The search for “quick” solutions to fragmented business applications has pushed RPA investment. I've taken over 200 inquiries on RPA in the past six months and attended Blue Prism, Automation Anywhere, NICE, and other vendor conferences and spoken to their customers. About half the enterprises I have talked with are just starting out either in vendor review or staging early POCs, with the other half in production and looking for the next process to robotize. I’d estimate only about 10% are in any form of large-scale opertations, and most have tackled simple processes that I define as fewer than 200 human clicks replaced by a bot that accesses fewer than three applications.

But things are moving quickly.  RPA tools are relatively cheap, and they work fast. There is no requirements document. You can download free RPA software and develop a bot in a few days. And who needs a business case when projects can be self-funded from productivity gains? Yet I’m sensing that early enthusiasm has led to tapping the brakes. Here’s why.

Stakeholders are not properly aligned to the emerging digital workforce. Yes, it might take only a month to build a digital worker, but it will take six times that long to get management and other stakeholders on board. In most organizations, the number of people working for a person is a measure of importance. So when you tell them you will replace humans with digital workers, they are threatened. Tech management also has a long list of objections and may resist small changes to legacy systems that make bots work better.  Senior technical leadership is often not on board. And that’s just for starters.

Some bad processes are getting robotized. RPA plugs gaps in legacy systems and will sometimes delay needed system modernization. There are some processes you don’t want to institutionalize by adding robots. If we can improve things first, then do it.

And we are just realizing that human replacement can create unforseen process knowledge gaps. Human process knowledge is an undervalued commodity. And once programmed into the robot, much of it disappears. One fear: With people now gone, there is no one to second-guess the machine. Like the bakery that depends on a mix, with the original recipe lost, the operation has a new form of exposure. Governance that includes process documentation and audit trails for decisions made are needed to fill that gap.

Infrastructure basics are just being defined as we automate. Connectivity monitoring, version control of apps, centrally controlled rollback capabilities, and testing procedures for application changes are in early development. Interetsing new RPA security issues also have surfaced. Digital  workers need access to apps within highly secure boundaries, but must only access select ones. A malicious employee could build a robot to take money from one account and send it to the Cayman Islands. Credential management is also an area of angst. How do you implement two-factor authentication for a robot that can’t receive or enter a one-time access code? One insurer’s robots had to access the mainframe with login credentials just like human workers. To get these credentials, they had to register in the HR system.

These business, infrastructure, and operations concerns make it urgent to create an RPA operating model to deliver value to customers or stockholders. Guidance on the best RPA operating model to deliver value to customers and stakeholders is next up for Forrester’s research. Leading approaches for RPA will include a 10-point control framework which ensures that business-led automations meet TM control and infrastructure criteria.