Abstract
Business Process modelling is a key element in the management of organizations. It allows to build an analytical representation of ‘as-is’ processes in an organization and compared it with ‘to-be’ processes for improving their efficiency. Besides, although, risk is an element that can affect business process negatively, it is still managed independently. A necessary link is missing between business process and risk models. To better manage risk related to business process, it should be integrated and evaluated dynamically within the business process models. Currently, there are different meta-models allowing business process modelling. Nevertheless, there are few meta-models allowing risk modelling and even fewer ones that integrate both concepts related to risks and business processes. Based on this need and these observations, we propose, in this work, a risk-aware business process modelling tool using the ADOxx meta-modelling platform.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
The Business Process Management (BPM) is a business process-engineering paradigm that consists of designing, monitoring, evaluating and continuously improving processes. This paradigm promotes responsiveness and flexibility of the organization while ensuring the satisfaction of stakeholders’ requirements [1]. A process is a holistic structure of activities organized in time and space in order to achieve a goal [2]. Particularly, a business process is characterized by the integration of different business areas of the organization into a vision of value creation for stakeholders. However, these processes are exposed to uncertain and unexpected events, which could be inherent for the achievement of process objectives and, consequently, affect the process value. Hence, in order to preserve the value created by its processes, the organization needs to identify and assess such events through risk management practices [3]. Indeed, risk management has developed into a mature discipline in management and decision sciences. However, risk problems are traditionally separated in these disciplines from operational business concerns [4].
To face this need, a new paradigm named Risk-aware Business Process Management (R-BPM) has recently emerged [2, 5]. It aims to integrate the two traditionally separated fields of risk management and business process management. The R-BPM promotes risks consideration in the stages of BPM and enables a robust and efficient business process management within an uncertain environment. In this context, several R-BPM approaches were proposed in literature, in particular, that proposed by Sienou in [2], called “Business Process-risk management - Integrated Method (BPRIM)”, which constitutes a promising method that proposes a theoretical basis for the coupling of these two paradigms.
Risk-aware business process modelling represents an essential and crucial task in the R-BPM lifecycle. In this context, business process models need to be enriched with risk-related information. Currently, a large number of business process modelling languages are available such as Petri nets, Event-driven Process Chain (EPC), UML activity diagrams, Business Process Model and Notation (BPMN), Yet Another Workflow Language (YAWL) and many others [1]. Although some of these languages are very broad and cover a variety of aspects, none of them can sufficiently integrate both risk and business process aspects [3]. Indeed, efforts are underway to incorporate risk into process models so that process performance can be determined in a global sense [2, 4, 6]. Nevertheless, the research and practice of risk-aware business process modelling is still very limited and requires further exploration.
To advance the theory of risk in the business process context, this study proposes a risk-aware business process modelling method based on BPRIM [2] and the corresponding modelling tool for risk modelling and management of the process-based organizations. For this purpose, we used the ADOxx meta-modelling platform.
This paper is structured as follows: the Sect. 2 presents the R-BPM paradigm and a comparative study of existing approaches in this context. Section 3 proposes the adopted approach and methodology. In the Sect. 4, we present an overview of the first results obtained after the implementation of our modelling method. In Sect. 5 our case study is presented. The document ends with a conclusion and some perspectives.
2 Risk-Aware Business Process Management
2.1 The R-BPM Importance
During these last years, a major research interest is given to integrate and treat risk in the process perspective. Two study streams have emerged: the management of risk in business processes [2, 5, 7], called Risk-aware Business Process Management (R-BPM), and process-based risk management. In any case, this convergence of risk management and process management is a positive development to maximize the process value. The R-BPM promotes risks consideration in the stages of business processes management and enables a robust and efficient business process management within an uncertain environment. Indeed, The importance of this integration has been confirmed in the research community [4, 8], in the industry guidelines, and in many studies [5].
2.2 Classification of R-BPM Approaches
Generally, the R-BPM approaches are classified according to the integration level of the risk concept in the life cycle of the BPM [5]. So two categories are underlined:
-
R-BPM approaches at the design level: consists of approaches that focus on risk management during the design-time phase of business processes;
-
R-BPM approaches at the operational level: consists of approaches that focus on risk management during and after the execution of business processes.
In this work, we are interested in the design-time R-BPM approaches. These approaches can be classified into two categories: those that introduce new risk-related constructs in order to incorporate risk information into the business process model and those that attempt to reason risks using risk analysis methods or techniques without the introduction of new constructs [5]. In our case, we focus on the first category, as related approaches do not provide enough support for design activities, because they do not introduce new risk concepts supporting users to design an R-BPM model.
