Skip to main content
SpringerLink
Log in

Value at Risk Within Business Processes: An Automated IT Risk Governance Approach

  • Conference paper
  • First Online:
Business Process Management (BPM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9850))

Included in the following conference series:

Abstract

Business processes are core operational assets to control firms’ efficiency in value generation. However, the execution and control of business processes is increasingly dependent on Information Technology (IT). Therefore, the risks that arise from relying on IT in business processes must be quantified. This paper proposes the adaptation of the Value at Risk (VaR) financial technique to measure the level of risk within a process portfolio. This is done by quantifying the impact resulting from changes in the performance of IT services. The probability of IT risks is measured daily in order to model the volatility of IT services, especially when they are flexible and changeable. The proposed method enables predicting and estimating the losses of IT risks and their effect on dependent business processes over a time horizon. The incorporation of risk management mechanisms enriches business processes with organizational management capabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bai, X., Krishnan, R., Padman, R., Wang, H.J.: On risk management with information flows in business processes. Inform. Syst. Res. 24, 731–749 (2013)

    Article  Google Scholar 

  2. Caron, F., Vanthienen, J., Baesens, B.: Comprehensive rule-based compliance checking and risk management with process mining. Decis. Support Syst. 54(3), 1357–1369 (2013)

    Article  Google Scholar 

  3. Conforti, R., Fortino, G., La Rosa, M., ter Hofstede, A.H.M.: History-aware, real-time risk detection in business processes. In: Meersman, R. (ed.) OTM 2011, Part I. LNCS, vol. 7044, pp. 100–118. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Conforti, R., de Leoni, M., Rosa, M.L., van der Aalst, W.M., ter Hofstede, A.H.: A recommendation system for predicting risks across multiple business process instances. Decis. Support Syst. 69, 1–19 (2015)

    Article  Google Scholar 

  5. Fill, H.G.: An approach for analyzing the effects of risks on business processes using semantic annotations. In: ECIS 2012 Proceedings, p. Paper 111. ESADE/AIS, Barcelona (2012)

    Google Scholar 

  6. González Rojas, O.: Governing IT services for quantifying business impact. In: Matulevičius, R., Dumas, M. (eds.) BIR 2015. LNBIP, vol. 229, pp. 97–112. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  7. González-Rojas, O., Ochoa-Venegas, L., Molina-León, G.: Information security governance: valuation of dependencies between IT solution architectures. In: Repa, V., Bruckner, T. (eds.) BIR 2016. LNBIP, vol. 261. Springer, Heidelberg (2016, in Press)

    Google Scholar 

  8. Han, W., Ni, Q., Chen, H.: Apply measurable risk to strengthen security of a role-based delegation supporting workflow system. In: IEEE International Symposium on POLICY 2009, pp. 45–52. IEEE, London (2009)

    Google Scholar 

  9. IEEE Architecture Working Group: Std 1471-2000. Recommended practice for architectural description of software-intensive systems. Technical report, IEEE (2000)

    Google Scholar 

  10. J.P. Morgan and Reuters: RiskMetrics - technical document. Technical report, 4th edn. JP Morgan and Reuters, New York, December 1996

    Google Scholar 

  11. Kang, B., Cho, N.W., Kang, S.H.: Real-time risk measurement for business activity monitoring (BAM). Int. J. Innov. Comput. I 5(11), 3647–3657 (2009)

    Google Scholar 

  12. Parent, M., Reich, B.H.: Governing information technology risk. Calif. Manag. Rev. 51(3), 134–152 (2009)

    Article  Google Scholar 

  13. Rainer Jr., R.K., Snyder, C.A., Carr, H.H.: Risk analysis for information technology. J. Manag. Inform. Syst. 8(1), 129–147 (1991)

    Article  Google Scholar 

  14. Sackmann, S., Syring, A.: Adapted loss database - a new approach to assess IT risk in automated business processes. In: Santana, M., Luftman, J.N., Vinze, A.S. (eds.) AMCIS 2010 Proceedings, p. Paper 374. AIS, Lima (2010)

    Google Scholar 

  15. Seddon, P.B., Graeser, V., Willcocks, L.P.: Measuring organizational IS effectiveness: an overview and update of senior management perspectives. SIGMIS Database 33(2), 11–28 (2002)

    Article  Google Scholar 

  16. Suh, B., Han, I.: The IS risk analysis based on a business model. Inf. Manag. 41(2), 149–158 (2003)

    Article  Google Scholar 

  17. Suriadi, S., Wei, B., Winkelmann, A., ter Hofstede, A., Adams, M., Conforti, R., Fidge, C., La Rosa, M., Ouyang, C., Pika, A., Rosemann, M., Wynn, M.: Current research in risk-aware business process management-overview, comparison, and gap analysis. Commun. ACM 34(1), 933–984 (2014)

    Google Scholar 

  18. Tallon, P.P.: Value chain linkages and the spillover effects of strategic information technology alignment: a process-level view. J. Manag. Inf. Syst. 28(3), 9–44 (2011)

    Article  Google Scholar 

  19. Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press, Boston (2004)

    Google Scholar 

  20. Wickboldt, J.A., Bianchin, L.A., Lunardi, R.C., Granville, L.Z., Gaspary, L.P., Bartolini, C.: A framework for risk assessment based on analysis of historical information of workflow execution in IT systems. Comput. Netw. 55(13), 2954–2975 (2011)

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to thank Fabian Arias who collaborated in the validation of this work.

Author information

Authors and Affiliations

  1. Systems and Computing Engineering Department, School of Engineering, Universidad de los Andes, Bogotá, Colombia

    Oscar González-Rojas & Sebastian Lesmes

Authors
  1. Oscar González-Rojas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastian Lesmes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oscar González-Rojas .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Marcello La Rosa

  2. DFKI, Universität des Saarlandes DFKI, Saarbrücken, Saarland, Germany

    Peter Loos

  3. Universidad Politècnica de Valencia , Valencia, Spain

    Oscar Pastor

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

González-Rojas, O., Lesmes, S. (2016). Value at Risk Within Business Processes: An Automated IT Risk Governance Approach. In: La Rosa, M., Loos, P., Pastor, O. (eds) Business Process Management. BPM 2016. Lecture Notes in Computer Science(), vol 9850. Springer, Cham. https://doi.org/10.1007/978-3-319-45348-4_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45348-4_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45347-7

  • Online ISBN: 978-3-319-45348-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation