Now, more than ever, companies are forced to do more with less, ultimately looking for ways to increase value and efficiency. Within organizations, the Internal Audit function can improve performance by leveraging Robotic Process Automation (RPA) – both by increasing the quality, efficiency, and effectiveness of its own activities, as well as helping to identify opportunities to utilize automation within the business.
As a noninvasive integration technology, RPA can leverage existing IT infrastructure without causing disruption to underlying systems, making it relatively straightforward and cost effective to implement in comparison to traditional methods. By taking repetitive processes and orchestrating them 24/7, RPA is also immune from the many distractions Internal Audit teams are facing in today’s remote working environments.
Selecting the Right Processes for RPA
As Internal Audit prepares to incorporate RPA technology into its audit projects, the following criteria should be considered when determining if a process is ripe for automation:
- Rules-Based – Processes where each action completed is based on a clearly-defined set of rules (i.e., no human judgment required). A bot requires a rule for each possible situation to know what action to execute given the circumstances.
- Standardized – Processes with well-defined and repeatable steps, inputs, and outputs. Because it is easier to configure a bot to execute a process with a consistent series of steps, inputs, and outputs, automating a standardized process will require less development time.
- Stable Environment – Processes involving steps and applications that are mature and are not expected to change. Automating a stable process will reduce development time as additional effort to configure a bot for changes will not be required.
- High-Volume – Processes that include many transactions or routine processes that are performed frequently. Automating a high-volume process will provide more value and result in a greater return on investment.
In addition to selecting the right processes for RPA, Internal Audit teams must also ensure they build the necessary skills to use the technology appropriately. These in-house skills are essential for automation growth; however, because they allow Internal Audit to advise the rest of the organization on how to use RPA technology, they are also largely beneficial.
Leveraging RPA for Internal Audit
There are many audit-related processes that match the above criteria for RPA. One simple example is to configure a bot to generate the control workpapers using information from the Risk Control Matrix (RCM) and prior-year workpapers. This particular process is often burdensome for Internal Audit teams given the volume of different workpaper files that must be created (or updated) per audit, the need to retrieve pieces of information from multiple sources, and ensuring that the workpapers contain accurate information (e.g., control description, frequency, test procedures). Unless the Internal Audit function is using an Audit Management or GRC (governance, risk management, and compliance) software, this must all be done manually.
It is important to note that opportunities to leverage RPA can be found not only within the planning and fieldwork stages of an audit, but throughout its entire lifecycle.
The Benefits of Using RPA
Leveraging RPA will provide a wide range of benefits that will increase the quality, efficiency, and effectiveness of Internal Audit’s activities.
- Increased Audit Coverage – Bots complete processes in a fraction of the time it takes a human and are available 24 hours a day. This opens the possibility to increase the breadth and depth of audit coverage, where the bot can be used to audit entire control populations or to perform continuous monitoring for critical business processes.
- Greater Focus on Value-Add Activities – The Internal Audit team will have additional time to perform more thoughtful and analytical work that should translate into greater value to the organization. This work can take the form of quality assurance reviews, exception management, process improvement efforts, and stakeholder communication. An added benefit is that shifting the nature of the work can also increase auditor job satisfaction and reduce turnover.
- Higher Quality Output – Once an automation is thoroughly tested and implemented, the bot will consistently execute the process without error. This is especially helpful when automating high-volume, low-complexity audit tasks which tend to be error-prone when performed by a human. Error-free output will result in reducing the costs associated with mistakes, omissions, and re-work.
- Promotes Automation within the Organization – Given their visibility into business processes across the organization, Internal Audit is in a unique position to identify opportunities to implement RPA solutions elsewhere and can serve as a catalyst for automation throughout the organization using their own successful implementation of RPA as a pilot.
Automation tools like RPA are enabling Internal Audit functions to do more with less, all while improving their overall performance and increasing the quality of their work. In order to ensure the successful adoption of RPA within Internal Audit, audit leaders must clearly define their vision and strategy for automation and develop a target state operating model (people, process, technology) to support and sustain the deployment:
- Inventory the Internal Audit processes and identify tasks ripe for automation.
- Educate and train the Internal Audit team on RPA and raise awareness of the benefits of automation technology.
- Establish governance of RPA and relevant controls to effectively manage the related risks across the organization.