In order to study the formalization degree of design-time R-BPM approaches, we propose to classify them according to several criteria. This investigation was inspired by the generic concepts of modelling methods as presented in [9, 10] and the work of Suriadi et al. [5]. The result of this investigation is illustrated in Table 1. According to [9], a modelling method consists of three components: (1) a modelling language, which contains the elements with which a model can be described, (2) a modelling procedure, which describes the steps applying the modelling language to create models, and (3) mechanisms & algorithms provide functionalities to use and evaluate models described by a modelling language.
The presented approaches mainly concentrate on the concrete syntax definition of constructs proposed for the risk. For instance, the approach proposed in [2] introduces new graphical notations to represent the risk elements (such as risk factor, risk events, risk situation, value, impact, etc.) by extending the EPC language. In addition, the approach proposed in [11], proposes a set of graphical notations to represent the risk elements being able to be associated to business process activities. However, few approaches tried to formalize the abstract syntax of proposed risk constructs. Among these approaches, we find the works of Cope et al. [6, 7], Strecker et al. [12], Betz et al. [13], and Sienou et al. [2] which design a Meta-model using the UML language to define the abstract syntax of their constructs, and the approach proposed by Weiss and Winkelmmann [14] which rather used the Entity Relationship (ER) diagrams. In addition, with the exception of the work of Sienou et al. [2], Pittl et al. [15] and that of Weiss and Winkelmmann [14], the majority of these approaches are not guided by any existing standards of risk. However, few of these approaches have been implemented. Which led to a gap in this research area.
As illustrated in Table 1, the Sienou’s method, called BPRIM [2], seems a very promising approach. This is a method that has been developed in our research laboratory and has received our full attention. We will detail it in the following section.
3 Adopted Approach
The BPRIM method [2] is the only one that offers a complete conceptual methodological framework. It consists in the BPRIM lifecycle, the BPRIM conceptual models and the BPRIM modelling language.
3.1 BPRIM Lifecycle
The BPRIM lifecycle is the process integrating risk management concept into the business process design. Indeed, it focuses on risk driven business process design. As shown in Fig. 2, it consists of the following four phases:
-
Contextualization: In this phase, the process models are defined. The information, organization, resource and functional aspects of the process models will allow establishing the context of risk.
-
Assessment: In this phase, first, risks are identified. Then processes are analysed. Qualitative and quantitative evaluation of risks is subsequently launched. The process models must be enriched with risks models.
-
Treatment: Based on information from the previous phase, this phase defines a set of treatment options, and then triggers a new iteration of the assessment phase in order to understand their possible effects. This phase can lead to a reframing that would imply the implementation of treatment actions by adjusting models or defining alternatives.
-
Monitoring: It is a control phase, which provides guidance for refinement of the models or the transition to the implementation phase.
3.2 BPRIM Conceptual Models
In the context of risk-aware business process modelling, the links between the concepts of business process and risk are insufficient. The BPRIM conceptual models offers a conceptual unification of risks and processes into a common meta-model in order to fill this missing link. The latter is based on the standard ISO 19440 and it is compatible with the standard ISO 31000. Figure 1 illustrates an excerpt of the meta-model showing the relationship between the concepts of risks and business processes.
Excerpt of the risk-aware business process meta-model [2]
3.3 BPRIM Language
The BPRIM language is a common graphical modelling language of business processes and risks. It based on the extension of the EPC language. This language is designed to support the BPRIM lifecycle and must enable to extend the process models with risk models. The BPRIM language offers: an abstract syntax and a concrete syntax (also called notation). The abstract syntax is represented by the meta-model of Fig. 1. This syntax constitutes the grammar of the BPRIM language, with a set of predefined to apply. The notation that defines the graphical representation of the BPRIM language is detailed in [2]. In Fig. 2, a detailed overview of the BPRIM approach is summarized using a mapping between BPRIM diagrams and BPRIM lifecycle.
Mapping between BPRIM diagrams and BRIM lifecycle [2]
3.4 BPRIM Weaknesses
After studying the formalization degree of design-time R-BPM approaches, we have seen some limitations of the BPRIM method:
-
It is a rich conceptual method, but it does not yet integrate mechanisms and algorithms allowing to analyse constructed models;
-
The validity of the formalization of the proposed constructs was not verified;
-
There is no tool, which supports the approach.
