January 12, 2020
Published: Financial Executives International (FEI)
by Morgan Hunsaker and Dillon Papenfuss
Companies are rapidly progressing with RPA adoption to increase efficiency and automate low-value, repetitive tasks. Companies hoping to maximize their investment should consider RPA’s impact on fraud risk and the control environment, too. This paper is first in a series from the Anti-Fraud Collaboration, examining the intersection of fraud and emerging technologies.
One of the fastest evolving technologies, Robotic Process Automation (RPA) is a driver of innovation in the finance function. This post, part of an emerging technology series from the Anti-Fraud Collaboration, examines the implications of RPA when it comes to fighting financial reporting fraud.
What is RPA?
Aimed at increasing operational capacity and improve efficiency, RPA enables automation of repetitive, rules-based processes by emulating human execution. Key to RPA are “bots”—software programs designed to enable process efficiencies.
From a financial reporting perspective, one important use for RPA is strengthening data controls. Organizations can employ RPA as an automated solution within the data life cycle, including data standardization, data extraction and analysis, and reporting.
How can RPA be used to fight fraud?
There are many ways in which implementing RPA can mitigate a company’s fraud risk.
· Reassessing current processes
In order to properly implement RPA, financial professionals need to thoroughly understand, document, and evaluate the processes they would like to automate. The effort to assess the process provides financial professionals with the visibility to identify vulnerabilities in the current process.
For example, a company planning to incorporate automation into its accounts receivable function would need to fully understand each component of its process. Through this evaluation, it may discover a weakness in a specific part of the process that allows the processing employee to manipulate data and conceal fraudulent activity. As a result of this evaluation, the finance function can redesign the process to eliminate or better supervise the identified vulnerability. Conducting such an assessment can benefit the company regardless of whether it ultimately decides to automate a specific process.
· Lessening human interaction
Fraud is a crime of opportunity. Opportunities are often presented when employees interact with data as part of a process and can manipulate the data for improper gain. As RPA is thoughtfully integrated into a well-designed process, the frequency of human interaction with the relevant data is diminished. As a result, RPA shifts employees from processing to reviewing, where they have less ability to manipulate the data or the process. In limiting human interaction, RPA also lowers human error in these same processes.
· Searching for anomalies
As the speed and volume of financial transactions increase, it has become gradually more difficult to review transactions for irregularities. However, RPA is a tool built to process high-volume transactions in a short amount of time. Accounts payable and payroll are examples of functions that may have near countless transactions and represent a strategic opportunity for RPA implementation as a fraud detection tool. Potential use cases for RPA in for such processes include:
1. Analyzing accounts payable transactions for payments in excess of a designated amount (e.g., policy and approval limits)
2. Analyzing accounts payable transactions for large, round-dollar amounts
3. Analyzing accounts payable transactions for instances of payments to a specific vendor in excess of a predetermined number (e.g., contract amount, payment schedule)
4. Aggregating disbursements to a specific vendor by period
5. Comparing disbursements against an approved supplier list (e.g., bank account details)
6. Evaluating overtime payments based on a formula
7. Comparing amounts paid to employees by period (e.g., salary, bonus, commission)
8. Comparing employee payroll to employee lists
What are risks or other key considerations related to RPA?
Mitigating fraud risk is an underutilized aspect of RPA’s capabilities.
Although fraud risk impacts companies in various ways, it is typically the result of human interaction within the finance environment. When RPA is properly implemented into a well-designed process, the human element of fraud can be minimized. However, a 2019 survey of 164 Financial Executive International members—ranging from small privately-held companies to Fortune 50 public companies—reveals that RPA is not currently being used to mitigate fraud.
Despite RPA’s potential to minimize fraud risk, only 16% of companies currently utilizing RPA considered mitigating fraud as a factor when deciding whether to implement robotics.
According to the survey, the benefits that companies hoped to receive through RPA were:
· reducing employee time on low-value-added tasks (69%)
· mitigating human error (64%)
· reducing costs (63%)
When asked what benefits companies actually realized from RPA, the FEI members said:
· reducing employee time on low-value tasks (69%)
· mitigating human errors (63%)
· reducing costs (50%)
· lowering fraud risk (14%)
Despite the relatively low percentage of companies that said they used RPA to lower fraud risk, 85% of financial executives using RPA believe that it has potential to decrease the risk of fraud.
Moving forward, the financial reporting ecosystem could benefit from focusing on mitigating fraud risk as a direct benefit of RPA, rather than a byproduct. RPA represents a defining opportunity for financial professionals as they embrace emerging technologies in fraud mitigation.