Business operations may be adopting robotic process automation technology at a faster clip than internal auditors.
That’s the implication of a recent Protiviti Webinar poll, where 82 percent of internal auditors said they had done nothing or were in the very early stages of considering deployment of RPA as part of their audit functions, says Andrew Struthers-Kennedy, managing director at Protiviti. That group included internal auditors who said they may have started exploring RPA, but did not yet have any bots, or automated processes, in operation.
By comparison, 65 percent of organizations as a whole are at similar stages of uptake, says Struthers-Kennedy. Of internal auditors who said they had deployed at least one bot, only 10 percent had provided any assurance or advisory services related to their use of bots to date.
The results seem to suggest internal audit is behind any number of functional areas in using RPA, says Struthers-Kennedy. “It’s probably not a stretch to say they aren’t as knowledgeable about RPA as they need to be to keep up with the business,” he says.
The implications for internal auditor, he adds, is that they are taking on some risk. “They’re being asked do an audit or other advisory work around RPA but there’s not the knowledge there,” he says. “They likely don’t have as much training or capability. That means there’s exposure there.”
Where internal auditors have begun to use RPA technology, the poll suggests the most common use so far is in automating control testing. Other common areas of exploration include data gathering and administrative or project management activities.
RPA involves the use of software tools to perform pre-determined, rules-based tasks, automating entire processes or specific activities. RPA is typically seen as mimicking human interaction with existing software tools.
Internal auditors in many ways are still contemplating adoption of new technologies, says Struthers-Kennedy. As a profession trained to be cautious of risk, they may be seen as risk averse when it comes to adopting new technology, he says. “So the culture of innovation and willingness to experiment isn’t always there,” he says.
RPA is “hot technology in the marketplace,” says Struthers-Kennedy, so internal auditors can expect business functional leaders to continue adopting and deploying new uses of RPA. That suggests internal auditors need to begin getting on board in bigger numbers, he says. He’s suggesting internal audit leaders begin an RPA journey by identifying an internal auditor or two who would be willing to experiment with some tools.
“Give them an innovation challenge,” he says. “Try to solve a problem.” Younger professionals seem especially interested in and adept at such projects, he says. “Get your team together and start to inventory all the things that on the face of it look like good candidates for automation. Maybe they’re labor-intensive, repetitive, rules-based. Those are the characteristics of a task that is a good candidate for automation.”