To advance the theory of R-BPM context, we propose to consolidate the BPRIM method and to fill its gaps in order to design and to implement a complete modelling method. Our first objective is thus to equip the BPRIM method with a modelling tool able to edit several diagrams as advocate by this method and to integrate new algorithms able to (1) verify and validate the models according defined rules, and (2) evaluate risks related to business processes.
4 Preliminary Results
4.1 Design of the BPRIM Modelling Method
In order to design the BPRIM modelling method and realize the tool supporting it, several meta-modelling environments are available, and can be used [20] like Eclipse Modelling Framework (EMF) [21], MetaEdit+ [22], and ADOxx platform [23]. They are an integrated development environments for defining and using modelling methods and graphical modelling languages. However, we should select the most appropriate one for our BPRIM language. In order to do this, we try to understand the advantages and disadvantages of these meta-modelling environments (see Table 2).
Compared to the other environments, ADOxx platform is a multi-user platform that provides a repository based on a relational database for meta-models and models. To specify these meta-models, the ADOxx platform does not require any knowledge of a programming language, in contrast to the use of the EMF with the Graphical Editing Framework (GEF) and the Graphical Modelling Framework (GMF) that requires a deep knowledge of the Java programming language [24]. In addition, the ADOxx platform provide broader functionalities than a code generation. It provides a number of business related functionalities such as process simulation, evaluation, and so on.
Based on these observations, we choose to use the ADOxx platform to conceptualize the BPRIM modelling method and realize the tool supporting it. Indeed, ADOxx is applied in several academic and industrial projects. It supports: (1) modelling languages using modelling concepts from a meta-model to define abstract syntax, concrete syntax, and semantics, (2) modelling procedures applying the modelling steps to create models, and (3) modelling mechanisms and algorithms by providing functionalities to use and evaluate models described by a modelling language. These functionalities enables the structural analysis and the simulation of models [25].
For the conceptualization of the BPRIM modelling method on ADOxx, the BPRIM diagrams were represented as model types. Figure 3 illustrates the modelTypes, classes, relationClasses, and mechanisms of the BPRIM modelling method. The classes and relationClasses are grouped by model types. To support the risk analysis, BPRIM modelling method provides a set of some specific algorithms for conducting graphical analyses.
Model types, classes, relationClasses, and mechanisms of the BPRIM modelling method
4.2 Realization of the BPRIM Modelling Method Using ADOxx
We designate our modelling method as ADoBPRIM which corresponds to the implementation of the modelling method BPRIM using the ADOxx meta-modelling platform. The corresponding tool provides a risk-driven business process design. The first results obtained by ADoBPRIM are presented in Fig. 4. As already presented, the BPRIM lifecycle consists of three phases: Conceptualization, Assessment and Treatment.
Graphical interface of our ADoBPRIM tool
Currently, our tool supports:
-
A set of nine BPRIM diagrams corresponding to the BPRIM lifecycle phases. These diagrams are presented in Fig. 2. They are diagrams of: value-added chain, EPC, risk context, risk taxonomy, EPC extended to risks, risk, risk analysis, risk map and risk relationships;
-
A modelling palette consisting of a set of seventeen constructs and twelve corresponding relationships, related to those proposed in BPRIM language;
-
A set of algorithms using the ADOscript programming language. These algorithms allow to check the validity of the models (or diagrams) constructed and to qualitatively analyse and evaluate the Risk Analysis Diagrams.
The implementation of the BPRIM approach enabled us to verify the validity of the constructs and the models proposed in the BPRIM language and lifecycle, and to extend it in order to build an entire modelling method.
5 Case Study
To illustrate the use of the BPRIM modelling method, we have chosen the Medication Use System within the healthcare facilities as case study. Indeed, the Medication use system is the safe, appropriate and efficient use of the medication by the patient in the healthcare facility [26]. It consists in a complex and multidisciplinary process, involving numerous professionals and composed of several stages. In 2006, according to the French Society of Clinical Pharmacy (FSCP) [27], the Medication use system was used to mention the drug therapy process of a hospitalized patient. This process included the stages of ordering, dispensing, administration and medication monitoring. The complexity of this process causes an occurrence risk of Medication Errors (ME), which can involve serious clinical consequences on the patients. Indeed, in 2015, the French National Authority for Health (FNAH) [26] considers that 40% of the serious adverse events are of medication origin. For this reason, the safety of this process is in the heart of the concerns of the guardianships and the healthcare facilities [26]. Indeed, this process safety needs in particular the implementation of a risk management approach. The latter aims to insure the patient safety and the delivered treatments, in particular, to limit the risk occurrence of ME, which are potential sources of preventable adverse drug events. Therefore, we suggest studying the potential of the BPRIM modelling method to manage the ME risks related to Medication use system.
