Abstract
Definitions of business processes for the most part suggest that they are a set of interrelated activities with the goal of accomplishing a given task to provide value to the customer of the process. This positive orientation has been reflected in business process modelling methodologies, tools, techniques and even in the reference models and implementation approaches suggested by vendors and implementation partners. Research and industry does not explicitly consider the negative business process scenarios that could result in the accomplishment of undesirable outcomes to the customer and/or owner of the process. In this paper we first motivate the need for explicit consideration of such undesirable processes. We define such processes as mal-processes and proceed to identify some of the key causes of mal-processes in organisational contexts. This discussion is motivated through the identification of potential mal-processes and means through which we could prevent them. We propose extensions to existing business process modelling conventions (ARIS) that would enable us to model mal-processes. The interplay between best practice processes as defined by reference models (e.g. SAP Reference Model) and mal-processes as well as their impact on the implementation of Enterprise Systems (e.g. SAP, Oracle) is discussed in some detail. We conclude the paper by identifying the application and benefits that could accrue from the explicit identification of mal-processes.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
DeMarco, E.: Fraud and Misconduct Expected to Rise. RMA Journal 92 (2009)
Dale, S.: Holistic BPM: From Theory to Reality. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714. Springer, Heidelberg (2007)
Albrecht, S., Albrecht, C., Albrecht, C.: Current Trends in Fraud and its Detection. Information Security Journal: A Global Perspective 17, 2–12 (2008)
Reason, J.: Human Error: Models and Management. BMJ: British Medical Journal 320, 768–770 (2000)
Sindre, G., Opdahl, A.: Eliciting security requirements with misuse cases. Requirements Engineering 10, 34–44 (2005)
Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)
Neubauer, T., Pehn, M.: Workshop-Based Risk Assessment for the Definition of Secure Business Processes. In: Second International Conference on Information, Process, and Knowledge Management, 2010. eKNOW 2010 (2010)
Backes, M., Pfitzmann, B., Waidner, M.: Security in Business Process Engineering. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003)
Krishnan, R., Chari, K.: Model Management: Survey, Future Research Directions and a Bibliography. The Interactive Transactions of OR/MS 3 (2000)
Wright, G., Chaturvedi, A., Mookerjee, R., Garrod, S.: Integrated Modeling Environments in Organizations: An Empirical Study. Info. Sys. Research 9, 64–84 (1998)
Scheer, A.: Business Process Engineering: Reference Models for Industrial Enterprises. Springer, Telos (1998)
Ferstl, O., Sinz, E.: Modeling of Business Systems Using SOM. In: Handbook on Architectures of Information Systems, pp. 347–367 (1998)
Scheer, A.-W., Nüttgens, M.: ARIS Architecture and Reference Models for Business Process Management. In: Business Process Management, pp. 301–304 (2000)
Heidasch, R.: Get ready for the next generation of SAP business applications based on the Enterprise Service-Oriented Architecture (Enterprise SOA). SAP Professional Journal (2007)
Lyytinen, K., Mathiassen, L., Ropponen, J.: Attention Shaping and Software Risk-A Categorical Analysis of Four Classical Risk Management Approaches. Info. Sys. Research 9, 233–255 (1998)
Boehm, B., DeMarco, T.: Software Risk Management. IEEE Software 14, 17–19 (1997)
Bessis, J.: Risk Management in Banking. Wiley, Chichester
Chapman, C., Ward, S.: Project Risk Management: Processes, Techniques and Insights. Wiley, Chichester (2003)
Rosemann, M., zur Muehlen, M.: Integrating Risks in Business Process Models. In: ACIS 2005 Proceedings (2005)
Lambert, J., Jennings, R., Joshi, N.: Integration of risk identification with business process models. Syst. Eng. 9, 187–198 (2006)
Alexander, I.: Modelling the interplay of conflicting goals with use and misuse cases. In: Proceedings of the HCI*2002 Workshop on Goal-Oriented Business Process Modeling. Memory of Dr. Maxim Khomyakov, GBMP 2002 (2002)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: 15th Annual Computer Security Applications Conference, pp. 55–66. IEEE Computer Society, Los Alamitos (1999)
Sharp, A., McDermott, P.: Workflow Modeling: Tools for Process Improvement and Application Development. Artech House Publishers, Norwood (2001)
Weick, K.E., Sutcliffe, K.M., Obstfeld, D.: Organizing for high reliability: Processes of collective mindfulness. Research in Organizational Behavior 21, 23–81 (1999)
Feldman, M., Pentland, B.: Reconceptualizing Organizational Routines as a Source of Flexibility and Change. Administrative Science Quarterly 48, 94–118 (2003)
Orlikowski, W.: Knowing in Practice: Enacting a Collective Capability in Distributed Organizing. Organization Science 13, 249–273 (2002)
Davis, R.: Business Process Modelling with ARIS: A Practical Guide. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sundaram, D., Erik Rohde, M. (2010). Mal-processes: Explicitly Modelling the Deviant. In: Barjis, J. (eds) Enterprise and Organizational Modeling and Simulation. EOMAS 2010. Lecture Notes in Business Information Processing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15723-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-15723-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15722-6
Online ISBN: 978-3-642-15723-3
eBook Packages: Computer ScienceComputer Science (R0)