digital gear human


Evolving governance and controls for automation

Future of risk in the digital era

Operating environment changes driven by the adoption of automation technologies call for redefined governance mechanisms and operational controls.

Why is this trend important today?

This article is one of nine trends outlined in Deloitte's Future of risk in the digital era report. 

Automation is becoming the new norm for organizations to support their growth and cost optimization strategies. And it’s driving them to adopt automation technologies, such as robotic process automation (RPA), intelligent automation, and AI-based decision making tools (refer to our Managing the black box of artificial intelligence trend). Unintended consequences, including the obsolescence of existing controls, complexity in operations, and the possibility of cascading errors, become top areas of concern. Legacy infrastructure and fragmented operating environments can limit the benefits that organizations may be seeking.

To realize the complete advantages of automation, organizations need to adopt a holistic change management approach, including business-IT alignment, employee culture (refer to our Enabling digital transformation by managing culture risk trend), and new controls designed to the specific risks emerging from automation technologies.

Where has this trend had an impact?

  • An automation tool used by a media organization automatically published a breaking news story in 2017 about an earthquake that happened in 1925, causing mass panic and huge ripples over social media websites.
  • A company’s automated pricing algorithm kicked in during a national emergency, without consulting with the organization’s management about how to handle the sensitive situation. As a result, customers were charged inflated prices during the incident.
  • A manufacturing organization completely automated a process in their assembly line without changing the quality controls designed for manual human assessment, leading to reduced product quality and increased costs.

digital gears

What does this mean for organizations?

  • Increased complexity because different types of automation require different types of controls while outdated controls need to be replaced. In background checks, for example, controls for humans conducting them may be replaced with software robot (bot) specific controls for exception handling and outliers.
  • Increased fragility as minor changes to source systems require cascading change management across automation tools to maintain consistent operations.
  • Amplified damage from cyber incidents as hackers may gain access to an automated system or acquire large quantities of confidential data through bots with excessive access and privileges.
  • Implementation challenges due to operational setbacks, such as employee apprehension over working with automated systems, and incompatibility with legacy infrastructure.
  • Complexity in testing automation systems driven by difficulty in replicating complex production environments.
  • Difficulty in realizing the full potential of automation driven by an excessive focus on reducing costs, often overlooking other benefits such as consistency, quality, and accuracy.

artificial intelligence

How can organizations respond?

  • Establish a centralized governance initiative to manage the risk of automation by establishing parameters for where automation can and can’t be applied and setting policies concerning process design, development, testing, and maintenance.
  • Digitize existing controls through analytics and other technologies, and design new controls specific to each technology, such as built-in error handling capabilities, alert mechanisms for process breakdowns, and manual exception handling for unexpected circumstances.
  • Build digital proficiency and educate employees on the benefits of automation to alleviate their fears, accelerate adoption, and encourage identification of potential use cases for development.
  • Redesign the control framework across businesses, risk management, and internal audit teams, and use technology-enhanced tools to test or audit automated processes.
  • Extend existing change management models to account for bots and enhance existing IT incident and crisis management strategies to support and triage potential incidents associated with the use of bots.

digital gear human

Return to the main report:

Let’s talk

Contact us to discuss how you can better prepare for what’s ahead. We can help you identify ways for your organization to manage risk, create value, and ultimately power your performance.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?