Abstract
Regulatory rules force most enterprises to implement a risk management system with a detailed documentation of their risk situation. In parallel, business processes which can be source and target of risks are systematically documented. Hence, it seems obvious to combine both tasks. Despite research’s long lasting focus on risk management and business process management, only few approaches exist that try to fully integrate risk aspects into business process models. Most methods consider risk management only partly. This paper therefore develops a comprehensive concept for the integration of risk aspects into business process modeling. It is based on the Business Process Model and Notation (BPMN) 2.0, that only needs to be extended carefully.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Asnar, Y., Giorgini, P.: Analyzing business continuity through a multi-layers model. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 212–227. Springer, Heidelberg (2008)
Bai, X., Padman, R., Krishnan, R.: On Risk management in business process design. Technical report, The H. John Heinz III School of Public Policy and Management, Carnegie Mellon University (2006). http://heinz.cmu.edu/research/296full.pdf
Becker, J., Weiß, B., Winkelmann, A.: Developing a business process modeling language for the banking sector – a design science approach. In: Proceedings of the 15th Americas Conference on Information Systems, San Francisco, pp. 1–12 (2009)
Betz, S., Hickl, S., Oberweis, A.: Risk-aware business process modeling and simulation using XML nets. In: Proceedings of the 2011 IEEE Conference on Commerce and Enterprise Computing, pp. 349–356 (2011)
Brabänder, E., Ochs, H.: Analyse und Gestaltung prozessorientierter Risikomanagement systeme mit Ereignisgesteuerten Prozessketten. In: Nüttgens, M., Rump, F. (eds.) Geschäftsprozessmanagement mit Ereignisgesteuerten Prozessketten – EPK 2002. Proceedings des GI Workshops und Arbeitskreistreffens, pp. 17–35 (2002)
Carter, R.L., Crockford, G. N.: The development and scope of risk management. In: Pountney, B. (eds.) Handbook of Risk Management, Kingston upon Thames, pp. 1.1–01–1.1–21 (1999)
Cope, E.W., Kuster, J., Etzweiler, D., Deleris, L., Ray, B.: Incorporating risk into business process models. IBM J. Res. Develop. 54, 4:1–4:13 (2010)
COSO: Enterprise Risk Management - Integrated Framework. Executive Summary (2004). http://coso.org/documents/COSO_ERM_ExecutiveSummary.pdf
Gleißner, W.: Identifikation, Messung und Aggregation von Risiken. In: Gleißner, W., Meier, G. (eds.) Wertorientiertes Risiko-Management für Industrie und Handel, pp. 111–137. Gabler, Wiesbaden (2001)
Hengmith, L.: Geschäftsprozessmodellierung und -simulation als Hilfsmittel zum Management operationaler Risiken. Bank. Inf. Technol. 2, 17–29 (2005)
Herrmann, P., Herrmann, G.P.: Security requirement analysis of business processes. Electron. Commer. Res. 6(3–4), 305–335 (2006)
International Standards Organization: ISO 31000:2009 Risk Management-Principles and Guidelines (2009)
Jakoubi, S., Tjoa, S., Quirchmayr, G.: ROPE: a methodology for enabling the risk-aware modelling and simulation of business processes. In: Österle, H., Schelp, J., Winter, R. (eds.) Proceedings of the Fifteenth European Conference on Information Systems (ECIS 2007), pp. 1596–1607. University of St. Gallen, St. Gallen (2007)
Karagiannis, D., Mylopoulos, J., Schwab, M.: Business process-based regulation compliance: the case of the Sarbanes-Oxley act. In: Sutcliffe, A., Jalote, P. (eds.) Proceedings of the Fifteenth IEEE International Conference on Requirements Engineering (RE 2007), pp. 315–321. IEEE Computer Society, Los Alamitos (2007)
Knight, F.H.: Risk, Uncertainty and Profit. University of Chicago Press, Chicago and London (1971)
Lambert, J., Jennings, R., Joshi, N.: Integration of risk identification with business process models. Syst. Eng. 9(3), 187–198 (2006)
Li, L.: Study on the application of information technology in enterprise risk management. In: Proceedings of the 2013 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (QR2MSE), pp. 2146–2150 (2013)
Marcinkowski, B., Kuciapski, M.: A business process modeling notation extension for risk handling. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 374–381. Springer, Heidelberg (2012)
