Value at Risk Within Business Processes: An Automated IT Risk Governance Approach

Business processes are core operational assets to control firms’ efficiency in value generation. However, the execution and control of business processes is increasingly dependent on Information Technology (IT). Therefore, the risks that arise from relying on IT in business processes must be quantified. This paper proposes the adaptation of the Value at Risk (VaR) financial technique to measure the level of risk within a process portfolio. This is done by quantifying the impact resulting from changes in the performance of IT services. The probability of IT risks is measured daily in order to model the volatility of IT services, especially when they are flexible and changeable. The proposed method enables predicting and estimating the losses of IT risks and their effect on dependent business processes over a time horizon. The incorporation of risk management mechanisms enriches business processes with organizational management capabilities.

[1]  Ramayya Krishnan,et al.  On Risk Management with Information Flows in Business Processes , 2013, Inf. Syst. Res..

[2]  Oscar González Rojas Governing IT Services for Quantifying Business Impact , 2015, BIR.

[3]  Giancarlo Fortino,et al.  History-Aware, Real-Time Risk Detection in Business Processes , 2011, OTM Conferences.

[4]  Moe Thandar Wynn,et al.  Current Research in Risk-aware Business Process Management - Overview, Comparison, and Gap Analysis , 2014, Commun. Assoc. Inf. Syst..

[5]  Leslie P. Willcocks,et al.  Measuring organizational IS effectiveness: an overview and update of senior management perspectives , 2002, DATB.

[6]  Wil M. P. van der Aalst,et al.  A recommendation system for predicting risks across multiple business process instances , 2015, Decis. Support Syst..

[7]  Bart Baesens,et al.  Comprehensive rule-based compliance checking and risk management with process mining , 2013, Decis. Support Syst..

[8]  Oscar González Rojas,et al.  Information Security Governance: Valuation of Dependencies Between IT Solution Architectures , 2016, BIR.

[9]  Hans-Georg Fill,et al.  European Conference on Information Systems ( ECIS ) 5-15-2012 AN APPROACH FOR ANALYZING THE EFFECTS OF RISKS ON BUSINESS PROCESSES USING SEMANTIC ANNOTATIONS , 2017 .

[10]  Lisandro Zambenedetti Granville,et al.  A framework for risk assessment based on analysis of historical information of workflow execution in IT systems , 2011, Comput. Networks.

[11]  Hong Chen,et al.  Apply Measurable Risk to Strengthen Security of a Role-Based Delegation Supporting Workflow System , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[12]  Paul P. Tallon Value Chain Linkages and the Spillover Effects of Strategic Information Technology Alignment: A Process-Level View , 2011, J. Manag. Inf. Syst..

[13]  P. Weill,et al.  IT Governance , 2017 .

[14]  Stefan Sackmann,et al.  Adapted Loss Database - A New Approach to Assess IT Risk in Automated Business Processes , 2010, AMCIS.

[15]  Ingoo Han,et al.  The IS risk analysis based on a business model , 2003, Inf. Manag..

[16]  Houston H. Carr,et al.  Risk Analysis for Information Technology , 1991, J. Manag. Inf. Syst..

[17]  B. Reich,et al.  Governing Information Technology Risk , 2009 .