An RPA-aided environment is quite different from a traditional environment supported by the core application’s manual processes and normal automated application controls. RPA (Robotic Process Automation) has immense potential to be disruptive in automating rule-based business processes that are traditionally repetitive and manually performed.
There are many competing RPA platforms, like SAP Intelligent Robotic Processes Automation, Automation Anywhere and UIPath, to name a few. But in all of them, the approach to managing risk follows the same logic. ICS Teams need to get ahead of RPA and AI technologies and appropriately manage the inherent risk factors in order to stay in line with laws and compliance regulations.
Learn how Riscomp can help you provide Governance and Oversight, especially where it comes to deploying Robots and AI in SAP Systems, with a focus on the following key risk areas:
- RPA Controls and framework – An RPA controls framework outlining the standards, regulatory and statutory requirements relevant for the business needs should be established and communicated to relevant stakeholders, including developers. Example of controls include naming conventions, authentications, segregation of duties, scripting parameters etc.
RPA Development & Deployment:
- Separation of bot environment: Production and nonproduction environments should be separated to prevent unauthorized access or changes. Development environment (e.g., UiPath Orchestrator Development environment) and bots should not be connected directly to production systems.
- Change management and version controls: A set of policies and procedures guiding developers to adhere to an organization’s change management policy should be created and communicated. The set of procedures should also outline any specific tools needed to have a version history of packages developed (e.g. GitHub).
RPA Cybersecurity Risks :
- Encryption: Use of industry-leading encryption standards to ensure confidentiality of sensitive information.
- Infrastructure hardening: Entire RPA platform infrastructure should be hardened and must be subjected to regular SOC 1, SOC 2 attestation and review.
- Impact on already established ITGC: some best practice IT General Controls commonly established by all SAP customers include monitoring of critical system parameters. Deployment of RPA has a significant influence here, so control definitions and CCM rules logic need to be adjusted.
Please contact us if you want to learn more. We can help you develop a comprehensive set of controls, review your framework and assess its degree of maturity if required.