Evolving governance and controls for automation has been saved
Analysis
Evolving governance and controls for automation
Future of risk in the digital era
Operating environment changes driven by the adoption of automation technologies call for redefined governance mechanisms and operational controls.
Explore content
- Why is this trend important today?
- Where has this trend had an impact?
- What does this mean for organizations?
- How can organizations respond?
- What should organizations be asking themselves?
Why is this trend important today?
This article is one of nine trends outlined in Deloitte's Future of risk in the digital era report.
Automation is becoming the new norm for organizations to support their growth and cost optimization strategies. And it’s driving them to adopt automation technologies, such as robotic process automation (RPA), intelligent automation, and AI-based
To realize the complete advantages of automation, organizations need to adopt a holistic change management approach, including business-IT alignment, employee culture (refer to our Enabling digital transformation by managing culture risk trend), and new controls designed to the specific risks emerging from automation technologies.
Where has this trend had an impact?
- An automation tool used by a media organization automatically published a breaking news story in 2017 about an earthquake that happened in 1925, causing mass panic and huge ripples over social media websites.
- A company’s automated pricing algorithm kicked in during a national emergency, without consulting with the organization’s management about how to handle the sensitive situation. As a result, customers were charged inflated prices during the incident.
- A manufacturing organization completely automated a process in their assembly line without changing the quality controls designed for manual human assessment, leading to reduced product quality and increased costs.

What does this mean for organizations?
- Increased complexity because different types of automation require different types of controls while outdated controls need to be replaced. In background checks, for example, controls for humans conducting them may be replaced with software robot (bot) specific controls for exception handling and outliers.
- Increased fragility as minor changes to source systems
require cascading change management across automation tools to maintain consistent operations.
- Amplified damage from cyber incidents as hackers may gain access to an automated system or acquire large quantities of confidential data through bots with excessive access and privileges.
- Implementation challenges due to operational setbacks, such as employee apprehension over working with automated systems, and incompatibility with legacy infrastructure.
- Complexity in testing automation systems driven by difficulty in replicating complex production environments.
- Difficulty in realizing the full potential of automation driven by an excessive focus on reducing costs, often overlooking other benefits such as consistency, quality, and accuracy.

How can organizations respond?
- Establish a centralized governance initiative to manage the risk of automation by establishing parameters for where automation can and can’t be applied and setting policies concerning process design, development, testing, and maintenance.
- Digitize existing controls through analytics and other technologies, and design new controls specific to each technology, such as built-in error handling capabilities, alert mechanisms for process breakdowns, and manual exception handling for unexpected circumstances.
- Build digital proficiency and educate employees on the benefits of automation to alleviate their fears, accelerate adoption, and encourage identification of potential use cases for development.
- Redesign the control framework across businesses, risk management, and internal audit teams, and use technology-enhanced tools to test or audit automated processes.
- Extend existing change management models to account for bots and enhance existing IT incident and crisis management strategies to support and triage potential incidents associated with the use of bots.

Return to the main report:
Let’s talk
Contact us to discuss how you can better prepare for what’s ahead. We can help you identify ways for your organization to manage risk, create value, and ultimately power your performance.
Recommendations
Discover the impact of Robotics Process Automation (RPA) on financial services compliance
Robotics' role in compliance modernization
The opportunity of enterprise automation series: Moving into the fast lane
Accelerating enterprise automation and creating scale