Next Article in Journal
EDTF: A User-Centered Approach to Digital Educational Games Design and Development
Previous Article in Journal
Enhancing Ancient Ceramic Knowledge Services: A Question Answering System Using Fine-Tuned Models and GraphRAG
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Balancing Business, IT, and Human Capital: RPA Integration and Governance Dynamics

by
José Cascais Brás
1,2,*,
Ruben Filipe Pereira
2,3,
Marcella Melo
3,
Isaias Scalabrin Bianchi
4 and
Rui Ribeiro
1,5
1
Copelabs, Universidade Lusófona, 1749-024 Lisboa, Portugal
2
Inesc Inov-Lab, 1000-029 Lisboa, Portugal
3
Istar, Instituto Universitário de Lisboa (ISCTE-IUL), 1649-026 Lisboa, Portugal
4
Postgraduate Program in University Administration, Universidade Federal de Santa Catarina, Florianópolis 88040-900, SC, Brazil
5
Escad, Instituto Politécnico da Lusofonia, 1700-098 Lisboa, Portugal
*
Author to whom correspondence should be addressed.
Information 2025, 16(9), 793; https://doi.org/10.3390/info16090793
Submission received: 24 July 2025 / Revised: 14 August 2025 / Accepted: 26 August 2025 / Published: 12 September 2025

Abstract

In the era of rapid technological progress, Robotic Process Automation (RPA) has emerged as a pivotal tool across professional domains. Organizations pursue automation to boost efficiency and productivity, control costs, and reduce errors. RPA software automates repetitive, rules-based tasks previously performed by employees, and its effectiveness depends on integration across the business–IT–people interface. We adopted a mixed-methods study combining a PRISMA-guided multivocal review of peer-reviewed and gray sources with semi-structured practitioner interviews to capture firsthand insights and diverse perspectives. Triangulation of these phases examines RPA governance, auditing, and policy. The study clarifies the relationship between business processes and IT and offers guidance that supports procedural standardization, regulatory compliance, employee engagement, role clarity, and effective change management—thereby increasing the likelihood of successful RPA initiatives while prudently mitigating associated risks.

1. Introduction

The nomenclature “Robotic Process Automation” (RPA) surfaced in the early 2000s, denoting a methodology for the automation of processes or tasks employing robotic entities. RPA refers to the use of software “bots” designed to automate repetitive business tasks. These agents supplant human intervention in scenarios characterized by repetitiveness and clearly delineated parameters, or alternatively, they cooperate with human agents in a blended mode of operation [1]. As illustrated in Figure 1, global interest in RPA significantly increased from 2004 to 2025, underscoring its growing importance. Notably, the use of RPA experienced an exponential surge during the COVID-19 crisis. The graph also shows a new growth phase in 2025, suggesting that RPA adoption continues to rise after the pandemic and remains highly relevant in today’s business environment.
We retain Figure 1 as a contextual indicator of sustained demand for automation, situating our governance inquiry in an empirically growing domain.
RPA encompasses a spectrum of applications, yielding heightened operational efficiency, amplified productivity, and cost mitigation. Tasks encompassing data entry into forms [2], data aggregation within tables [3], rule-based processes or tasks [4], and iterative interactions [4] with applications stand as exemplary of actions amenable to RPA execution. American Express Global Business Travel uses RPA to handle airline ticket cancellations and plans to expand it to automate airport operations and provide customer recommendations [5]. RPA does not imply replacing employees. Instead, it relieves them from repetitive tasks, allowing for focus on value-added activities that require human judgment or supervision of automated results [6].
Presently, companies embarking on a trajectory with RPA evince a more circumspect outlook regarding anticipated returns, in stark contrast to the initial surge in popularity of this technology. Achieving optimal value depends on managers overseeing the setup and maintenance of multiple bots, which raises key governance questions [1,7]. A survey of 250 companies found that only 12% had implemented RPA, and of those, half achieved a positive return on investment (ROI) within 18 months. Several factors can hinder RPA success, including poor collaboration, regulatory constraints, and misaligned internal policies [8].
Beyond classic RPA, organizations are beginning to orchestrate work with AI agents—LLM-enabled, tool-using components that act semi-autonomously—expanding governance from process controls to include model risk, human-in-the-loop oversight, and auditable agent actions [9,10,11,12,13,14,15].
Several factors may impede the attainment of prescribed corporate objectives. It is imperative to fathom how a paucity of collaborative endeavors exerts influence [3,7,16], in addition to the nexus with compliance [3,17,18,19,20,21,22], and sundry other pertinent considerations. This study aims to analyze RPA governance frameworks in relation to Business, information technology (IT), and Human Resources, and how these frameworks connect with audit practices and organizational policies.
Guided by IT governance, the Technology Acceptance Model (TAM), and change-management perspectives, we frame RPA governance through structures/processes/relational mechanisms, user acceptance (perceived usefulness/ease of use), and organizational readiness—foundations that shape the research question posed below.
Hence, this article aims to focus on one main research question:
  • RQ1: What is the impact of RPA governance on the dynamic interrelationships among Business, IT, and People, in conjunction with audit practices and organizational policies within organizations?

2. Background

2.1. Definition and Scope of Robotic Process Automation

In this study, Robotic Process Automation (RPA) denotes software “bots” that execute rule-based, repetitive tasks by interacting with existing systems at the user-interface or API level. Across authoritative sources, RPA definitions converge on three elements: (i) task automation of structured processes, (ii) non-intrusive integration with legacy systems, and (iii) governance requirements covering access, logging, and controls. Differences mainly concern the degree of intelligence (classic RPA vs. RPA with AI/ML) and the locus of ownership (IT-led, business-led, or federated).
Currently, within the existing body of literature, diverse definitions of RPA are discernible. Several scholarly contributions characterize RPA as a framework designed to automate repetitive tasks within business processes, employing software agents that are proficient in emulating human interactions with graphical interfaces.
RPA is a software-only system that connects with digital platforms to handle tasks like data entry, extraction, and manipulation. This functionality is executed through software entities commonly referred to as bots. A case study from Infosys shows a 58% drop in manual labor after RPA was implemented—not by reducing staff, but by boosting productivity with bots as assistants [16].

2.2. Case Studies and Industrial Adoption

In contrast to traditional coding paradigms, RPA development operates on pre-defined code components, enabling developers to incorporate and configure activities through an intuitive interface [23]. This streamlined development process translates into brief training intervals for staff, equipping them with the requisite proficiency in configuration and deployment. Although RPA implementation is relatively simple, excluding IT from decisions is discouraged due to their role in governance, infrastructure, and security [5,7]. Moreover, RPA is particularly efficacious in contexts characterized by process standardization, rule-based frameworks, and discernible levels of interaction and complexity [6]. For case selection, illustrative examples were chosen to reflect (i) sectoral diversity (financial services, manufacturing/supply management, public sector), (ii) variation in governance models (centralized CoE, federated, hybrid), and (iii) the availability of verifiable details regarding process scope, controls, and outcomes. This selection strategy enables meaningful cross-case comparisons of governance design and effectiveness.
Notwithstanding its capacity for facilitating expeditious and uncomplicated automation, the establishment of robust governance frameworks for RPA initiatives poses a substantive challenge. When an organization chooses to assimilate RPA comprehensively into its operational architecture, as opposed to deploying it as a discrete solution, the ensuing proliferation of bots engenders heightened complexity in governance requirements [24].
In the broader industry landscape, several leading organizations have been at the forefront of RPA implementation, showcasing a range of governance models and strategic approaches. Beyond financial services, published cases in purchasing/supply management and public administration report similar governance tensions (e.g., standardization vs. local flexibility), reinforcing our interview findings. For instance, Deloitte has guided clients in developing RPA Centre of Excellence (CoE), emphasizing cross-functional governance and structured process selection frameworks [25]. UiPath, a global RPA vendor, has demonstrated scalable deployments in finance and healthcare, focusing on citizen development and platform integration [26,27,28]. Similarly, KPMG has supported clients in embedding compliance, risk controls, and performance metrics into automation strategies [29]. These cases reinforce the study’s findings that structured governance and business–IT collaboration are critical enablers for sustainable RPA success.

2.3. Governance Models in RPA

2.3.1. Governance–Management Perspective

We adopt a management science perspective on governance, viewing it as the combination of structures, processes, and relational mechanisms to ensure IT—and specifically RPA—support organizational objectives while managing risks and ensuring compliance (adapted from De Haes & Van Grembergen) [30]. In the context of RPA, this includes role design and segregation of duties, allocation of decision rights (e.g., CoE or steering committee), standardized criteria for process selection, change control procedures, and mechanisms to ensure the auditability of bot actions.
Governance can be elucidated as a multifaceted process encompassing decision-making, alongside the subsequent execution or abstention from implementing choices by individuals occupying positions of authority. This concept finds application across diverse domains, including the sphere of corporate governance [31].
Distinct forms of governance emerge contingent upon the specific domain under consideration. For instance, as depicted in Figure 2, corporate governance primarily pertains to the operational milieu of businesses. Conversely, IT governance is relevant to the realm of IT. Additionally, there exist other classifications not explicitly delineated in the figure, such as environmental governance, which centers on matters pertaining to environmental management and related concerns [32].

2.3.2. Corporate Governance

It pertains to a comprehensive framework comprising practices, statutory provisions, procedural protocols, and guiding principles intended to enhance overall business administration. Its fundamental objective lies in harmonizing the interests of diverse stakeholders, including shareholders, employees, and suppliers, among others [33]. Poor corporate governance can lead to missed goals, reduced stakeholder support, and financial issues, ultimately resulting in business crises. Conversely, a commendable corporate governance framework integrates principles of accountability, signifying the company’s cognizance of the repercussions of its decisions on each stakeholder, inclusive of employees and shareholders. Consequently, the company is duty-bound to orchestrate its choices in a manner conducive to fostering sustainable progress and enduring development [34,35].

2.3.3. IT Governance

Within the ambit of corporate governance, an instrumental subset pertains to IT governance, which distinguishes itself by its exclusive focus on the IT sector within an organization [36]. In practical terms, this entails activities encompassing the establishment of performance metrics and objectives, maintenance of technical documentation, undertaking audits, scrutinizing knowledge deficiencies, and implementing mechanisms for monitoring progress [37]. Figure 3 delineates the five domains underpinning the framework of IT governance [38,39].
  • Value Delivery: This domain concentrates on the efficient provision of IT advantages to other functional areas within the organization.
  • Risk Management: This facet is dedicated to the systematic identification, communication, and judicious mitigation of risks associated with IT operations.
  • Strategic Alignment: This domain scrutinizes the congruence between the objectives delineated by the IT function and those of the broader organizational framework.
  • Resource Management: This area is centered on the appraisal of the appropriate and effective management of IT resources.
  • Performance Management: This domain is concerned with the assessment of the efficacy and proficiency in which IT operations are executed.
Implementing IT governance is initially driven by the objective of fostering enhanced collaboration between business and IT sectors. It is estimated that proficient adoption of IT governance can lead to a potential increase of approximately 20% in profits due to improved alignment and delineation of responsibilities [40].
In the realm of RPA, the expansion of robotic entities necessitates meticulous implementation and maintenance, underscoring the imperative of sound governance for efficacy and objective attainment. Given the multifaceted impacts of RPA across various business domains, a well-defined framework and delineation of responsibilities are imperative. Different governance models must be considered respecting organizational conditions, resources, infrastructure, and objectives. The decentralized model, affording greater flexibility, is recommended for companies with extensive RPA experience, fostering innovation. Conversely, the centralized or federated model, conducive to risk mitigation through systematization and standardization, is better suited for enterprises still in the nascent stages of RPA adoption [41,42].
A notable case study involving Nordea Bank demonstrates a balanced approach, employing a centralized CoE for most RPA-related matters, while distributing responsibilities among various operational units [7]. The federated model presents an alternative, harmonizing the CoE with autonomous business unit initiatives, thereby promoting deliberation and priority-setting, and excelling in standardization of automation and best practices [43,44].
The CoE emerges as a pivotal governance mechanism within organizations, pivotal in guiding the design, development, and upkeep of bots [45,46]. As RPA proliferates, a CoE, comprising a diverse team, is instrumental in setting policies and standards to ensure adherence to best practices [21,41]. Its implementation entails a strategic investment, consolidating responsibilities and expertise from diverse sectors. The CoE assumes responsibility for the administration, licensing, and maintenance of RPA. Collaborative efforts under the aegis of the CoE lead to a degree of functional standardization across various sectors. Additionally, the CoE plays a vital role in change management, integration with IT, and the dissemination of RPA practices. The nature of governance may manifest through either a federated or centralized CoE, contingent on organizational structure RPA in purchasing and supply management [47].
A centralized CoE consolidates RPA functions within the organization, but may incur a concentration of efforts, potentially leading to productivity bottlenecks. Conversely, the federated model distributes responsibilities and bot management to individual business units (BUs), facilitating departmental access to CoE support [47]. In this context, the CoE assumes the role of a hub driving high-impact activities aligned with the objectives of a particular organizational unit or department, encompassing research, innovation, and technology adaptation [19].
The establishment of a CoE is also geared towards mitigating implementation-associated risks, including erroneous process selection for automation due to inadequate expectation analysis. A proof of concept is recommended to validate anticipated benefits. Risks may also arise from modifications and updates, incurring time and financial costs. Moreover, without comprehensive documentation, the organization risks losing critical process knowledge over time [19].
Exemplary RPA implementations feature a dedicated CoE, tasked with realizing proposed objectives. By operating across various organizational domains to identify, prioritize, and oversee RPA development, the CoE is instrumental in enabling scalable and risk-averse RPA adoption. OptumServe’s implementation of a CoE exemplifies this success, culminating in a substantial increase in automation capabilities, garnering industry recognition for outstanding competency development [48].
Transitional note: The background synthesis reveals converging needs around (i) role clarity and decision rights, (ii) standardized process selection and change control, and (iii) human-centric adoption and compliance. Yet comparative evidence on how governance models actually mediate the Business–IT–People interface remains limited. This motivates our study design and research question.

3. Study Design (Mixed-Methods Overview)

This study comprises two phases: Phase I—PRISMA-guided multivocal review (databases + AACODS-screened gray literature) and Phase II—qualitative interviews. Findings are integrated in a dedicated Triangulation subsection.

3.1. Phase I—PRISMA-Guided Multivocal Review

This study is conceptually anchored in several key theoretical frameworks. Firstly, IT Governance theory provides a lens to understand how decision rights, accountability, and performance are managed within organizations implementing RPA. This is especially relevant for assessing how roles and responsibilities are distributed between business and IT units.
Secondly, the Technology Acceptance Model (TAM) helps explain user attitudes and behavioral intentions towards adopting RPA tools. TAM emphasizes perceived usefulness and ease of use, which are critical in understanding employee engagement and resistance.
Lastly, the Change Management theory, including models such as Kotter’s eight-Step Process, is pertinent to exploring how organizations prepare for and manage transitions brought on by automation [49]. These theories jointly inform both the methodological design and the interpretation of findings, allowing the study to bridge practical insights with academic grounding.
A Multivocal Literature Review (MLR) bears resemblance to a Systematic Literature Review (SLR) in its objective to encompass both formal and informal information sources. Academic writing constitutes the primary mode of discourse within scholarly domains, whereas gray literature (GL) comprises a diverse array of information not originating from academic channels and is devoid of conventional quality control measures such as pre-publication peer review [50,51].

3.1.1. Data Sources and Searches

The research was undertaken with the objective of gathering a comprehensive body of information. The Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines [52] were followed in the conduct Phase I (PRISMA-guided multivocal review).
The following keywords were applied to the search: (“Robotic Process Automation” OR “RPA” OR “Robotic Automation”) AND (“Governance” OR “Audit” OR “Policies”). Bibliographies from relevant publications were checked to identify relevant articles.
We searched the following databases for eligible studies:
While the utilization of Google Search may be perceived as a potential limitation due to its inherent variability, it is acknowledged by certain scholars that variations in search methodology are not uncommon. Hence, it is imperative to construct a compelling rationale rather than relying solely on a singular search approach [53]. Research activities should adhere to systematic methodologies, with preference given to established search engines such as Google. Moreover, it is advisable to extend the scope of inquiry beyond the initial pages of results, considering a diverse array of sources to ensure a comprehensive review [54,55].

