Key Performance Indicators (KPIs) can be used to evaluate the success of an organization, facilitating the detection of the deviations and unexpected evolution of the behaviour of a company. The difficulty for enterprises is to ascertain what to do when a deviation is detected. In this paper, we propose a modelling approach to improve the operational business-level and to ascertain the possible actions that can be executed to maintain the right direction in a company. For business process-oriented companies, it entails knowing how KPIs can be affected by the business processes. It implies not only pointing out that a system malfunction exists, but also to know what to do when a deviation is detected. Our proposal presents a methodology that covers: (1) an extension of the existing models in order to combine KPIs, goals of the companies, and the decision variables together with business processes; (2) a methodology based on data mining analysis to verify the correctness of the enriched proposed model according to the data stored during business evolution, and; (3) a framework to simulate the evolution of the business according to the decisions taken in the governance process, thereby supporting governance activities to achieve the defined objectives by exploiting goals and KPIs from the proposed model.
Autores: José Miguel Pérez-Álvarez / Alejandro Maté / Maria Teresa Gómez López / Juan Trujillo /
Palabras Clave: Business process - Decisions Support - Fuzzy Logic - governance - KPIs - Modelling knowledge
Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company’s security policies. A risk may be defined as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, the problem of automatic security risk management in the current BPMS is addresses. First, a formalization of the risk elements according to process models is included. These elements are supported as a BPMN 2.0 extension of risk information that is analyzed to determine nonconformance regarding risk goals. In addition, a diagnosis of the risk associated with the activity responsible for the nonconformance is also carried out. To this end, the proposal applies mechanisms based on the model-based diagnosis in which activities are in nonconformance with regard to the acceptable level of risk. The automation of diagnosis is carried out using artificial intelligence techniques based on constraint programming. The proposal is supported by the implementation of a plug-in that enables the graphical specification of the extension and the automation of the verification and diagnosis process. To the best of our knowledge, this is the first published work that addresses the risk-aware design of business processes with automatic techniques.
Autores: Angel Jesus Varela Vaca / Luisa Parody / Rafael M. Gasca / Maria Teresa Gómez López /
Palabras Clave: Business Process Management - Business Process Model - Constraint programming - Model-based Diagnosis - Security-Risk Assessment