Attributed Metagraph Modelling to Design Business Process Security Management

Cross organizational process flow is having increasing importance as organizational focus is on offshoring & outsourcing to develop complex business processes. Utilizing the development of telecommunications frameworks, IT systems are fundamental to collaborating and distributing business processes for both internal as well as external business units. But, this increased dependency exists in an ecosystem of increasing threats to information security along with market sensitivity and regulatory power. Based on recent process flow studies, we explore application of attributed metagraph representation to evaluate process security. Utilizing examples of both risk-analysis and impactmitigation, we reveal the effectiveness of attributed metagraph for business process analysis. Metagraph-based model helps in analysis of as-is processes as well as offers normative direction for process remodelling

Modeling IS Activities for Business Process Reengineering : A Colored Petri Net Approach

The day to day functioning of any organization involves many business processes. Each business process is comprised of different activities. The identification of activities and their cost drivers is a critical factor for successful Business Process Reengineering. Since the resources used by the activities form an integral part of the model, the identification of the cost drivers is also simplified. This paper details the following : 1. It proposesthe use of colored Petri nets for process modeling. Brimson(1991) identifies the process modeling approach to activity analysis as useful since it graphically links the inputs and outputs among activities and identifies the information flow in the processes. However, use of process flow charts, which is most commonly used in activity analysis cannot capture some of the aspects of office processes, like supervision, general management, etc. In addition, representing the complex business logic associated with activities would be difficult in such flow models. The use of colored Petri nets overcomes this limitation, as business logic and various office processes can be easily represented. In addition, the complexity of the system is handled by resorting to hierarchical representation of the processes. 2. The paper applies the concept of activity based costing to the management of the IS processes in firms. The cost structure of these processes, to our knowledge, has not been studied from the activity based costing perspective. The article proposes the use of activity based costing for IS processes. Such analysis could help the organization in making operational as well as strategic decisions as related to its IS processe

Incorporating Information Quality Management into EAI Processes

Nowadays Enterprise Application Integration (EAI) is rather a technical problem than an organizational issue in enterprise systems. Due to the increased complexity of EAI processes, it is difficult to guarantee the information quality (IQ) without scientific process control. Information Quality Management (IQM) highlights the control of the business processes by resolving IQ problems through IQ definition, measurement, analysis and improvement. When considering EAI’s emphasis on the integration of business processes and the information flow within an enterprise, they are potentially mutually complementary for the IQ improvement. However, there are very few studies carefully examining IQ improvement in EAI processes, and complementary nature of IQM and EAI. By analyzing the challenges of EAI to IQ, and theoretical foundations of incorporating IQM into EAI processes, this study proposes a framework to effectively improve the IQ of EAI processes, and suggests six propositions for future research

Communication-Based Versus Workflow-Based Redesign: Some Observations From An Experimental Study

Modeling and representation approaches and techniques have been used extensively both in business process improvement and in the design and development of information systems, in order to better understand the processes within organizations. The primary purpose of this study is to investigate the effect of different business process representation approaches and related techniques on business process improvement projects.  During the last decade, organizational redesign projects have had a very high rate of failure. We focus on four different research questions by conducting an experiment involving 174 students from a mid-sized university in northeastern United States, and analyzing the corresponding empirical data. The analysis of the data from the experiment indicates that an emphasis on the flow of information and communication in business processes can have a positive impact on the success of business process redesign projects

Business System Information Analysis Process Outcome in Hospital General Bengkayang Area

In the application of the outpatient information system business process at the Bengkayang Regional General Hospital, there are still problems faced, namely the occurrence of incompatibility of patient medical data information in the examination section / poly section, resulting in delays in the patient handling process. This is the background for the author to analyze the business process of outpatient system information at the Bengkayang General Hospital using the Business Process Management Life Cycle method. This study aims to determine how effective it is in managing the outpatient information system business process at the Bengkayang Regional General Hospital. The analytical technique used is BPMN, value chain, business area analysis and the method used is the BPM life cycle. The results of this study can support the current business processes for the better. With the addition and improvement of optimal technology, with existing information system technology to obtain a more detailed and complete procedural flow chart. The resulting procedure flow chart will integrate the data in each part of the service unit in the outpatient department, so that the data can be used together between departments so that data duplication can be avoided

