Business Process Managers are faced with two different tasks: Improve organizational performance by streamlining and automating workfl ows while ensuring compliance with regulatory and audit requirements. Both tasks involve the notion of process risk, and introduce a series of questions: Does the risk exposure of a
given process match the risk appetite of the enterprise? Are there better ways to mitigate certain risk factors by redesigning our processes? And how can we measure the level of compliance during the execution of a given process? Contemporary process modeling languages offer little help in identifying and mapping process risk. This session addresses a multiperspective approach to capturing and understanding process risk,
and illustrates ways to use this newfound information to create innovative process designs that address risk factors in a cost effective way.
business environment micro environment macro environment.pptx
Operational Risk Management and Bpm
1.
2.
3.
4.
5. Motivation Drivers for Business Process Management (BPM) May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference Performance Business Process Improvement Engineering of Process-aware IS Compliance Mandated compliance (e.g. SOX) Desired compliance (e.g. ISO, ITIL)
6.
7.
8.
9. Process and Risk Management Process Risk Process-oriented Risk Management Risk-oriented Process Management May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
10.
11. Risk Management Lifecycle May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
12.
13. Risk Management and BPM Frew (2006) Compare Frew (2006) May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference Risk Management BPM Focused on ensuring value for stakeholders Focus on providing value for stakeholders Risk is an inherent property of business processes Performance depends on effectiveness of business processes Risk is mitigated by process design Performance is influenced by process design Feedback is obtained through Risk Indicators assigned to systems and processes Feedback is obtained through Performance Indicators assigned to systems and processes Risk is mitigated through optimized processes Performance objectives are achieved through optimized processes
14. Case Study: Where’s the Money? May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
29. Fault Latency Fault Inexperienced Staff Member on Duty Error Failure Data Entry Mistake Faulty Payroll Run Approved Complacent Staff Faulty Payroll Run Transmitted May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
30. Where to Look First: Priorities May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
31. Prioritize: Not All Failures are Equal May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference Likelihood Effect Unlikely Seldom Occasional Likely Frequent Loss of Process Capability Loss of Process Instance Compromise of Process Instance Goal Minor effect or obstruction
32. Process Objectives May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
33. Risk/Goal Matrix May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
34. Understand Risks – Then Manage Them Source: zur Muehlen, Rosemann (2005) May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference Matching Mitigation?
35. Evaluation of Process Design Alternatives May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference Alternative Entry cost Approval cost Probability Rectific. cost Utility Incorrect data entry Error missed during approval process Comb. risk 1. single entry, single approval $1,000 $500 0.05 0.3 0.015 $250,000 -$5,250 2. double entry, single approval $2,000 $500 0.0025 0.3 0.00075 $250,000 -$2,688 3. single entry, double approval $1,000 $1,000 0.05 0.09 0.0045 $250,000 -$3,125 4. double entry, double approval $2,000 $1,000 0.0025 0.09 0.000225 $250,000 -$3,056
36. Sensitivity Analysis May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference Alternative with the best utility Probability of error being missed during the approval process 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 Probability of data entry error 0.01 alt 1 alt 1 alt 3 alt 3 alt 2 alt 2 alt 2 alt 2 alt 2 0.05 alt 3 alt 3 alt 2 alt 2 alt 2 alt 2 alt 2 alt 2 alt 2 0.1 alt 3 alt 2 alt 4 alt 4 alt 4 alt 4 alt 4 alt 2 alt 2 0.15 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.2 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.25 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.3 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.35 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.4 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.45 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.5 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.7 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 0.9 alt 3 alt 3 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4 alt 4
37. From Control Activities to Control Patterns to Control Patterns May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
38. Managing Risks May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
39.
40.
41.
42.
43.
44.
45. Crisis = Risk + Opportunity May 22-24, 2007 Washington Dulles Hilton The Business Transformation Conference
46. Thank You Thank You Michael zur Muehlen, Ph.D. Center of Excellence in Business Process Innovation Howe School of Technology Management Stevens Institute of Technology Castle Point on the Hudson Hoboken, NJ 07030 Phone: +1 (201) 216-8293 Fax: +1 (201) 216-5385 E-mail: [email_address] Web: http://www.cebpi.org 5th International Conference on Business Process Management Brisbane, Australia 25-27 September 2007 http://bpm07.fit.qut.edu.au/