März, O.: Die Kalkulierbarkeit des Risikos. Frankfurt am Main (1948)
Meland, P., Gjære, A.: Representing threats in BPMN 2.0. In: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security (ARES), Prague, pp. 542–550 (2012)
Mock, R., Corvo, M.: Risk analysis of information systems by event process chains. Int. J. Crit. Infrastruct. IJCIS 1, 247–257 (2005)
zur Muehlen, M., Rosemann, M.: Integrating risks in business process models. In: ACIS 2005 Proceedings, Paper 50, Sydney (2005)
Neiger, D., Churliov, L., zur Muehlen, M., Rosemann, M.: Integrating risks in business process models with value focused process engineering. In: Proceedings of the Fourteenth European Conference on Information Systems (ECIS 2006), Association for Information Systems (2006). http://aisel.aisnet.org/ecis2006/122/
Panayiotou, N., Oikonomitsios, S., Athanasiadou, C., Gayialis, S.: Risk assessment in virtual enterprise networks: a process-driven internal audit approach. In: Ponis, S. (ed.) Managing Risk in Virtual Enterprise Networks: Implementing Supply Chain Principles, pp. 290–312. IGI Global, Hershey (2010)
Rieke, T., Winkelmann, A.: Modellierung und Management von Risiken. Ein prozessorientierter Risikomanagement-Ansatz zur Identifikation und Behandlung von Risiken in Geschäftsprozessen. Wirtschaftsinformatik 5, 346–356 (2008)
Romeike, F.: Der Prozess der Risikosteuerung und –kontrolle. In: Romeike, F., Finke, R.B. (eds.) Erfolgsfaktor Risikomanagement 3.0, 3rd edn, pp. 235–243. Gabler, Wiesbaden (2003)
Schultz, M., Radloff, M.: Modeling concepts for internal controls in business processes – an empirically grounded extension of BPMN. In: Sadiq, S., Soffer, P., Völzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 184–199. Springer, Heidelberg (2014)
Sienou, A., Lamine, E., Karduck, A., Pingaud, H.: Conceptual model of risk: towards a risk modelling language. In: Weske, M., Hacid, M.-S., Godart, C. (eds.) WISE 2007. LNCS, vol. 4832, pp. 118–129. Springer, Heidelberg (2014)
Siepermann, M.: Risikokostenrechnung. E. Schmidt, Berlin (2008)
Strecker, S., Heise, D., Frank, U.: RiskM: a multi-perspective modeling method for IT risk assessment. Inf. Syst. Front. 13(4), 595–611 (2011)
Streitfeld, L.: Grundlagen und Probleme der betriebswirtschaftlichen Risikotheorie. Gabler, Wiesbaden (1973)
Stroppi, L.J.R., Chiotti, O., Villarreal, P.D.: Extending BPMN 2.0: method and tool support. In: Dijkman, R., Hofstetter, J., Koehler, J. (eds.) BPMN 2011. LNBIP, vol. 95, pp. 59–73. Springer, Heidelberg (2011)
Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A., Adams, M.: Current research in risk-aware business process management – overview, comparison and gap analysis. Commun. Assoc. Inf. Syst. CAIS 34, 933–984 (2014)
Taylor, P., Godino, J., Majeed, B.: Use of fuzzy reasoning in the simulation of risk events in business processes. In: Proceedings of the Twenty Second European Conference on Modelling and Simulation (ECMS 2008), pp. 25–30 (2008). http://www.scs-europe.net/conf/ecms2008/ecms2008%20CD/ecms2008%20pdf/ECMS2008.pdf
Weiß, B., Winkelmann, A.: Developing a process-oriented notation for modeling operational risks ― a conceptual metamodel approach to operational risk management in knowledge intensive business processes within the financial industry. In: Proceedings of the Forty-Fourth Hawaii International Conference on Systems Science (HICSS 2011), pp. 1–10. IEEE Computer Society, Los Alamitos (2011)
Whylie, K., Gaedicke, C., Shahbodaghlou, F., Ganjeizadeh, F.: A risk analysis and mitigation methodology for infrastructure projects. J. Supply Chain Oper. Manag. 12(2), 50–67 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Anton, T., Lackes, R., Siepermann, M. (2016). Integration of Risk Aspects into Business Process Modeling. In: Felderer, M., Piazolo, F., Ortner, W., Brehm, L., Hof, HJ. (eds) Innovations in Enterprise Information Systems Management and Engineering. ERP Future 2015. Lecture Notes in Business Information Processing, vol 245. Springer, Cham. https://doi.org/10.1007/978-3-319-32799-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-32799-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-32798-3
Online ISBN: 978-3-319-32799-0
eBook Packages: Business and ManagementBusiness and Management (R0)