Formalizing process-based risk with Value-Focused Process Engineering

Following calls to advance the integration of risk and business process modeling paradigms, this paper formalizes the process of incorporating risk into business process models through the principles of Value-Focused Process Engineering (VFPE). In doing so, the paper aims to extend the existing VFPE modeling notation to reflect a set of necessary constructs required to adequately represent risk in goal-oriented business-process models. The extended set of constructs is proposed to support a formal systems view of process-based risk. Process-based risk is formalized on the one hand, as a product of complex interactions between activity-based elements, and on the other hand, as a natural component of the value creation mechanism of an elementary function or a complex process. The proposed risk-aware VFPE formalism also formulates rules for decomposing risk in process models according to the organizational values, thereby enabling better risk visibility, reducing process complexity, and ensuring continuity of business processes.

[1]  Marcelo Cruz,et al.  Operational Risk Modelling and Analysis: Theory and Practice , 2004 .

[2]  Sergio Scandizzo,et al.  Risk Mapping and Key Risk Indicators in Operational Risk Management , 2005 .

[3]  Rajkumar Roy,et al.  Operational risk analysis in business processes , 2007 .

[4]  Jill Eicher,et al.  Business Process Analytics , 2007 .

[5]  Peter Loos,et al.  Framework and meta-model for specifying business components , 2007, Bus. Process. Manag. J..

[6]  Ralf Mock,et al.  Risk analysis of information systems by event process chains , 2005, Int. J. Crit. Infrastructures.

[7]  Diana White,et al.  APPLICATION OF SYSTEMS THINKING TO RISK MANAGEMENT:: A REVIEW OF THE LITERATURE , 1995 .

[8]  R. Chapman Simple Tools and Techniques for Enterprise Risk Management , 2006 .

[9]  Thomas Teufel,et al.  SAP R/3 Process Oriented Implementation: Iterative Process Prototyping , 1998 .

[10]  John L. Hunsucker,et al.  Effective risk management: a goal based approach , 1999 .

[11]  A. Scheer Business Process Engineering: Reference Models for Industrial Enterprises , 1994 .

[12]  Peter C. Young,et al.  Managing Business Risk: An Organization-Wide Approach to Risk Management , 2000 .

[13]  Rob Davis,et al.  Business Process Modelling with ARIS: A Practical Guide , 2001 .

[14]  Duc Truong Pham,et al.  Artificial Intelligence in Design , 1991 .

[15]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[16]  Wil M. P. van der Aalst,et al.  Process Aware Information Systems: Bridging People and Software Through Process Technology , 2005 .

[17]  James H. Lambert,et al.  Integration of risk identification with business process models , 2006 .

[18]  Ortwin Renn,et al.  A New Approach to Risk Evaluation and Management: Risk‐Based, Precaution‐Based, and Discourse‐Based Strategies 1 , 2002, Risk analysis : an official publication of the Society for Risk Analysis.

[19]  Yacov Y. Haimes,et al.  Risk associated with software development: a holistic framework for assessment and management , 1993, IEEE Trans. Syst. Man Cybern..

[20]  D. Neiger,et al.  Supply chain risk identification with value-focused process engineering , 2009 .

[21]  Barry Boehm,et al.  A collaborative spiral software process model based on Theory W , 1994, Proceedings of the Third International Conference on the Software Process. Applying the Software Process.

[22]  Paul Veerkamp,et al.  Modeling design processes , 1990 .

[23]  J. L. King,et al.  Operational Risk: Measurement and Modelling , 2001 .

[24]  Yacov Y. Haimes,et al.  Risk modeling, assessment, and management , 1998 .

[25]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[26]  Karen Marais,et al.  A new approach to risk analysis with a focus on organizational risk factors , 2005 .

[27]  M. Rosemann,et al.  Integrating Risks in Business Process Models , 2005 .

[28]  Keith W Hipel,et al.  Risk and Systems Theory , 2002, Risk analysis : an official publication of the Society for Risk Analysis.

[29]  C. Alexander Operational Risk: Regulation, Analysis and Management , 2003 .

[30]  P. Slovic Trust, Emotion, Sex, Politics, and Science: Surveying the Risk‐Assessment Battlefield , 1999, Risk analysis : an official publication of the Society for Risk Analysis.

[31]  August-Wilhelm Scheer,et al.  ARIS - Business Process Frameworks , 1998 .

[32]  Simon I. Peck Systems and Decision Making: A Management Science Approach , 1994 .

[33]  August-Wilhelm Scheer,et al.  ARIS - Business Process Modeling , 1998 .

[34]  Michael zur Muehlen,et al.  Risk Management in the BPM Lifecycle , 2005, Business Process Management Workshops.

[35]  Dina Neiger,et al.  Intelligent Decision Support through Synchronized Decomposition of Process and Objectives Structures , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[36]  Dina Neiger,et al.  Structuring Business Objectives: A Business Process Modeling Perspective , 2003, Business Process Management.

[37]  S. Anand Enterprise Risk Management-Integrated Framework , 2012 .

[38]  Y. Haimes Risk Modeling, Assessment, and Management: Haimes/Risk Modeling, Assessment 2e , 2005 .

[39]  Hideaki Takeda,et al.  Integration of Aspects in Design Processes , 1994 .

[40]  Michael Rosemann,et al.  Integrating risks in business process models with value focused process engineering , 2006, ECIS.

[41]  Salvatore T. March,et al.  Design and natural science research on information technology , 1995, Decis. Support Syst..

[42]  Ron Weber,et al.  Research Commentary: Information Systems and Conceptual Modeling - A Research Agenda , 2002, Inf. Syst. Res..

[43]  B. Gaudenzi,et al.  Managing risks in the supply chain using the AHP method , 2006 .