Publication Details

This conference paper was originally published as Bhuiyan, M, Islam, MMZ, Koliadis, G, Krishna, A, Ghose, A, Managing business process risk using rich organizational models, 31st Annual IEEE International Computer Software and Applications Conference COMPSAC 2007, 24-27 July, Vol 2, 509-520.


Business processes represent the operational capabilities of an organization. In order to ensure process continuity, the effective management of risk becomes an area of key concern. In this paper we propose an approach for supporting risk identification with the use of higher-level organizational models. We provide some intuitive metrics for extracting measures of actor criticality, and vulnerability from organizational models. This helps direct risk management to areas of critical importance within organization models. Additionally, the information can be used to assess alternative organizational structures in domains where risk mitigation is crucial. At the process level, these measures can be used to help direct improvements to the robustness and failsafe capabilities of critical or vulnerable processes. We believe our novel approach, will provide added benefits when used with other approaches to risk management during business process management, that do not reference the greater organizational context during risk assessment.



Link to publisher version (DOI)