First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

The risks when workplace automation replaces humans

People charged with risk, governance, and assurance for their organization (i.e., the board; executive management team; risk, security, and audit practitioners) have a lot to monitor. Risks are changing and new risks are emerging all the time.

The dynamic workplace and business environment requires constant vigilance, as every decision within the extended enterprise changes or creates risk – and many decisions by others, outside the enterprise, affect the organization as well.

One area where there is change now, and every indication of change in the future, is ‘workplace automation’.

McKinsey Quarterly recently published an interesting article, Four Fundamentals of Workplace Automation. It points out that a growing number of tasks formerly performed by humans are now being performed by machines. The trend is not limited to robots in manufacturing or in warehouse operations. Just think of how you check in for your flight, whether at the airport (kiosks) or at home (with mobile boarding passes), and how you order items from Amazon and other retailers.

More is coming, as white collar jobs are replaced. Here are some salient observations from the article:

Very few occupations will be automated in their entirety in the near or medium term. Rather, certain activities are more likely to be automated, requiring entire business processes to be transformed, and jobs performed by people to be redefined, much like the bank teller’s job was redefined with the advent of ATMs.

….our research suggests that as many as 45 percent of the activities individuals are paid to perform can be automated by adapting currently demonstrated technologies. In the United States, these activities represent about $2 trillion in annual wages. Although we often think of automation primarily affecting low-skill, low-wage roles, we discovered that even the highest-paid occupations in the economy, such as financial managers, physicians, and senior executives, including CEOs, have a significant amount of activity that can be automated.

The magnitude of automation potential reflects the speed with which advances in artificial intelligence and its variants, such as machine learning, are challenging our assumptions about what is automatable. It’s no longer the case that only routine, codifiable activities are candidates for automation and that activities requiring “tacit” knowledge or experience that is difficult to translate into task specifications are immune to automation.

In many cases, automation technology can already match, or even exceed, the median level of human performance required.

According to our analysis, fewer than 5 percent of occupations can be entirely automated using current technology. However, about 60 percent of occupations could have 30 percent or more of their constituent activities automated. In other words, automation is likely to change the vast majority of occupations—at least to some degree—which will necessitate significant job redefinition and a transformation of business processes.

….leaders from the C-suite to the front line will need to redefine jobs and processes so that their organizations can take advantage of the automation potential that is distributed across them. And the opportunities extend far beyond labor savings. When we modeled the potential of automation to transform business processes across several industries, we found that the benefits (ranging from increased output to higher quality and improved reliability, as well as the potential to perform some tasks at superhuman levels) typically are between three and ten times the cost. The magnitude of those benefits suggests that the ability to staff, manage, and lead increasingly automated organizations will become an important competitive differentiator.

The quality and safety risks arising from automated processes and offerings … are largely undefined, while the legal and regulatory implications could be enormous. To take one case: who is responsible if a driverless school bus has an accident?

All this points to new top-management imperatives: keep an eye on the speed and direction of automation, for starters, and then determine where, when, and how much to invest in automation. Making such determinations will require executives to build their understanding of the economics of automation, the trade-offs between augmenting versus replacing different types of activities with intelligent machines, and the implications for human skill development in their organizations. The degree to which executives embrace these priorities will influence not only the pace of change within their companies, but also to what extent those organizations sharpen or lose their competitive edge.

What does this all mean for us, today? My thoughts:

  1. These advances, and other new technologies, represent huge possibilities for almost every organization. However, each also has a huge potential for things to go wrong.
  2. The possibilities, positive and negative, are probably of a scale and type we have not seen before. For example, we are only now starting to worry about people hacking our vehicles. In the future, they might hack our trading system, our CFO, or even our auditors (some would say that would not be a bad thing – smile).
  3. Those charged with running the organization need to be alert to the possibilities, both positive and negative, should they adopt any of these technologies.
  4. Those making decisions on whether and then how to implement new technologies, including whether to replace humans with automation, need a structured and informed decision-making process. I call that ‘risk management’.
  5. Our appetite for taking the risk and implementing new technologies should be increasing, as the potential is increasing that our organization will lose all its market share, let alone its profits, if it does not move with the times.

How ready we are today for the replacement of humans by intelligent ‘beings’ (some combination of software, hardware, and network)? EY’s Global Information Security Survey 2015 reported that:

  • 88% “do not believe their information security fully meets the organization’s needs”
  • 57% say that “lack of skilled resources is challenging information security’s contribution and value to the organization”

My hope is that, at some point in the future, these intelligent automated beings will be able to provide the security they need.

Until then, we are in a quandary:

  • Losses if we fall behind as others take advantage of new technology, or
  • Losses if we adopt it and it fails in some way

I welcome your comments.

Join me for a discussion about effective risk management. Details of webinars and in-person events are at

You can also read World-Class Risk Management and/or World-Class Internal Audit.

Norman D. Marks, CPA, CRMA
Author, Evangelist and Mentor for Better Run Business
OCEG Fellow, Honorary Fellow of the Institute of Risk Management

Occasional Contributors

In addition to our regular guest bloggers, Inside Internal Controls blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of risk management and best practices in finance and accounting, information technology, environmental issues, corporate governance, sales/marketing and operations, not-for-profits and business related issues in Canada. If you are a subject matter expert and would like to become an occasional blogger, please contact Yosie Saint-Cyr at If you liked this post and would like to subscribe to Inside Internal Controls blog click here.
Send to Kindle

, , , , , , , , , ,

Comments are currently closed.