Robotic process automation (RPA) is all the rage these days, and with good reason. Software bots that replicate the way humans perform repetitive, rule-based tasks are driving significant cost savings and productivity increases. For as little as $10,000 a year, an enterprise can implement and maintain a bot that performs the routine work of five to ten people. Moreover, RPA can deliver a wide range of business benefits such as improved data collection and accuracy, auditability and compliance.
Attractive as these results are, enterprises pursuing RPA initiatives face some significant potential risks – risks that can disrupt existing operations as well as undermine digital transformation strategies. To address these risks and ensure optimal short- and long-term benefit from automation, IT oversight of RPA is imperative.
The problem, however, is that CIOs are often left out of the loop of RPA implementation. For one thing, RPA is typically championed by business units. As a result, some CIOs consciously avoid involvement, concluding that RPA doesn’t really impact IT systems and isn’t directly relevant to IT’s scope of responsibility. In other instances, business heads actively seek to circumvent IT, fearing interference, delays and bottlenecks.
Bypassing IT increases the risk of creating shadow IT environments, which introduces the potential for various technology integration, service quality and security issues. Another concern is enterprise-wide deployment – RPA adopters that negotiate numerous, ad hoc initiatives with different vendors often discover they have widely disparate contractual and pricing terms. This creates discrete islands of automation, compromises negotiation leverage and increases complexity by requiring IT to oversee multiple toolsets. IT vetting of RPA vendors is therefore essential to ensuring consistency and competitiveness. And while it’s true that RPA tools don’t involve significant disruption to or reconfiguration of the existing environment, IT needs to be involved in managing RPA’s impact on disaster recovery plans, change and access management processes, security protocols and system updates.
Bringing IT to the table late in the process of planning of an RPA deployment can also create problems for the business. Unanticipated technical issues that arise at the last minute can delay project implementation and benefit realisation. For project sponsors whose business case often hinges on rapid ROI, such delays can prove embarrassing.
While lack of CIO involvement in RPA initiatives raises some immediate risks and implications in terms of operational performance and security, over the long term the threats are even greater. Specifically, without proper oversight at the outset, RPA can derail efforts to drive digital transformation.
RPA tools connect applications at the user interface (UI) level, and automate the steps involved in exchanging data and executing tasks between different applications. Because these UI connections don’t require significant programming or architectural changes, the tools can be implemented quickly and easily – and again, minimal disruption to the existing IT environment is a major benefit of RPA. True digital transformation, meanwhile, involves much more than connecting applications at the UI level. Rather, it requires fundamental changes to enterprise applications as well as linkages to underlying platforms and systems. These changes are necessary to enable seamless integration of data across the enterprise, connection of the back, middle and front office and the delivery of business benefits such as the ability to create uniquely tailored customer experiences.
The introduction of RPA tools, meanwhile, can create complexities downstream that hinder the task of modernising the operational core of the enterprise. For example, because RPA tools closely mimic how people execute tasks, they may be largely invisible if flying under the radar of the IT organisation. This can significantly compromise trouble shooting and disaster recovery capabilities. To take a more specific example, if a system upgrade involves changing the UI of a SaaS-based application, its interfaces to existing RPA-enabled applications could be compromised, leading to a process breakdown, or worse, to the process executing undetected errors. While a human would spot the change and make necessary adjustments, that human may no longer be in involved in overseeing the process.
To avoid these problems, IT must proactively monitor and document the system changes introduced by RPA. Absent that involvement, the initial cost savings and productivity gains from RPA may be offset by the need to expend time and effort untangling accumulated layers of complexity and risk. Put differently, lack of IT oversight on the front end of RPA creates a technical debt that must be repaid on the back end, slowing the process of transformation and limiting business benefits.
A related risk is one of mindset. Many enterprises mistakenly equate the tactical implementation of automation tools with a broader strategy of modernisation. In reality, automated screen scraping and swivel chair applications do not equate to a digital strategy. While RPA is certainly a valuable technology that can yield impressive results, it’s not the endgame. Those who view it as such risk ending up with sub-optimal, legacy environments that – despite a veneer of automation – fall far short of true digital transformation.
The takeaway for CIOs: get involved early and often in RPA initiatives.
