The Influence of Using Collapsed Sub-processes and Groupson the Understandability of Business Process Models

Many factors influence the creation of businessprocess models which are understandable for a targetaudience. Understandability of process models becomesmore critical when size and complexity of the modelsincrease. Using vertical modularization to decompose suchmodels hierarchically into modules is considered toimprove their understandability. To investigate thisassumption, two experiments were conducted. The exper-iments involved 2 large-scale real-life business processmodels that were modeled using BPMN v2.0 (BusinessProcess Model and Notation) in the form of collaborationdiagrams. Each process was modeled in 3 modularityforms: fully-flattened, flattened where activities areclustered using BPMN groups, and modularized usingseparately viewed BPMN sub-processes. The objective wasto investigate if and how different forms of modularityrepresentation (used for vertical modularization) in BPMNcollaboration diagrams influence the understandability ofprocess models. In addition to the forms of modularityrepresentation, the presentation medium (paper vs. com-puter) and model reader’s level of business process mod-eling competency were investigated as factors thatpotentially influence model comprehension. 60 businesspractitioners from a large organization and 140 graduatestudents participated in our experiments. The results indi-cate that, when these three modularity representations areconsidered, it is best to present the model in a ‘flattened’form (with or without the use of groups) and in the ‘paper’format in order to optimally understand a BPMN model.The results also show that the model reader’s businessprocess modeling competency is an important factor ofprocess model comprehension

The Effect of Modularity Representation and Presentation Medium on the Understandability of Business Process Models in BPMN

Many factors influence the creation of understandable business process models for an appropriate audience. Understandability of process models becomes critical particularly when a process is complex and its model is large in structure. Using modularization to represent such models hierarchically (e.g. using sub-processes) is considered to contribute to the understandability of these models. To investigate this assumption, we conducted an experiment that involved 2 large-scale real-life business process models that were modeled using BPMN v2.0 (Business Process Model and Notation). Each process was modeled in 3 modularity forms: fully-flattened, flattened where activities are clustered using BPMN groups, and modularized using separately viewed BPMN sub-processes. The objective is to investigate if and how different forms of modularity representation in BPMN collaboration diagrams influence the understandability of process models. In addition to the forms of modularity representation, we also looked into the presentation medium (paper vs. computer) as a factor that potentially influences model comprehension. Sixty business practitioners from a large organization participated in the experiment. The results of our experiment indicate that for business practitioners, to optimally understand a BPMN model in the form of a collaboration diagram, it is best to present the model in a ‘fully-flattened’ fashion (without using collapsed sub-processes in BPMN) in the ‘paper’ format

Measuring the Cognitive Complexity in the Comprehension of Modular Process Models

Modularization in process models is a method to cope with the inherent complexity in such models (e.g., model size reduction). Modularization is capable to increase the quality, the ease of reuse, and the scalability of process models. Prior conducted research studied the effects of modular process models to enhance their comprehension. However, the effects of modularization on cognitive factors during process model comprehension are less understood so far. Therefore, this paper presents the results of two exploratory studies (i.e., a survey research study with N = 95 participants; a follow-up eye tracking study with N = 19 participants), in which three types of modularization (i.e., horizontal, vertical, orthogonal) were applied to process models expressed in terms of the Business Process Model and Notation (BPMN) 2.0. Further, the effects of modularization on the cognitive load, the level of acceptability, and the performance in process model comprehension were investigated. In general, the results revealed that participants were confronted with challenges during the comprehension of modularized process models. Further, performance in the comprehension of modularized process models showed only a few significant differences, however, the results obtained regarding the cognitive load revealed that the complexity and concept of modularization in process models were misjudged initially. The insights unraveled that the attitude towards the application and the behavioral intention to apply modularization in process model is still not clear. In this context, horizontal modularization appeared to be the best comprehensible modularization approach leading to a more fine-grained comprehension of respective process models. The findings indicate that alterations in modular process models (e.g., change in the representation) are important to foster and enable their comprehension. Finally, based on our results, implications for research and practice as well as directions for future work are discussed in this paper

An Extension of Business Process Model and Notation for Security Risk Management

Kaasaegsed infosüsteemide arendamise metoodikad hõlmavad erinevaid tehnilisi äriprotsesside modelleerimise meetmeid. Äriprotsesside modelleerimiseks kasutatav keel (BPMN) on tänapäeval muutunud üheks standartseks meetmeks, mis edukalt rakendatakse infosüsteemide loomisel ning edasi arendamisel selleks, et ettevõtete äriprotsesse kirjeldada ja modelleerida.Vaatamata sellele, et BPMN on hea töörist, mille abil on võimalik ettevõtte äriprotsesse mõistma ja esitama, see ei võimalda äriprotsesside modelleerimisel adresseerida süsteemi turvalisuse aspekte. Autor leiab, et see on BPMN nõrk külg, selle pärast, et turvalise infosüsteemi arendamiseks on oluline nii äriprotsesse kui ka süsteemi turvalisust vaadeldada tervikuna. Käesolevas magistritöös autor töötab välja BPMN 2.0 keele jaoks uusi elemente, mis edaspidi peavad võimaldama adresseerima turvalisuse temaatika süsteemi modelleerimisel. Autori pakutud lahendus põhineb BPMN modelleerimiskeele seostamisel turvalisuse riski juhendamise metoodikaga (ISSRM). Antud magistritöös rakendatakse struktureeritud lähenemine BPMN peamiste aspektide analüüsimisel ja turvalisuse riskide juhtimiseks uute elementide väljatöötamisel, selleks ühildades BPMN ning ISSRM-i kontsepte. Magistritöös on demonstreeritud väljatöötatud lisaelementide kasutus, selgitatud kuidas antud elementidega laiendatud BPMN võimaldab väljendada ettevõtte varasid (assets), nendega seotuid riske (risks) ja riskide käsitlust (risk treatment). See on analüüsitud internetkaupluse varade konfidentsiaalsuse, terviklikkuse ja kättesaadavuse näitel. Autor on veendunud, et BPMN laienemine turvalisuse kontseptide osas ja antud töö raames tehtud konkreetsed ettepanekud aitavad infosüsteemide analüütikutele mõistma kuidas süsteemi turvalisust arendada nii, et läbi äriprotsessi tuvastatud olulisemate ettevõtte varade turvalisus oleks infosüsteemis käsitletud ning tagatud. Autori poolt antud käsitlus on vaadeldud ka laiemas mõttes, nimelt, BPMN keelele pakutud laienemisega avaneb perspektiiv äriprotsesside ja turvalisuse mudeleite koosvõimele ning BPMN-i teiste modelleerimise metoodikatega, nagu ISSRM või Secure Tropos, integreerimisele.Modern Information System (IS) development supports different techniques for business process modelling. Recently Business Process Model and Notation (BPMN) has become a standard that allows modelers to visualize organizational business processes. However, despite the fact that BPMN is a good approach to introduce and understand business processes, there is no opportunity to address security concerns while analysing the business needs. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In current thesis we introduce the extensions for BPMN 2.0 regarding security aspects. The following proposal is based on alignment of the modelling notation with IS security risk management (ISSRM).We apply a structured approach to understand major aspects of BPMN and propose extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We demonstrate the use of extensions, illustrating how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store assets’ confidentiality, integrity and availability. We believe that our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. We also attempt to observe the following approach in the broader sense and we open a possibility for the business and security model interoperability and the model transformation between BPMN and another modelling approach also aligned to ISSRM, Secure Tropos