Skip to main content
SpringerLink
Log in

Integration of Risk Aspects into Business Process Modeling

  • Conference paper
  • First Online:
Innovations in Enterprise Information Systems Management and Engineering (ERP Future 2015)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 245))

Included in the following conference series:

Abstract

Regulatory rules force most enterprises to implement a risk management system with a detailed documentation of their risk situation. In parallel, business processes which can be source and target of risks are systematically documented. Hence, it seems obvious to combine both tasks. Despite research’s long lasting focus on risk management and business process management, only few approaches exist that try to fully integrate risk aspects into business process models. Most methods consider risk management only partly. This paper therefore develops a comprehensive concept for the integration of risk aspects into business process modeling. It is based on the Business Process Model and Notation (BPMN) 2.0, that only needs to be extended carefully.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Asnar, Y., Giorgini, P.: Analyzing business continuity through a multi-layers model. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 212–227. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Bai, X., Padman, R., Krishnan, R.: On Risk management in business process design. Technical report, The H. John Heinz III School of Public Policy and Management, Carnegie Mellon University (2006). http://heinz.cmu.edu/research/296full.pdf

  3. Becker, J., Weiß, B., Winkelmann, A.: Developing a business process modeling language for the banking sector – a design science approach. In: Proceedings of the 15th Americas Conference on Information Systems, San Francisco, pp. 1–12 (2009)

    Google Scholar 

  4. Betz, S., Hickl, S., Oberweis, A.: Risk-aware business process modeling and simulation using XML nets. In: Proceedings of the 2011 IEEE Conference on Commerce and Enterprise Computing, pp. 349–356 (2011)

    Google Scholar 

  5. Brabänder, E., Ochs, H.: Analyse und Gestaltung prozessorientierter Risikomanagement systeme mit Ereignisgesteuerten Prozessketten. In: Nüttgens, M., Rump, F. (eds.) Geschäftsprozessmanagement mit Ereignisgesteuerten Prozessketten – EPK 2002. Proceedings des GI Workshops und Arbeitskreistreffens, pp. 17–35 (2002)

    Google Scholar 

  6. Carter, R.L., Crockford, G. N.: The development and scope of risk management. In: Pountney, B. (eds.) Handbook of Risk Management, Kingston upon Thames, pp. 1.1–01–1.1–21 (1999)

    Google Scholar 

  7. Cope, E.W., Kuster, J., Etzweiler, D., Deleris, L., Ray, B.: Incorporating risk into business process models. IBM J. Res. Develop. 54, 4:1–4:13 (2010)

    Article  Google Scholar 

  8. COSO: Enterprise Risk Management - Integrated Framework. Executive Summary (2004). http://coso.org/documents/COSO_ERM_ExecutiveSummary.pdf

  9. Gleißner, W.: Identifikation, Messung und Aggregation von Risiken. In: Gleißner, W., Meier, G. (eds.) Wertorientiertes Risiko-Management für Industrie und Handel, pp. 111–137. Gabler, Wiesbaden (2001)

    Chapter  Google Scholar 

  10. Hengmith, L.: Geschäftsprozessmodellierung und -simulation als Hilfsmittel zum Management operationaler Risiken. Bank. Inf. Technol. 2, 17–29 (2005)

    Google Scholar 

  11. Herrmann, P., Herrmann, G.P.: Security requirement analysis of business processes. Electron. Commer. Res. 6(3–4), 305–335 (2006)

    Article  Google Scholar 

  12. International Standards Organization: ISO 31000:2009 Risk Management-Principles and Guidelines (2009)

    Google Scholar 

  13. Jakoubi, S., Tjoa, S., Quirchmayr, G.: ROPE: a methodology for enabling the risk-aware modelling and simulation of business processes. In: Österle, H., Schelp, J., Winter, R. (eds.) Proceedings of the Fifteenth European Conference on Information Systems (ECIS 2007), pp. 1596–1607. University of St. Gallen, St. Gallen (2007)

    Google Scholar 

  14. Karagiannis, D., Mylopoulos, J., Schwab, M.: Business process-based regulation compliance: the case of the Sarbanes-Oxley act. In: Sutcliffe, A., Jalote, P. (eds.) Proceedings of the Fifteenth IEEE International Conference on Requirements Engineering (RE 2007), pp. 315–321. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  15. Knight, F.H.: Risk, Uncertainty and Profit. University of Chicago Press, Chicago and London (1971)

    Google Scholar 

  16. Lambert, J., Jennings, R., Joshi, N.: Integration of risk identification with business process models. Syst. Eng. 9(3), 187–198 (2006)

    Article  Google Scholar 

  17. Li, L.: Study on the application of information technology in enterprise risk management. In: Proceedings of the 2013 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (QR2MSE), pp. 2146–2150 (2013)

    Google Scholar 

  18. Marcinkowski, B., Kuciapski, M.: A business process modeling notation extension for risk handling. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 374–381. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  19. März, O.: Die Kalkulierbarkeit des Risikos. Frankfurt am Main (1948)

    Google Scholar 

  20. Meland, P., Gjære, A.: Representing threats in BPMN 2.0. In: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security (ARES), Prague, pp. 542–550 (2012)

    Google Scholar 

  21. Mock, R., Corvo, M.: Risk analysis of information systems by event process chains. Int. J. Crit. Infrastruct. IJCIS 1, 247–257 (2005)

