Internal auditors are in the midst of a transformation. The bots aren’t coming — they’re here. Robotic process automation, or RPA, is happening in our space. It’s not only a bellwether of what’s to come. It’s also an opportunity for internal audit to lead.
I’ve spent the past several years immersed in training myself and others in RPA, both as the head of an internal audit team and in my current role as a professor and Director of the Center for Intelligent Process Automation at Nichols College. What I’ve learned is that internal auditors are uniquely suited to be great at RPA, and our skills and experience translate to leadership potential.
I’ve also learned that RPA training is experiential and transformative. You can’t learn RPA by talking about it. You learn by doing. That’s why I’m calling on every internal auditor to get started — now.
RPA’s Value and Vision
RPA mimics how people interact with software to perform repeatable, rules-based tasks. Attended (interacting with humans), unattended (run on their own), and hybrid (attended triggering unattended) bots are being embraced across industries. A 2019 UiPath and Economist report found that nearly three-quarters of businesses that have undertaken RPA are “very” or “entirely satisfied” with the automation benefits they’re seeing. RPA has only improved since then.
Automation makes it possible for everyone to win — employees, businesses, customers, and investors. RPA helps to increase productivity, efficiency, consistency, accuracy, collaboration, and innovation while reducing costs. It’s also a path to higher-value, more engaging work, improving employee satisfaction and reducing talent drain. It’s even helping to attract new practitioners, making internal audit “cool.”
RPA helps us rethink what an auditor’s job can be. Imagine an army of bots under your supervision, helping you enlarge your vision and amplify your impact.
Why Internal Audit Is Great at RPA
RPA requires exactly the investigative, curious, and analytical approach innate to internal audit. It necessitates:
- Identifying challenges and opportunities while understanding risks and costs.
- Creating effective documentation, since future iterations and maintenance require it.
- Differentiating between processes that need automating and processes that need improving — bad processes shouldn’t be automated.
As the table below illustrates, these are all skill sets internal auditors are already great at.
Where to begin? Start small. Begin with low-risk, low-cost RPA efforts that allow you to take your time and learn as you go. Remember: There are many successful ways to create value.
Look for repetitive, logic-based tasks. Automating compliance work, simple data collection and comparison tests, and repetitive administrative tasks (e.g., generating reports, aging findings, requesting documents) offers easy, proven ROI. With some smaller projects under your belt, you’ll be able to tweak modules to support larger efforts such as operational reviews.
Open your mind to use cases throughout the organization. Examples include:
- Accuracy. Anti-money laundering (AML) compliance programs traditionally need people to check names on forms. A bot spares that person’s poor eyeballs.
- Speed/Urgency. Compliance involves due dates and timing constraints. Bots can expedite and reduce the level of effort on underlying data-gathering and processing tasks ensuring deadlines are always met
- Availability/Reliability. People get sick and need sleep, breaks, and weekends. But some tasks need to happen 24/7 — great opportunities for exploring automation.
- Possibility. Resource- or time-intensive ideas become possible with RPA. Whereas one person can only spend so much time checking eBay for items/patterns signaling possible theft, a bot could scrape it 24/7 and create visualizations mapping items and sellers.
- Morale. Using bots to take away dreaded tasks can be game-changing, creating valuable energy around RPA early on.
- Customer. Projects initiated internally can often be repurposed to provide value to customers.
Use your experience to form a perspective on digital transformation. Explore the new data sets automations create. What information can RPA help you extract from websites, social media, email, or systems that don’t readily store data? Once you have a handle on your capacity to do more with data, focus on innovation. How can you use AI, text analysis, data analytics, process mining, and other tools to find opportunities?
As Mike Jacka, Internal Audit thought leader and someone with whom I collaborate frequently, has written in a recent article for his “Mind of Jacka” column in Internal Auditor Magazine:
The challenge is for us to first recognize how much of our time is being wasted on mindlessness — things that could be done better through computers and bots. The next is to find the actual tasks that can be replaced. Challenge number three is to go out and automate those steps. And the final challenge is to use that newly-free time to add actual value, not just press buttons, enter data, and copy forms.
Internal audit is positioned to lead the RPA transformation in ways that make sense for our organizations and profession. If we don’t lead, we will be led. The important thing is to engage, whether that means dipping a toe in on a small project or lobbying for a big RPA budget. After all, if you’re not bringing leadership and value, why wouldn’t they automate what you do?