Internal Audit of RPA
RPA indeed comes with many benefits. What also comes with RPA is added risks to the Company. Without proper governance, risk, and control framework in place the organization can be exposed to these risks.
• Data leakage & privacy
•License & compliance
•Incident management and business continuity
•Identity & Access management
•Secured Business Process
•Business Case Evaluation
Areas of risk include
How can Internal Audit Help?
• Assist the company with the identification of risks associated with implementing RPA.
• Provide guidance around control design/enhancements and testing approach.
•Help the company identify/or recommend controls processes well suited for automation and assess the impact of automating those controls.
•Provide assurance over the RPA lifecycle not just the operation
•Ask relevant questions to ensure the RPA implementation has been assessed for audit trails and essential security features
Internal Audit is well suited to assist management in their efforts to identify processes that are best suited for automation, due to their familiarity with the business processes and underlying controls.
Internal Audit can assist management in their efforts to assess the effectiveness of the process, and evaluate wither return on investment was achieved.
Are there controls that are currently executed manually due to system limitations or lack of an interface?
Which control processes are performed routinely that are rule-based and currently manual in nature?
Are there “swivel chair” activities that are part of a control process?
Are there control processes that can be tweaked in order to lend themselves to automation?
Has management performed an initial process assessment and defined the business case for automation?
Are the metrics around capacity management, process automation rates, process exception handling, defined and measurable?
How is management planning to measure the effectiveness and efficiency of RPA against the projected business case?