Key Insights Blog

Read the latest insights from our experts on GRC and risk management

16 November 2020

Bots are people, too: Robotic Process Automation in finance

As technology has advanced, Robotic Process Automation (RPA) has become a valuable tool for finance teams in streamlining everyday processes and operations. Until 2020, RPA has worked in combination with skilled human resource to get these vital tasks done… but then COVID-19 hit.

The economic shock of the pandemic has led many organisations to pare back their workforces, and consequently they are turning to RPA much more in order to get the same jobs done for a smaller financial outlay. This acceleration in adoption can deliver huge benefits for these organisations, but come with a number of tricky challenges to navigate, especially around security, risk and access management.

Removing the margin for error

The premise of using RPA over human finance operatives is clear: robots don’t get tired or bored. Even the most skilled and experienced employee in the world will be fatigued by dealing with a seemingly endless stream of invoice amounts, PO numbers and other data, and over time, it’s easy for mistakes to creep in.

RPA bots don’t have this problem (and neither do they have to be regularly fuelled with coffee). They have the ability to read an invoice, attribute the information within it to the appropriate PO number, and set in motion all the related payment and ledger activity related to that data.

Not only do they do all that much more reliably than humans, but they do so much faster and cheaper, too. However, this ideal vision can only be achieved if RPA is built and implemented into a business correctly.


Different cure, same treatment

RPA bots do have incredible capabilities for automating and streamlining all these processes - but they have to be told exactly what to do and how to do it first. This means that bots need to be subject to at least the same kind of controls that human finance staff are, and perhaps even more robust controls given the larger workloads bots can take on.

There are three key elements to be considered here:

  • Control execution points: think of an accounts payable process, for example. An AP clerk will approve processes manually, then pass onto the AP manager so at least two pairs of eyes are running this through. RPA removes this function and reduces the level of human intervention to spot-checks, so having automated controls working properly is essential.
  • Failure indicators: depending on how they’re configured, bots can (occasionally) make mistakes, such as misjudging numbers of a similar format and putting a PO number in as an amount. Bots can resolve these issues themselves, but only if they know about the types of errors they should be looking for.
  • Robust testing: both of the points above mean robust testing is critical, and how robust that testing needs to be depends on how much work RPA is taking on. If, say, RPA is handling half your cash outgoings, then controls need to be sufficiently strong to match the risk posed to your organisation if things go wrong.


Safety still comes first

Along with controls, how RPA fits in with your security provisions must also be considered. Bots can process a large number of invoices in a very short period of time; potentially enough to trigger warnings around security breaches, and so allowances will have to be made to accommodate this major change in ‘usual’ activity.

It’s also worth remembering that bots are also pieces of software, and therefore are at risk of cyber attack just like any piece of software. Because they are required to process lots of sensitive information at high speed without triggering alerts, they are often an attractive target for cyber-criminals. This is where keeping access controls to bots to an absolute minimum is absolutely crucial, in order to limit the risk profile of the bots and eliminate credentials often given to them that are unnecessary.


In summary

Overall, RPA bots can and should be immensely powerful assets to your organisation in the unpredictable months and years ahead - but only if you get the implementation right. With risk, security and controls kept front of mind, you can improve the efficiency of your finance operations, make meaningful savings, and reduce the pressure on your human finance staff.