Automated Risk Mitigation in Business Processes ( extended version )

This paper proposes a concrete approach for the automatic mitigation of risks that are detected during process enactment. Given a process model affected by risks, e.g. a financial process exposed to the risk of approval fraud, we enact this process and as soon as the likelihood of the associated risk(s) is no longer tolerable, we generate a set of possible mitigation actions to reduce the risks’ likelihood, ideally annulling the risks altogether. A mitigation action is a sequence of controlled changes applied to the running process instance, taking into account a snapshot of the process resources and data, and the current status of the system in which the process is executed. These actions are proposed as recommendations to help process administrators mitigate process-related risks as soon as they arise. The approach has been implemented in the YAWL environment and its performance evaluated. The results show that it is possible to mitigate process-related risks within a few minutes.

[1]  Ruth Breu,et al.  CBRFlow: Enabling Adaptive Workflow Management Through Conversational Case-Based Reasoning , 2004, ECCBR.

[2]  Moe Thandar Wynn,et al.  Workflow support for scheduling in surgical care processes , 2011, ECIS.

[3]  Steven L. Alter A work system view of DSS in its fourth decade , 2004, Decis. Support Syst..

[4]  Chris Murphy,et al.  Dominance-Based Multiobjective Simulated Annealing , 2008, IEEE Transactions on Evolutionary Computation.

[5]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .

[6]  Hongyan Ma,et al.  Process-aware information systems: Bridging people and software through process technology , 2007, J. Assoc. Inf. Sci. Technol..

[7]  Wil M. P. van der Aalst,et al.  Time prediction based on process mining , 2011, Inf. Syst..

[8]  Arthur H. M. ter Hofstede,et al.  Automated Error Correction of Business Process Models , 2011, BPM.

[9]  Ryan T. Wright,et al.  Validating Work System Principles for Use in Systems Analysis and Design , 2010, ICIS.

[10]  Giancarlo Fortino,et al.  History-Aware, Real-Time Risk Detection in Business Processes , 2011, OTM Conferences.

[11]  Gerald Quirchmayr,et al.  Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation , 2008, ECIS.

[12]  Manfred Reichert,et al.  The ADEPT project: a decade of research and development for robust and flexible process support , 2009, Computer Science - Research and Development.

[13]  E. Balas,et al.  Improving clinical practice using clinical decision support systems: a systematic review of trials to identify features critical to success , 2005, BMJ : British Medical Journal.

[14]  Marlon Dumas,et al.  Towards Web-Scale Workflows for Film Production , 2008 .

[15]  Johann Eder,et al.  Personal Schedules for Workflow Systems , 2003, Business Process Management.

[16]  Erhard Rahm,et al.  AGENTWORK: a workflow system supporting rule-based workflow adaptation , 2004, Data Knowl. Eng..

[17]  Laurence Duchien,et al.  Using Complex Event Processing for Dynamic Business Process Adaptation , 2010, 2010 IEEE International Conference on Services Computing.

[18]  Mira Mezini,et al.  AO4BPEL: An Aspect-oriented Extension to BPEL , 2007, World Wide Web.

[19]  W. G. Johnson,et al.  MORT: The Management Oversight and Risk Tree , 1975 .

[20]  Wil M. P. van der Aalst,et al.  Process Mining - Discovery, Conformance and Enhancement of Business Processes , 2011 .

[21]  Wil M. P. van der Aalst,et al.  Dynamic, Extensible and Context-Aware Exception Handling for Workflows , 2007, OTM Conferences.