Business Process Models for Risk Analysis: Expert View

The recent financial turbulences raise questions on how risk analysis is conducted. Regulatory requirements and professional standards have been introduced in the last decade in order to obtain a more reliable internal control on financial reporting process with a new emphasis on business processes. However, there are no standards yet available on how business processes should be captured for facilitating risk analysis in audit assignments. Representations of business processes have been investigated in the field of business process modeling. There exists a broad spectrum of notations and formalisms with relative strengths and weaknesses. Many of the popular notations build on a graph-based representation where activities of a process are connected with directed arcs defining the control flow. Such notations have been widely adopted for redesigning business processes. But also text-based formats have been defined. Corresponding process specifications define the activities of a process as lists with additional free text information. This raises the question whether the tools and methods for analyzing business process risks in auditing practice is appropriate for its objective. This paper reveals the benefits of adopting business process models for auditors toward understanding a companies business processes and the issues need to be considered for further development. The analysis also shows that practitioners use process models rather for risk elicitation and less in risk assessment

Discovering Business Area Effects to Process Mining Analysis Using Clustering and Influence Analysis

A common challenge for improving business processes in large organizations is that business people in charge of the operations are lacking a fact-based understanding of the execution details, process variants, and exceptions taking place in business operations. While existing process mining methodologies can discover these details based on event logs, it is challenging to communicate the process mining findings to business people. In this paper, we present a novel methodology for discovering business areas that have a significant effect on the process execution details. Our method uses clustering to group similar cases based on process flow characteristics and then influence analysis for detecting those business areas that correlate most with the discovered clusters. Our analysis serves as a bridge between BPM people and business, people facilitating the knowledge sharing between these groups. We also present an example analysis based on publicly available real-life purchase order process data.Comment: 12 pages. Paper accepted in 23rd International Conference on Business Information Systems (BIS 2020) to be published in a proceedings edition of the Lecture Notes in Business Information Processin

FORTES: Forensic Information Flow Analysis of Business Processes

Nearly 70% of all business processes in use today rely on automated workflow systems for their execution. Despite the growing expenses in the design of advanced tools for secure and compliant deployment of workflows, an exponential growth of dependability incidents persists. Concepts beyond access control focusing on information flow control offer new paradigms to design security mechanisms for reliable and secure IT-based workflows. This talk presents FORTES, an approach for the forensic analysis of information flow properties. FORTES claims that information flow control can be made usable as a core of an audit-control system. For this purpose, it reconstructs workflow models from secure log files (i.e. execution traces) and, applying security policies, analyzes the information flows to distinguish security relevant from security irrelevant information flows. FORTES thus cannot prevent security policy violations, but by detecting them with well-founded analysis, improve the precision of audit controls and the generated certificates

The REA Ontology to Supplement Teaching Data Flow Diagrams

Systems Analysis and Design is a core component of most information systems curricula, and generally includes coverage of process modeling with data flow diagrams. In order to relate process modeling to something with which all students are familiar, the content of a traditional Systems Analysis and Design course can be supplemented with an ontological framework. This manuscript proposes that an ontology from accounting literature (REA) be used to supplement traditional modeling approaches. The REA Ontology incorporates elementary accounting concepts familiar to many business students, and as a consequence makes contextual learning possible. This manuscript points out several synergies between the REA Ontology and data flow diagrams, and notes that the contextual learning factor enhances student learning. As a result, students are able to develop an efficient and enriched mental concept of data flow modeling and the business processes the models seek to capture

Process mining using BPMN : relating event logs and process models

Process-aware information systems (PAIS) are systems relying on processes, which involve human and software resources to achieve concrete goals. There is a need to develop approaches for modeling, analysis, improvement and monitoring processes within PAIS. These approaches include process mining techniques used to discover process models from event logs, find log and model deviations, and analyze performance characteristics of processes. The representational bias (a way to model processes) plays an important role in process mining. The BPMN 2.0 (Business Process Model and Notation) standard is widely used and allows to build conventional and understandable process models. In addition to the flat control flow perspective, subprocesses, data flows, resources can be integrated within one BPMN diagram. This makes BPMN very attractive for both process miners and business users. In this paper, we describe and justify robust control flow conversion algorithms, which provide the basis for more advanced BPMN-based discovery and conformance checking algorithms. We believe that the results presented in this paper can be used for a wide variety of BPMN mining and conformance checking algorithms. We also provide metrics for the processes discovered before and after the conversion to BPMN structures. Cases for which conversion algorithms produce more compact or more involved BPMN models in comparison with the initial models are identified. Keywords: Process mining; Process discovery; Conformance checking; BPMN (Business Process Model and Notation); Petri nets; Bisimulatio