عنوان مقاله [English]
Risk management is critical regarding the maintenance of a organization’s business processes. In any business process, there are several process instances. Each case follows one of these process instances depending on the decisions made during the execution of the process. Every activity itself contains a certain amount of risk, but when it is placed in a particular path, specially a business process, given the impact from previous or upcoming activities, the risk type and level varies in different paths. As a result, the risk of each process instance will be determined by which activities are on it. The purpose of this paper is to present a quantitative method for identifying the most risk-containing process instance among various process instances. To this end, two layers are considered for each process: the activity layer and the risk layer. In the risk layer using the “most reliable path” problem, the most important risks affecting the outcome of the process are identified. Then, in the activity layer, the business process instances correspond to the most important risks are recognized as a business process instance with highest risk. The proposed method has been investigated in the financial leasing business process. The ability of to identify the most risk-containing business process instances, helps managers design and implement better preventative measures and impose effective process controls appropriate to the risk level of the most risky process instance.
Alberts, C. J., & Dorofee, A. (2002). Managing information security risks: the OCTAVE approach. Addison-Wesley Longman Publishing Co., Inc..
Amantea, I. A., Di Leva, A., & Sulis, E. (2019). Risk-Aware Business Process Management: A Case Study in Healthcare. In The Future of Risk Management, Volume I (pp. 157-174). Palgrave Macmillan, Cham.
Bae, H., Lee, S., & Moon, I. (2014). Planning of business process execution in Business Process Management environments. Information Sciences, 268, 357-369.
Barber, B., & Davey, J. (1992). The use of the ccta risk analysis and management methodology cramm in health information systems. Medinfo, 92, 1589-1593.
Bezerra, F., & Wainer, J. (2008, June). Anomaly detection algorithms in business process logs. In Proceedings of the 10th International Conference on Enterprise Information Systems (ICEIS), volume AIDSS, Barcelona, Spain (pp. 11-18).
Borkowski, M., Fdhila, W., Nardelli, M., Rinderle-Ma, S., & Schulte, S. (2017). Event-based failure prediction in distributed business processes. Information Systems.
Bouarfa, L., & Dankelman, J. (2012). Workflow mining and outlier detection from clinical activity logs. Journal of biomedical informatics, 45(6), 1185-1190.
Chuang, Y. C., Hsu, P., Wang, M., & Chen, S. C. (2010). A frequency-based algorithm for workflow outlier mining. In International Conference on Future Generation Information Technology (pp. 191-207). Springer, Berlin, Heidelberg.
Clarkson, P. J., Simons, C., & Eckert, C. (2004). Predicting change propagation in complex design. Journal of Mechanical Design, 126(5), 788-797.
Conforti, R., Fink, S., Manderscheid, J., & Röglinger, M. (2016). PRISM–a predictive risk monitoring approach for business processes. In International Conference on Business Process Management (pp. 383-400). Springer, Cham.
Conforti, R., de Leoni, M., La Rosa, M., van der Aalst, W. M., & Ter Hofstede, A. H. (2015). A recommendation system for predicting risks across multiple business process instances. Decision Support Systems, 69, 1-19.
Conforti, R., Fortino, G., La Rosa, M., & Ter Hofstede, A. H. (2011). History-aware, real-time risk detection in business processes. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems"(pp. 100-118). Springer, Berlin, Heidelberg.
Conforti, R., La Rosa, M., Fortino, G., Ter Hofstede, A. H., Recker, J., & Adams, M. (2013). Real-time risk monitoring in business processes: A sensor-based approach. Journal of Systems and Software, 86(11), 2939-2965.
Di Francescomarino, C., Ghidini, C., Maggi, F. M., & Milani, F. (2018, September). Predictive Process Monitoring Methods: Which One Suits Me Best?. In International Conference on Business Process Management (pp. 462-479). Springer, Cham.
Dumas, M., La Rosa, M., Mendling, J., & Reijers, H. A. (2013). Fundamentals of business process management (1)2, Heidelberg: Springer.
Fenz, S., & Neubauer, T. (2009, April). How to determine threat probabilities using ontologies and Bayesian networks. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (p. 69). ACM.
Haggag, M. H., Khedr, A. E., & Montasser, H. S. (2015). A Risk-Aware Business Process Management Reference Model and Its Application in an Egyptian University. International Journal of Computer Science and Engineering Survey, 6(2), 11.
