process innovation vs. governance, risk and compliance
DESCRIPTION
Presentation on the interplay of risk and innovation, given at the 2008 International BPM Standards Conference in Seoul, Korea on Oct 17th, 2008.TRANSCRIPT
![Page 1: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/1.jpg)
Michael zur Muehlen, Ph.D.Center of Excellence in Business Process InnovationHowe School of Technology ManagementStevens Institute of TechnologyHoboken [email protected]
Process Innovation versus Governance, Risk and Compliance
1
![Page 2: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/2.jpg)
2
![Page 3: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/3.jpg)
3
![Page 4: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/4.jpg)
4
![Page 5: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/5.jpg)
What this Talk is AboutRisk: Driving Process Management
What are operational risks in the context of BPM?
How to identify operational risks
How to prioritize operational risks
How to make better decisions based on risk information
5
![Page 6: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/6.jpg)
Governance, Risk, Compliance
6
G
R
C
Governance: Effective Process Management
Risk: The Probability of Process Failure
Compliance: Meeting Regulatory Requirements
![Page 7: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/7.jpg)
7
MotivationDrivers for
Business Process Management (BPM)
Performance
Business Process ImprovementEngineering of Process-aware IS
Compliance
Mandated compliance (e.g. SOX)Desired compliance (e.g. ISO, ITIL)
![Page 8: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/8.jpg)
8
High Performance ProcessesText2Insure: Provide Travel and Car Insurance via SMS
Provides Quote within 60 seconds
Reply “BUY”
Call from agent within 10 min for payment details
Cover2go: Accidental Death Insurance
Fees taken from cell phone bill
Text2Insure: Provide Travel and Car Insurance via SMS
Provides Quote within 60 seconds
Reply “BUY”
Call from agent within 10 min for payment details
Cover2go: Accidental Death Insurance
Fees taken from cell phone bill
![Page 9: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/9.jpg)
High Compliance Processes
Sample Application: Rules engine with decision tree for underwriting and claims handling
Rules engine evaluates case in parallel with employee
If discrepancy between outcomes is detected, case is flagged and sent to manager
9
![Page 10: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/10.jpg)
10
Great! Now What Do We Do
With It?
![Page 11: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/11.jpg)
Process Innovation
Project Autograph
Usage-based Insurance Billing
New Process
New Technology
New Value Proposition
11
![Page 12: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/12.jpg)
Process Innovation
Project Failed
Lack of Standard Process
Expensive Technology
Customers not ready
12
![Page 13: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/13.jpg)
Learn from OutsideTelecom Billing Process
Free GPS
Rate depends on mileage driven
Industry-strength Billing Process
13
![Page 14: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/14.jpg)
Operational Process Risk
14
![Page 15: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/15.jpg)
15
Risk Management and BPM
BPM Risk ManagementFocus on providing value for stakeholders Focus on ensuring value for stakeholders
Performance depends on effectiveness of business processes
Risk is an inherent property of business processes
Performance is influenced by process design Risk is mitigated by process design
Feedback is obtained through Performance Indicators assigned to systems and processes
Feedback is obtained through Risk Indicators assigned to systems and processes
Performance objectives are achieved through optimized processes
Risk is mitigated through optimized processes
Compare Frew (2006)
![Page 16: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/16.jpg)
Payroll date < 3
days from today
Enter Payroll run
information
Payroll run
information
entered
Approve Payroll
run
XOR
Payroll run
approved
Payroll run not
approved
Transmit Payroll
run information
to Bank
Payroll run
information
transmitted
Accounting Staff
Member
Supervisor 1
Supervisor 2
Payroll System
Payroll System
16
Payroll Process
![Page 17: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/17.jpg)
Payroll date < 3
days from today
Enter Payroll run
information
Payroll run
information
entered
Transmit Payroll
run information
to Bank
Payroll run
information
transmitted
17
Process without Control Activities
![Page 18: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/18.jpg)
Payroll date < 3
days from today
Enter Payroll run
information
Payroll run
information
entered
Transmit Payroll
run information
to Bank
Payroll run
information
transmitted
Data Entry
Mistake
!
Transmission
Failure
!
