Robotics Process Automation & Impact on the ICS

The automation of individual process steps or entire processes is one way to improve efficiency and effectiveness in companies. For this reason, topics such as robotic process automation (RPA), machine learning and artificial intelligence (AI) have become buzzwords of current discussions in companies.

The use of RPA in particular is currently being promoted in many companies. RPA is software that can address practically any existing desktop or server software and can be integrated into the business processes and system landscape quickly and without great implementation effort.

A key reason for the growing benefits is that RPA can automate repetitive, manual processes with relatively little effort. This can be relevant to the ICS from two perspectives:

• Some of the control activities or activities in the (annual) ICS cycle are repetitive and manual and are therefore particularly well suited for transfer to an RPA model (e.g. general ledger/sub-ledger reconciliation, price reconciliations, purchase price variance or testing activities such as automated data downloads, automated audit actions, report generation, etc.).
• The use of RPA in processes requires a new control perspective, as such digitised activities need an appropriate governance or monitoring model

KPMG Corporate Governance Services offers you support:

1. Assistance in implementing control activities through RPA: analysis to identify appropriate control activities and proof of concept approaches for RPA use in control implementation. 

2. Control design for an appropriate governance model and efficient control structures when using RPA: a holistic view of the implementation of RPA solutions in the company, taking into account an appropriate governance model that focuses on integrity and robustness. This includes an appropriate control environment and regular control and monitoring of RPA activities, including incident management. If set up incorrectly, RPA can lead to problems in the stability of processes and/or data generation and processing. Also, with increasing automation in transaction processes, the dependency on bots increases, which can pose a threat to the regular operation of the company. 

3. Testing of RPA in the context of ICS monitoring: development of an efficient and holistic audit approach and support in the internal or external audit with regard to:

• the adequacy and effectiveness of activities and processes automated by RPA
• the adequacy and effectiveness of the RPA-specific operational concept
• the implementation of the RPA tools used

Strategies and methods for assessing security and effectiveness are based on the testing used for processes and controls in the classic ERP system. With RPA, too, suitable governance structures, processes and security measures in IT are the basic prerequisite for secure operation. Based on this, individual bots must be developed, tested and put into operation according to defined standards. Our audit approach takes into account all relevant levels of RPA operation and is individually scalable according to your requirements. 

KPMG Corporate Governance Services is happy to support you in the optimisation and assessment of all issues relating to RPA governance, drawing on IT and process expertise combined with many years of ICS experience.