Software robots and importance of risk
management (Live Mint)
Mains Paper 3 : Science and Technology
Prelims level : Not Much
Mains level : Robotic Process Automation
- Robotic process automation, or RPA, has emerged as a potent
productivity-enhancement innovation that is being embraced globally by
virtually all industry sectors.
- This is hardly surprising since a software robot (also known as a bot)
can work around the clock at a fraction of an employee’s cost.
Is RPA delivering to its promise of having digital labour seamlessly replace
- The evidence is mixed. Many companies are experiencing significant
productivity gains, but research suggests that 30-50% of RPA projects fail,
- A telecom company had deployed bots for managing its complaints process.
Coding errors led to many grievances being diverted to an incorrect queue,
resulting in a backlog of complaints.
- A global conglomerate deployed bots in its finance and accounts function
to automate the accruals process.
- Its auditors, however, noticed that the accruals had been materially
under-reported for a quarter. Unfortunately, incorrect rule-set definitions
in the bots had led to the problem.
- Information security is also at risk: There have been reports of
malicious employees launching cyberattacks on bots to access sensitive
- While critics blame the underlying technology, this is seldom the case.
- Usually, the root cause lies in the inattention to risk and internal
control considerations in the bot-development life cycle and the
re-designed, bot-enabled processes.
Five simple design principles
- First, the less risky processes should be prioritized for automation.
Sensitive processes, such as those related to finance and compliance should
come later. An additional layer of monitoring controls should be considered
for all mission-critical processes.
- Second, RPA practitioners should adopt a “what-cannot-go-wrong?"
mindset. For instance, if bots are posting transactions to an enterprise’s
core technology platform, users and administrators with access to these bots
should not have the ability to execute conflicting transactions, such as
placing an order and approving the payment.
- Third, bots need to undergo robust risk-based functional testing. This,
however, is sometimes not adhered to during the software development life
cycle. An investment bank discovered that a bot emailing end-of-day trade
confirmations to customers was “dangling" because fields that were supposed
to contain email addresses were empty.
- Fourth, watertight processes around bot security are critical. Similar
to humans, bots too have user-names and passwords. Ensuring that these are
encrypted and accessed by employees according to their assigned privileges
is key to preventing unauthorized access and potential misuse, including
- Finally, implementing robust change-control processes is critical. RPA
teams need to be made aware of changes to system interfaces so they can make
- As companies expand automation efforts, risk management functions need
to step up and serve as critical lines of defence in the governance of these
- Risk managers can identify pitfalls related to automating specific
processes, pressure-test redesigned processes before they go live, and
implement early warning systems that can predict, and ultimately, prevent
- Leading risk functions, for instance, are deploying “supervisory bots"
that monitor critical tasks performed by other bots and proactively raise
alarm bells if they suspect performance issues.
Q.1) With respect to “Air Traffic Flow Management (ATFM)”, consider the
1. Recently, Air Traffic Flow Management (ATFM) - Central Command Centre was
inaugurated in Bengaluru.
2. After successfully implementing the Air Traffic Flow Management System, India
has become the third country after the US and Japan.
Which of the statements given above is/are correct?
A. 1 only
B. 2 only
Q.1) Indeed, a healthy dose of risk management can allow software robots to
become trusted enablers in an organization’s digital transformation journey.