Robotic Process Automation (RPA) in audit and tax consulting – Part 1
1. June 2021
1. June 2021
What is RPA?
Robotic Process Automation stands for the automation of digital processes in which a software robot takes over the human actions in any software (click, copy, paste …).
RPA – the robot – consists of a predetermined sequence of activities. This is how he is taught:
- to independently access various software
- to operate these using the user interface (UI)
- to use the obtained data elsewhere and to combine it with each other (Excel, web browser, Outlook, SAP, caseware, etc.)
The classic RPA techniques (screen scrapping, imitating mouse and keyboard input) have been implemented for several years with common programming languages. That’s why RPA as a generic term is not just a software, but a technology that offers companies many possibilities for digitization and creative automation of processes. With the RPA software from UiPath, even machine learning functions can be integrated, which makes the robots even more “intelligent”.
As a technology, RPA has become synonymous with the automation of processes and thus also the most important component of any digitization strategy.
Technology and RPA Governance
UiPath is the market leader for RPA software but Microsoft also has its own app with Power Automate. What they all have in common is that these are low-code solutions with the aim of making RPA accessible to the masses. Low code means that this form of RPA does not require deep programming knowledge and thus IT in order to set up and operate robots. Tech enthusiasts in all specialist departments can also independently acquire RPA knowledge and develop robots thanks to the strong community.
However, in order for the robots not to take over company-relevant processes uncontrollably, a company-wide RPA governance, i.e. guidelines, framework conditions and responsibilities, is required at an early stage. Especially from the point of view of an examiner and the revision, it should be noted that the robot as an independent user must regularly receive far-reaching rights in order to be able to perform its various tasks.
But robots can also get off track at some points and thus lead to a termination of processing. Unexpected update messages, static selectors, ui changes – there are many factors that must be taken into account in RPA development to ensure error-free processing of the process.
RPA Governance is above all about the awareness that the use of RPA can also entail significant risks!
In the automation of mass data processing, errors can multiply more quickly undetected. In sensitive process steps such as master data acquisition, personal data may be entered in incorrect fields if the selection is too imprecise or the UI changes. Such significant risks from the use of RPA should therefore always be:
- defined in the context of RPA governance
- detected and minimized in development
- be continuously monitored in the revision
In order to avoid risks, but at least to reduce and detect them, some principles and practices should be defined as part of RPA governance, for example:
- best practice approaches
- Testing, testing, testing
- modular, linear RPA design – connecting two small, standardized robots is better than developing a large, complex robot with many branches and nesting
- long-term support of the implementation by RPA partners such as robobee – the RPA solution partner for auditing and auditing
- Use of variables and dynamic selectors
- continuous updates of the robots in the face of the rapidly increasing learning curve
in practical use
- continuous monitoring, among other things, to ensure complete processing
- random control of the results to ensure correct processing
- Analysis of abortions – continuous optimization of the robot
- independent controls by internal audit
- consistently bury unsuitable or unused robots and learn from mistakes
Due to the low code development, robots are not only created in IT!
Tech-interested employees in all departments learn to develop their own robots for their daily tasks. This RPA mindset has positive effects, as robot development is closely linked to the technical tasks. In addition, the IT is relieved and there is not so quickly a bottleneck in the RPA development.
However, this cross-division of labour can also lead to unclear responsibilities and uncontrolled uncontrolled growth. Therefore, RPA governance has to include understandable and basic rules that, on the one hand, promote the development of an RPA mindset and RPA culture – so that every employee can have his or her virtual assistant. On the other hand, the rules must also reduce risks and define responsibilities.
For example, as a professional expert, IT should always be responsible for the RPA implementation as well as the periodic maintenance and repair of the robots, because RPA requires a deeper IT understanding and knowledge of the relevant IT languages despite low code at a certain point. In principle, it should remove each robot according to certain criteria and test it extensively before it is implemented in the production environment.
The value of RPA
Where there is light, there is also shadow. What happens, for example, if updates change the interface of the software to be operated?
A change in the user interface can lead to the fact that the robot has to be adapted. This statement is true, but already tempts some decision-makers to regard RPA as “not interesting for us” or “too expensive”. This argument often follows the logic that the decision-maker only evaluates what he sees and less what he does not see and thus finds it difficult to appreciate.
Stability and reliability are basic prerequisites of every robot for roll-out. These can be significantly increased by various best practice techniques. However, it is also important that robots grow with the organization and the technical changes. And in fact, the little helpers also have to be occasionally serviced or repaired – so even robots grow up over time!
The control of various software already has a value per se, because this can create a permeability of data that would otherwise not be given due to the lack of application programming interface (API). API connections are basically the more stable variant, but their setup or even programming basically needs an IT specialist. In reality, Microsoft products are very well integrated, but there are still many software solutions without a suitable open API – for example, DATEV and Caseware.
What makes up the value of RPA, here are some examples:
- a robot builds automated bridges between different programs to pass through and compare data, which would otherwise only be possible statically and time-consumingly via export-import functions
- combines data from different systems with input from the employee
- reads invoices and documents, classifies them and extracts relevant data using machine learning and RegEx methods, among other things
- can enrich data with information from external sources
- uses the data in different systems, Excel or Word
- compiles the data and creates e.B. Excel lists from them
- observes the Outlook mailbox and forwards incoming invoices directly to the accounting department by placing PDF invoices in the intended directory in order to process them further with the next robot
- reports automated errors to IT
That was the first part.
If you want to know more about how RPA can be used for auditing, you can find the second part here: RPA Blog Part 2
And here you will find at the end a few demo videos on how RPA can look in practice: robobee
By the way – robobee develops standardized RPA solutions for auditing and accompanies the development of RPA governance. If you are interested, please select an appointment here etermin.net/auditbee
- 1. auditbee Video Blog
- 2. Basics – Bedienung von auditbee
- 2.1 Öffnen der auditbee App
- 2.2 Filter setzen
- 2.3 Export in Excel und rechte Maustaste Funktionen
- 2.4 Seiten-Navigation
- 2.5 Journal Entry Testing
- 2.6 ad hoc Analyse
- 2.6 ad hoc – Beispiel Soll Umsätze
- 2.7 Dimensionen in Grafiken ändern
- 2.8 Auffälligkeiten erkennen
- 2.9 Story – Dokumentation
- 2.10 Story – Filter speichern als Lesezeichen und Export
- 2.11 Wesentlichkeit definieren
- 3. Risiken Identifizieren und Beurteilen (ISA 315)
- 3.1 Workflow zur Risikobeurteilung (ISA 315)
- 3.2.1 Bilanzstruktur
- 3.2.2 GuV Entwicklung
- 3.2.3 Kapitalflussrechnung
- 3.2.4 Story – Bilanz und GuV Entwicklung
- 3.3 Going Concern
- 3.4.1 Performance Kennzahlen – Umsatz
- 3.4.2 Performancekennzahlen – Erfolg
- 3.4.3 Story -KPI
- 3.4.4 Benchmark Analyse (Modul FiBu+)
- 3.5.1 Kundenstruktur
- 3.5.2 Top 10 Kunden
- 3.5.3 Analyse einzelner Kunden
- 3.5.4 Trendverlauf