Abstract
Business processes are core operational assets to control firms’ efficiency in value generation. However, the execution and control of business processes is increasingly dependent on Information Technology (IT). Therefore, the risks that arise from relying on IT in business processes must be quantified. This paper proposes the adaptation of the Value at Risk (VaR) financial technique to measure the level of risk within a process portfolio. This is done by quantifying the impact resulting from changes in the performance of IT services. The probability of IT risks is measured daily in order to model the volatility of IT services, especially when they are flexible and changeable. The proposed method enables predicting and estimating the losses of IT risks and their effect on dependent business processes over a time horizon. The incorporation of risk management mechanisms enriches business processes with organizational management capabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bai, X., Krishnan, R., Padman, R., Wang, H.J.: On risk management with information flows in business processes. Inform. Syst. Res. 24, 731–749 (2013)
Caron, F., Vanthienen, J., Baesens, B.: Comprehensive rule-based compliance checking and risk management with process mining. Decis. Support Syst. 54(3), 1357–1369 (2013)
Conforti, R., Fortino, G., La Rosa, M., ter Hofstede, A.H.M.: History-aware, real-time risk detection in business processes. In: Meersman, R. (ed.) OTM 2011, Part I. LNCS, vol. 7044, pp. 100–118. Springer, Heidelberg (2011)
Conforti, R., de Leoni, M., Rosa, M.L., van der Aalst, W.M., ter Hofstede, A.H.: A recommendation system for predicting risks across multiple business process instances. Decis. Support Syst. 69, 1–19 (2015)
Fill, H.G.: An approach for analyzing the effects of risks on business processes using semantic annotations. In: ECIS 2012 Proceedings, p. Paper 111. ESADE/AIS, Barcelona (2012)
González Rojas, O.: Governing IT services for quantifying business impact. In: Matulevičius, R., Dumas, M. (eds.) BIR 2015. LNBIP, vol. 229, pp. 97–112. Springer, Heidelberg (2015)
González-Rojas, O., Ochoa-Venegas, L., Molina-León, G.: Information security governance: valuation of dependencies between IT solution architectures. In: Repa, V., Bruckner, T. (eds.) BIR 2016. LNBIP, vol. 261. Springer, Heidelberg (2016, in Press)
Han, W., Ni, Q., Chen, H.: Apply measurable risk to strengthen security of a role-based delegation supporting workflow system. In: IEEE International Symposium on POLICY 2009, pp. 45–52. IEEE, London (2009)
IEEE Architecture Working Group: Std 1471-2000. Recommended practice for architectural description of software-intensive systems. Technical report, IEEE (2000)
J.P. Morgan and Reuters: RiskMetrics - technical document. Technical report, 4th edn. JP Morgan and Reuters, New York, December 1996
Kang, B., Cho, N.W., Kang, S.H.: Real-time risk measurement for business activity monitoring (BAM). Int. J. Innov. Comput. I 5(11), 3647–3657 (2009)
Parent, M., Reich, B.H.: Governing information technology risk. Calif. Manag. Rev. 51(3), 134–152 (2009)
Rainer Jr., R.K., Snyder, C.A., Carr, H.H.: Risk analysis for information technology. J. Manag. Inform. Syst. 8(1), 129–147 (1991)
Sackmann, S., Syring, A.: Adapted loss database - a new approach to assess IT risk in automated business processes. In: Santana, M., Luftman, J.N., Vinze, A.S. (eds.) AMCIS 2010 Proceedings, p. Paper 374. AIS, Lima (2010)
Seddon, P.B., Graeser, V., Willcocks, L.P.: Measuring organizational IS effectiveness: an overview and update of senior management perspectives. SIGMIS Database 33(2), 11–28 (2002)
Suh, B., Han, I.: The IS risk analysis based on a business model. Inf. Manag. 41(2), 149–158 (2003)
Suriadi, S., Wei, B., Winkelmann, A., ter Hofstede, A., Adams, M., Conforti, R., Fidge, C., La Rosa, M., Ouyang, C., Pika, A., Rosemann, M., Wynn, M.: Current research in risk-aware business process management-overview, comparison, and gap analysis. Commun. ACM 34(1), 933–984 (2014)
Tallon, P.P.: Value chain linkages and the spillover effects of strategic information technology alignment: a process-level view. J. Manag. Inf. Syst. 28(3), 9–44 (2011)
Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press, Boston (2004)
Wickboldt, J.A., Bianchin, L.A., Lunardi, R.C., Granville, L.Z., Gaspary, L.P., Bartolini, C.: A framework for risk assessment based on analysis of historical information of workflow execution in IT systems. Comput. Netw. 55(13), 2954–2975 (2011)
Acknowledgments
The authors would like to thank Fabian Arias who collaborated in the validation of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
González-Rojas, O., Lesmes, S. (2016). Value at Risk Within Business Processes: An Automated IT Risk Governance Approach. In: La Rosa, M., Loos, P., Pastor, O. (eds) Business Process Management. BPM 2016. Lecture Notes in Computer Science(), vol 9850. Springer, Cham. https://doi.org/10.1007/978-3-319-45348-4_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-45348-4_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45347-7
Online ISBN: 978-3-319-45348-4
eBook Packages: Computer ScienceComputer Science (R0)