[1] M. Z. Muehlen and M. Rosemann. Integrating risks in business process models. In B. Campbell, H. Under- wood, and D. Bunker, editors, Australasian Conference on Information Systems, Australasian Chapter of the Association for Information Systems, pages 1–10. ACIS, Dec. 2005.
The paper started by giving a story happened in 2005 to show how important is the consideration of risk in BPM and how they are related. The paper continues to show how that risk-oriented process management is important to ensure the continuity of business operations. The paper reports the outcomes of the first step of a comprehensive research project, in which we aim for the development of a risk-aware process management methodology. The paper then gave a brief background on what have been done in the field of "Risk and BPM".
The paper then went in to explaining in simple words what is business process, showed the taxonomy of it, and how that risk is related to the five clusters: goals, structure, information technology, data and organisation, and the links between these clusters as well. it also showed that clusters goal and structure are of concern during build-time, while the clusters organisation, information technology and data are of concern during run-time.
in the other section, it gave the Risk taxonomy; showed the reasons that could cause risk, and also explained the differences between build-time risks and run-time risks. Also explained the four risk-handling strategies: mitigation, avoidance, transfer and acceptance.
The
paper then showed that current modelling techniques does not consider risk and proposed
a solution. The proposed solution consist of four model types:
•
Risk Structure model: provides insights into the hierarchical relationships
between risks which is helpful to understand what risks have to occur together
so that one risk can occur.
•
Risk Goal model: a matrix with risks forming the rows and goals placed in the
columns which shows how different risks have impact on different goals.
•
Risk State model: capture the dynamic aspects of risks; it consisting of the
object types risk, consequence and the control flow connectors, which depict
non-hierarchical interrelationships between risks and the causal relationships
between risks and consequences.
•
EPCs extended with risks: is used to assign risks to the individual steps of a
business process.
The
paper concludes that although this approach has some limitations, it is a first
step toward the Risk-Aware processes, and some future work is needed.
Relation
to research in hand; the paper focuses only on one security aspect
"Risk", and its integration to BPM, it might have some limitations
and focused only on one modelling language, but as explained in the paper can
be extended to other modelling languages. The paper also provided a nice literature
review about the history of integrating Risk and BPM, along with the detailed explanation
of Risk and how it is related to the processes steps.
No comments:
Post a Comment