We already highlighted in an earlier blog article that robotic process automation (RPA) generates a lot of extra innovative power. Software robots provide smart automation and relieve employees of repetitive and mind-numbing tasks. This allows your people to focus entirely on more specialized activities that add value to your business and services.

However, there are also risks surrounding RPA, especially if you adopt this form of automation in a rush and without a good plan. In this article we pinpoint on the risks surrounding RPA. We also show you how to optimally manage those risks, so that you always remain in control.

The risks

The most important pitfall at RPA is arranging good governance surrounding access rights. Importing RPA often involves using non-human user accounts with access privileges. A new robot needs access rights to log in to various IT systems in the robotized process. A software robot behaves like a miniature IT system, but resides in the top-level IT stack.

The risk is that organizations don’t think hard (enough) about how they provide access rights for robots, what the robot naming convention is, who the responsible manager is, and how they manage the robots username and password.

Other risks of RPA include:

  • The robot as a quick solution is seen as a magical panacea that solves all problems within an organization. There is a good chance that underlying and structural problems at the process level will be overlooked, as a result of which the software robots do not fulfill their potential.
  • Managing software robots is a task that also partly belongs in the business. Within many organizations, however, people mainly look to the IT department for questions about or problems with RPA.
  • The business political tension between departments and policy often causes delays in an RPA process.

This is how you avoid the risks of RPA

The good news is that there are plenty of opportunities to manage the risks of RPA processes. We’ll give you an overview of key RPA risk management best practices.

Set up controls for managing RPA access rights

An important part of RPA risk management is establishing the right control mechanisms. By ensuring a good system of authentication, identification, authorization and access security, you can easily and securely manage functional user accounts for software robots.

Consider, for example, the automated management of credentials. Create computer-driven passwords with automatic rotation that make verifying identities and just-in-time access more secure. A good risk analysis of various processes, your RPA platform and individual software robots provides insight into which access rights you can give software robots.


Create a lifecycle plan for each (logical group of) RPA solution(s). For example, you can further develop or replace software robots by building robot functionalities into the underlying IT systems.

Involve the entire organization in RPA

RPA is not just a showpiece of the IT department: it affects the entire organization and is therefore a team effort. Therefore, make sure that you involve the entire organization in the implementation and adoption process from day one. Show employees the benefits of RPA and give them the theoretical and practical knowledge they need to work with software robots. By communicating well within all layers of the organization, you prevent ambiguities and corporate political tensions from nipping an RPA project in the bud.

Do you also want to limit the risks associated with RPA?

Would you like to know how to manage the risks of RPA? Then INTERMEDIATE will be happy to help you. As a recognized interim mediation agency in the field of IT and business, we are happy to help you explore the possibilities. Thanks to our network of interim professionals, we can put you in touch with RPA specialists who know exactly how to make optimal use of this automation technology.

Want to know more? Or would you like to make an appointment with a skilled consultant? Please feel free to contact us by calling +31 (0)611 662 797 or sending an email to info@intermediate.pro. You can also fill in the contact form.

This blog is written by Remco Spruyt.