    Article  Google Scholar 

  22. zur Muehlen, M., Rosemann, M.: Integrating risks in business process models. In: ACIS 2005 Proceedings, Paper 50, Sydney (2005)

    Google Scholar 

  23. Neiger, D., Churliov, L., zur Muehlen, M., Rosemann, M.: Integrating risks in business process models with value focused process engineering. In: Proceedings of the Fourteenth European Conference on Information Systems (ECIS 2006), Association for Information Systems (2006). http://aisel.aisnet.org/ecis2006/122/

  24. Panayiotou, N., Oikonomitsios, S., Athanasiadou, C., Gayialis, S.: Risk assessment in virtual enterprise networks: a process-driven internal audit approach. In: Ponis, S. (ed.) Managing Risk in Virtual Enterprise Networks: Implementing Supply Chain Principles, pp. 290–312. IGI Global, Hershey (2010)

    Chapter  Google Scholar 

  25. Rieke, T., Winkelmann, A.: Modellierung und Management von Risiken. Ein prozessorientierter Risikomanagement-Ansatz zur Identifikation und Behandlung von Risiken in Geschäftsprozessen. Wirtschaftsinformatik 5, 346–356 (2008)

    Article  Google Scholar 

  26. Romeike, F.: Der Prozess der Risikosteuerung und –kontrolle. In: Romeike, F., Finke, R.B. (eds.) Erfolgsfaktor Risikomanagement 3.0, 3rd edn, pp. 235–243. Gabler, Wiesbaden (2003)

    Google Scholar 

  27. Schultz, M., Radloff, M.: Modeling concepts for internal controls in business processes – an empirically grounded extension of BPMN. In: Sadiq, S., Soffer, P., Völzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 184–199. Springer, Heidelberg (2014)

    Google Scholar 

  28. Sienou, A., Lamine, E., Karduck, A., Pingaud, H.: Conceptual model of risk: towards a risk modelling language. In: Weske, M., Hacid, M.-S., Godart, C. (eds.) WISE 2007. LNCS, vol. 4832, pp. 118–129. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  29. Siepermann, M.: Risikokostenrechnung. E. Schmidt, Berlin (2008)

    Google Scholar 

  30. Strecker, S., Heise, D., Frank, U.: RiskM: a multi-perspective modeling method for IT risk assessment. Inf. Syst. Front. 13(4), 595–611 (2011)

    Article  Google Scholar 

  31. Streitfeld, L.: Grundlagen und Probleme der betriebswirtschaftlichen Risikotheorie. Gabler, Wiesbaden (1973)

    Book  Google Scholar 

  32. Stroppi, L.J.R., Chiotti, O., Villarreal, P.D.: Extending BPMN 2.0: method and tool support. In: Dijkman, R., Hofstetter, J., Koehler, J. (eds.) BPMN 2011. LNBIP, vol. 95, pp. 59–73. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  33. Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A., Adams, M.: Current research in risk-aware business process management – overview, comparison and gap analysis. Commun. Assoc. Inf. Syst. CAIS 34, 933–984 (2014)

    Google Scholar 

  34. Taylor, P., Godino, J., Majeed, B.: Use of fuzzy reasoning in the simulation of risk events in business processes. In: Proceedings of the Twenty Second European Conference on Modelling and Simulation (ECMS 2008), pp. 25–30 (2008). http://www.scs-europe.net/conf/ecms2008/ecms2008%20CD/ecms2008%20pdf/ECMS2008.pdf

  35. Weiß, B., Winkelmann, A.: Developing a process-oriented notation for modeling operational risks ― a conceptual metamodel approach to operational risk management in knowledge intensive business processes within the financial industry. In: Proceedings of the Forty-Fourth Hawaii International Conference on Systems Science (HICSS 2011), pp. 1–10. IEEE Computer Society, Los Alamitos (2011)

    Google Scholar 

  36. Whylie, K., Gaedicke, C., Shahbodaghlou, F., Ganjeizadeh, F.: A risk analysis and mitigation methodology for infrastructure projects. J. Supply Chain Oper. Manag. 12(2), 50–67 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Business, Economics and Social Sciences, Department of Business Information Management, TU Dortmund University, Otto-Hahn Str. 12, 44227, Dortmund, Germany

    Tobias Anton, Richard Lackes & Markus Siepermann

Authors
  1. Tobias Anton
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Richard Lackes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Markus Siepermann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tobias Anton .

Editor information

Editors and Affiliations

  1. Institute of Computer Science, Universität Innsbruck Institute of Computer Science, Innsbruck, Austria

    Michael Felderer

  2. Andrassy University Budapest , Budapest, Hungary

    Felix Piazolo

  3. FH Johanneum Univ. of Applied Science , Graz, Austria

    Wolfgang Ortner

  4. University of Applied Sciences Munich , Munich, Germany

    Lars Brehm

  5. University of Applied Sciences Munich , Munich, Germany

    Hans-Joachim Hof

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Anton, T., Lackes, R., Siepermann, M. (2016). Integration of Risk Aspects into Business Process Modeling. In: Felderer, M., Piazolo, F., Ortner, W., Brehm, L., Hof, HJ. (eds) Innovations in Enterprise Information Systems Management and Engineering. ERP Future 2015. Lecture Notes in Business Information Processing, vol 245. Springer, Cham. https://doi.org/10.1007/978-3-319-32799-0_4

Download citation

Publish with us

Policies and ethics

Search

Navigation