3.1.2. Selection of Studies

This phase describes the methodology we used to conduct the review. It outlines how sources were identified and screened, and how the relevant data were extracted. The resulting dataset was then analyzed in a structured manner.
In the initial stage, we conducted a systematic search across the selected databases. We then restricted the results to peer-reviewed journals and academic articles to ensure quality and relevance.

3.1.3. Study Selection and Exclusions

Following PRISMA 2020, 21,531 records were identified; after deduplication (16,903), 4,628 proceeded to screening and 908 to full-text review. 753 full texts were excluded for documented reasons, leaving 155 sources for synthesis. Category counts are shown in Figure 4.
Figure 4 presents the PRISMA 2020 flow diagram for this review [52]. It shows how records were identified, screened, and included. The figure improves transparency and demonstrates the rigor of our study selection.
Table 1 lists the selection criteria used in this review. These criteria set the parameters for inclusion and exclusion and guided every screening decision.
This step is pivotal to a rigorous review process. Each record was evaluated against the predefined inclusion and exclusion criteria. Only items meeting these criteria proceeded to full-text review.
For gray literature, we applied a comparable screening approach. We considered the first fourteen pages of Google results and removed non-authoritative items. Blogs with subjective opinions and pages lacking verifiable sources were excluded.
To systematically assess the quality of gray literature and non-peer-reviewed sources, we applied the AACODS checklist (Authority, Accuracy, Coverage, Objectivity, Date, Significance). We retained only those items that scored positively on authority, accuracy, date, and significance concerning RPA governance. This approach complemented our database screening and helped reduce selection bias in gray literature.
To ensure a rigorous and transparent selection of literature sources, the collection process was carefully structured using multiple layers of filtering criteria. These filters aimed to balance breadth and relevance, capturing both peer-reviewed academic contributions and credible gray literature to build a comprehensive knowledge base on RPA governance. The application of inclusion and exclusion parameters ensured that only materials aligned with the study’s objectives—particularly those addressing RPA integration, governance practices, and business–IT alignment—were retained. The process also emphasized source credibility, publication date relevance, and thematic alignment.
In the initial search phase (as shown in Figure 4), inclusion and exclusion criteria were applied alongside the predefined search string. These filters—covering all fields, all document types, full text and abstract availability, peer-reviewed journal publications, and both academic and gray literature—guided the identification of relevant sources. Table 1 outlines this process as part of the full MLR protocol, listing the retrieved articles and the filters used to refine the sample. All publications meeting the inclusion criteria were selected for further analysis.
For gray literature, the Google Search engine was utilized to capture relevant institutional and governmental reports. While Google Search has limitations and is not recommended as the sole source for systematic reviews, it was deemed appropriate for supporting qualitative evidence synthesis in this context. Only the first fourteen pages of search results were considered for review and selection [55].
Subsequently, a thoughtful manual filtration was executed to discern documents resonant with the study’s thematic focus, while simultaneously eliminating any redundant entries.
To fortify the inclusivity of pertinent sources, a snowballing strategy was deployed. This method involved an accurate inspection of the reference lists of selected articles, with due diligence given to related citations [57]. In this context, snowballing refers to the process of identifying additional relevant articles by examining the reference lists of selected studies (backward snowballing) and by exploring subsequent publications that cite them (forward snowballing). This iterative process was instrumental in ensuring the incorporation of meticulously selected and academically substantive sources for the study.

3.2. Phase II—Qualitative Interviews

Quantitative research uses statistical tests to validate and support findings, whereas qualitative research focuses on direct experiences to provide a richer and more comprehensive understanding. It captures underlying values and motivations, going beyond numerical analysis [58].
Qualitative research, conducted through interviews, aims to capture facets of the human experience [59]. This method facilitates gathering information directly from the source, providing a detailed exploration of topics, and understanding the perspectives and experiences of the interviewees. It is crucial to plan and adapt interviews to align with research questions and validate uncovered information during the study [58].
The literature review served as a foundational understanding of the subject, informing the formulation of interview questions. A questionnaire was then developed to guide the interviewer in collecting responses during the interviews. The interviewees were selected and contacted before the interviews were conducted, both via Zoom and in person.
The semi-structured interviews were designed with open-ended questions based on the literature from the MLR, aiming to capture experiences, feedback, narratives, diverse perspectives, and contextual information. This method allows for flexibility, enabling a thorough exploration of topics and enriching the study with nuanced insights [59].

3.2.1. Sampling and Participants

To facilitate the interviews, participants were drawn from various sectors, including business clients, the IT team overseeing robot development, the process analysis team, individuals unfamiliar with RPA, and those who engage with the outcomes produced by RPAs.
The preeminent approach for data acquisition in qualitative research is through interviews, which find applicability across various philosophical paradigms, including positivist, interpretive, and critical orientations (Myers and Newman, 2007) [60]. Within qualitative inquiry, the interview emerges as a particularly effective mechanism for data procurement (Myers and Newman, 2007) [60]. Myers (2013) further asserts that interviews afford the opportunity to elicit valuable insights from individuals occupying diverse roles and contexts [61]. Consequently, interviews represent a fitting methodological choice for the development and evaluation of an artifact. Consequently, this article will employ semi-structured interviews as the means of data collection.
A total of thirty-one individuals were interviewed, contributing their valuable experiences and insights to the research. Those not directly involved with RPA offered a unique perspective, providing viewpoints from individuals without hands-on experience with the subject or from those who interact with the results produced by the robots.

3.2.2. Data Collection Process

The interview process started by requesting consent and an introduction to the study’s objectives. Initially, a document was prepared to provide the interviewees with context regarding the research and its findings, ensuring they comprehended the purpose of the interview. Subsequently, the interviews were conducted individually using the Zoom video conferencing platform or in face-to-face settings. Throughout the interviews, the interviewer recorded the responses, utilizing a pre-constructed form containing all the designated questions for the interviewees [62]. To align with ethical and data-protection requirements, the study adhered to the Declaration of Helsinki (2013 revision) [63]. No personally identifiable information was collected; all responses were anonymized. Data handling complied with the EU GDPR (Regulation (EU) 2016/679) [64] and Portuguese Law No. 58/2019 [65].
It is important to note that the questions gathered and stored did not include any personal information, such as names or company details, to maintain the confidentiality and anonymity of the interviewees and their respective organizations. Table 2 provides detailed characteristics of the interviewees, including years of experience and the full individual responses are presented in Appendix A.

3.2.3. Analysis & Trustworthiness

Analysis: We used thematic analysis with a hybrid inductive–deductive codebook derived from the Phase I themes (alignment, role/permissions, compliance/change control). Two researchers independently coded an initial subset and reconciled differences through discussion; the final codebook was then applied to all transcripts.
Trustworthiness: To enhance credibility, we used purposive role-diverse sampling, source triangulation across business/IT/audit roles, iterative probing, a small pilot to refine the instrument, and an audit trail of coding decisions; quotes reported are anonymized and paraphrased when needed for confidentiality. (Moves the validation content that’s currently discussed around Results into Methods.)

3.2.4. Ethics

Ethics Statement: All participants at phase II provided informed consent prior to participation via an online consent form. Given the minimal risk nature of this research and its focus on professionals rather than vulnerable populations, the study was exempt from formal review by an Institutional Review Board or Ethics Committee. All data collection and handling adhered to ethical principles for research involving human subjects.

4. Multivocal Literature Review

In the context of this study, an extensive literature review was conducted, grounded in domain-specific expertise. The adoption of an MLR approach was deemed most capable due to the emerging nature of the subject matter, which precludes a comprehensive body of formally published literature. As elucidated earlier, the MLR integrates elements of both Systematic Literature Review and Gray Literature Review, the latter of which encompasses less formalized sources including online posts and blogs [50,66].
Figure 5 below delineates the interrelation among SLR, GLR, and MLR. The initial component was scrutinized within designated databases, while the latter was pursued through Google Search, respectively.
The objective is to scrutinize the findings of the MLR to attain a thorough comprehension of the interplay between RPA and Governance. Specifically, the study aims to achieve the following:
  • Interrogate the correlation between RPA governance and its integration with Business, IT, and Human Resources, while also elucidating its interface with audit protocols and organizational policies as evidenced in the scrutinized documents.
  • Clearly define the research objectives to guide subsequent analysis.
  • Disseminate the identified challenges, opportunities, and results, highlighting their relevance and applicability for both researchers and practitioners in the fields of governance and Robotic Process Automation (RPA).
Table 3 delineates distinctions between “White” literature, “Gray” literature, and “Black” literature, and delineates pertinent publication selection criteria for each category.
The MLR can be divided into three parts: first, the planning, then the conducting and lastly the reporting, as shown in Figure 6.
The initial phase, denoted as “Planning the MLR,” comprises two pivotal steps:
  • Discerning the imperative for conducting an MLR on the specific subject matter.
  • Formulating the overarching objective and delineating research questions (RQs) to guide the MLR.
  • The subsequent phase, “Conducting the MLR”, encompasses five distinct sub-stages:
  • Search and Selection: This involves the formulation of a set of keywords that encapsulate the primary objectives of the study.
  • Quality Assessment: It entails the critical evaluation of the credibility and objectivity of selected sources.
Design of Data Extraction Forms:
At this stage, we designed standardized data extraction forms to capture study attributes (context, sector, governance model, role allocation, controls), methods, and reported outcomes (e.g., compliance effects, scalability, user acceptance). These forms supported consistent coding, traceable decisions, and cross-case comparison, while enabling later synthesis of structures, processes, and relational mechanisms.
  • Data Extraction: This step involves the retrieval of pertinent data from the identified studies.
  • Data Synthesis: Here, the collated data is combined and analyzed in a manner that facilitates the comprehensive addressing of the research question(s).
The concluding phase, “Reporting the MLR,” often encounters challenges analogous to those encountered in the guidelines delineated for executing a Systematic Literature Review (SLR) as outlined by Kitchenham and Charters [51].

4.1. Planning the MLR

The planning phase of the MLR is critical for setting a structured foundation for the entire review process. It began with identifying the need for conducting an MLR due to the evolving and practice-driven nature of RPA governance, where formal academic literature alone would be insufficient. Following this, the review’s objectives were defined, and the research questions (RQs) were formulated to guide the investigation. This planning stage ensured alignment between the review’s scope and its goals, integrating both academic and gray literature sources to build a comprehensive evidence base. The expected contribution was to create a balanced understanding of governance dynamics, bridging theoretical insight and practitioner experience.

4.2. Conducting the MLR

This section outlines the second phase of the process—conducting the review—which involved executing targeted searches in selected databases using predefined queries and analyzing the resulting data.

4.3. Reporting the MLR

This section reports the main findings of the MLR and the interviews. We organize the results by theme and relate them to prior work [22,67]. Together, these sources show that RPA governance has become a pressing topic in both research and practice [68].
In broad terms, governance comprises the structures, processes, and relationships that align technology with organizational goals. In the context of RPA, governance also manages risk, compliance, and accountability settings [69]. As depicted in Figure 7, governance assumes a foundational role, overarching and influencing the various facets under its purview. This wider view underscores its importance across the organization.
Corporate governance focuses on the oversight of business performance and accountability [69]. It sets decision rights, control mechanisms, and reporting lines [70]. RPA governance operates within this frame and contributes to these broader objectives.
Within that framework, RPA governance defines roles, permissions, controls, and audit trails for automated work [71]. Effective RPA governance depends on collaboration between business and IT. In many cases, structural adjustments are needed to achieve that synergy.
RPA governance covers several practical elements. These include how rules are implemented, how changes are controlled, and how access is granted. It also includes logging bot actions and ensuring that automations are designed and sized appropriately [72].
Furthermore, RPA governance plays a crucial role in several key areas:
Analysis of the selected studies informed Table 4, which summarizes the dominant themes in the literature; a detailed synthesis of these themes is presented in Section 6 (Results and Discussion) [120].

4.3.1. Integration Between Business and IT

RPA falls under lightweight IT, requiring minimal programming skills and simplifying development. This empowers business departments to be actively involved in automation. Conversely, heavyweight IT is typically centralized and led by IT professionals.
Governance models (centralized, decentralized, federated) must align with a company’s characteristics. Centralization prevents “shadow IT” but may raise concerns about process prioritization. Decentralization empowers various parties in decision-making, potentially leading to process standardization challenges. Federated governance combines elements of both models, allowing for autonomy while collaborating on collective goals.

4.3.2. Standardization of Processes

Companies must choose processes for automation carefully, considering structured data suitability. For example, Nordea Bank emphasizes processes with stable systems and structured data. Although software can handle unstructured data with OCR, structured data is preferable to avoid high costs and errors. The choice of processes can be influenced by IT departments lacking business understanding (centralized model) or insufficient technical skills (decentralized model) [7].

4.3.3. Compliance and Risk Management

Integrating RPA in auditing, as seen in companies like Deloitte and Kira Systems, enhances efficiency and effectiveness. RPA minimizes time spent on routine tasks, allowing auditors to focus on high-priority activities, thus reducing errors and improving quality. It also enables the reengineering of audit processes.
The standards established by the American Institute of Certified Public Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB) are designed to ensure the quality and reliability of audit processes. These frameworks emphasize the need for robust compliance controls, which highlights the importance of conducting in-depth studies on how RPA affects audit quality and adherence to regulatory requirements. Small and medium-sized audit firms face challenges in data gathering due to diverse system formats, leading to resource-intensive processes. Effective planning and an organizational framework with defined privileges and vulnerability management are crucial for risk reduction [164].

4.3.4. Employee Engagement, Changes in Roles, Responsibilities, and Change Management

While RPAs perform defined tasks, employees may still face job displacement fears. Employers can benefit from reduced costs by prioritizing less mechanical, value-added work and reallocating resources. Governance should address these concerns, providing training and opportunities for effective collaboration between robots and workers. Taxation considerations may arise, given the potential cost savings of using robots.
Roles and responsibilities need reevaluation as tasks transition from human to machine execution. Figure 8 illustrates the integrated governance approach, encompassing IT and RPA governance, process integration, compliance, risk management, and people management.

5. Results and Discussion

5.1. Findings from Phase I—Systematic Review

Phase I clustered the literature into four governance levers: (i) business–IT alignment and decision rights (e.g., CoE/federated models), (ii) role and permission design with separation of duties, (iii) standardized intake, process selection and change control, and (iv) compliance, logging and auditability, with people/change-management cutting across all themes (Table 4). These themes frame the interview analysis and the subsequent triangulation.