Figure 5 illustrates some instantiated diagrams using our ADoBPRIM modelling tool for the management of the Medication use system extended to ME risks. We present, in Fig. 5-(1), a description of sub-processes of the Medication use system by using the EPC diagram. The sub-processes and the activities were inspired by the macro-process presented in the French National Authority for Health (FNAH) report in 2013 [26]. In Fig. 5-(2), we describe the ME risks context within the Medication use system by using the Risk context diagram. The ME taxonomy is presented in Fig. 5-(3) by using the Risk taxonomy diagram. The Medication use system extended to ME risks is presented in Fig. 5-(4) using the EPC diagram extended to risks. For each ME risk related to the Medication use system must correspond an analysis diagram. In Fig. 5- (5), we have taken the Overdose risk as an example and we have described its corresponding analysis diagram. At diagram’s level, some specific algorithms are available for checking validity of the built diagram, qualitatively analyzing and evaluating the risk modeled. These analysis and evaluation algorithms are specific to our application domain of the Medication use system exposed to risk of ME.
Some instantiated diagrams using ADoBPRIM modelling tool for the Medication use system
To instantiate these diagrams, we performed a deep analysis of the literature concerning the ME risks to which are exposed the activities of the medication use system.
The application of the proposed method to model risks of ME related to the Medication system, allowed us to verify the validity and the correct formulation of the constructs and the diagrams proposed in the BPRIM language and the BPRIM process.
6 Conclusion
The integration of BPM disciplines and risk management is an innovative research topic that has launched many challenges in the BPM field. This research aims to address some of the challenges considered in these areas as embedding risk concept into business process models. To develop a risk-aware business process modelling method, this work relies mostly on the research accomplishments of Sienou [2]. The corresponding modelling tool is then proposed using the ADOxx meta-modelling platform and finally validated by a real case study for the design of the Medication use system driven by ME risks. The modelling tool is available through a project within the Open Models Laboratory [28], a worldwide community of modelers and modeling method developers [29].
The achieved results motivated us for improve our modelling tool in order to integrate more mechanisms and algorithms for (1) analyse the impact and the propagation of a priori and a posteriori risks on the activities and the resources of processes, and (2) enhance the efficiency of processes by simulation. These improvements will be the subject of future publications.
References
Weske, M.: Business Process Management: Concepts, Languages, Architectures. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28616-2
Sienou, A.: Proposition d’un cadre méthodologique pour le management intégré des risques et des processus d’entreprise. Methodol. Framew. Integr. Manag. Risks Bus. Process. INP Toulouse (2009)
Shah, L.A., Etienne, A., Siadat, A., Vernadat, F.: Process-oriented risk assessment methodology for manufacturing process evaluation. Int. J. Prod. Res. 55, 4516–4529 (2017)
Neiger, D., Churilov, L., zur Muehlen, M., Rosemann, M.: Integrating risks in business process models with value focused process engineering. In: ECIS, pp. 1606–1615 (2006)
Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A.H., Adams, M., Conforti, R., Fidge, C., La Rosa, M., Ouyang, C., Rosemann, M.: Current research in risk-aware business process management: overview, comparison, and gap analysis. Commun. Assoc. Inf. Syst. 34, 933–984 (2014)
Cope, E.W., Kuster, J.M., Etzweiler, D., Deleris, L.A., Ray, B.: Incorporating risk into business process models. IBM J. Res. Dev. 54, 1–4 (2010)
Cope, E.W., Deleris, L.A., Etzweiler, D., Koehler, J., Kuester, J.M., Ray, B.K.: System and Method for Creating and Expressing Risk-Extended Business Process Models (2014)
Rosemann, M., Zur Muehlen, M.: Integrating risks in business process models. In: ACIS 2005 Proceedings, vol. 50 (2005)
Karagiannis, D., Kühn, H.: Metamodelling platforms. In: Bauknecht, K., Tjoa, A.M., Quirchmayr, G. (eds.) EC-Web 2002. LNCS, vol. 2455, p. 182. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45705-4_19
