Abstract
The improvement of business processes, to date, primarily focuses on effectiveness and efficiency, thereby creating additional value for the organization and its stakeholders. The design of processes should also ensure that its result and the value obtained compensates for the risks affecting this value. In this paper the different kinds of risk affecting a business process are introduced, after which solutions to the problem of risk mitigation are discussed, resulting in a proposed framework to mollify these risks by incorporating a class of risk-mitigation rules into business process development.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rikhardsson, P., Best, P., Green, P., Rosemann, M.: Business Process Risk Management and Internal Control: A proposed Research Agenda in the context of Compliance and ERP Systems. In: Second Asia/Pacific Research Symposium on Accounting Information Systems, Melbourne (2006)
Sienou, A., Lamine, E., Pingaud, H.: A Method for Integrated Management of Process-risk. In: Sadiq, S., Indulska, M., Zur Muehlen, M., Franch, X., Hunt, E., Coletta, R. (eds.) GRCIS 2008, vol. 339, pp. 16–30 (2008)
Kettinger, W.J., Teng, J.T.C., Guha, S.: Business Process Change: A Study of Methodologies, Techniques, and Tools. MIS Quarterly 21, 55–80 (1997)
Jeston, J., Nelis, J.: Business Process Manaement - Practical Guidelines to Successful Implementations. Butterworth-Heinemann, Oxford (2006)
Zur Muehlen, M., Rosemann, M.: Integrating Risks in Business Process Models. In: 16th Australasian Conference on Information Systems, Sydney (2005)
Jallow, A., Majeed, B., Vergidis, K., Tiwari, A., Roy, R.: Operational risk analysis in business processes. BT Technology 25, 168–177 (2007)
Tarantino, A.: Governance, Risk, and Compliance Handbook. Wiley, New Jersey (2008)
Cobit 4.1: Framework Control Objectives Management Guidelines Maturity Models. IT Governance Institute, Rolling Meadows (2007)
Open Compliance Group (2008), http://www.oceg.org/
Carroll, R.: Risk Management Handbook for Health Care Organisations. Chicago Jossey Bass, San Francisco (2001)
Schroeck, G.: Risk Management and Value Creation in financial institutions. Wiley, New Jersey (2002)
Standard Australia.: Handbook: Risk Management Guidelines, Companion to AS/NZS 4360:2004. Standards Australia Internal Ltd, Sydney (2004)
Morgan, T.: Business Rules and Information Systems. Pearson Education, Indianapolis (2002)
Debevoise, T.: Business Process Management with a Business Rules Approach: Implementing the Service Oriented Architecture. Business Knowledge Architects, Canada (2005)
Basel Committee: General Guide to Account Opening and Customer Identification (2003)
Committee of Sponsoring Organizations of the Treadway Commission: Internal Control, Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, New York (1991)
Ghose, A., Koliadist, G.: Auditing Business Process Compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007)
Weske, M.: Business Process Management - Concepts, Languages, Architectures. Springer, New York (2007)
Marchetti, A.: Beyond Sarbanes-Oxly Compliance: Effective Enterprise Risk Management. Wiley, New Jersey (2005)
Lientz, B., Larssen, L.: Risk Management for IT Projects: How to Deal with over 150 Issues and Risks. Butterworth-Heinemann, Burlington (2006)
Namiri, K., Stojanovic, N.: A Formal Approach for Internal Controls Compliance in Business Processes. In: 8th Workshop on Business Process Modeling, Development, and Support (BPMDS 2007), Trondheim, pp. 1–9 (2007)
Kharbili, M.E., Stein, S., Markovic, I., Pulvermüller, E.: Towards a Framework for Semantic Business Process Compliance Management. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 1–15. Springer, Heidelberg (2008)
Karagiannis, D., Mylopoulos, J., Schwab, M.: Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act. In: 15th IEEE International Requirements Engineering Conference, pp. 315–321. Institute of Electrical and Electronics Engineers, New Delhi (2007)
Sadiq, S., Governatori, G., Naimiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)
Hevner, A., March, S., Park, J., Ram, S.: Design Science in Information Systems Research. Management Information Systems Quarterly 28, 75–105 (2004)
Societe Generale - Corporate & Investment Banking (2008), http://www.sgcib.com/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zoet, M., Welke, R., Versendaal, J., Ravesteyn, P. (2009). Aligning Risk Management and Compliance Considerations with Business Process Development. In: Di Noia, T., Buccafurri, F. (eds) E-Commerce and Web Technologies. EC-Web 2009. Lecture Notes in Computer Science, vol 5692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03964-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-03964-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03963-8
Online ISBN: 978-3-642-03964-5
eBook Packages: Computer ScienceComputer Science (R0)