4 best practices for RPA program governance

Corey Minard, Sarah Harmon
| 10/13/2022
4 best practices for RPA programs

When effective governance is discussed, reviewed, and incorporated into the decision-making process, RPA programs can be powerful tools.

Robotic process automation (RPA) is technology that can facilitate and automate processes that are manual, time-intensive, or repetitive. Through the use of robotic applications, or “bots,” software can learn processes, create workflows that replicate them, and execute those workflows without the interaction of humans.

Benefits of RPA programs

Financial services organizations continue to explore the use of RPA within operational and back-office functions to reduce costs and increase efficiency, eliminate opportunities for human error, and allow resources to focus on meaningful, value-adding activities. Specifically, compliance departments are determining the benefits of automating processes such as gathering transactional data, completing external third-party research (including negative news and adverse media), and assigning alerts and cases to analysts and investigators.

While it’s important to take advantage of automation’s benefits, it’s equally important to manage the risk of deploying this technology. Introducing new technology increases the need for solid governance over these processes to ensure consistency in the design and execution of RPA tools.

Keep informed
Sign up to receive the latest insights on strengthening your financial crime program.

4 best practices

RPA program governance

Enterprise framework Enterprise framework for development, implementation, approvals, ongoing monitoring, and performance evaluation
Center of excellence Automation center of excellence for governing enterprise policy and strategy
Auditability Criteria for compliance with established framework
Performance monitoring Evaluation and tiering process for approvals and monitoring frequency

To mitigate risk, organizations should take a proactive approach. The following four best practices can help organizations employ effective governance at both the overall RPA program and the bot level.

1. Enterprise framework

Some of the most important decisions to consider when building an RPA program involve defining roles and responsibilities that determine overall governance. One best practice for effective RPA governance is to establish an enterprise framework that outlines the requirements for the development, implementation, approval, ongoing monitoring, and performance evaluation of automated tools. Such a framework should include:

  • Criteria for compliance with the established framework
  • Escalation processes for instances of noncompliance with the established framework
  • Evaluation and tiering process for approvals and monitoring frequency

2. Center of excellence

Another best practice for effective RPA governance is to have a centralized function to execute against the enterprise framework. Establishing a center of excellence can help govern the unified enterprise policy and strategy for automation. Because of the risk that RPA could actually weaken the control effectiveness of a process, a center of excellence can aid in a review to determine if the benefits outweigh the cost of investment. This center of excellence should provide:

  • Execution of the enterprise framework, including processes for consistent documentation of business requirements such as data points, assumptions, exposure to regulatory compliance risk, and exit strategies, as well as business justification for the creation of the bot
  • An escalation point for instances of noncompliance with the framework or instances in which a bot’s performance is below established thresholds
  • An approval body for the development and implementation of new bots

3. Auditability

Because bots mimic human actions and execute portions of a workflow, it is critical that the bot activities can be audited to evaluate reliability as bots perform regular tasks. Best practices include:

  • Assigning bots and other automation tools with a unique identifier for ease in tracking the bot’s activities and for auditing the bot’s performance
  • Defining a bot owner that is responsible for monitoring the bot’s day-to-day activities, performing periodic reviews of the bot’s performance, and escalating bot issues
  • Having a clearly defined business continuity plan that captures backup procedures and the sources of data required to complete the work in the event the bot breaks down

4. Performance monitoring

A fourth best practice is to define how the bot or other automated tool’s performance will be measured. Financial services organizations should have procedures in place that outline review requirements that focus on identifying and limiting errors with known weaknesses and limitations and on making sure the bot is functioning as designed. Consideration should be given to developing the following:

  • A monitoring plan and periodic review of the bot’s performance and business requirements based on inherent risk, including confirmation that business requirements remain accurate
  • Regular reporting for bot exceptions and failures, including root cause analysis for any failures that occur
  • Defined key performance indicators and key risk indicators for bot performance monitoring, including actions to be taken when errors exceed risk or performance tolerances

Maintaining an effective RPA program

RPA programs are most beneficial when key regulatory considerations are discussed, reviewed, and incorporated into the decision-making process. Automation can help organizations achieve objectives such as efficiency, cost reduction, and regulatory compliance. These four best practices for RPA programs and bots can help improve the planning and implementation process to maintain effective RPA governance.