organizations face in adopting new technologies, but also have firsthand experience in helping clients develop, implement and optimize their use of RPA as it relates to the three lines of defense.
Our RPA risk management services include:
Governance and control services
- RPA assessment: Customizable engagement to assess the health of your automation program focusing on five main risk domains (governance, security, data, change and compliance) throughout the RPA life cycle. Our proprietary framework has been mapped to industry leading frameworks such as COBIT and will help your organization understand where there are opportunities for improvement so that they can be remediated before becoming larger problems.
- Design and implementation of RPA governance and controls: Customizable engagements to help you stand up your RPA governance and control processes and/or remediate identified RPA governance and control deficiencies.
RPA design and implementation services
- Strategy, opportunity scan and business case development: Using our proprietary methodology that is focused on the identification of RPA opportunities within the three lines of defense, we help you kick off your automation journey. We help you with the creation of your overall automation strategy, vision and road map based on our cumulative knowledge and experience around automation and controls. We also assist with the identification and prioritization of potential use cases, which then leads into a business case for the implementation of RPA technologies to help you streamline and optimize your internal control and compliance processes. As part of our highly collaborative process, we also help you avoid potential pitfalls and if needed, choose the RPA software vendor that best fits your unique needs.
- RPA implementation. We can work with you to either develop a POC (proof of concept), pilot or implement additional bots (beyond the POC or pilot) to reduce the time and cost of your audit and compliance tasks. We have partnerships with the top RPA vendors; and together, we will make your automation journey a success.
Mitigating bot risk
While implementing bots can help significantly streamline your organization’s risk management and monitoring programs, they can also introduce risk, regardless of the process for which they are used. When implementing RPA, management needs to answer a number of questions to ensure that its use of bots is under control. These questions include:
- How many bots are we running and who authorized their use?
- If we make a change to our information technology (IT) environment, what bots might be affected?
- Have we enabled logging so that we can track bot activity and establish audit trails?
- What evidence do we have that our bots did what they were supposed to do?
- How do we know what the bots did was accurate?
- What kind of testing do we need to do to know that our bots haven’t changed since the last time we certified their performance?
As internal control and compliance experienced professionals, we at RSM understand how to both create bots that can lower compliance costs and help you manage RPA processes to mitigate associated risks.
Most of our professionals have held positions in the industry before coming to RSM, so we know what it’s like to be in your shoes. Furthermore, we are not checklist auditors. We take a practical approach to risk management, tailoring our services to our clients’ specific needs, and often introducing you to IT solutions that may be less costly than those some other organizations use.
Finally, we understand your industry, and make it a priority to learn what is unique and different about your organization.
We welcome the opportunity to learn about your specific needs and demonstrate our ability to serve them. Please contact us today so that we might begin a conversation.