[1] L. Churliov, D. Neiger, M. Rosemann, and M. Zur Muehlen. Integrating risks in business process models with value focused process engineering. 2006.
The
paper proposes a new framework that link between the risk management and
process management disciplines. The paper starts by defining what is a business
process, and showing that any system including a business process consists of
Hardware, software, and human, and that any error from these components may
cause a system break down. So they all considered a risk. The framework was
built on the concept of “risk-oriented
process management”. The framework theoretical basis is the idea of
“value-focused process engineering”, which explained thoroughly in section two
that shows that “value-focused process engineering” is used to link between
business processes and business objectives.
Section
three is a step by step to integrate risk management and process management modeling techniques. The
integration can be achieved by following these steps:
-
Identifying relevant process risks by decomposing business values
and fundamental objectives.
-
Construction
of a objectives structure link
to the process flow by identifying specific risks, and finding what processes
and what specific task of the process contribute to the risks.
-
Finding an alternative process configuration to reduce the effect
of the risk, and developing an objective function to compare alternative configurations,
to assess risks in the context of other business objectives.
-
Chose the best process configuration minimize risk in the context
of business requirements, using the outputs of the previous step.
Section
4 gave a real life example and applied the previous framework on it, to illustrate the
benefits of the new framework, and shows the how it could be used to recognize risks
and reduce them before the execution of the process.
The
paper concludes that the new framework brings the two domains of risk
management and process management closer together, and it provides a first step
toward risk-aware process
management.
Relation
to research in hand, this is another paper that focuses on risk-aware
processes. It shows that the need to such thing is in high demand and that
there is no such a perfect solution to this problem. It provided a conceptual
idea to solve this problem, which is under the domain of security-aware
processes (as risk is part of the security aspects). The conceptual idea
provided in this paper is a good idea, but as indicated it is only a first step
and need to be developed more. This idea might be used in combination with
other ideas, to get the perfect risk-aware process solution. Also could be
extended to cover other security aspects.
No comments:
Post a Comment