The fast time-to-market and ease of applying RPA robots to new automation and integration tasks is driving the proliferation of RPA. However, care should be taken to avoid a number of pitfalls endemic to the use of RPA:
- Instability of robotised processes
- Performance and stability of IT operations
- Eroding of Master Data Management (MDM)
- Risk of non-compliance with the General Data Protection Regulation (GDPR)
- Undermining of information security
- Robot sprawling
- Continuing inflexible IT due to RPA
Instability robotised processes.
Changes to user interfaces may break the current programming of robots used for process automation. Recent advances in RPA have been aimed at reducing the risk of user interface changes affecting the software. However, as the nature of user interface changes can be complex, there is no guarantee that the robots can handle such changes. User interfaces can be considered delicate and somewhat flimsy compared to interfaces further down the application stack. Performance and breakdown of RPA processes must be monitored and subjected to a Service Level Agreement (SLA) equivalent to the SLA for classic integrations.
Performance and stability of IT operations.
As RPA allows for the automation of tasks previously limited by the need of human interactions, e.g. in terms of performance load and the number of users involved, for instance the number of employees in accounting, there are risks related to the overall performance of the system when subjected to automated processes, possibly executed to a previously unparalleled extent. Performance and, for example, licensing issued, must be considered prior to using RPA in any larger undertakings.
Eroding of Master Data Management.
Information architecture is a mature discipline with established best practices, for example, with regard to Master Data Management (MDM). A mature MDM involves ensuring that changes to master data are propagated and shared with consumers. In contrast, as RPA is based on user interfaces, there are often no built-in data patterns to ensure the timely discovery of new or altered master data, potentially resulting in the outdated and faulty distribution of data. While the MDM risk profile of initial endeavours into RPA may be low, over time the dependency and thus the criticality of MDM in the RPA setup will increase. Every application of RPA should be designed in accordance with the MDM policy for the data in question.
Risk of non-compliance with the General Data Protection Regulation.
GDPR states that an organisation must protect and be able, upon request, to delete customer data. While classical integrations allow the organisation to understand and monitor the data flow and act accordingly, RPA toolkits may or may not support an overview of where data are at any time. The data governance capabilities of a RPA should be examined prior to investing in the technology.
Undermining of information security.
Within the confinements of a system, great care has frequently been taken to implement a security model, thus ensuring the confidentiality of critical data. As business units may not be as well versed in information security, RPA processes implemented by a business unit may expose otherwise confidential data in new contexts, potentially resulting in security breaches of, among other concerns, pricing information, cost information or confidential customer data, with little opportunity to detect such design flaws before the damage has been done.
Robot sprawling.
The result of multi-local development and deployment of robots intensifies the risks addressed above. Without an overview and oversight, the ease of building and deploying robots may result in multitudes of robots operating in an uncoordinated manner. Previously, another multi-local technology, Microsoft Excel, has caused some of the same problems. However, as RPA does not just extract data but also perform data entry at scale without human interaction, the risks associated with RPA require additional attention.
Continuing inflexible IT due to RPA.
When the ‘symptoms’ of an inflexible IT situation have been treated – using RPA to compensate for legacy development and missing integration – a temptation to disregard the underlying problems has been created. The business issues have been solved and the focus of the IT department has moved to other parts of the business – so why bother? Already by this early stage of the RPA era, this pitfall can be glimpsed in companies. The pitfalls mentioned also represent the increasing complexity arising when moving from DPA to Enterprise RPA.
Governance to avoid typical pitfalls
The antidote to the pitfalls mentioned above is a mature approach to governance. The following remedies can be applied:
- Establish procedures for RPA use based on, for example, data sensitivity and the business value of doing RPA.
- Create and maintain awareness of do’s and don’ts with regard to robots.
- Establish RPA Portfolio and Lifecycle management. Suggestions for new robots should be evaluated by a function with an overview of the information landscape.
- Robots should be identifiable as separate entities on the IT infrastructure, preferably automatically.
- Registering each robot, its inputs, outputs, timings and business rules should be mandatory in order to document and troubleshoot dataflows throughout the enterprise.
Many enterprises will have IT frameworks and governance in place able to handle the complexity of Enterprise RPA. The governance provided by Enterprise Architecture Management will be able to handle some of the deployment issues – and IT Service Management (ITIL) will be able to address the issues concerning operations and support of RPA robots.