5.2. Findings from Phase II—Qualitative Interviews

The analysis of the interview data began with an extensive review of the transcribed content, followed by systematic categorization according to shared concepts, similar roles, levels of professional experience, and specific functional areas in which interviewees were employed.
To ensure the credibility and robustness of the findings, multiple validation techniques were implemented. Purposive sampling was utilized to ensure diversity among participants’ roles, providing a comprehensive and nuanced dataset. Additionally, a pilot study involving five participants was conducted to refine the interview approach, language clarity, and interpretive methods.
The credibility was further strengthened through source triangulation, incorporating perspectives from interviewees affiliated with diverse organizations, thus enabling a thorough comparative analysis. Iterative questioning techniques were also employed, allowing interviewers to revisit topics and contextualize responses, identifying and addressing potential inconsistencies.
Member checking played a crucial role, involving verification of the recorded statements with interviewees to confirm their accuracy and alignment with the interviewees’ intended meanings. This approach provided participants an opportunity to clarify or add further insights.
The comprehensive analysis process involved careful organization and interpretation of data into distinct categories, identifying recurring patterns, key terms, and shared themes across responses. From these patterns, a coherent narrative emerged, grounded firmly in the interviewees’ collective experiences.
Our interview findings emphasize that successful RPA governance requires close alignment between IT and BUs—a view supported by existing literature (e.g., Kedziora & Penttinen, 2020; Hofmann et al., 2020) [7,24]. Interviewees consistently underscored the importance of clearly defined roles and responsibilities to mitigate risks of miscommunication and errors, echoing recent studies such as Abdullah and Tursoy (2023) [128]. An illustrative example from Nordea Bank revealed how a federated governance model effectively resolved common governance challenges highlighted by participants, including bottlenecks in decision-making and insufficient local knowledge of automated processes.
Table 5 presents a concise summary of the close-ended responses from the interviews, while the comprehensive individual responses are documented in Appendix A.
The set of questions presented in Table 5 was carefully designed to probe critical dimensions of RPA governance, including organizational alignment, decision-making authority, ethical considerations, and the human impact of automation [173]. The questions aim to reveal not only the technical or procedural understanding of RPA among participants but also their perceptions of its broader organizational and cultural implications. By combining close-ended and open-ended prompts, the intention was to elicit both quantitative trends and deeper qualitative insights into how professionals interpret and respond to automation in practice [59,60]. This design supports the study’s objective of exploring the interplay between business, IT, and human capital in RPA integration.
To facilitate clearer understanding and enable a more structured discussion of the interview findings, Table 6 presents a synthesized overview of the core themes and topics identified through the qualitative analysis. This summary captures the essence of the most frequently recurring insights, highlighting key governance concerns, organizational dynamics, and human capital considerations related to RPA adoption. It serves as a practical reference point for readers by distilling complex qualitative responses into thematic categories. For those seeking deeper contextual detail and nuanced interpretations, the full set of coded responses can be consulted in Appendix A.
The following section presents a series of interview questions along with a compilation of responses provided by the interviewees. These responses serve to elucidate the concepts introduced earlier, providing a more comprehensive understanding:
  • Q1: “Do you think that there should be integration between business and IT?”
All interviewees unanimously emphasized the necessity of integration between business and IT in the context of RPA, highlighting several key reasons:
  • Alignment of Goals: Participants noted that achieving organizational objectives like cost reduction and improved efficiency requires that both business and IT share a clear understanding of priorities. As one interviewee explained, “If IT doesn’t understand what the business needs, automation efforts will miss the mark. Alignment is not optional—it’s critical.”
  • Process Quality: Collaboration was seen as essential for identifying process failures early and designing effective solutions. A business analyst mentioned, “We know the customer expectations and planning requirements; IT brings the technical know-how to handle exceptions. Without working together, processes break down.”
  • Error Reduction: Interviewees pointed out that business teams’ deep process knowledge complements IT technical expertise to prevent errors and redundancies. For example, an RPA developer shared, “When business and IT collaborate, we catch potential errors before deployment, which saves time and avoids costly fixes.”
  • Communication: Effective and ongoing communication was emphasized to ensure shared understanding and timely error resolution. As one manager stated, “Open communication channels between business and IT mean problems get identified and fixed quickly, keeping projects on track.”
  • Definition of Responsibilities: Clearly delineated roles prevent misunderstandings and facilitate smooth change management. One interviewee noted, “When responsibilities aren’t clear, people step on each other’s toes. Involving both sides in process changes avoids surprises.”
  • Documentation: Comprehensive documentation was described as a vital tool for transparency and process control. A participant explained, “Good documentation helps everyone—from business to IT—stay on the same page about what the process does and how changes should be made.”
In summary, IT brings technology, implementation, and maintenance expertise, while business contributes process knowledge and rule definitions. The consensus was clear: “The integration of business and IT is the foundation for successful RPA implementation.”
  • Q2: “Do you think there could be issues if the process is solely defined by the business side or solely by the IT side without following a standard?”
All interviewees expressed clear concerns about processes being developed exclusively by either business or IT without adherence to a standardized framework, highlighting several challenges:
  • Knowledge Limitations: Participants noted that relying solely on one side risks critical gaps in understanding. As one interviewee explained, “When business defines the process without IT’s input, technical constraints and integration challenges are often overlooked. Conversely, IT-only designs can miss important business rules.”
  • Errors: Several respondents described how insufficient collaboration leads to errors, citing examples of overlooked requirements or inadequate testing. A developer commented, “Errors creep in when one side assumes the other has covered certain aspects. This causes rework and delays.”
  • Ambiguity: Interviewees warned that processes crafted by a single party often introduce ambiguity that complicates implementation. As a business analyst stated, “Without shared understanding and standards, process steps can be interpreted differently by teams, leading to inconsistent results.”
  • Resource Wastage: The risk of wasted time, effort, and budget was commonly mentioned. For instance, one manager shared, “We’ve seen robots deployed based on incomplete processes that failed to deliver value, wasting resources that could have been avoided with joint planning.”
  • Overload: Several highlighted how the lack of collaboration places an unfair burden on either business or IT, causing inefficiencies. A participant noted, “If one side handles everything, they get overloaded and bottlenecks appear, slowing down the whole project.”
  • Misalignment of Objectives: The importance of aligning goals was emphasized by all interviewees. One said, “Synchronization ensures we use all expertise effectively. Without it, critical perspectives are missed and the process falters.”
  • Q3: “From your perspective, what is the meaning of careful selection of processes to be automated in RPA?”
The interviewees emphasized the critical importance of carefully selecting processes for automation. Several considerations were outlined:
  • Efficiency: Selecting the right processes for automation is crucial to saving resources such as time and money. Processes that are repetitive and rule-based are particularly suitable.
  • Error Minimization: Processes that generate frequent known errors can benefit from RPA implementation, as it can reduce execution time and mitigate errors.
  • Stability: When choosing a process for automation, stability of the programs used by the robot is paramount. Ensuring that requirements and rules are well-understood, alongside technical stability, is essential for successful automation.
  • Viability: An in-depth analysis should be conducted to determine if automation makes sense for each process, factoring in factors like expected return, implementation cost, maintenance, time, and effort. The focus should be on quality rather than volume, as choosing the wrong processes can lead to resource loss.
One interviewee illustrated this with a banking example: automating the resolution of flagged credit card transactions’ legal actions helped prevent long-term financial losses and protect the bank’s reputation.
“Choosing the right process is not about how many you automate, but about which ones will actually deliver value without causing new problems.”
“We focus on stable, rule-based workflows because robots can only perform well when the rules are clear and the environment is predictable.”
“Stability and auditability matter as much as ROI—if screens or rules change every month, you don’t have a good RPA candidate,” noted one RPA lead.
  • Q4: “As there are no taxes on robots, but there are many on people, if you were a company owner, would you prefer to retain and prioritize people over replacing them with robots for economic reasons?”
Interviewees’ perspectives varied on whether to prioritize retaining employees or adopting automation for economic reasons, with 35.4% favoring employee retention and 64.5% leaning towards automation. Several key considerations emerged from the discussions.
Many highlighted that the RPA ability to operate continuously significantly reduces process execution time and minimizes human error, which often arises from fatigue or misunderstandings. This enhanced efficiency and error reduction contribute to improved profitability. At the same time, interviewees emphasized the essential role of employees in tasks requiring human judgment, analysis, or maintenance. They noted that workers can be reallocated to higher-value roles demanding critical thinking, provided they receive adequate training.
Cost savings were also cited as a major factor, given the reduction in personnel-related expenses such as salaries, healthcare, and taxes when leveraging automation.
Despite differing preferences, there was unanimous agreement that the optimal strategy involves prioritizing automation for repetitive, rule-based tasks while reserving skilled personnel for specialized, critical functions.
“Robots don’t get tired or distracted, so they’re perfect for repetitive work—but people are still needed for the complex decisions.”
“It’s not about replacing people, but about freeing them to focus on tasks where their expertise really matters.”
The following points were raised:
  • Time Reduction: RPA can operate around the clock, significantly reducing process execution time compared to human counterparts.
  • Mitigating Human Error: Robots operate based on rules, minimizing the potential for human error caused by factors such as lack of concentration or inadequate process understanding.
  • Profit and Efficiency: the RPA ability to handle large volumes of information quickly can lead to increased efficiency, reduced errors, and ultimately, higher profits.
  • Essential Collaboration: Certain employees play pivotal roles in processes that require human intervention, such as analysis or maintenance.
  • Reallocation: Employees can be reallocated to roles demanding critical thinking and analysis, with appropriate training to equip them for these functions.
  • Cost Reduction: Both the continuous operation of robots and the potential reduction in personnel can lead to cost savings, encompassing salaries, healthcare expenses, and taxes.
Ultimately, 100% of the interviewees converged on the understanding that prioritizing automation for repetitive tasks, while reserving specialized personnel for critical roles, was the optimal approach.
  • Q5: “Do you think RPA helps or replaces employees?”
All interviewees agreed that Robotic Process Automation (RPA) primarily serves to assist employees rather than completely replace them. The impact of RPA on staffing depends largely on the organization’s goals and the nature of the processes automated.
Several participants noted that while some organizations may consider reducing headcount for cost savings, many emphasize reallocating employees to higher-value tasks by automating repetitive and routine work. This transition not only alleviates workload pressures but also enables employees to focus on analytical and strategic activities.
Concerns about job security surfaced, especially in cases where processes are fully automated without close collaboration between humans and technology. Such apprehensions can sometimes hinder knowledge sharing, which is crucial for successful robot development.
Nonetheless, interviewees highlighted examples where RPA facilitated the transition of employees from routine tasks to more analytical roles, preserving jobs and enhancing organizational capabilities.
“RPA frees people from the mundane so they can focus on what machines can’t do—thinking and problem-solving.”
“When done right, automation doesn’t cut jobs; it changes them.”
Ultimately, whether RPA assists or replaces employees depends on strategic choices and the specific processes targeted for automation.
  • Q6: “Do you believe that all individuals involved in the same project should have the same levels of permissions?”
A significant majority (96.8%) of interviewees expressed reservations about granting all project participants the same level of access. They emphasized that establishing a clear hierarchy with designated decision-makers and supervisors is crucial for effective project management. The need for a clear separation of functions and responsibilities was highlighted as essential to prevent errors, such as unauthorized transactions caused by missteps in environment selection.
Security concerns were frequently raised, with participants noting that access to confidential data should be limited based on varying levels of understanding and caution among employees. One IT specialist observed, “If everyone has the same permissions, it becomes very difficult to track who made what changes, which can be disastrous in regulated environments.”
Defined roles and responsibilities were viewed as vital for organized and secure project execution. A business analyst added, “Differentiating access rights ensures that people only handle what they’re responsible for, which reduces errors and confusion.”
A small minority (3.2%) suggested that in certain small projects, uniform access levels might streamline work and prevent delays, but they stressed that such actions must always be under supervision with appropriate regulation and data encryption.
In summary, the consensus favors implementing role-based access control, aligning permission levels with responsibilities to maintain data integrity and project security without hindering productivity.
  • Q7: “In your opinion, is understanding and preparing employees important for reducing compliance risks in RPA?”
All interviewees (100%) emphasized the pivotal role of employee understanding in reducing compliance risks associated with RPA. The following key factors were highlighted:
  • Training and Awareness: Employees need comprehensive knowledge of business operations, regulations, data handling, roles, responsibilities, and associated risks.
  • Motivation: Understanding the real-world impact of processes can motivate employees to maintain a broad organizational perspective and exhibit conscientiousness.
  • Risks and Impacts: Unprepared employees, with limited experience, may inadvertently introduce errors, potentially leading to the compromise of confidential data.
  • Creating an environment of awareness and accountability within an organization is deemed instrumental in minimizing compliance risks, enhancing the likelihood of successful RPA implementations, and safeguarding sensitive data.
“When employees truly understand the why and how behind RPA, they’re more careful and aligned with compliance goals,” noted one participant.
“Training isn’t just a checkbox; it’s what keeps the process safe and effective,” emphasized another interviewee.

Practical Implications Based on Interview Findings

The findings of this study offer several actionable insights for both business managers and IT leaders engaged in RPA initiatives. The interviewees emphasized the importance of structured governance models, cross-functional collaboration, and the alignment of RPA efforts with organizational goals. Based on these inputs, one practical recommendation is the creation of CoEs or designated roles (e.g., RPA champions) to coordinate efforts between business and IT. Managers are advised to prioritize automation opportunities using well-defined selection criteria, considering feasibility, compliance, and potential business value. IT leaders should establish granular permission models, monitor risk exposure, and lead change management to ensure smooth transitions. Moreover, the human side of automation cannot be overlooked: preparing and engaging employees are essential to build trust, reduce resistance, and ensure compliance. These practical implications, derived from the voices of experienced practitioners, serve as a roadmap for organizations seeking to deploy RPA effectively and sustainably.
While our procedures ensured rigor (PRISMA/AACODS), the contribution of this paper lies primarily in the governance insights and actionable implications distilled from the literature and interviews.

5.3. Integration/Triangulation of Findings

Integration across phases: Phase I and Phase II converge strongly on the need for tight business–IT alignment, clear decision rights, and role-based access controls. Interviewees unanimously endorsed business–IT integration and flagged risks when one side designs processes alone, and 96.8% rejected “same permissions for all,” reinforcing the literature’s emphasis on standardized intake, change control, and separation of duties. Together, the phases point to a practical bundle: a CoE/steering structure (decision rights), role/permission models (RBAC/SoD), standardized selection and change procedures, and training/communication to address adoption and compliance.
Triangulating case—Nordea: Nordea’s federated model (central CoE + BU execution) operationalizes this bundle: central standards, vendor/compliance oversight, and local process ownership for speed and contextual fit. This structure directly addresses two tensions raised by interviewees—bottlenecks from over-centralization and insufficient local knowledge—while preserving auditability through common policies and logs. The case therefore substantiates the integrated pattern emerging from both phases: centralize the rules and oversight; decentralize discovery and execution under those rules.
A deeper examination of Nordea Bank’s approach illustrates the tangible benefits and structure of a mature RPA governance model. The organization implemented a federated governance model, which combines a centralized CoE with decentralized automation teams embedded in BUs. The CoE oversees strategy, vendor management, and compliance policies, while BUs are empowered to identify and implement automation opportunities locally, in alignment with the central standards [7].
Within this structure, distinct roles were defined: an executive RPA sponsor guided strategic alignment; CoE product owners developed governance policies and tooling strategies; and business analysts and developers collaborated on identifying and automating processes. This role clarity was critical to avoiding overlap, maintaining compliance, and ensuring scalability.
Nordea reports substantial scale across Know Your Customer (KYC), anti-money laundering (AML), mortgages, onboarding, and reconciliation, with meaningful efficiency gains and cost savings under its federated governance model [174].
This case underscores the value of hybrid governance in complex, regulated environments, and aligns with findings from this study, where interviewees emphasized the need for role clarity, central oversight, and strategic alignment to achieve successful RPA outcomes.
Implication: A practical roadmap is to (1) institute or refresh a business–IT governance CoE/steering layer, (2) deploy a standardized intake and change-control workflow, (3) implement granular RBAC/SoD, logging and review, and (4) run a training/communication program aligned to perceived usefulness and ease-of-use levers.
In summary, the interview findings underscored that informed employees, cognizant of the risks and benefits of their work, are essential. Errors made without an appreciation of their implications can have significant financial repercussions for the organization. The insights provided by the interviewees illuminate the multifaceted considerations surrounding RPA integration, further emphasizing the nuanced interplay between technology and human expertise in organizational contexts.

6. Conclusions

The research employs a Mixed Methods Research approach to investigate the facets of RPA and governance, emphasizing integration between business and IT, process standardization, compliance, risk management, employee engagement, role changes, and change management.
This study set out to explore how organizations are integrating RPA and what governance mechanisms are being adopted to support such integration. By drawing on qualitative insights from experienced professionals across diverse industries, the research addressed the central question: “How is RPA being integrated within organizations, and what governance structures support its effective adoption?”
The findings revealed that successful RPA integration hinges on strong business–IT collaboration, the establishment of clear governance models (such as CoE or steering committees), and careful process selection. Organizations that engaged employees early, defined permission levels rigorously, and aligned automation efforts with strategic objectives reported smoother adoption and more sustainable outcomes.
In terms of contributions, this study enriches the literature on RPA by highlighting the governance challenges and enablers from a practice-based perspective. It introduces a synthesized governance framework grounded in real-world insights and identifies actionable recommendations for both business and IT leaders. Furthermore, it adds depth to existing case studies by examining the interplay between organizational culture, compliance considerations, and the evolving role of automation champions. The results extend IT–governance scholarship by showing that CoEs/steering committees (structures), standardized process selection and change control (processes), and early business–IT engagement (relational mechanisms) jointly predict smoother RPA scale-up. They also complement TAM by linking perceived usefulness/ease of use to employees’ willingness to engage with bots, and they echo the change management theory by underscoring communication, training, and visible sponsorship as prerequisites for sustainable adoption.
By integrating theoretical models with lived experiences, this study provides practical insights for both academic and managerial audiences. It emphasizes the necessity of governance as a strategic enabler of RPA and calls for thoughtful planning to ensure long-term value realization.

