Skip to main content
SpringerLink
Log in
Book cover

OTM Confederated International Conferences "On the Move to Meaningful Internet Systems"

OTM 2012: On the Move to Meaningful Internet Systems: OTM 2012 pp 212–231Cite as

Automated Risk Mitigation in Business Processes

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7565))

Abstract

This paper proposes a concrete approach for the automatic mitigation of risks that are detected during process enactment. Given a process model exposed to risks, e.g. a financial process exposed to the risk of approval fraud, we enact this process and as soon as the likelihood of the associated risk(s) is no longer tolerable, we generate a set of possible mitigation actions to reduce the risks’ likelihood, ideally annulling the risks altogether. A mitigation action is a sequence of controlled changes applied to the running process instance, taking into account a snapshot of the process resources and data, and the current status of the system in which the process is executed. These actions are proposed as recommendations to help process administrators mitigate process-related risks as soon as they arise. The approach has been implemented in the YAWL environment and its performance evaluated. The results show that it is possible to mitigate process-related risks within a few minutes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. van der Aalst, W.M.P.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer (2011)

    Google Scholar 

  2. van der Aalst, W.M.P., Schonenberg, M.H., Song, M.: Time prediction based on process mining. Information Systems 36(2), 450–475 (2011)

    Article  Google Scholar 

  3. Adams, M., ter Hofstede, A.H.M., van der Aalst, W.M.P., Edmond, D.: Dynamic, Extensible and Context-Aware Exception Handling for Workflows. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part I. LNCS, vol. 4803, pp. 95–112. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  4. Alberts, C.J., Dorofee, A.J.: OCTAVE criteria, version 2.0. Technical Report CMU/SEI-2001-TR-016, Carnegie Mellon University (2001)

    Google Scholar 

  5. Alter, S.: A work system view of DSS in its fourth decade. In: DSS, vol. 38 (December 2004)

    Google Scholar 

  6. Barber, B., Davey, J.: The use of the CCTA Risk Analysis and Management Methodology CRAMM in health information systems. In: MEDINFO. North Holland Publishing (1992)

    Google Scholar 

  7. Basel Committee on Bankin Supervision. Basel II: International Convergence of Capital Measurement and Capital Standards (2006)

    Google Scholar 

  8. Betz, S., Hickl, S., Oberweis, A.: Risk-aware business process modeling and simulation using xml nets. In: IEEE CEC, pp. 349–356 (September 2011)

    Google Scholar 

  9. Charfi, A., Mezini, M.: AO4BPEL: An aspect-oriented extension to BPEL. In: WWW (2007)

    Google Scholar 

  10. Combi, C., Posenato, R.: Controllability in Temporal Conceptual Workflow Schemata. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds.) BPM 2009. LNCS, vol. 5701, pp. 64–79. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. International Electrotechnical Commission. IEC 61025 Fault Tree Analysis, FTA (1990)

    Google Scholar 

  12. Conforti, R., Fortino, G., La Rosa, M., ter Hofstede, A.H.M.: History-Aware, Real-Time Risk Detection in Business Processes. In: Meersman, R., Dillon, T., Herrero, P., Kumar, A., Reichert, M., Qing, L., Ooi, B.-C., Damiani, E., Schmidt, D.C., White, J., Hauswirth, M., Hitzler, P., Mohania, M. (eds.) OTM 2011, Part I. LNCS, vol. 7044, pp. 100–118. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  13. Conforti, R., ter Hofstede, A.H.M., La Rosa, M., Adams, M.J.: Automated risk mitigation in business processes (extended version). QUT ePrints 49331 (2012)

    Google Scholar 

  14. Cope, E.W., Kuster, J.M., Etzweiler, D., Deleris, L.A., Ray, B.: Incorporating risk into business process models. IBM Journal of Research and Development 54(3), 4:1–4:13 (2010)

    Article  Google Scholar 

  15. Dadam, P., Reichert, M.: The ADEPT project: a decade of research and development for robust and flexible process support. CSRD 23, 81–97 (2009)

    Article  Google Scholar 

  16. Dumas, M., van der Aalst, W.M.P., ter Hofstede, A.H.M.: Process-Aware Information Systems: Bridging People and Software through Process Technology. Wiley & Sons (2005)

    Google Scholar 

  17. Gambini, M., La Rosa, M., Migliorini, S., Ter Hofstede, A.H.M.: Automated Error Correction of Business Process Models. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 148–165. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  18. Hermosillo, G., Seinturier, L., Duchien, L.: Using complex event processing for dynamic business process adaptation. In: SCC, pp. 466–473. IEEE (2010)

    Google Scholar 

  19. ter Hofstede, A.H.M., van der Aalst, W.M.P., Adams, M., Russell, N. (eds.): Modern Business Process Automation: YAWL and its Support Environment. Springer (2010)

    Google Scholar 

  20. Jallow, A.K., Majeed, B., Vergidis, K., Tiwari, A., Roy, R.: Operational risk analysis in business processes. BTTJ 25(1), 168–177 (2007)

