There is a good reason for the four-eyes principle, which is also often required by law, to prevent that someone will harm the organization and enrich themselves. We observe often that customers give developers more authorizations than the internal guidelines would have allowed. In addition, the programmers occasionally did not use a development environment, but developed directly in the production system.
The superiors only became aware of the dangers after the process risks have been explained to them. A common example: The same programmer has the option to create a creditor, record and execute a posting. Supervision? Non-existent.
How to do it better?
It is not recommended to trust the programmer only. Companies should pay close attention to given access rights during bot development. It is advisable to rely on so-called “pairing” in critical areas. One programmer is always controlled by a second one. After a few hours, the person previously controlling takes over and is now monitored by a third programmer. This excludes hidden commands and at the same time ensures that the code is as efficient as possible.
Suspicious process anomalies can also be monitored by Artificial Intelligence. Does a bot need significantly more capacity than usual? Does the bot access other applications? Is the amount of processed data unusually large? Is there an external data drain?
In any case, companies that automate processes should create a clear role and reporting concept to ensure stringent compliance.
If you pay attention to these four recommendations, you can implement Intelligent Automation efficiently and benefit from higher returns.