Handa, H., & Garg, A. (2018). Approach to Reduce Operational Risks in Business Organizations. In Information and Communication Technology for Sustainable Development (pp. 123-131). Springer, Singapore.
Von Alan, R. H., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research. MIS quarterly, 28(1), 75-105.
Hsu, P. Y., Chuang, Y. C., Lo, Y. C., & He, S. C. (2017). Using contextualized activity-level duration to discover irregular process instances in business operations. Information Sciences, 391, 80-98.
Jakkula, V. R., Crandall, A. S., & Cook, D. J. (2009). Enhancing anomaly detection using temporal pattern discovery. In Advanced intelligent environments (pp. 175-194). Springer, Boston, MA.
Jakoubi, S., Tjoa, S., & Quirchmayr, G. (2007, June). Rope: A Methodology for Enabling the Risk-Aware Modelling and Simulation of Business Processes. In ECIS (pp. 1596-1607).
Kang, B., Kim, D., & Kang, S. H. (2012). Real-time business process monitoring method for prediction of abnormal termination using KNNI-based LOF prediction. Expert Systems with Applications, 39(5), 6061-6068.
Kim, J., Lee, J., & Choi, I. (2017). An integrated process‐related risk management approach to proactive threat and opportunity handling: A framework and rule language. Knowledge and Process Management, 24(1), 23-37.
Kim, S., Cho, N. W., Lee, Y. J., Kang, S. H., Kim, T., Hwang, H., & Mun, D. (2013). Application of density-based outlier detection to database activity monitoring. Information Systems Frontiers, 15(1), 55-65.
Kratsch, W., Manderscheid, J., Reißner, D., & Röglinger, M. (2017). Data-driven process prioritization in process networks. Decision Support Systems, 100, 27-40.
Kuna, H. D., García-Martínez, R., & Villatoro, F. R. (2014). Outlier detection in audit logs for application systems. Information Systems, 44, 22-33.
Lund, M. S., Solhaug, B., & Stølen, K. (2010). Model-driven risk analysis: the CORAS approach. Springer Science & Business Media.
Pika, A., van der Aalst, W. M., Fidge, C. J., ter Hofstede, A. H., & Wynn, M. T. (2012, September). Predicting deadline transgressions using event logs. In International Conference on Business Process Management (pp. 211-216). Springer, Berlin, Heidelberg.
Pika, A., van der Aalst, W. M., Wynn, M. T., Fidge, C. J., & ter Hofstede, A. H. (2016). Evaluating and predicting overall process risk using event logs. Information Sciences, 352, 98-120.
Rosemann, M., & Zur Muehlen, M. (2005). Integrating risks in business process models. ACIS 2005 Proceedings, 50.
Sackmann, S. (2008). A Reference Model for Process-Oriented IT Risk Management. In ECIS (pp. 1346-1357).
Sawaya III, W. J., Pathak, S., Day, J. M., & Kristal, M. M. (2015). Sensing abnormal resource flow using adaptive limit process charts in a complex supply network. Decision Sciences, 46(5), 961-979.
Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A. H., Adams, M., Conforti, R. & Rosemann, M. (2014). Current research in risk-aware business process management―overview, comparison, and gap analysis. Communications of the Association for Information Systems, 34(1), 52:933-984.
Thabet, R., Lamine, E., Boufaied, A., Korbaa, O., & Pingaud, H. (2018). Towards a Risk-Aware Business Process Modelling Tool Using the ADOxx Platform. In International Conference on Advanced Information Systems Engineering (pp. 235-248). Springer, Cham.
Ullah, I., Tang, D., Wang, Q., & Yin, L. (2017). Least risky change propagation path analysis in product design process. Systems Engineering, 20(4), 379-391.
Varela-Vaca, Á. J., Parody, L., Gasca, R. M., & Gómez-López, M. T. (2019). Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models. IEEE Access, 7, 26448-26465.
Wang, M., Hsu, P., & Chuang, Y. C. (2011). Mining workflow outlier with a frequency-based algorithm. Int. J. Control and Automation, 4(2),1-22.
Zur Muehlen, M., & Ho, D. T. Y. (2005). Risk management in the BPM lifecycle. In International Conference on Business Process Management (pp. 454-466). Springer, Berlin, Heidelberg.