    Article  Google Scholar 

  21. Johnson, W.G.: MORT: The Management Oversight and Risk Tree. U.S. Atomic Energy Commission (1973)

    Google Scholar 

  22. Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer (2011)

    Google Scholar 

  23. Muller, R., Greiner, U., Rahm, E.: AgentWork: a workflow system supporting rule-based workflow adaptation. Data & Knowledge Engineering 51(2), 223–256 (2004)

    Article  Google Scholar 

  24. Neiger, D., Churilov, L., zur Muehlen, M., Rosemann, M.: Integrating risks in business process models with value focused process engineering. In: ECIS. AISeL (2006)

    Google Scholar 

  25. Ouyang, C., La Rosa, M., ter Hofstede, A.H.M., Dumas, M., Shortland, K.: Toward web-scale workflows for film production. IEEE, Internet Computing 12(5), 53–61 (2008)

    Article  Google Scholar 

  26. Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M.: Workflow Exception Patterns. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 288–302. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Sienou, A., Lamine, E., Pingaud, H., Karduck, A.P.: Risk driven process engineering in digital ecosystems: Modelling risk. In: Proc. of IEEE DEST, pp. 647–650 (2010)

    Google Scholar 

  28. Smith, K.I., Everson, R.M., Fieldsend, J.E., Murphy, C., Misra, R.: Dominance-based multiobjective simulated annealing. IEEE TEC 12(3), 323–342 (2008)

    Google Scholar 

  29. Standards Australia and Standards New Zealand. Standard AS/NZS ISO 31000 (2009)

    Google Scholar 

  30. Strecker, S., Heise, D., Frank, U.: RiskM: A multi-perspective modeling method for IT risk assessment. Information Systems Frontiers, 1–17 (2010)

    Google Scholar 

  31. Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A., Wynn, M., Ouyang, C., Adams, M.J., Conforti, R., Fidge, C., La Rosa, M., Pika, A.: Current research in risk-aware business process management - overview, comparison, and gap analysis. QUT ePrints 50606 (2012)

    Google Scholar 

  32. Tan, K., Crampton, J., Gunter, C.A.: The consistency of task-based authorization constraints in workflow. In: Proc. of IEEE CSFW, pp. 155–169 (June 2004)

    Google Scholar 

  33. Tjoa, S., Jakoubi, S., Goluch, G., Kitzler, G., Goluch, S., Quirchmayr, G.: A formal approach enabling risk-aware business process modeling and simulation. IEEE TSC 4(2) (2011)

    Google Scholar 

  34. Voluntary Interindustry Commerce Solutions Association. Voluntary Inter-industry Commerce Standard (VICS), http://www.vics.org (accessed: June 2011)

  35. Warner, J., Atluri, V.: Inter-instance authorization constraints for secure workflow management. In: Proc. of SACMAT, pp. 190–199. ACM, New York (2006)

    Google Scholar 

  36. Weber, B., Wild, W., Feige, U.: CBRFlow: Enabling Adaptive Workflow Management Through Conversational Case-Based Reasoning. In: Funk, P., González Calero, P.A. (eds.) ECCBR 2004. LNCS (LNAI), vol. 3155, pp. 434–448. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Queensland University of Technology, Australia

    Raffaele Conforti, Arthur H. M. ter Hofstede, Marcello La Rosa & Michael Adams

  2. NICTA Queensland Lab, Australia

    Arthur H. M. ter Hofstede & Marcello La Rosa

  3. Eindhoven University of Technology, The Netherlands

    Arthur H. M. ter Hofstede

Authors
  1. Raffaele Conforti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arthur H. M. ter Hofstede
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcello La Rosa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael Adams
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Semantic Technology and Application Research Laboratory (STARLab), Vrije Universiteit Brussel, Building G-10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. Research Centre for Automatic Control, School of Engineering in Information Technology, University of Lorraine, CNRS, Campus scientifique, BP 70239, 54506, Vandoeuvre-les-Nancy, France

    Hervé Panetto

  3. La Trobe University, Melbourne, VIC, Australia

    Tharam Dillon

  4. Faculty of Computer Science, University of Vienna, 1010, Vienna, Austria

    Stefanie Rinderle-Ma

  5. Institute of Databases and Information Systems, Ulm University, Germany

    Peter Dadam

  6. School of Information Technology and Electrical Engineering, University of Queensland, 4072, Brisbane, QLD, Australia

    Xiaofang Zhou

  7. HP Labs, Bristol, UK

    Siani Pearson

  8. Johannes Kepler University, Linz, Austria

    Alois Ferscha

  9. Università di Modena e Reggio Emilia, Modena, Italy

    Sonia Bergamaschi

  10. ADVIS Lab, Department of Computer Science, University of Illinois at Chicago, Chicago, IL, USA

    Isabel F. Cruz

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Conforti, R., ter Hofstede, A.H.M., La Rosa, M., Adams, M. (2012). Automated Risk Mitigation in Business Processes. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2012. OTM 2012. Lecture Notes in Computer Science, vol 7565. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33606-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33606-5_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33605-8

  • Online ISBN: 978-3-642-33606-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation