One of the least discussed benefits of robotic process automation is compliance. Although compliance gets a mention in industry articles, it’s rarely elaborated upon – leaving readers to come to their own conclusions. Compliance is a serious subject for many companies, so why does this benefit receive such little attention? Is robotic software’s contribution to compliance downplayed because it’s not actually significant? Or, are the benefits just not well understood?
Of course, there could be many contributing factors behind this lack of conversations around robot software and compliance, but the most decisive are the nature of compliance itself and the type of benefit RPA provides.
While compliance is an increasingly important fact of life for companies, it remains very much a niche subject - something akin to FASB standards for U.S. corporations. Because robotic process automation is also a niche topic, the odds of compliance SME’s being knowledgeable about it are low – just as the odds of robotic SME’s being familiar with compliance are low. These conditions aren’t favorable to mutual interest or conversations.
Another contributing factor is the indirect and administrative nature of the compliance benefit. Reading that robotic software will increase operational efficiencies by 10-50% invariably raises eyebrows – it’s a dramatic and direct operational benefit likely to impact almost any company’s profit margin. Discovering the technology will decrease indirect administrative compliance costs? Let’s say it just doesn’t raise as many eyebrows.
Regulatory compliance gained widespread public awareness in 1996, when the HIPAA Act began to govern healthcare privacy, security, and transaction standards. Since that time, major new public and private compliance regulations include:
Sarbanes-Oxley Act – signed in 2002, largely in response to the sudden collapse of Enron Corporation. This act governs the scope and adequacy of internal controls and procedures for financial reporting. In addition, corporations are required to expeditiously disclose information on material changes in their financial condition or operations.
PCI-DSS – a set of payment card technical and operational security standards established in 2004 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. The standards are global and apply to all companies and organizations that store, process or transmit payment card information.
Regulation SCI – 2014 SEC regulations aimed at financial trading companies, which are required to establish and maintain policies and procedures for the continuous operation of IT systems, as well as the flow of data and records between enterprise applications.
The keys to effective regulatory compliance are: clear company policies; enforced procedures for those policies; documentation of that enforcement and retention of those documents.
Just as with financial statements or personal tax returns, an ugly truth of regulatory compliance is that government audits can intrude at any time. When that happens the outcome depends on a company’s ability to defend its conformance with regulations by producing supporting documentation – and a primary method for compliance documentation is log files. For example,
Network log files document and report user-level and system-level internal controls compliance for Sarbanes-Oxley, tracking such actions as logon outcomes, file read, write or delete, host session status, etc.
IT Process Automation (ITPA) change control log files are used in conjunction with network log files to document the “what” and “why” behind actions by privileged users.
ERP and BPMS log files are used to document transaction-related compliance. For example, log files document post-acknowledge revisions to customer orders or traceability on production release dates for FDA regulated food products.
Robotic process automation brings value to compliance – just as dramatically as it does operational benefits – by closing the business process automation coverage gaps left by ERP and BPMS. By implementing RPA on an enterprise level, companies can design robotic software log files and storage rules that conform and integrate with log files from BPMS, ERP and ITPA systems.
This means that compliance and audit documentation can be accessed by a fully consolidated data repository, eliminating the data gaps and hard file searches associated with manual processes. It also means company management is provided fulling integrated, enterprise-wide, compliance reporting.
With effective compliance reporting and integrated data archives, company management will be able to: anticipate and manage compliance issues; proactively conduct internal reviews of compliance statuses and prepare for effective responses to any regulatory audit that may occur.