Managing Risks of Robotic Process Automation in an Audit Perspective

Johan Andersen

Studenteropgave: Kandidatafhandlinger

Abstract

Introduction: Robotic process automation (RPA) offers an approach to streamline automation in business processes in an organization at low cost. RPA is a technology that is expected to affect all departments of an organization in the near future, which is why it is essential to have insight into the use and the associated risks. Purpose: This project investigates how the audit process of financial organizations is affected by implemented RPA solutions in the core business process. In addition, the aim has been to investigate what managerial considerations an organization should make when implementing RPA solutions based on legislation and best practice within the field. Design method: This project uses a theoretical case study to investigate, based on the COSO ERM framework and the audit objectives, how robotic process automation affects the IT audit of financial organizations. In addition, a constructivist perspective was chosen as the premise for the study of the research object. Findings: The project has found that complete reliance on ISA 315 for an audit of a financial organization using RPA is not sufficient. To capture the additional risks that are inherent in the use of RPA, management, when implementing RPA usage in organization, must ensure that a robust IT governance structure is in place, thus enabling a more targeted audit based upon these processes and controls. That said, it is concluded that the actual process of auditing financial organizations does not change significantly for those using robotic process automation compared to those that do not employ RPA solutions. For organizations using RPA, there is an increased scope in relation to IT controls and any application controls that must be covered in the audit, resulting in the need for establishing a framework to complement the current IT audit standards (ISA 315) to ensure the adequate coverage and needed quality. Research limitation: the project limits itself from fraud with risks and the audit risk, as it is not found relevant to RPA, where several other risks are in focus. Practical implication: The project result could be beneficial for both the management of financial organizations as well as auditors concerning the implementation and auditing of RPA solutions. Value: The project can assist both external IT auditors as well as internal IT auditors as a guide. Both relevant theory on the subject and regulations are used, in the project to ensure that it, aims to contribute to reflections on future advice in the area of the audit process for financial companies using RPA

UddannelserCand.merc.it Business Administration and Information Systems, (Kandidatuddannelse) Afsluttende afhandling
SprogEngelsk
Udgivelsesdato2021
Antal sider76
VejledereLeif Christensen