6.1. Emerging Trajectory

As RPA platforms increasingly converge with generative AI, task orchestration, and autonomous “AI agents,” governance must progress to cover model risks, human-in-the-loop controls, auditability of agent actions, and expanded role design. Our interviewees’ emphasis on clear permissions and accountability aligns with these trends, reinforcing the need for guardrails as RPA matures toward agentic automation.

6.2. Limitations and Future Research

This study, while offering valuable insights into RPA integration and governance practices, is not without limitations. First, the qualitative nature of the research and the relatively small sample size may limit the generalizability of the findings. The interviewees represented diverse industries, but geographic and organizational variations could have introduced biases that were not fully captured. Additionally, the study primarily reflects the perspectives of professionals currently engaged in RPA projects, which might not encompass the full spectrum of organizational experiences.
Future investigations might explore deeper into specific domains, potentially including longitudinal studies to explore the evolution of RPA governance over time. Cross-sectoral comparisons or large-scale surveys could further validate the proposed governance framework. Moreover, exploring communication processes, the training and reskilling of employees, and the integration of artificial intelligence with RPA tools present promising avenues for future inquiry.
Finally, our sample (n = 31) spans multiple roles but remains modest; the distribution of hands-on RPA experience may limit generalizability. Future cross-sector surveys and longitudinal field studies could quantify the effects of specific governance choices on adoption and compliance outcomes.

Author Contributions

Conceptualization, J.C.B. and R.F.P.; methodology, J.C.B.; software, J.C.B. and R.R.; validation, R.R. and R.F.P.; formal analysis, R.R.; investigation, M.M.; resources, R.R.; data curation, M.M.; writing—original draft preparation, J.C.B.; writing—review and editing, I.S.B.; visualization, M.M.; supervision, R.F.P.; project administration, R.F.P.; funding acquisition, R.F.P. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Under Portuguese Law No. 21/2014, ethics committee approval is required for clinical research. This study comprised minimal-risk interviews with adult professionals, with no collection of personally identifiable data, and therefore falls outside the scope of clinical research covered by that law. The study adhered to the Declaration of Helsinki (2013 revision). Data handling complied with the EU GDPR (Regulation (EU) 2016/679) and Portuguese Law No. 58/2019.

Informed Consent Statement

Informed consent was obtained from all participants via an online consent form prior to data collection.

Data Availability Statement

No personally identifiable information was collected. All materials were anonymized and processed in compliance with GDPR and Portuguese Law No. 58/2019. See Appendix A for de-identified materials; additional de-identified data may be available upon reasonable request.

Conflicts of Interest

The authors declare no conflict of interest.

Appendix A

Table A1. De-identified interview responses to Questions 1–7 (Q1–Q7). For each question, entries #1–#31 correspond to the 31 participants (numbering restarts for each question and follows the interview order). Responses are transcribed as given (no spelling standardization), with only minimal formatting applied. All content is anonymized and contains no personally identifiable information.
Table A1. De-identified interview responses to Questions 1–7 (Q1–Q7). For each question, entries #1–#31 correspond to the 31 participants (numbering restarts for each question and follows the interview order). Responses are transcribed as given (no spelling standardization), with only minimal formatting applied. All content is anonymized and contains no personally identifiable information.
#Q1-Do You Think That There Should Be Integration Between Business and IT?
1The interviewee spoke about the importance of the union between business and IT because each one has a type of responsibility and expertise.
2The combination of IT and Business can optimize the way business is done when compared to traditional business.
3Process should be improved collaboratively by the IT and business for greater efficiency and success.
4There should be a balance so that both areas can contribute their specialties, increasing the quality of processes, and aiding in standardization and knowledge transfer through documentation.
5IT is a mean to achieve business goals. So, those two sectors must be integrated, somehow.
6Integration between the two areas is crucial as they complement each other. The business is vital in identifying processes and monitoring them, while the IT area is better suited for implementing solutions and solving technical issues.
7An organization where IT and business strategy are integrated can improve agility and operational efficiencies while also enterprises function better, make more profit and hit their goals with less effort.
8Working together could reduce costs, align goals and promote process improvement
9Important because if it’s only in IT and separate from the business, it won’t address the organization as a whole; it will be from a single perspective.
10The best way would be to come together for process understanding and follow-up when it goes into production.
11It’s important because it bridges the languages of business and IT, which are different, and this translation of language is crucial for correct interpretation.
12Certainly, the connection is critical; if there isn’t that connection between the two, it can generate many risks for the organization, not just financial risks.
13Collaboration between these two functions is very important for reasons such as alignment of objectives and effectiveness.
14With the help of IT, the improvement and facilitation of many business processes can be achieved.
15I know of a department that created their own robots without specialized employees, resulting in poor development and maintenance difficulties, which can harm the institution.
16I think one doesn’t exist without the other; you need the business part well defined first, and then you can have software that works well.
17There should always be communication between the two; otherwise, it can go wrong for both sides.
18The business understands more about the business rules, while IT is more focused on the technical aspects.
19That’s exactly what prevents errors because there is the person who develops the process and the person from the business who understands the day-to-day work to be executed.
20One evolves with the other; if the business part doesn’t work well, technology cannot execute.
21It’s important that the department also has some understanding of how the processes to be automated work in order to communicate effectively with those handling the technical aspects.
22Collaboration between the two areas is essential, as well as clear alignment, communication, and well-defined roles and responsibilities.
23Collaboration is necessary; those who will develop lack knowledge in the business area, and vice versa.
24I believe that the business and IT should maintain unity, as I think it would optimize time, service, and contribute to the product’s quality.
25Both sides bring something valuable to the process. On one hand, there’s business knowledge, and on the other, technical knowledge. Robots work better when both are present.
26Collaboration between the two is important, and there should be alignment so they can work together and avoid conflicts of interest.
27Integration between the business and IT is important because it streamlines the work of both, reducing time as each is an expert in their respective areas, and it decreases costs by preventing errors.
28The business needs to focus on the analysis and process documentation, while IT should handle the development and maintenance of those processes.
29Each one plays their part in the area they know best: the business side analyzes and documents processes, while IT develops, aiding in organization and preventing overload.
30Working together, the goals are more likely to be achieved, and the union of these two areas will combine their respective strengths.
31It’s important to always have a bridge between the two areas for better understanding of the contexts each part executes. It’s also essential to have someone who understands both sides to facilitate the connection between them.
#Q2-Do You Think There Could Be Issues If the Process Is Solely Defined by the Business Side or Solely by the IT Side Without Following a Standard?
1In agreement with the previous response, if each department works within its specialization, it will decrease the likelihood of errors and consequently losses to the organization.
2The business knows how the process works and the IT knows how to implement. One without the other could lead to errors in the process or non-ideal scenarios.
3The lack of collaboration between these areas can result in unnecessary resource expenditure due to misalignment of objectives or even a lack of necessary knowledge.
4If the process is solely defined and executed by one of the departments, errors can be made, and collaboration between them is crucial to ensure everything progresses smoothly.
5The business side must consider IT potentialities and limitations as well the IT side must know what the business goals are to focus on delivering what is required.
6IT may need the business due to a lack of sufficient knowledge in the business area, and the business may need IT to overcome technical issues.
7The lack of standard processes involving both areas can lead to unmet business expectations.
8It is essential that both sides work together, follow determined processes and communicate well, to ensure that initiatives generate value for the organization.
9Yes, because they wouldn’t address the topics comprehensively.
10There is a lack of technology knowledge, especially for maintenance if it’s done solely by the business, and if done solely by IT, there would be a lack of business knowledge for automation.
11If it were done by the business, they probably wouldn’t be implemented efficiently, and if it were done by IT, the business details wouldn’t be considered.
12All the problems, primarily a waste of time and money.
13Problems such as lack of standards, lack of alignment of objectives and inefficiency may arise.
14It should never be defined by just one party. The business should define rules and provide examples of how the process is done manually, and IT will assess the feasibility and suggest possible step-by-step improvements.
15The business side doesn’t understand the technical aspects, and IT doesn’t know how to gather requirements or manage processes.
16The robot might not be useful in the end; it might not solve the business problem if it wasn’t well-defined from the beginning or executed well.
17A businessperson may have an easier time understanding and communicating with the client, while a developer has more knowledge of what can be done at the code level.
18It would be much more difficult to reach the end goal as the number of processes scales up.
19Yes, because each person has knowledge of their part, that’s why there should be a union between the two.
20The person who writes the process knows about the business logic and not about the execution part, and vice versa.
21On the IT side, people may not have a complete understanding of the process, and on the business side, they may not have a complete understanding of the tools.
22The combination of both areas is an asset, merging business knowledge with IT expertise.
23IT may not know how to gather the process correctly, and the business side may not develop as efficiently.
24IT without full knowledge of the business and the business without full knowledge of IT could lead to a series of errors.
25If only IT handles everything, the business knowledge will be missing, and if it’s solely the business side handling it, they might not do it as efficiently, potentially not saving the money and time intended.
26The business side wouldn’t be able to provide the necessary maintenance and effective development, whereas the IT side may not understand the business’s gains and losses. Each area has its focus, and their union is ideal.
27There needs to be unity so that the IT department can complement the knowledge of the business area.
28The business may not possess as much technical knowledge, which could lead to errors or process inefficiencies. Conversely, a developer without business knowledge would struggle to analyze the necessary or unnecessary steps in building a process.
29Overloading, as the business may not know how to develop and maintain processes, and IT may not understand the business enough, leading to future problems.
30It can bring problems like a lack of specialized knowledge, which can translate into significant business impacts.
31Handling processes individually can lead to limited knowledge, a lack of effective documentation, and communication with the potential for negative impacts.
#Q3-From Your Perspective, What Is the Meaning of Careful Selection of Processes to be Automated in RPA?
1Processes that don’t require human critical thinking and accurate choices save time and money.
2Processes need to be repetitive for maximum optimization, and making the wrong choice can lead to future losses.
3A process should have well-defined rules and minimal changes to prevent discontinuation or resource losses in the future.
4RPA processes should be the ones where tasks are repetitive and follow a specific standard that is not being altered very often.
5Prioritizing the right processes ensures that RPA implementation delivers the desired benefits while minimizing potential risks and challenges.
6The processes to be selected should add value to the company, based on well-defined and repetitive rules.
7Carefully check the complexity, stability, scalability and importance of the process.
8Thorough analysis to select processes in line with the organization’s objectives and suitable for automation, thereby increasing the likelihood of success and financial return.
9If the right process selection is not made, there can be a loss of time in implementation, and maintenance ends up with higher costs and a greater risk of poor results.
10The risk is to continue having people with repetitive tasks and automating processes that don’t need it. Sometimes there is too much concern about the volume of automation and not enough focus on quality.
11Processes should always have a hierarchy and consider profitability. FTEs means people are reallocated and not fired, and in FSTS cost reduction or elimination should be prioritized.
12Adding value, a good selection increases the added value to the organization, and a poor selection is a waste.
13Can significantly impact the success and efficiency of an implementation.
14Automating daily and repetitive processes should involve analyzing the cost of automation, including licenses and infrastructure, when choosing a process. It’s essential to balance the benefits of automation with the required investment.
15It’s very important because there are things that can meet customer expectations and others that can’t, and this analysis and realism are necessary in this regard.
16It’s what solves the problem; it’s better to invest in processes that can contribute than in processes that don’t save as much work.
17There should be attention in the process selection; it should be a process that saves someone’s time, which can be used for more critical tasks.
18It depends on whether the development is feasible, feasibility analysis is one of the key aspects of a process. If not done correctly, it can lead to overspending of resources.
19Time savings, fewer errors, reduced costs, and consequently, having time for other activities that require greater human intelligence.
20The wrong choice can generate costs, loss of time, and labor.
21This can lead to application errors, business errors, data non-conformity errors; the processing can be done incorrectly, resulting in an unexpected outcome.
22Loss of time, money, and resources. A process that won’t yield returns is a detriment to the organization, impacting both its reputation and finances.
23The choice of processes to be automated is those that bring time and cost savings to the organization.
24If a process is not chosen carefully, it may lack data and knowledge about the process, which can result in a loss of time, money, and other resources.
25They should have certain characteristics such as being repetitive and having as few special exceptions as possible to avoid resource loss.
26If the choice is not made carefully, it can result in the loss of money and time. If the goal is to reduce time spent on repetitive tasks, selecting the wrong processes can hinder achieving that objective.
27It can lead to errors, unnecessary time and money spent because not every process is feasible to automate. Some processes may not be repetitive, or the economic benefit for the organization may not justify automation.
28It’s essential to choose what truly needs to be automated, as otherwise, it could be discontinued for various reasons.
29It can have an impact because the robot may not be able to do what the business requires, which can affect other areas that depend on correct execution.
