A NSW Government website

NSW Government
Digital NSW

Navigating risks

In this module, we describe the risks associated with robotic process automation (RPA) and intelligent automation (IA); providing mitigation strategies for efficient implementation.

Mitigating risk in automation implementation

Automation necessitates multidisciplinary teams to address risks related to data, cybersecurity, ethics, privacy, safety, regulation, and policy compliance. Risk needs to be evaluated and managed throughout the entire lifecycle of the system.3,4,6,15

Automation risks depend on a multitude of factors including use case and integration complexity, data sensitivity, regulatory compliance, vulnerability of impacted parties, and potential impact in case of solution failure. Automation solutions that drive decision making process and involve AI pose obscure and emerging risks amplifying the impacts on stakeholders.

See the table below, to learn more about risks and mitigation strategies your organisation can adopt to ensure implemented automation use cases are compliant, safe, secure, and trusted. This is not an exhaustive list of risks due to the rapidly evolving nature of AI. If your automation solution includes an AI component, apply the AI Assessment Framework (AIAF).3

Risk category  Risk description   Mitigation strategies  
Community benefit and human centred values
  • The system may violate regulatory, administrative law and human values.
  • Potential ethical dilemmas, inconvenience, delay or human harm in decision making eroding public trust.
  • Over-reliance on automated decisions or having a single point of failure automation solution. 
  • Conduct a comprehensive risk and impact assessment via multidisciplinary team experienced in legal, procurement, privacy, ethics, data governance, AI and automation. 
  • Establish clear ethical guidelines for automation ensuring reliability, trust and safety.
  • Ensure human failsafe is in place. 
Fairness, reliability, and safety
  • Errors in automated processes.
  • Unintended, biased, or inaccurate AI results.
  • Unexpected, non-evidence-based outputs or data hallucination. 
  • Ensure human oversight and fact-checking over decisions or generated outputs.
  • Train AI modules on high-quality data implementing structured refining techniques.
  • Establish a continuous monitoring, auditing and revaluation mechanism of system reliability and fairness.
  • Ensure robust data governance and documentation in place throughout the automation lifecycle.
  • Conduct regular reviews and if required independent audits. 
Privacy and security
  • Potential data breach, misuse or leak.
  • Loss of ownership and control due to limited transparency in AI model training data.  
  • Implement strong data governance measures ensuring proper storage, encryption, handling, and access control.
  • Implement privacy and security measures as per The Privacy by Design and Cyber Security policies.16,17
  • Regularly audit and update security measures.
  • Evaluate risk in using models that provide limited transparency, enforce data governance with clear roles and responsibilities including in procurement contracts. 
Accountability and contestability
  • Unclear or lack of accountability for the implemented solution reliability, outcomes and generated decision. 
  • Impacted parties cannot seek review and redress of adverse decisions or impacts. 
  • Ensure human accountability and responsibility of the automation solution is set.
  • Document roles and responsibilities for all generated outputs throughout the entire system lifecycle.
  • Document the decision-making process throughout the solution lifecycle.
  • Prepare for contestation and set-up a review process for public administration, reviews and redress. 
Transparency and explainability
  • Decision made by automated solutions are not transparent.
  • Automation solution design documentation including its decision-making process is unavailable or incomplete.
  • Low or inability to incorporate user feedback in used AI models.
  • Decisions made by automated solutions cannot be explained due to using a Blackbox source code or AI model.
  • Pilot with solutions prototypes before going live.
  • Conduct regular independent audits.
  • Ensure comprehensive legal and ethical consultation for risk assessment.
  • Maintain evidence-based record for each decision made by the automated solution.
  • Consult with stakeholders who could be impacted including community and ensure they are aware when interacting with Al and address potential concerns.
  • Consider public registry for automated systems clearly explaining the automatic decision-making process.
Skill shortage 
  • Insufficient workforce skill sets and training. 
  • Provide comprehensive training and development programs for automation teams and public servants
  • Continuously update skill sets to align with automation and technology advancement requirements.
  • Leverage low code platforms. 
Integration complexity  
  • Challenges in integrating diverse systems (legacy, complex systems).
  • Conduct thorough system assessments and data incompatibility checks prior to integration. 
  • Invest in middleware solutions for seamless integration.
  • Use integration standards 
Risk to human safety   
  • Potential risks to human safety and lives.
  • Develop redundancy systems and fail-safe mechanisms.
  • Follow industry standards and regulations for safety-critical systems.
  • Ensure human failsafe is in place. 
Scalability 
  • Performance degradation as automation scales up.
  • Design automation systems to be scalable and adaptable
  • Plan for potential increases in workload and demand, ensuring performance optimisation. 
Discretionary decision-making
  • Automation involves automating a discretionary function resulting in unlawful decisions being made.
  • Ensure that human administrator preserve the power of discretionary decisions made.

 

Automation use-cases
Unlock the power of automation

Explore the NSW Automation Guide