Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Managaement
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social Responsibility
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
2 December 2020

Bots are people, too: Robotic Process Automation in finance

As technology has advanced, Robotic Process Automation (RPA) has become a valuable tool for finance teams in streamlining everyday processes and operations. Until 2020, RPA has worked in combination with skilled human resource to get these vital tasks done… but then COVID-19 hit.

The economic shock of the pandemic has led many organisations to pare back their workforces, and consequently they are turning to RPA much more in order to get the same jobs done for a smaller financial outlay. This acceleration in adoption can deliver huge benefits for these organisations, but come with a number of trickychallenges to navigate, especially around security, risk and access management.

Removing the margin for error

The premise of using RPA over human finance operatives is clear: robots don’t get tired or bored. Even the most skilled and experienced employee in the world will be fatigued by dealing with a seemingly endless stream of invoice amounts, PO numbers and other data, and over time, it’s easy for mistakes to creep in.

RPA bots don’t have this problem (and neither do they have to be regularly fuelled with coffee). They have the ability to read an invoice, attribute the information within it to the appropriate PO number, and set in motion all the related payment and ledger activity related to that data.

Not only do they do all that much more reliably than humans, but they do so much faster and cheaper, too. However, this ideal vision can only be achieved if RPA is built and implemented into a business correctly.


Different cure, same treatment

RPA bots do have incredible capabilities for automating and streamlining all these processes - but they have to be told exactly what to do and how to do it first. This means that bots need to be subject to at least the same kind of controls that human finance staff are, and perhaps even more robust controls given the larger workloads bots can take on.

There are three key elements to be considered here:

  • Control execution points: think of an accounts payable process, for example. An AP clerk will approve processes manually, then pass onto the AP manager so at least two pairs of eyes are running this through. RPA removes this function and reduces the level of human intervention to spot-checks, so having automated controls working properly is essential.
  • Failure indicators: depending on how they’re configured, bots can (occasionally) make mistakes, such as misjudging numbers of a similar format and putting a PO number in as an amount. Bots can resolve these issues themselves, but only if they know about the types of errors they should be looking for.
  • Robust testing: both of the points above mean robust testing is critical, and how robust that testing needs to be depends on how much work RPA is taking on. If, say, RPA is handling half your cash outgoings, then controls need to be sufficiently strong to match the risk posed to your organisation if things go wrong.


Safety still comes first

Along with controls, how RPA fits in with your security provisions must also be considered. Bots can process a large number of invoices in a very short period of time; potentially enough to trigger warnings around security breaches, and so allowances will have to be made to accommodate this major change in ‘usual’ activity.

It’s also worth remembering that bots are also pieces of software, and therefore are at risk of cyber attack just like any piece of software. Because they are required to process lots of sensitive information at high speed without triggering alerts, they are often an attractive target for cyber-criminals. This is where keeping access controls to bots to an absolute minimum is absolutely crucial, in order to limit the risk profile of the bots and eliminate credentials often given to them that are unnecessary.


In summary

Overall, RPA bots can and should be immensely powerful assets to your organisation in the unpredictable months and years ahead - but only if you get the implementation right. With risk, security and controls kept front of mind, you can improve the efficiency of your finance operations, make meaningful savings, and reduce the pressure on your human finance staff.