30There should be stability in the process to be automated, it must be a well-structured process, using stable applications, and estimating and analyzing the impact in terms of resource allocation is crucial.
31The choice of a process should consider the benefits to the organization, the cost of execution, and the time saved.
#Q4-Since There Are no Taxes on Robots, But There Are Many on People, If You Were a Business Owner, Would You Prefer to Retain and Prioritize People Over Replacing Them with Robots for Economic Reasons?
1I would prioritize the implementation of RPA, reducing process time, increasing profits, and lowering various unnecessary costs while retaining essential employees and reallocating others.
2It mainly depends on the task. If the task is repetitive, the robot is perfect. But if there are exceptions, the human does it better.
3Robots would perform the work more efficiently and quickly, but can fail, so human oversight is necessary.
4People must be present to maintain the robots and people offer certain skills that robots cannot mimic.
5We live in a competitive market so reducing costs without losing quality is mandatory to “survive”.
6I’d prefer robots, not only for economic reasons but also due to their greater efficiency compared to humans and I’d adapt employees to new roles integrated with RPAs.
7This means RPA would replace humans and many would be out of a job, but as a business owner everything is a transaction so I would try to save as much money as possible.
8People need to be present to maintain the robots, and people offer specific skills that robots cannot mimic. Robots can be present in repetitive tasks, reducing possible human errors.
9Economically, I would choose to replace people, but in other aspects, there is the analysis and evaluation of results that must be done by a human.
10Prioritize robots, saving money and having everything done the same way, and reallocate the necessary employees to higher-value activities.
11But there should always be a human foundation.
12It’s not about paying taxes; humans should add value and not be engaged in repetitive activities.
13People are still needed because automatism can generate errors that have to be corrected by a human.
14The ideal strategy would be to reduce resources per process instead of replacing them completely.
15Economically, I would prefer the robot and hire experienced people to manage it.
16For purely economic reasons, I would prioritize robots, but for other issues, a robot wouldn’t replace a human.
17I would prioritize robots and keep only the necessary people.
18Robots because they are more efficient and competent.
19I would prioritize people because I understand that there could be a union between humans and robots, but robots alone wouldn’t be able to complete the work entirely.
20I would replace everything possible with robots for repetitive tasks and would place people in roles requiring critical thinking.
21If the robots are well-developed, they can work 24 h a day, and the likelihood of errors is lower. The volume of work they can handle is higher than what a human can do, even though it’s still necessary to have humans involved.
22Functions can be performed by robots, saving money. However, it is necessary because humans possess critical thinking abilities that robots do not.
23Only in functions that can be automated and provide a return, saving time for employees to perform other tasks.
24I would prioritize robots because they would lead to more financial gains and select specialized individuals for the management and maintenance of the robots.
25I would prioritize people by reallocating them to other tasks and investing in training so that these employees could perform activities requiring critical thinking, while I would keep robots for repetitive tasks.
26If RPA was chosen to reduce costs and time, it doesn’t make sense to prioritize or keep people in roles that RPA can perform. People are required for evaluation and execution, especially in case of failures.
27Economically, I would prefer to prioritize robots for tasks that can be automated and keep the necessary employees in other roles.
28I would prioritize robots because I would want to save money on both salaries and other expenses. The fewer human errors, the greater the financial return for the organization, while people would be assigned to essential functions.
29I would prioritize robots for tasks that are time-consuming for humans and keep employees engaged in activities that require human analysis and thinking.
30I would prioritize robots for economic reasons, mitigating human error, and exponentially increasing the value added to my company. It would accomplish the same work while reducing costs related to human labor, including salaries, healthcare expenses, taxes, and saving time.
31I would prioritize people, using robots for repetitive tasks and reallocating individuals. If the company’s goal is to expand, there are always tasks for people to do. It’s important to assess medium and long-term objectives, provide training for people who will be reallocated, and prepare them for this transition.
#Q5-Do You Think RPA Helps or Replaces Employees?
1Depending on the company’s objectives, it can either replace people or assist with the workload of others.
2It helps as it reduces repetitive workload from employees.
3RPAs help people by handling the most tedious tasks at work and completing certain steps much faster than humans can.
4It doesn’t fully replace them, but it definitely helps them.
5If an employee or a group of employees are only performing tasks that could be fully automated, the company has the choice to reassign the attributions of that employee or dismiss them, totally or partially.
6They help workers by freeing up humans for more analytical and higher-value tasks in the company.
7RPA is here to replace tedious and repetitive tasks that humans have. It mimics human behavior without the human errors while the performance is also better.
8If implemented correctly, it can increase employee satisfaction by allowing them to focus on tasks that generate more value. Therefore, RPA, along with a human touch, can be the key to a higher likelihood of process success.
9If they are small, repetitive processes, it replaces tasks and not people, activities without the need for analysis.
10RPA helps with the most repetitive parts, and people focus on what generates value.
11It helps with replacements but also aids in maintaining tasks that couldn’t be ensured because the number of hires decreases while tasks do not.
12It helps humans with repetitive activities. It can free up those at the end of their careers for retirement, but the intention is to complement or free up for other activities.
13It helps because people are still necessary; robots can generate errors that need to be corrected by human hands.
14We can’t claim that we’re always helping or always replacing; it’s usually a combination of both. It all depends on the perspective and how they are implemented.
15It replaces, some RPAs can replace an entire department, and people are not always reallocated.
16It helps more than it replaces, but in some cases, it does replace when the work is repetitive and doesn’t require creativity and critical thinking, and there is no possibility of reallocation.
17It helps because employees can move to more important roles.
18In most cases, it helps people with significant roles rather than those with repetitive tasks.
19It helps the employees because it optimizes time and reduces costs.
20It helps the employees because it is essential for optimizing time and resources. People should be placed in non-repetitive areas and in critical areas that require human thinking.
21Human knowledge about the process is essential, as is human intervention for development and maintenance.
22They help; robots don’t replace human analysis. However, people aren’t always reassigned, it depends on the company’s plan, and it can hinder the knowledge transfer for RPA development.
23They help employees have more time to engage in more important activities.
24It aids people by replacing repetitive tasks, requiring individuals to specialize in handling tasks that involve critical thinking.
25It helps because it allows employees to focus on tasks that require critical thinking, while robots are used for more repetitive tasks.
26Helps essential personnel and replace individuals in mechanical roles that don’t require human reasoning because it doesn’t always make sense to relocate these individuals to other functions.
27It can replace tasks that can be fully automated and can assist individuals in roles requiring analytical thinking.
28It helps with repetitive processes and replaces humans in functions where they are not necessary.
29It helps employees by freeing them from repetitive tasks so they can focus on other things.
30I believe RPA helps people by relieving them of a lot of repetitive tasks and replacing employees who are no longer needed.
31It helps employees in repetitive activities.
#Q6-Do You Believe That All Individuals Involved in the Same Project Should Have the Same Levels of Permissions?
1There should be project management, and accesses should be requested and granted based on each collaborator’s responsibilities.
2Security. A developer should not have access to financial records as it could be a breach in security.
3Each person should have the appropriate permissions for their role and the tasks they need to perform.
4There are confidential and sensitive data that should only be accessed by whoever is needed.
5Is important to protect business from data breaches or unauthorized changes.
6There must be different permission levels due to data confidentiality issues and project vulnerabilities.
7I believe they should have the level of permission of the job category they are currently performing to avoid confidentiality risks, for example.
8Increased security, risk minimization, and role-based hierarchy are crucial as not all individuals require the same levels of access.
9There are confidential data and each person’s seniority to consider. Very junior employees don’t need access to confidential information.
10It should be segmented to eliminate risks.
11They should be segmented according to functions, but there can be a person with access to everything.
12Not everyone, needs to be a mix of experiences and responsibilities.
13Having different levels of permissions and access rights can be a critical aspect of security and management.
14I don’t think all individuals on a project should have the same permissions, but there should be autonomy to fully carry out our work.
15Should be a hierarchy; a junior should not have the same level as a senior who has a certain level of trust from the client.
16Difficult to manage due to security reasons. Access should be based on each employee’s responsibility.
17There must be a hierarchy; people with more knowledge have higher levels of access.
18No, for data security, access levels must be well-defined.
19There are people with less knowledge than others, there needs to be a hierarchy.
20There should be a hierarchy for direction; a junior doesn’t reason like a senior and doesn’t know the risks and processes. Knowledge is necessary for decision-making.
21People may not always have access to all the information.
22It’s challenging to manage and analyze everything; however, it can hinder the speed and efficiency of the process.
23Considering that processes involve confidential data, access should be limited according to the hierarchy.
24People should only access what they need to know, limiting it to the area in which they specialize according to their responsibilities.
25I believe so because it streamlines the work and eliminates the wait for permissions, always with supervision, regulation, and data encryption.
26For security reasons, hierarchy must be respected to prevent errors, fraud, and other issues. People without sufficient knowledge and with high levels of permission can have a negative impact on the organization.
27There are confidential pieces of information, and a certain level of trustworthiness is necessary to access and handle this type of information.
28Because not everyone has the same perception and sensitivity regarding the systems and data used, they may end up making errors that could tarnish the organization’s image, in addition to incurring costs and wasting time.
29Because of the levels of responsibility, for example, a junior employee may not have as much knowledge about risks as a senior employee.
30Because there should be an assignment of responsibility, and those who hold these responsibilities should be individuals whose roles in the project follow a hierarchy. Additionally, for security reasons, there should be a separation of functions and responsibilities.
31For security reasons, and because not everyone applies knowledge in the same way, people should have permissions according to their responsibilities.
#Q7-In Your Opinion, Is Understanding and Preparing Employees Important for Reducing Compliance Risks in RPA?
1The knowledge and ongoing training of employees are essential to prevent compliance risks such as regulatory violations, fraud, or data leaks.
2It’s always good to prepare employees to deal with anomalies that come from robotic processes, as they would more efficiently respond to what happened.
3RPA is a simple technology; however, it can cause significant issues if those who use it lack basic knowledge of the process/technology.
4If you are dealing with sensitive data, it is important that people are aware and know how to deal to avoid breaches.
5Employees can have insights that help identify risks and address them before they escalate further.
6If workers were better informed about the reality of RPAs and even involved in their management, there would be fewer associated operational risks.
7It is important in order to protect data integrity, data security, and employee and customer privacy.
8Training employees is a fundamental aspect of reducing compliance risks in RPA and data protection. There should be a culture of awareness and responsibility.
9This should be part of the onboarding for each project, there should be a framework to understand the risk of actions.
10It’s important to be aware of the risks because sometimes tasks are carried out without awareness of the impact.
11Training is very important; the structure of RPA, cross-modules, impacts, and risks should be explained.
12It’s very important because using robots for operations instead of humans, if there is any damage, it will be faster and on a larger scale.
13Understanding and preparing employees is essential, so that they are aware of compliance, risks, and how to deal with them.
14It’s an important part of appropriate training according to roles, enabling preparation to face all difficulties, a very important factor in a company’s growth.
15Important are trainings, test environments, and permissions, as well as an employee to validate so that when there is an audit, an error is not considered fraud.
16To mitigate risks, everyone should be aware. Sensitive data is used, and often, developers may not be aware of what type of data it is and how dangerous it can be.
17Employees must be prepared because otherwise, the company is at risk due to poor preparation and understanding.
18It’s very important for employees to be more careful when developing and understand the impact it can have.
19There should be a lot of awareness of the entire process; people need to understand what each permission can cause.
20Everyone must be aware of the risks associated with the process and the tools to be used. Risks should be well understood, and it’s very important to know what one is doing to avoid causing losses to the business.
21It’s necessary; people should understand the risks of their actions and the need as well.
22It’s essential, it’s important to grasp the business, understand the technology being used, comprehend the access levels, and the purpose of each activity within the process.
23So that employees understand and become more proactive in seeking solutions, thereby reducing risks.
24Preparation is necessary; employees must understand what they are working on and the risks of their actions to the organization.
25it’s very important. It helps to better understand the business, avoiding future constraints, makes the work more direct, and regarding IT, it can even help developers feel more motivated by knowing what they are doing and the impact on people’s daily lives.
26Crucial to extract the best from the business and the process. If people are well-trained and comprehend what they are working on, the risks and real-life impact, the chances of errors occurring decrease.
27The higher the level of knowledge, the lower the chance of making errors. People should be informed about the risks and benefits of what they are creating and handling.
28I find it important both to avoid losses and to help and motivate each employee in their respective roles.
29People need to understand the area they are working in, the real-life impact, and the risks.
30Employees need to understand what they have access to, the information, and their responsibility to protect and handle that information as sensitive. They should also know how to handle this information to prevent data breaches.
31It is necessary because an individual may not know the entire context, but they should understand the risks that execution can bring, including impacts on the company such as a bad reputation and significant losses.