Bork, D., Fill, H.-G.: Formal aspects of enterprise modeling methods: a comparison framework. In: 47th Hawaii International Conference on System Sciences (HICSS), 2014, pp. 3400–3409. IEEE (2014)
Jakoubi, S., Tjoa, S., Goluch, S., Kitzler, G.: A formal approach towards risk-aware service level analysis and planning. In: ARES 2010 International Conference on Availability, Reliability, and Security, 2010, pp. 180–187. IEEE (2010)
Strecker, S., Heise, D., Frank, U.: RiskM: a multi-perspective modeling method for IT risk assessment. Inf. Syst. Front. 13, 595–611 (2011)
Betz, S., Hickl, S., Oberweis, A.: Risk-aware business process modeling and simulation using XML nets. In: IEEE 13th conference on Commerce and enterprise computing (cec), 2011, pp. 349–356. IEEE (2011)
Weiss, B., Winkelmann, A.: Developing a process-oriented notation for modeling operational risks-a conceptual metamodel approach to operational risk management in knowledge intensive business processes within the financial industry. In: 44th Hawaii International Conference on System Sciences (HICSS), 2011, pp. 1–10. IEEE (2011)
Pittl, B., Fill, H.-G., Honegger, G.: Enabling Risk-Aware Enterprise Modeling using Semantic Annotations and Visual Rules (2017)
Tjoa, S., Jakoubi, S., Goluch, G., Kitzler, G., Goluch, S., Quirchmayr, G.: A formal approach enabling risk-aware business process modeling and simulation. IEEE Trans. Serv. Comput. 4, 153–166 (2011)
Rotaru, K., Wilkin, C., Churilov, L., Neiger, D., Ceglowski, A.: Formalizing process-based risk with value-focused process engineering. Inf. Syst. E-Bus. Manag. 9, 447–474 (2011)
Panayiotou, N., Oikonomitsios, S., Athanasiadou, C., Gayialis, S.: Risk assessment in virtual enterprise networks: a process-driven internal audit approach. In: Managing Risk Virtual Enterprise Networks Implementing Supply Chain Principles, pp. 290–312. IGI Global, Hershey (2010)
Lhannaoui, H., Kabbaj, M.I., Bakkoury, Z.: Analyzing risks in business process models using a deviational technique. In: 9th International Conference on Software Engineering and Applications (ICSOFT-EA), 2014, pp. 189–194. IEEE (2014)
Kern, H., Hummel, A., Kühne, S.: Towards a comparative analysis of meta-metamodels. In: Proceedings of the Compilation of the Co-Located Workshops on DSM 2011, TMC 2011, AGERE! 2011, AOOPES 2011, NEAT 2011, & VMIL 2011, pp. 7–12. ACM (2011)
McNeill, K.: Metamodeling with EMF: Generating concrete, reusable Java snippets. Extend Eclipse Ecore Metamodel IBM. 21 (2008)
Tolvanen, J.-P., Rossi, M.: MetaEdit + : defining and using domain-specific modeling languages and code generators. In: Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, pp. 92–93. ACM (2003)
Efendioglu, N., Woitsch, R.: Modelling method design: an Adoxx realisation. In: Enterprise Distributed Object Computing Workshop (EDOCW), 2016 IEEE 20th International, pp. 1–8. IEEE (2016)
Fill, H.-G., Karagiannis, D.: On the conceptualisation of modelling methods using the ADOxx meta modelling platform. Enterp. Model. Inf. Syst. Archit. J. Concept. Model. 8, 4–25 (2013)
Visic, N.: Language-Oriented Modeling Method Engineering (2016)
HAS, de S, H.A.: Outils de sécurisation et d’auto-évaluation de l’administration des médicaments. St.-Denis Plaine HAS (2013)
Schmitt, E., Antier, D., Bernheim, C., Dufay, E., Husson, M.C., Tissot, E.: Dictionnaire français de l’erreur médicamenteuse. Société Fr. Pharm. Clin. (2006)
Karagiannis, D., Mayr, H.C., Mylopoulos, J.: Domain-Specific Conceptual Modeling. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39417-6
Bork, D., Miron, E.-T.: OMiLAB-An open innovation community for modeling method engineering. In: 8th International Conference of Management and Industrial Engineering (ICMIE 2017), Bucharest, Romania, pp. 64–77 (2017). ISSN 2344-0937
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Thabet, R., Lamine, E., Boufaied, A., Korbaa, O., Pingaud, H. (2018). Towards a Risk-Aware Business Process Modelling Tool Using the ADOxx Platform. In: Matulevičius, R., Dijkman, R. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2018. Lecture Notes in Business Information Processing, vol 316. Springer, Cham. https://doi.org/10.1007/978-3-319-92898-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-92898-2_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92897-5
Online ISBN: 978-3-319-92898-2
eBook Packages: Computer ScienceComputer Science (R0)