Sign-off Payroll
Run
Verify Transmission
Acknowledgement
18
Common Risk Modeling
![Page 19: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/19.jpg)
Payroll date < 3
days from today
Enter Payroll run
information
Payroll run
information
entered
Accounting Staff
MemberPayroll System
Transmit Payroll
run information
to Bank
Payroll run
information
transmitted
Payroll System
Payroll Run
Request
19
Closer Look At The Process
![Page 20: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/20.jpg)
Payroll date < 3
days from today
Enter Payroll run
information
Payroll run
information
entered
Accounting Staff
MemberPayroll System
Transmit Payroll
run information
to Bank
Payroll run
information
transmitted
Payroll System
Payroll Run
Request
Staff member not
available
!Payroll System
Failure
!
Payroll Run
Request made
public
!
Sign-off Failure
!Data Entry
Mistake
!Sign-off Payroll
Run
Staff member
enters fraudulent
data
!
Staff member not
sufficiently
qualified
Transmission
Failure
!Verify Transmission
Acknowledgement
20
Component Risk
![Page 21: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/21.jpg)
Faults, Errors, Failures
21
![Page 22: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/22.jpg)
22
Fault Latency
Fault
Inexperienced Staff Member
on Duty
Error
Failure
Payroll date < 3
days from today
Enter Payroll run
information
Payroll run
information
entered
Approve Payroll
run
XOR
Payroll run
approved
Payroll run not
approved
Transmit Payroll
run information
to Bank
Payroll run
information
transmitted
Accounting Staff
Member
Supervisor 1
Supervisor 2
Payroll System
Payroll System
Wrong Date Entered
Faulty Payroll Run Approved
Complacent Supervisors
Faulty Payroll Run Transmitted
![Page 23: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/23.jpg)
Possible Event Sequences23
AFault exists
BError
occurs
CError is
identified
DAction is initiated
EAction is
completed
FPoint of no
return
GConsequence
ensues
Event Sequence
![Page 24: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/24.jpg)
24
Hard and Soft ConstraintsHard Constraints: Process Rules
Data dependencies
Resource dependencies
Must not be violated
Failure leads to broken process
Soft Constraints: Business Rules
Risk mitigation activities
Documentation
Checks and Balances
Can be worked around
Failure leads to non-compliance
![Page 25: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/25.jpg)
25
![Page 26: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/26.jpg)
26
regulatory& oversight
value preserving
value adding
![Page 27: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/27.jpg)
Balloon vs. Marble
27
“Lean” Process
Vulnerable to Outside Risk
Few, if any, Internal Controls
“Fat” Process
(Nearly) immune to Outside Risk
Strong Governance Component
Bottom line: Need to know context to choose
![Page 28: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/28.jpg)
Alternative Control Patterns28
![Page 29: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/29.jpg)
29
Alternative Control Patterns
![Page 30: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/30.jpg)
Process Control Pattern
Payroll date < 3
days from today
Enter Payroll run
information
Payroll run
information
entered
Approve Payroll
run
XOR
Payroll run
approved
Payroll run not
approved
Transmit Payroll
run information
to Bank
Payroll run
information
transmitted
Accounting Staff
Member
Supervisor 1
Supervisor 2
Payroll System
Payroll System
Approve Payroll
run
XOR
Payroll run
approved
Payroll run not
approved
Supervisor 1
Supervisor 2
30
Control Patterns
![Page 31: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/31.jpg)
31
FileNetImage System
24/7 Issue System Workflow and Rule Engine
App is Scanned and OCR’ed
Data EntryAnd Validation
Admin System
Rule Engine validatesApplication information
and Issues some policies
Underwriter reviews APS’s and some complex cases
Producer receives policy
for delivery.
Exception Based Underwriting
Expanded Rules with Automatic Interface functionality may include:
Straight-through processingIntelligent requirement processingAutomated issueMinimized admin system entryWorkload BalancingSource: Royce (2007)
![Page 32: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/32.jpg)
TakeawaysBPM-based Process Governance creates room for Innovation
Operational Risk Management requires separation of
Value-adding activities
Control activities
BPM Solutions can help enforce Compliance
Access Control
Audit Trail Logging
Enforcement of QoS such as response times
32
![Page 33: Process Innovation vs. Governance, Risk and Compliance](https://reader033.vdocument.in/reader033/viewer/2022050801/55491e76b4c905b44c8b6d86/html5/thumbnails/33.jpg)
Michael zur Muehlen, Ph.D.Center of Excellence in Business Process InnovationHowe School of Technology ManagementStevens Institute of TechnologyCastle Point on the HudsonHoboken, NJ 07030Phone: +1 (201) 216-8293Fax: +1 (201) 216-5385E-mail: [email protected]: http://www.cebpi.orgslides: www.slideshare.net/mzurmuehlen
Thank You - Questions?
33