References

  1. Cabello Ruiz, R.; Jiménez Ramírez, A.; Escalona Cuaresma, M.J.; González Enríquez, J. Hybridizing humans and robots: An RPA horizon envisaged from the trenches. Comput. Ind. 2022, 138, 103615. [Google Scholar] [CrossRef]
  2. Lindgren, I.; Toll, D.; Melin, U. Automation as a Driver of Digital Transformation in Local Government: Exploring Stakeholder Views on an Automation Initiative in a Swedish Municipality. In Proceedings of the 22nd Annual International Conference on Digital Government Research, ACM International Conference Proceeding Series, Omaha, NE, USA, 9–11 June 2021; pp. 463–472. [Google Scholar] [CrossRef]
  3. Orynbayeva, A. A Governance Model for Managing Robotics Process Automation (RPA); TU Delft—Faculty of Technology, Policy and Management: Delft, The Netherlands, 2019; p. 78. [Google Scholar]
  4. ALSO. Robotic Process Automation (RPA): Potential for Businesses. Available online: https://www.also.com/ec/cms5/en_6000/6000/company/blog/article/future-technologies/robotic-process-automation-rpa-potential-for-businesses.jsp? (accessed on 19 May 2024).
  5. Boulton, C.; Olavsrud, T. What is RPA? A Revolution in Business Process Automation|CIO. Available online: https://www.cio.com/article/227908/what-is-rpa-robotic-process-automation-explained.html (accessed on 19 November 2024).
  6. Wewerka, J.; Reichert, M. Robotic process automation—A systematic mapping study and classification framework. Enterp. Inf. Syst. 2023, 17, 1986862. [Google Scholar] [CrossRef]
  7. Kedziora, D.; Penttinen, E. Governance models for robotic process automation: The case of Nordea Bank. J. Inf. Technol. Teach. Cases 2020, 11, 20–29. [Google Scholar] [CrossRef]
  8. Harrast, S.A. Robotic process automation in accounting systems. J. Corp. Account. Financ. 2020, 31, 209–213. [Google Scholar] [CrossRef]
  9. Brás, J.C.; Pereira, R.F.; Fonseca, M.; Ribeiro, R.; Bianchi, I.S. Advances in auditing and business continuity: A study in financial companies. J. Open Innov. Technol. Mark. Complex. 2024, 10, 100304. [Google Scholar] [CrossRef]
  10. Zhang, Z.J.; Schoop, E.; Nichols, J.; Mahajan, A.; Swearngin, A. From Interaction to Impact: Towards Safer AI Agent Through Understanding and Evaluating Mobile UI Operation Impacts. In Proceedings of the International Conference on Intelligent User Interfaces, Proceedings IUI, Cagliari, Italy, 24–27 March 2025; pp. 727–744. [Google Scholar] [CrossRef]
  11. Busboom, J.; Boulus-Rødje, N.; Bødker, S. Tracing Transformations of the Modern Workplace and Imagining its Future. In Proceedings of the 4th Annual Symposium on Human-Computer Interaction for Work, CHIWORK 2025, Amsterdam, The Netherlands, 23 June 2025; pp. 1–14. [Google Scholar] [CrossRef]
  12. Pan, Y.C.; Chen, R. Scientific measurement analysis of supply chain risk management. In Proceedings of the 5th International Conference on Artificial Intelligence and Computer Engineering, ICAICE 2024, Wuhu, China, 8–10 November 2024; pp. 676–679. [Google Scholar] [CrossRef]
  13. Hsu, H.H.; Wang, L. Fintech: How technology can change the way banks expand. In Proceedings of the 2024 5th International Conference on Big Data Economy and Information Management, BDEIM 2024, Xiamen, China, 13–15 December 2024; pp. 256–260. [Google Scholar] [CrossRef]
  14. Yu, H. Research on the Construction of Enterprise Financial Sharing Platform in the Background of Cloud Computing. In Proceedings of the 2025 4th International Conference on Cyber Security, Artificial Intelligence and the Digital Economy, Johor Bahru, Malaysia, 7–9 March 2025; pp. 9–13. [Google Scholar] [CrossRef]
  15. Lindgren, I. Ironies of Public Service Automation—Bainbridge Revisited. In Proceedings of the 24th Annual International Conference on Digital Government Research, ACM International Conference Proceeding Series, New York, NY, USA, 11–14 July 2023; pp. 395–404. [Google Scholar] [CrossRef]
  16. Handoko, B.L.; Lindawati, A.S.L.; Mustapha, M. Robotic process automation in audit 4.0. In Proceedings of the 2021 12th International Conference on E-business, Management and Economics, ACM International Conference Proceeding Series, Beijing, China, 17–19 July 2021; pp. 128–132. [Google Scholar] [CrossRef]
  17. Money, W.H. Resolving Pressure and Stress on Governance Models from Robotic Process Automation Technologies. 2020. Available online: https://iscap.us/proceedings/conisar/2021/pdf/5570.pdf (accessed on 23 February 2023).
  18. (Abigail) Parker, C.; Issa, H.; Rozario, A.; Søgaard, J.S. Robotic Process Automation (RPA) Implementation Case Studies in Accounting: A Beginning to End Perspective. 1 November 2021. Available online: https://papers.ssrn.com/abstract=4008330 (accessed on 19 July 2025).
  19. Marciniak, P.; Stanisławski, R. Internal Determinants in the Field of RPA Technology Implementation on the Example of Selected Companies in the Context of Industry 4.0 Assumptions. Information 2021, 12, 222. [Google Scholar] [CrossRef]
  20. Smeets, M.; Erhard, R.; Kaußler, T. Robotic Process Automation (RPA) in the Financial Sector: Technology—Implementation—Success for Decision Makers and Users; Springer: Wiesbaden, Germany, 2021; pp. 1–144. [Google Scholar] [CrossRef]
  21. Syed, R.; Suriadi, S.; Adams, M.; Bandara, W.; Leemans, S.J.; Ouyang, C.; ter Hofstede, A.H.; van de Weerd, I.; Wynn, M.T.; Reijers, H.A. Robotic Process Automation: Contemporary themes and challenges. Comput. Ind. 2020, 115, 103162. [Google Scholar] [CrossRef]
  22. Chacón-Montero, J.A.; Jiménez-Ramírez; Enríquez, J.G. Towards a method for automated testing in robotic process automation projects. In Proceedings of the 2019 IEEE/ACM 14th International Workshop on Automation of Software Test, AST 2019, Montreal, QC, Canada, 27 May 2019; pp. 42–47. [Google Scholar] [CrossRef]
  23. Sobczak, A.; Ziora, L. The Use of Robotic Process Automation (RPA) as an Element of Smart City Implementation: A Case Study of Electricity Billing Document Management at Bydgoszcz City Hall. Energies 2021, 14, 5191. [Google Scholar] [CrossRef]
  24. Hofmann, P.; Samp, C.; Urbach, N. Robotic process automation. Electron. Mark. 2020, 30, 99–106. [Google Scholar] [CrossRef]
  25. Wright, D.; Witherick, D.; Gordeeva, M. The Robots Are Ready. Are You? Untapped Advantage in Your Digital Workforce; Deloitte Development LLC: New York, NY, USA, 2020; p. 24. Available online: https://branden.biz/wp-content/uploads/2017/12/The-robots-are-ready_-Are-you_Untapped-advantage-in-your-digital-workforce.pdf (accessed on 15 August 2025).
  26. UiPath. Speedier Service, Contented Customers: How Automation Gave VPBank a Boost. Available online: https://www.uipath.com/resources/automation-case-studies/vpbank-boosts-productivity-with-automation (accessed on 22 December 2024).
  27. UiPath. State Street Revolutionizes Banking Reliability Through Test Automation|UiPath. Available online: https://www.uipath.com/resources/automation-case-studies/state-street-revolutionizes-banking-reliability-through-test-automation (accessed on 12 February 2025).
  28. UiPath. Arnott’s Group Has Embraced a Structured Approach to Enterprise a Automation|UiPath. Available online: https://www.uipath.com/resources/automation-case-studies/arnott-group-embraced-structured-approach-to-enterprise-automation (accessed on 25 March 2025).
  29. KPMG. KPMG Named a Leader in Automation Fabric Services 2024. Available online: https://kpmg.com/xx/en/our-insights/ai-and-technology/kpmg-named-a-leader-in-automation-fabric-services-2024.html (accessed on 23 January 2025).
  30. De Haes, S.; Van Grembergen, W. Enterprise Governance of Information Technology; Springer Nature: Dordrecht, The Netherlands, 2015. [Google Scholar] [CrossRef]
  31. Biswas, A. 6 Types of Governance Explained: Meaning and Dimensions. Available online: https://schoolofpoliticalscience.com/definitions-and-types-of-governance/#google_vignette (accessed on 14 June 2025).
  32. Rahim, A. Governance and Good Governance-A Conceptual Perspective. J. Public Adm. Gov. 2019, 9, 133–142. Available online: https://ideas.repec.org/a/mth/jpag88/v9y2019i3p133-142.html (accessed on 20 July 2025). [CrossRef]
  33. The Harvard Law School Forum on Corporate Governance. Principles of Corporate Governance, September 2016. Available online: https://corpgov.law.harvard.edu/2016/09/08/principles-of-corporate-governance/ (accessed on 19 July 2025).
  34. Bigelow, S.J.; Lutkevich, B.; Lewis, S. What Is Corporate Governance?|Definition from TechTarget. Available online: https://www.techtarget.com/searchsecurity/definition/corporate-governance (accessed on 19 July 2025).
  35. Diligent. Corporate Governance. Available online: https://www.diligent.com/resources/guides/corporate-governance (accessed on 19 December 2024).
  36. QUALIFIED AUDIT ACADEMY. IT Governance—Qualified Audit Academy. Available online: https://www.audit-academy.be/en/glossary/it-governance (accessed on 9 June 2025).
  37. Danby, S. IT Governance: Definition, Frameworks, and Best Practices. Available online: https://blog.invgate.com/it-governance (accessed on 14 January 2025).
  38. Fletcher, M. Five Domains of Information Technology Governance for Consideration by Boards of Directors. 2008. Available online: https://hdl.handle.net/1794/7820 (accessed on 25 August 2025).
  39. Goddard, W. What Is IT Governance?—Brought to You by ITChronicles. Available online: https://itchronicles.com/governance/what-is-it-governance/ (accessed on 13 August 2024).
  40. Van Grembergen, W.; De Haes, S.; Guldentops, E. Structures, Processes and Relational Mechanisms for IT Governance. In Strategies for Information Technology Governance; Van Grembergen, W., Ed.; Idea Group Publishing (IGI Global): Hershey, PA, USA, 2004; pp. 1–36. Available online: https://www.igi-global.com/chapter/structures-processes-relational-mechanisms-governance/29897 (accessed on 25 August 2025).
  41. Aughton, J.; Ozer, S. Refocus Your Robotic Process Automation Lens: Internal Control Over Financial Reporting. Available online: https://d2l6535doef9z7.cloudfront.net/Uploads/b/y/f/octroboticprocessautomation_365834.pdf (accessed on 25 August 2025).
  42. Willcocks, L.P.; Lacity, M.; Craig, A.; Willcocks, L.P.; Lacity, M.; Craig, A. The IT Function and Robotic Process Automation. 2015. Available online: https://EconPapers.repec.org/RePEc:ehl:lserod:64519 (accessed on 18 October 2024).
  43. Kämäräinen, T. Managing Robotic Process Automation: Opportunities and Challenges Associated with a Federated Governance Model. 2018. Available online: https://aaltodoc.aalto.fi/handle/123456789/32257 (accessed on 19 July 2025).
  44. Asatiani, A.; Kamarainen, T. Unexpected Problems Associated with the Federated IT Governance Structure in Robotic Process Automation (RPA) Deployment—Göteborgs Universitets. 2019. Available online: https://aaltodoc.aalto.fi/server/api/core/bitstreams/a1e74a18-9d16-41d3-9adc-211c3d8b7dde/content (accessed on 19 July 2025).
  45. Willcocks, L.; Hindle, J.; Lacity, M. Keys to RPA Success KEYS TO RPA SUCCESS Part 4: Change Management & Capability Development-People, Process, & Technology: How Blue Prism Clients Gain Superior Long-Term Business Value. Knowledge Capital Partners, Executive Research Report. 2018. Available online: https://www.blueprism.com/uploads/resources/white-papers/KCP_Report_Change_Management_Final.pdf (accessed on 25 August 2025).
  46. Wei, X.; Zhang, W.; Wei, X.; Tsaur, T.S. The global research status and development trend of artificial intelligence in the field of accounting—Visual analysis based on bibliometrics. In Proceedings of the 4th Asia-Pacific Artificial Intelligence and Big Data Forum, AIBDF 2024, Ganzhou, China, 27–29 December 2024; pp. 1008–1013. [Google Scholar] [CrossRef]
  47. Flechsig, C.; Anslinger, F.; Lasch, R. Robotic Process Automation in purchasing and supply management: A multiple case study on potentials, barriers, and implementation. J. Purch. Supply Manag. 2022, 28, 100718. [Google Scholar] [CrossRef]
  48. Serve, O. Robotic Process Automation for Federal Government Programs. Available online: https://business.optum.com/en/insights/robotic-process-automation-federal-government-programs.html (accessed on 3 September 2024).
  49. Carreño, A.M. An Analytical Review of John Kotter’s Change Leadership Framework: A Modern Approach to Sustainable Organizational Transformation; SSRN—Social Science Research Network: Rochester, NY, USA, 2024. [Google Scholar] [CrossRef]
  50. Garousi, V.; Felderer, M.; Mäntylä, M.V. The need for multivocal literature reviews in software engineering. In Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, Limerick, Ireland, 1–3 June 2016; pp. 1–6. [Google Scholar] [CrossRef]
  51. Garousi, V.; Felderer, M.; Mäntylä, M.V. Guidelines for including grey literature and conducting multivocal literature reviews in software engineering. Inf. Softw. Technol. 2019, 106, 101–121. [Google Scholar] [CrossRef]
  52. “PRISMA Statement”. Available online: https://www.prisma-statement.org/ (accessed on 25 August 2025).
  53. Stansfield, C.; Dickson, K.; Bangpan, M. Exploring issues in the conduct of website searching and other online sources for systematic reviews: How can we be systematic? Syst. Rev. 2016, 5, 1–9. [Google Scholar] [CrossRef]
  54. Brás, J.; Pereira, R.; Moro, S. Intelligent Process Automation and Business Continuity: Areas for Future Research. Information 2023, 14, 122. [Google Scholar] [CrossRef]
  55. Coleman, S.; Wright, J.M.; Nixon, J.; Schoonhoven, L.; Twiddy, M.; Greenhalgh, J. Searching for Programme theories for a realist evaluation: A case study comparing an academic database search and a simple Google search. BMC Med. Res. Methodol. 2020, 20, 217. [Google Scholar] [CrossRef] [PubMed]
  56. Emily Jones, M.A. LibGuides: Systematic Reviews: Step 8: Write the Review. Available online: https://guides.lib.unc.edu/systematic-reviews/write (accessed on 5 February 2023).
  57. Wohlin, C. Guidelines for snowballing in systematic literature studies and a replication in software engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, ACM International Conference Proceeding Series, London, UK, 13–14 May 2014. [Google Scholar] [CrossRef]
  58. Castleberry, A.; Nolen, A. Thematic analysis of qualitative research data: Is it as easy as it sounds? Curr. Pharm. Teach. Learn. 2018, 10, 807–815. [Google Scholar] [CrossRef] [PubMed]
  59. Donalek, J.G. The interview in qualitative research. Urol. Nurs. 2005, 25, 124–125. [Google Scholar] [PubMed]
  60. Myers, M.D.; Newman, M. The qualitative interview in IS research: Examining the craft. Inf. Organ. 2007, 17, 2–26. [Google Scholar] [CrossRef]
  61. Myers, M.D. Qualitative Research in Business and Management, 2nd ed.; SAGE Publications Ltd.: Thousand Oaks, Ca, USA, 2013. [Google Scholar]
  62. Questionnaire: Balancing Business, IT, and Human Capital: RPA Integration and Governance Dynamics. Available online: https://docs.google.com/forms/d/e/1FAIpQLSd38RoeMZNXgtu6PjzoqORZa8NxTbX6N2t-rb8AfcaJFKbiFQ/viewform (accessed on 19 July 2025).
  63. World Medical Association. World Medical Association Declaration of Helsinki: Ethical Principles for Medical Research Involving Human Subjects. JAMA 2013, 310, 2191–2194. [Google Scholar] [CrossRef]
  64. “Regulation—2016/679—EN—Gdpr—EUR-Lex”. Available online: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng (accessed on 25 August 2025).
  65. “Lei n.o 58/2019, de 8 de Agosto | DR”. Available online: https://diariodarepublica.pt/dr/detalhe/lei/58-2019-123815982 (accessed on 25 August 2025).
  66. Neto, G.T.G.; Santos, W.B.; Endo, P.T.; Fagundes, R.A.A. Multivocal Literature Reviews in Software Engineering: Preliminary Findings from a Tertiary Study. In Proceedings of the 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM ’19), IEEE, Porto de Galinhas, Brazil, 19–20 September 2019; pp. 1–6. Available online: https://ieeexplore.ieee.org/document/8870142 (accessed on 25 August 2025).
  67. Kokina, J.; Blanchette, S. Early evidence of digital labor in accounting: Innovation with Robotic Process Automation. Int. J. Account. Inf. Syst. 2019, 35, 100431. [Google Scholar] [CrossRef]
  68. Osmundsen, K.; Iden, J.; Bygstad, B. Organizing Robotic Process Automation: Balancing Loose and Tight Coupling. In Proceedings of the Annual Hawaii International Conference on System Sciences, Maui, HI, USA, 8–11 January 2019; Volume 2019, pp. 6918–6926. [Google Scholar] [CrossRef]
  69. Ali, S.; Green, P.; Robb, A. Information technology investment governance: What is it and does it matter? Int. J. Account. Inf. Syst. 2015, 18, 1–25. [Google Scholar] [CrossRef]
  70. Peterson, R. Crafting Information Technology Governance. Inf. Syst. Manag. 2004, 21, 7–22. [Google Scholar] [CrossRef]
  71. Marrella, A.; Matulevičius, R.; Gabryelczyk, R.; Axmann, B.; Vukšić, V.B.; Gaaloul, W.; Štemberger, M.I.; Kő, A.; Lu, Q. Business Process Management: Blockchain, Robotic Process Automation, and Central and Eastern Europe Forum; Springer Nature: Dordrecht, The Netherlands, 2022; Volume 459. [Google Scholar] [CrossRef]
