Using RPA to automate internal audits – where to start

Much of the repetitive reporting, number-crunching work of the accounting and finance department is the type of work best suited for a robotic takeover.

Use of RPA (Robotic Process Automation) software is rocketing – it’s become a highly competitive market for those companies leading the charge. Gartner predicts the market was worth around US$1.3 billion last year.

Businesses with legacy systems are some of the biggest adopters. That includes banks, insurance companies, telcos and utility companies, where RPA can be put to task on routine, mundane tasks that would otherwise be assigned to a worker.

“By using this technology, organizations can quickly accelerate their digital transformation initiatives, while unlocking the value associated with past technology investments,” Fabrizio Biscotti, research vice president at Gartner, has said.

RPA has proven exceptionally beneficial for the routine work of internal audits at SMEs, ensuring all the numbers on the books can be accounted for.

In fact, the applications available to both improve accuracy and expedite the process are such that executives overseeing the work are having a tough time working out where to apply it first.

Where to start with RPA auditing

Neil White, principal at Deloitte Risk & Financial Advisory of Deloitte & Touche LLP, believes that executives overseeing audits should first identify the automation opportunities that deliver strategic value that is in line with the rest of the organization’s digital framework, while also managing cost expenditures.

“Objective assessment of the complexity and benefits of automation can help internal audit leaders identify where to deploy RPA and develop a road map to plan further advancements.”

Michael Schor, a partner at Deloitte Risk & Financial Advisory of Deloitte & Touche LLP, agreed with that assessment. “A structured approach to evaluating RPA opportunities can help prioritize where to apply the technology to gain the greatest value,” he said.

Besides performing rules-based, repetitive tasks that are time-consuming for people – such as pawing through data from multiple systems – RPA is also effective in monitoring aspects of the business that might be demanding (or expensive) to monitor independently.

Some audit departments deploy RPA processes for cost-benefit analyses on frequent datasets, being ideally suited to parse minute differences and between data sets that would appear similar to the human eye.

Combining with cognitive technologies

There have also been cases of capable internal audit departments combining automated processes with cognitive tools like natural language processing (NLP) to compile and produce full lists of vendor requirements, or spotting legal risks that arise outside of standard agreement clauses.

“When combined with cognitive technologies, RPA can produce real-time reporting of fraud arising in financial systems, and it can test control effectiveness based on not just samples but entire populations of data,” commented Deloitte’s White. “It also can detect suspicious logs associated with IT systems.”

The first step for internal auditors to consider when considering adopting RPA is to identify operations that could actually benefit from automation.

“Consider processes that are standardized and rule-based, including tests or parts of tests that can be performed by analyzing and comparing large datasets,” Deloitte Risk & Financial Advisory senior manager Martin Rogulja advised.

“This might also include controls where full-population testing would be both feasible and insightful as well as tests that could benefit from increased scope.”

Once a suite of control testing has been identified, the audit executives need to determine the intrinsic value of deploying RPA for each possible function, or set of functions.

The value is ascertained by several factors such as the potential cost savings, risks to the existing process flow, productivity improvement estimates, impact of risk mitigation, and potential customer/employee satisfaction.

Essentially, one must perform an audit of the existing system and define the parameters that automating parts of the system would affect.

“Processes that would provide the greatest value and be the least complex to automate represent the highest-priority RPA projects,” according to White. “Conversely, processes that are of lower value and would be more complex to automate would fall into the lowest priority category.”