  72. MuleSoft. Importance of RPA Governance. Available online: https://www.mulesoft.com/automation/rpa-governance (accessed on 19 July 2025).
  73. Understanding RPA Governance Model with Best Practices via CoE. Available online: https://www.xenonstack.com/insights/rpa-governance (accessed on 5 October 2021).
  74. Hartikainen, E.; Hotti, V.; Tukiainen, M. Improving Software Robot Maintenance in Large-Scale Environments-is Center of Excellence a Solution? IEEE Access 2022, 10, 96760–96773. [Google Scholar] [CrossRef]
  75. Cascais Brás, J.; Pereira, R.F.; Moro, S.; Bianchi, I.S.; Ribeiro, R. Understanding How Intelligent Process Automation Impacts Business Continuity: Mapping IEEE/2755:2020 and ISO/22301:2019. IEEE Access 2023, 11, 134239–134258. [Google Scholar] [CrossRef]
  76. Chun, S.A.; Noveck, B.S. Introduction to the Special Issue on ChatGPT and other Generative AI Commentaries: AI Augmentation in Government 4.0. Digit. Gov. Res. Pract. 2025, 6, 1–8. [Google Scholar] [CrossRef]
  77. Lindgren, I.; Toll, D.; Johansson, B.; Booth, M.; Rizk, A.; Melin, U. Organizational conditions required to implement RPA in local government Insights from a Swedish case study. In Proceedings of the 25th Annual International Conference on Digital Government Research, ACM International Conference Proceeding Series, Taipei, Taiwan, 11–14 June 2024; pp. 434–442. [Google Scholar] [CrossRef]
  78. Lin, M.; Zheng, Z. Design and implementation of intelligent search assistant based on AIGC and RPA. In Proceedings of the 2024 8th International Conference on Electronic Information Technology and Computer Engineering, EITCE 2024, Haikou, China, 18–20 October 2024; pp. 534–538. [Google Scholar] [CrossRef]
  79. Awad, A.; Akola, O.; Amer, M.; Mousa, E.K.A. Artificial intelligence in financial statement preparation: Enhancing accuracy, compliance, and corporate performance. Int. J. Innov. Res. Sci. Stud. 2025, 8, 361–374. [Google Scholar] [CrossRef]
  80. Savin, J.M. IT Auditing: The Practitioner’s Guide to Reliable Information Automation. In IT Auditing: The Practitioner’s Guide to Reliable Information Automation; Taylor & Francis: Oxfordshire, UK, 2025; pp. 1–222. [Google Scholar] [CrossRef]
  81. Ashok, P.; Pon Bharathi, A.; Rathika, S.; Ramamurthy, V. Application of Hyperautomation in COVID-19 Analysis and Management. In Hyperautomation for Next-Generation Industries; John Wiley & Sons, Inc.: Hoboken, NJ, USA, 2025; pp. 255–276. [Google Scholar] [CrossRef]
  82. Yanuarisa, Y.; Irianto, G.; Djamhuri, A.; Rusydi, M.K. Exploring the internal audit of public procurement governance: A systematic literature review. Cogent Bus. Manag. 2025, 12, 2025. [Google Scholar] [CrossRef]
  83. Wang, X.; Wu, J.; Qu, W. A Robotic Process Automation-Based System for Intelligent Work Order Management with Active Service in Power System. In Proceedings of the 2025 8th International Conference on Advanced Algorithms and Control Engineering (ICAACE), Shanghai, China, 21–23 March 2025; pp. 628–631. [Google Scholar] [CrossRef]
  84. Kokina, J.; Blanchette, S.; Davenport, T.H.; Pachamanova, D. Challenges and opportunities for artificial intelligence in auditing: Evidence from the field. Int. J. Account. Inf. Syst. 2025, 56, 100734. [Google Scholar] [CrossRef]
  85. Sewpersadh, N.S. Adaptive structural audit processes as shaped by emerging technologies. Int. J. Account. Inf. Syst. 2025, 56, 100735. [Google Scholar] [CrossRef]
  86. Johansson, J.; Thomsen, M.; Åkesson, M. Public value creation and robotic process automation: Normative, descriptive and prescriptive issues in municipal administration. Transform. Gov. People Process Policy 2023, 17, 177–191. [Google Scholar] [CrossRef]
  87. Hegde, S.; Gopalakrishnan, S.; Wade, M. Robotics in securities operations. J. Secur. Oper. Custody 2018, 10, 29. [Google Scholar] [CrossRef]
  88. Moffitt, K.C.; Rozario, A.M.; Vasarhelyi, M.A. Robotic Process Automation for Auditing. J. Emerg. Technol. Account. 2018, 15, 1–10. [Google Scholar] [CrossRef]
  89. Vikas Kumar. Integration of Robotic Process Automation (RPA)|UnivDatos. Available online: https://univdatos.com/blogs/integration-of-robotic-process-automation-rpa (accessed on 15 August 2024).
  90. Chen, X.; Liang, J. Construction and Implementation Strategies of Personalized Learning Paths Based on Artificial Intelligence. In Proceedings of the 2024 3rd International Conference on Artificial Intelligence and Education, ICAIE 2024, Xiamen, China, 22–24 November 2024; pp. 392–397. [Google Scholar] [CrossRef]
  91. Kedziora, D.; Siemon, D.; Elshan, E.; Sońta, M. Towards stability, predictability, and quality of intelligent automation services: ECIT product journey from on-premise to as-a-service. In Proceedings of the 2024 IEEE/ACM International Workshop on Software-Intensive Business, IWSiB 2024, Lisbon, Portugal, 16 April 2024; pp. 15–23. [Google Scholar] [CrossRef]
  92. Feng, J.; Zhou, A.; Sun, Z. Research on the Automatic capture Process of Import and Export Information of RPA in Hainan Free Trade Port. In Proceedings of the 2024 8th International Conference on Electronic Information Technology and Computer Engineering, EITCE 2024, Haikou, China, 18–20 October 2024; pp. 1372–1379. [Google Scholar] [CrossRef]
  93. Riantono, I.E.; Anggrico, K.; Calvin, C. Robotic Process Automation to Help Auditors to Improved the Audit Quality: A Systematic Literature Review and Meta-Analysis. In Proceedings of the 2023 9th International Conference on Industrial and Business Engineering, ACM International Conference Proceeding Series, Beijing, China, 22–24 September 2023; pp. 298–304. [Google Scholar] [CrossRef]
  94. Lindawati, A.S.L.; Handoko, B.L.; Widayanto, R.K.; Irianto, D.R. Model of Innovation Diffusion for Fraud Detection Using Robotic Process Automation. In Proceedings of the 2023 9th International Conference on Industrial and Business Engineering, ACM International Conference Proceeding Series, Beijing, China, 22–24 September 2023; pp. 245–251. [Google Scholar] [CrossRef]
  95. Brandstatter, C.; Tschandl, M.; Mitterback, C. A Generic Process Model for the Introduction of Robotic Process Automation in Financial Accounting. In Proceedings of the 2023 9th International Conference on Computer Technology Applications, Vienna, Austria, 10–12 May 2023; pp. 12–18. [Google Scholar] [CrossRef]
  96. Kim, J.; Kim, S.H.; Joe, I. AI-Based RPA’s Work Automation Operation to Respond to Hacking Threats Using Collected Threat Logs. Appl. Sci. 2024, 14, 10217. [Google Scholar] [CrossRef]
  97. Asatiani, A.; Hakkarainen, T.; Paaso, K.; Penttinen, E. Security by envelopment–a novel approach to data-security-oriented configuration of lightweight-automation systems. Eur. J. Inf. Syst. 2024, 33, 631–653. [Google Scholar] [CrossRef]
  98. Yigitcanlar, T.; David, A.; Li, W.; Fookes, C.; Bibri, S.E.; Ye, X. Unlocking Artificial Intelligence Adoption in Local Governments: Best Practice Lessons from Real-World Implementations. Smart Cities 2024, 7, 1576–1625. [Google Scholar] [CrossRef]
  99. (Adi) Stoykova, R.A. A Governance Model for Digital Evidence in Criminal Proceedings. Comput. Law Secur. Rev. 2024, 55, 106040. [Google Scholar] [CrossRef]
  100. ISACA. ISACA Now Blog 2023 Understanding the Risk of Robotic Process Automation. Available online: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2023/understanding-the-risk-of-robotic-process-automation?gad_source=1&gad_campaignid=21147302543&gbraid=0AAAAAD_A9K_clAQ3sWE_nXKLNlcsizsnL&gclid=Cj0KCQjwkILEBhDeARIsAL--pjwF8rLpqq2AnIO90ChWA3NxPTzSimYotJSep09QHXCbMwLRcGjhbgkaAl-AEALw_wcB (accessed on 27 May 2025).
  101. Solanki, U.; Mehta, K.; Shukla, V.K. Robotic Process Automation and Audit Quality: A Comprehensive Analysis. In Proceedings of the 2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), ICRITO 2024, Noida, India, 14–15 March 2024. [Google Scholar] [CrossRef]
  102. PwC. Robotic Process Automation for Internal Audit: PwC. Available online: https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/robotic-process-automation-internal-audit.html (accessed on 19 March 2025).
  103. Chugh, R.; Macht, S.; Hossain, R. Robotic Process Automation: A review of organizational grey literature. Int. J. Inf. Syst. Proj. Manag. 2022, 10, 5–26. [Google Scholar] [CrossRef]
  104. Huang, F.; Vasarhelyi, M.A. Applying robotic process automation (RPA) in auditing: A framework. Int. J. Account. Inf. Syst. 2019, 35, 100433. [Google Scholar] [CrossRef]
  105. Deng, Y.; Zhang, X.; Zhou, D.; Zhang, D.; Huang, B. Leveraging NLP in Finance: A Synergistic Approach Using Large Language Models and Chain-of-Thought Reasoning. In Proceedings of the 5th International Conference on Artificial Intelligence and Computer Engineering, ICAICE 2024, Wuhu, China, 8–10 November 2024; Volume 7, pp. 494–500. [Google Scholar] [CrossRef]
  106. Wornow, M.; Narayan, A.; Opsahl-Ong, K.; McIntyre, Q.; Shah, N.; Ré, C. Automating the Enterprise with Foundation Models. Proc. VLDB Endow. 2024, 17, 2805–2812. [Google Scholar] [CrossRef]
  107. Wan, X. Application of RPA in Power Grid Industry. In Proceedings of the 2023 4th International Conference on Computer Science and Management Technology, ACM International Conference Proceeding Series, Xi’an, China, 13–15 October 2023; pp. 380–383. [Google Scholar] [CrossRef]
  108. Balasubramaniam, S.; Prasanth, A.; Satheesh Kumar, K.; Kadry, S. Artificial Intelligence-Based Hyperautomation for Smart Factory Process Automation. In Hyperautomation for Next-Generation Industries; John Wiley & Sons, Inc.: Hoboken, NJ, USA, 2025; pp. 55–89. [Google Scholar] [CrossRef]
  109. Li, X.; Peng, S.; Ma, X.; Tian, Z.; He, X.; Wang, Y. AI-Based Intelligent Decision-Making Platform for Operational Excellence in the Oil and Gas Industry. In Proceedings of the 2025 IEEE 6th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT), Shenzhen, China, 11–13 April 2025; pp. 1639–1648. [Google Scholar] [CrossRef]
  110. de Carvalho, H.L.M.; Ferreira, M.A. Automation and public oversight in Brazil: Evaluating the monitoring of fiscal management reports. Adm. Manag. Public 2025, 2025, 114–130. [Google Scholar]
  111. Wang, Y.; Fan, C.; Zhang, W. Research on Electricity Marketing Inspection Methods Applying RPA Informationization Intelligent Management Technology. J. Comb. Math. Comb. Comput. 2025, 127a, 1715–1728. [Google Scholar] [CrossRef]
  112. Sufi, F.; Alsulami, M. AI-Driven Chatbot for Real-Time News Automation. Mathematics 2025, 13, 850. [Google Scholar] [CrossRef]
  113. Ashraf, M. Does automation improve financial reporting? Evidence from internal controls. Rev. Account. Stud. 2025, 30, 436–479. [Google Scholar] [CrossRef]
  114. Lai, H.K.; Hsieh, S.F. Evaluating the Impact of Robotic Process Automation on Earnings Management. J. Inf. Syst. 2025, 39, 103–133. [Google Scholar] [CrossRef]
  115. Jamithireddy, N.S. Cash Flow Forecasting in SAP ERP Enhanced by UiPath Automation: A Predictive Analytics Approach. Indian J. Inf. Sources Serv. 2025, 15, 368–379. [Google Scholar] [CrossRef]
  116. Jamithireddy, N.H. Automating Foreign Exchange Operations in SAP ERP Using UiPath: A Framework for Improved Efficiency. Indian J. Inf. Sources Serv. 2025, 15, 245–257. [Google Scholar] [CrossRef]
  117. Patrício, L.; Varela, L.; Silveira, Z.; Felgueiras, C.; Pereira, F. A Framework for Integrating Robotic Process Automation with Artificial Intelligence Applied to Industry 5.0. Appl. Sci. 2025, 15, 7402. [Google Scholar] [CrossRef]
  118. Celonis. Successful RPA Implementation: A Roadmap for Robotic Process Automation. Available online: https://www.celonis.com/blog/successful-rpa-implementation-a-roadmap-for-robotic-process-automation/?creative=763071753522&keyword=&matchtype=&network=g&device=c&utm_source=google&utm_medium=cpc_dsa&utm_campaign=evergreen&utm_term=&utm_content=22477180280_en_land_rparoadmap_1maxconv&gad_source=1&gad_campaignid=22477180280&gbraid=0AAAAADLGpd3G5xFdBA0w81cwOmViHaK4s&gclid=Cj0KCQjwkILEBhDeARIsAL--pjzvxk7OMGSvcIwCVTMSEvAuhXWeDV7ucDpfK7xIbMd1lbEocnwNvkIaAlQgEALw_wcB (accessed on 27 June 2025).
  119. IBM. What Is Robotic Process Automation (RPA)?|IBM. Available online: https://www.ibm.com/think/topics/rpa (accessed on 7 March 2025).
  120. Dahiyat, A. Robotic process automation and audit quality. Corp. Gov. Organ. Behav. Rev. 2022, 6, 160. [Google Scholar] [CrossRef]
  121. Candide. RPA in Audit: 7 Key Insights for Robust Solutions. Available online: https://www.datasnipper.com/resources/rpa-in-audit-7-insights-building-rpa-solutions (accessed on 19 July 2025).
  122. Rameez Ali. Incorporating Robotic Process Automation (RPA) Capability in Internal Audit|LinkedIn. Available online: https://www.linkedin.com/pulse/incorporating-robotic-process-automation-rpa-capability-rameez-ali/ (accessed on 19 July 2025).
  123. CrossCountry Consulting. Generating Internal Audit Workpapers with Robotic Process Automation—CrossCountry Consulting. Available online: https://www.crosscountry-consulting.com/insights/blog/generating-internal-audit-workpapers-with-rpa/ (accessed on 14 October 2024).
  124. Shaaheen Tar-Mahomed. Robotic Process Automation (RPA) Powering Up the Audit—KPMG South Africa. November 2021. Available online: https://kpmg.com/za/en/home/insights/2021/11/robotic-process-automation--rpa--powering-up-the-audit.html (accessed on 19 July 2025).
  125. Tommervag, A.S.; Bach, T.; Jager, B. Leveraging the competition: Robotic Process Automation (RPA) enabling competitive Small and Medium sized Auditing Firms. In Proceedings of the 2022 IEEE/SICE International Symposium on System Integration, SII 2022, Virtual, 9–12 January 2022; pp. 833–837. [Google Scholar] [CrossRef]
  126. Wu, Y.; Wan, Y. New Quality Productivity of Enterprises and Artificial Intelligence: Based on A-share High-tech Enterprises. In Proceedings of the 2024 5th International Conference on Big Data Economy and Information Management, BDEIM 2024, Zhengzhou, China, 13–15 December 2024; pp. 367–373. [Google Scholar] [CrossRef]
  127. Kotis, K.; Angoura, E.; Lyngri, E.I. Emerging technologies in smart libraries for visually impaired people: Challenges and design considerations. ACM J. Comput. Cult. Herit. 2025, 37, 1–18. [Google Scholar] [CrossRef]
  128. Abdullah, H.; Tursoy, T. The Effect of Corporate Governance on Financial Performance: Evidence from a Shareholder-Oriented System. Interdiscip. J. Manag. Stud. 2023, 16, 79–95. [Google Scholar] [CrossRef]
  129. Abdurrahman, A.P.; Yousif, K.A.; Sani, A.A.; Al-Absy, M.S.M.; Abubakar, A.H. Extending UTAUT Through Moderating Effects of Digitalization on the Audit Profession. Stud. Syst. Decis. Control. 2025, 568, 1165–1180. [Google Scholar] [CrossRef]
  130. Al Jnainati, M.; Al Jnainati, J.; Rath, S.; Aujla, S.; Nasir, E.; Govindarajan, A.; Samantaray, Y.; Semy, M. Transforming paperwork with AI: Applications across healthcare and other industries. AI Soc. 2025, 1–14. [Google Scholar] [CrossRef]
  131. Singh, H.; Aggarwal, R.; Garg, P.; Aggarwal, D. AI and ESG Performance: An Empirical Study of the High-Tech Sector. Prabandhan Indian J. Manag. 2025, 18, 8–25. [Google Scholar] [CrossRef]
  132. Gex, C.; Minor, M. Make Your Robotic Process Automation (RPA) Implementation Successful. Available online: https://www.thefreelibrary.com/Make+Your+Robotic+Process+Automation+(RPA)+Implementation+Successful.-a0578583264 (accessed on 19 July 2025).
  133. Cloud4C. Laying the RPA Foundation on Governance. Available online: https://www.cloud4c.com/rpa/blogs/rpa-governance (accessed on 5 January 2024).
  134. Bureau, C. Governance of an RPA Project. Available online: https://www.ciol.com/governance-of-an-rpa-project-beyond-traditional-project-management/ (accessed on 22 May 2024).
  135. Rechtman, Y. Can Robotic Process Automation Improve Quality Control in Audits? Available online: https://www.cpajournal.com/2021/08/10/can-robotic-process-automation-improve-quality-control-in-audits/ (accessed on 19 July 2025).
  136. How Do You Audit a Robot?|ICAEW. Available online: https://www.icaew.com/technical/business-and-management/strategy-risk-and-innovation/risk-management/internal-audit-resource-centre/how-do-you-audit-a-robot (accessed on 10 October 2021).
  137. DLA PIPER. Artificial Intelligence, Robotics and Automation: The Best or the Worst Thing to Ever Happen to Humanity?|DLA Piper. Available online: https://www.dlapiper.com/en/insights/publications/2020/12/artificial-intelligence-robotics-and-automation (accessed on 1 July 2024).
  138. Farhat, I.I. RPA and the Government Audit. J. Gov. Financ. Manag. 2019, 68, 42–47. Available online: https://ficonsulting.com/wp-content/uploads/2019/04/AGAJournal_Spring2019_NoBudget.pdf (accessed on 25 August 2025).
  139. Hafenscherer, M.; Mezhuyev, V.; Tschand, M. Robotic process automation of calculating investments in a business project. In Proceedings of the 2023 12th International Conference on Software and Computer Applications, ACM International Conference Proceeding Series, Kuantan, Malaysia, 23–25 February 2023; pp. 309–314. [Google Scholar] [CrossRef]
  140. Zhou, R.; Li, X.; Gao, J.; Li, H. Research on Budget Management Digitization of Expressway Company Based on Robotic Process Automation. In Proceedings of the 2nd International Conference on Educational Knowledge and Informatization, ACM International Conference Proceeding Series, Shanghai, China, 19–21 July 2024; pp. 427–433. [Google Scholar] [CrossRef]
  141. Kedziora, D.; Hyrynsalmi, S. Turning Robotic Process Automation onto Intelligent Automation with Machine Learning. In Proceedings of the 11th International Conference on Communities and Technologies, ACM International Conference Proceeding Series, Lahti, Finland, 29 May–2 June 2023; pp. 1–5. [Google Scholar] [CrossRef]
  142. Jaradat, Z.; Al-Hawamleh, A.M.; Al Shbail, M.; Hamdan, A. Innovative practices: Assessing the impact of robotic process automation adoption on internal audit efficiency in KSA. J. Sci. Technol. Policy Manag. 2025; in press. [Google Scholar] [CrossRef]
  143. Patrício, L.; Silva, J.; Costa, C.; Varela, L.; Silveira, Z.; Cruz-Cunha, M.M. Audit framework for control Robotic Process Automation projects. Procedia Comput. Sci. 2025, 256, 685–695. [Google Scholar] [CrossRef]
  144. Topchii, V.; Moroz, Y.; Karpenko, N.; Khoronovskyi, O.; Tarashchenko, V. Prevention of Tax Criminal Offences as a Factor in the Financial Stability of the State. Theor. Pract. Res. Econ. Fields 2025, 16, 170–181. [Google Scholar]
  145. Prasad, M.D.; Nandini, B. Faculty Assistant Bot-automation of administrative activities using robotic process automation. Int. J. Electr. Comput. Eng. (IJECE) 2024, 14, 6797–6806. [Google Scholar] [CrossRef]
  146. Zhang, Y. Exploration of Finance Digital Transformation Path Based on RPA Technology. Appl. Math. Nonlinear Sci. 2024, 9, 1–20. [Google Scholar] [CrossRef]
  147. Dos Santos, L.O.S.; Cardoso, R.L.; Buchbinder, F.; Vasarhelyi, M. Doublethink in governmental accounting: Development of an RPA to identify inconsistencies in financial reporting. Int. J. Digit. Account. Res. 2024, 24, 1–22. [Google Scholar] [CrossRef]
  148. Lo, W.; Yang, C.M.; Zhang, Q.; Li, M. Increased Productivity and Reduced Waste with Robotic Process Automation and Generative AI-powered IoE Services. J. Web Eng. 2024, 23, 53–88. [Google Scholar] [CrossRef]
  149. Park, S.-Y.; Lee, C.; Jeong, S.; Lee, J.; Kim, D.; Jang, Y.; Seol, W.; Kim, H.; Ahn, S.-H. Digital Twin and Deep Reinforcement Learning-Driven Robotic Automation System for Confined Workspaces: A Nozzle Dam Replacement Case Study in Nuclear Power Plants. Int. J. Precis. Eng. Manuf.—Green Technol. 2024, 11, 939–962. [Google Scholar] [CrossRef]
  150. Liao, H.; Singh, D.; Ma, J.; Hu, X. The Future of Business Process Management: Robotic Process Automation. Asia-Pac. J. Inf. Technol. Multimed. 2024, 13, 93–104. [Google Scholar] [CrossRef]
  151. Opentext. What Is Robotic Process Automation (RPA)?|OpenText. Available online: https://www.opentext.com/what-is/robotic-process-automation (accessed on 19 July 2025).
  152. CPA Journal. Exploring the Use of Robotic Process Automation (RPA) in Substantive Audit Procedures—The CPA Journal. Available online: https://www.cpajournal.com/2019/08/14/exploring-the-use-of-robotic-process-automation-rpa-in-substantive-audit-procedures/ (accessed on 3 September 2024).
  153. VMiklos, A.; Andrea, M.R. How Robotic Process Automation Is Transforming Accounting and Auditing—The CPA Journal. Available online: https://www.cpajournal.com/2018/07/02/how-robotic-process-automation-is-transforming-accounting-and-auditing/ (accessed on 22 April 2022).
  154. Nunes, T.; Leite, J.; Pedrosa, I. Intelligent Process Automation: An Overview over the Future of Auditing. In Proceedings of the Iberian Conference on Information Systems and Technologies, CISTI, Sevilla, Spain, 24–27 June 2020; Volume 2020. [Google Scholar] [CrossRef]
  155. Zhang, C. Intelligent Process Automation in Audit. J. Emerg. Technol. Account. 2019, 16, 69–88. [Google Scholar] [CrossRef]
  156. Struthers-Kennedy, A.; Poulikakos, A. RPA: First Steps to Greater Internal Audit Efficiency|Corporate Compliance Insights. Available online: https://www.corporatecomplianceinsights.com/rpa-first-steps-to-greater-internal-audit-efficiency/ (accessed on 19 July 2025).
  157. Nam, T. Citizen attitudes about job replacement by robotic automation. Futures 2019, 109, 39–49. [Google Scholar] [CrossRef]
  158. Katara, A.; Rashid, Z. Risk Management Magazine—Robotic Process Automation for Risk and Compliance. Available online: https://www.rmmagazine.com/articles/article/2018/03/20/-Robotic-Process-Automation-for-Risk-and-Compliance- (accessed on 19 July 2025).
  159. Aziz, U. RPA Audit Process: Phases, Implementation, Benefits & Impact. Available online: https://linfordco.com/blog/rpa-audit-process-impact/ (accessed on 19 July 2025).
  160. Huettinger, M.; Boyd, J.A. Taxation of robots—What would have been the view of Smith and Marx on it? Int. J. Soc. Econ. 2020, 47, 41–53. [Google Scholar] [CrossRef]
  161. Taulli, T. The Robotic Process Automation Handbook; Apress: Berkeley, CA, USA, 2020. [Google Scholar] [CrossRef]
  162. Asef-Sargent, J.; Lewis, A.C.; Everson, K.E.; Steinhoff, J.C. Put on Your Auditor Hat to Help Avoid Turbulence on the Intelligent Automation Journey! J. Gov. Financ. Manag. 2020, 68, 18–25. Available online: http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=141939720&site=eds-live (accessed on 25 January 2025).
  163. Horvat, D.; Ivanišević, R.; Gluščević, L. Risks associated with robotic process automation. J. Process Manag. New 2024, 12, 72–82. [Google Scholar] [CrossRef]
  164. COSO. Enterprise Risk Management|COSO. Available online: https://www.coso.org/guidance-erm (accessed on 25 January 2025).
  165. Geiger, A. Wikipedia Addbot: Is Good Governance the Answer to Our Ills. In Proceedings of the 41st International Conference on Design of Communication, SIGDOC 2023, Orlando, FL, USA, 26–28 October 2023; pp. 167–173. [Google Scholar] [CrossRef]
  166. Alassuli, A. Impact of artificial intelligence using the robotic process automation system on the efficiency of internal audit operations at Jordanian commercial banks. Banks Bank Syst. 2025, 20, 122–135. [Google Scholar] [CrossRef]
  167. Dogan, O.; Arslan, O.; Cengiz Tirpan, E.; Cebi, S. Risk Assessment of Employing Digital Robots in Process Automation. Systems 2024, 12, 428. [Google Scholar] [CrossRef]
  168. Vasarhelyi, M.A.; Alles, M.; Kuenkaikaew, S.; Littley, J. The acceptance and adoption of continuous auditing by internal auditors: A micro analysis. Int. J. Account. Inf. Syst. 2012, 13, 267–281. [Google Scholar] [CrossRef]
  169. The Institute of Internal Auditors. Chartered Institute of Internal Auditors. Internal Audit Code of Practice: Guidance on Effective Internal Audit in the Financial Services, Private and Third Sectors. 2024. Available online: https://charterediia.org/media/onljvwvq/code-of-practice_2024updated.pdf? (accessed on 20 January 2025).
  170. Defense Logistics Agency. The Bots Are Coming: Robotic Process Automation Saves DLA Time, Money > Defense Logistics Agency > News Article View. Available online: https://www.dla.mil/About-DLA/News/News-Article-View/Article/1704350/the-bots-are-coming-robotic-process-automation-saves-dla-time-money/ (accessed on 19 July 2025).
  171. Wang, S.; Sun, Q.; Shen, Y.; Li, X. Applications of Robotic Process Automation in Smart Governance to Empower COVID-19 Prevention. Procedia Comput. Sci. 2022, 202, 320–323. [Google Scholar] [CrossRef] [PubMed]
  172. Noordeen, A.R. Improving Work-life Balance with AI-RPA—A qualitative study. In Proceedings of the 2025 Computers and People Research Conference, Waco, TX, USA, 28–30 May 2025; pp. 1–3. [Google Scholar] [CrossRef]
  173. Aguirre, S.; Rodriguez, A. Automation of a Business Process Using Robotic Process Automation (RPA): A Case Study. Commun. Comput. Inf. Sci. 2017, 742, 65–71. [Google Scholar] [CrossRef]
  174. Nordea Step Ahead of Competition|RPA Banking Case Study|SS&C Blue Prism. Available online: https://www.blueprism.com/resources/case-studies/how-nordea-stays-ahead-of-the-competition/ (accessed on 14 August 2025).
Figure 1. Google Trends interest over time for “Robotic Process Automation” (2004–2025). Interest rose sharply during COVID-19 and again in 2025, providing context for sustained RPA relevance.
Figure 1. Google Trends interest over time for “Robotic Process Automation” (2004–2025). Interest rose sharply during COVID-19 and again in 2025, providing context for sustained RPA relevance.
Information 16 00793 g001
Figure 2. Types of governance.
Figure 2. Types of governance.
Information 16 00793 g002
Figure 3. How the IT governance is divided (adapted from [37]).
Figure 3. How the IT governance is divided (adapted from [37]).
Information 16 00793 g003
Figure 4. PRISMA 2020 flow diagram. Identification, screening, eligibility and inclusion for Phase I. Reasons and counts for full-text exclusions (n = 753) are displayed within the diagram. Deduplication combined automated and manual steps. (adapted from [56]).
Figure 4. PRISMA 2020 flow diagram. Identification, screening, eligibility and inclusion for Phase I. Reasons and counts for full-text exclusions (n = 753) are displayed within the diagram. Deduplication combined automated and manual steps. (adapted from [56]).
Information 16 00793 g004
Figure 5. Relationship among SLR, GLR, and MLR. Gray gradient = formal → gray literature; dashed boxes = source corpora; □ small white squares = example source types (journals/conferences/books) vs. small gray squares = (white papers/reports/web posts); arrows = MLR integrates both (adapted from [51]).
Figure 5. Relationship among SLR, GLR, and MLR. Gray gradient = formal → gray literature; dashed boxes = source corpora; □ small white squares = example source types (journals/conferences/books) vs. small gray squares = (white papers/reports/web posts); arrows = MLR integrates both (adapted from [51]).
Information 16 00793 g005
Figure 6. MLR process. Bold gray header bars label the three phases (Planning, Conducting, Reporting). The bold lines under each header list the sub-stages/activities within that phase. Gray chevrons/arrows indicate the left-to-right process flow (sequence). Dashed arrows/lines denote iterative feedback/optional revisits. (adapted from [54]).
Figure 6. MLR process. Bold gray header bars label the three phases (Planning, Conducting, Reporting). The bold lines under each header list the sub-stages/activities within that phase. Gray chevrons/arrows indicate the left-to-right process flow (sequence). Dashed arrows/lines denote iterative feedback/optional revisits. (adapted from [54]).
Information 16 00793 g006
Figure 7. Relationship between types of governance.
Figure 7. Relationship between types of governance.
Information 16 00793 g007
Figure 8. Relationship between topics.
Figure 8. Relationship between topics.
Information 16 00793 g008
Table 1. Inclusion/exclusion criteria used.
Table 1. Inclusion/exclusion criteria used.
Inclusion CriteriaExclusion Criteria
Related to main keywordsNot related to RPA and Governance
Documents are written in EnglishDocuments are written in a language other than English
Filtering the search results only shows the first fourteen pages from Google SearchNotifications from vendors about tools that have been excluded
Abstract
Table 2. Information about the interviewees.
Table 2. Information about the interviewees.
AttributeValue
Work Experience
0–5 years54.8%
5–10 years16.1%
10–15 years3.2%
15–20 years3.2%
>20 years22.6%
Responsibility
Developer64.5%
Business Analyst19.4%
Manager9.7%
Other19.4%
Work Experience in RPA
0–5 years87.1%
5–10 years12.9%
10–15 years0%
15–20 years0%
>20 years0%
Number of RPA processes
029.0%
1–512.9%
5–109.7%
>1048.4%
Area
Business12.9%
IT67.7%
Other19.4%
Do you have RPA projects at your organization?
Yes83.9%
No16.1%
If no, would you feel threatened if the company decided to implement it?
Yes20.0%
No80.0%
Note: Some categories permitted multiple selections; percentages may not sum to 100%.
Table 3. Distribution between “White”, “Gray” and “Black” literature.
Table 3. Distribution between “White”, “Gray” and “Black” literature.
“White” Literature“Gray” Literature“Black” Literature
Peer-reviewed conference papersWhite papersConcepts
Peer-reviewed conference proceedingsBlogsIdeas
Peer-reviewed journal articlesLecturesThoughts
Academic books/chaptersAudio–video media
Preprints
Datasets
e-Prints
Table 4. Findings related to the research.
Table 4. Findings related to the research.
MLR Findings
Integration between business and IT[1,2,7,9,11,13,14,24,54,67,68,70,71,72,73,74,75,76,78,80,81,87,88,89,91,106,108,111,120,121,122,123,124,125,126,127,128,129,130,131]
Standardization of processes[1,2,7,9,10,11,12,13,14,22,46,67,68,74,75,76,77,78,79,80,81,84,85,88,91,92,93,94,95,96,98,100,101,102,104,105,106,107,108,109,110,113,116,117,118,119,120,130,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150]
Compliance and risk management[2,7,8,9,12,13,24,48,54,72,73,76,78,79,80,82,84,85,93,94,96,97,99,100,101,102,110,115,117,128,129,131,132,133,134,135,136,142,143,144,145,147,148,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167]
Employee engagement, changes in roles, responsibilities, and change management[1,2,7,10,11,13,46,54,67,68,69,70,72,73,77,78,79,80,81,82,84,88,90,94,95,96,98,99,101,102,108,109,112,117,118,119,126,127,128,129,130,131,132,133,134,135,140,141,142,143,144,145,148,149,150,151,152,161,162,165,166,167,168,169,170,171,172]
Table 5. Responses to close-ended questions.
Table 5. Responses to close-ended questions.
QuestionYes (%)No (%)
Do you think that there should be integration between business and IT?1000
Do you think there could be issues if the process is solely defined by the business side or solely by the IT side, without following a standard?1000
From your perspective, what is the meaning of a careful selection of processes to be automated in RPA?--
Since there are no taxes on robots, but there are many people, if you were a business owner, would you prefer to retain and prioritize people over replacing them with robots for economic reasons?35.464.6
Do you think RPA helps or replaces employees?1000
Do you believe that all individuals involved in the same project should have the same levels of permission?3.296.8
In your opinion, is understanding and preparing employees important for reducing compliance risks in RPA?1000
Table 6. Results resume with major topics found.
Table 6. Results resume with major topics found.
QuestionsResume of Major Topics Found
Q1: Do you think that there should be integration between business and IT?
  • Alignment of goals
  • Process quality
  • Error reduction
  • Communication
  • Definition of responsibilities
  • Documentation
Q2: Do you think there could be issues if the process is solely defined by the business side or solely by the IT side without following a standard?
  • Knowledge limitations
  • Errors
  • Ambiguity
  • Resource wastage
  • Overload
  • Misalignment of objectives
Q3: From your perspective, what is the meaning of careful selection of processes to be automated in RPA?
  • Efficiency
  • Error Minimization
  • Stability
  • Viability
Q4: Since there are no taxes on robots, but there are many on people, if you were a business owner, would you prefer to retain and prioritize people over replacing them with robots for economic reasons?
  • Time Reduction
  • Mitigating Human Error
  • Profit
  • Efficiency
  • Essential Collaborators
  • Reallocation
  • Cost Reduction
Q5: Do you think RPA helps or replaces employees?
  • Organizational Objectives
  • Workload
  • Replacement
  • Reallocation
Q6: Do you believe that all individuals involved in the same project should have the same levels of permissions?
  • Hierarchy
  • Separation of Functions and Responsibilities
  • Security
  • Project Management
Q7: In your opinion, is understanding and preparing employees important for reducing compliance risks in RPA?
  • Training and awareness
  • Motivation
  • Risks and impacts
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Cascais Brás, J.; Pereira, R.F.; Melo, M.; Bianchi, I.S.; Ribeiro, R. Balancing Business, IT, and Human Capital: RPA Integration and Governance Dynamics. Information 2025, 16, 793. https://doi.org/10.3390/info16090793

AMA Style

Cascais Brás J, Pereira RF, Melo M, Bianchi IS, Ribeiro R. Balancing Business, IT, and Human Capital: RPA Integration and Governance Dynamics. Information. 2025; 16(9):793. https://doi.org/10.3390/info16090793

Chicago/Turabian Style

Cascais Brás, José, Ruben Filipe Pereira, Marcella Melo, Isaias Scalabrin Bianchi, and Rui Ribeiro. 2025. "Balancing Business, IT, and Human Capital: RPA Integration and Governance Dynamics" Information 16, no. 9: 793. https://doi.org/10.3390/info16090793

APA Style

Cascais Brás, J., Pereira, R. F., Melo, M., Bianchi, I. S., & Ribeiro, R. (2025). Balancing Business, IT, and Human Capital: RPA Integration and Governance Dynamics. Information, 16(9), 793. https://doi.org/10.3390/info16090793

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop