BPM & SOA: Leveraging an SOA and BPM to Address Corporate Compliance


Published on

BPM & SOA: Leveraging an SOA and BPM to Address Corporate Compliance. Gartner Japan SOA Summit 2006 July 19, 2006. Tim Bass, CISSP. Principal Global Architect, Director, TIBCO Software Inc.

Published in: Technology, Economy & Finance
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • BPM & SOA: Leveraging an SOA and BPM to Address Corporate Compliance

    1. 1. BPM & SOA Leveraging an SOA and BPM to Address Corporate Compliance Gartner Japan SOA Summit 2006 July 19, 2006 Tim Bass, CISSP Principal Global Architect, Director TIBCO Software Inc.
    2. 2. Our Agenda <ul><li>Brief Introduction to TIBCO Software Inc. </li></ul><ul><li>Overview of Risk and Compliance Challenges </li></ul><ul><li>Event-Decision Reference Architecture </li></ul><ul><ul><li>Service Oriented Architecture (SOA) </li></ul></ul><ul><ul><li>Business Process Management (BPM) </li></ul></ul><ul><li>TIBCO Customer Case Study </li></ul><ul><li>Example TIBCO SOA and BPM Products </li></ul>
    3. 3. Who We Are and What We Do We can help you… Improve operational visibility, collaboration and ability to be proactive Increase operational efficiency and effectiveness Accelerate projects, initiatives and go-to-market cycles TIBCO Software (TIBX) is a leading provider of business integration and process management software.
    4. 4. How TIBCO Delivers for Our Customers Accelerate projects, initiatives, and go-to-market cycles Increase operational efficiency and effectiveness Improve operational visibility, collaboration and ability to be proactive
    5. 5. TIBCO’s SOA & BPM Vision The Full Range of Business Integration Products and Services
    6. 6. Our Agenda <ul><li>Brief Introduction to TIBCO Software Inc. </li></ul><ul><li>Overview of Risk and Compliance Challenges </li></ul><ul><li>Event-Decision Reference Architecture </li></ul><ul><ul><li>Service Oriented Architecture (SOA) </li></ul></ul><ul><ul><li>Business Process Management (BPM) </li></ul></ul><ul><li>TIBCO Customer Case Study </li></ul><ul><li>Example TIBCO SOA and BPM Products </li></ul>
    7. 7. Risk and Compliance Business Drivers and Market Trends <ul><li>Business Drivers: Organizations face mounting pressures driving them toward a structured approach to enterprise risk and compliance management. </li></ul><ul><ul><li>Complexity, diversity and multiplicity of risk </li></ul></ul><ul><ul><li>Increased accountability and regulatory compliance </li></ul></ul><ul><ul><li>Fragmentation and duplication of efforts </li></ul></ul><ul><li>Market Trends: Business drivers resulted in the following trends as organizations begin to build their new approaches to risk and compliance management: </li></ul><ul><ul><li>Adoption of an enterprise risk management framework </li></ul></ul><ul><ul><li>Managed and measured regulatory compliance </li></ul></ul><ul><ul><li>Risk and compliance tool consolidation, application integration and SOA </li></ul></ul><ul><ul><li>Integration into business process management </li></ul></ul><ul><ul><li>Establishment of a chief risk officer </li></ul></ul>
    8. 8. Risk and Compliance What is Driving Enterprise Risk Management and Compliance? BUSINESS PROCESS GOVERNANCE BUSINESS PROCESS MANAGEMENT Corporate Disasters! Regulatory Actions RISK COMPLIANCE Corporate Disasters! Corporate Disasters! Regulatory Actions Regulatory Actions
    9. 9. Toward a “Digital Nervous System” for Compliance <ul><li>Business and process modeling </li></ul><ul><li>Framework architecture </li></ul><ul><li>Content/document management </li></ul><ul><li>Assessment — validation and remediation </li></ul><ul><li>Training and awareness </li></ul><ul><li>Reporting — business intelligence </li></ul><ul><li>Audit findings </li></ul><ul><li>Enterprise integration </li></ul><ul><li>Loss/incident tracking </li></ul><ul><li>Identify key risk indicators </li></ul><ul><li>Risk mitigation tracking </li></ul><ul><li>Risk transfer </li></ul><ul><li>Risk acceptance </li></ul><ul><li>Scenario analysis </li></ul>Recommend Create an Alternate Transaction or Modify Process Predict Model Threats, Risk, Opportunities and Outcomes Summarize Present or Display the Situational Context Compare Evaluate the Current Situations Synthesize Create a Situational view from Multiple Events Correlate Identify the Relationships Between Events Aggregate Combine Data from Various Events Alert Inform Users When Threshold is Crossed Track & Trace Detect, Track and Trace Evidence & Events
    10. 10. Compliance Challenges on the Horizon <ul><li>Early Stage Compliance Products and Tools </li></ul><ul><ul><li>Based on overly simplified process documentation management </li></ul></ul><ul><ul><li>Purpose-built domain expert stand-alone applications </li></ul></ul><ul><ul><li>Application specific governance modules </li></ul></ul><ul><ul><li>Reactive Compliance </li></ul></ul><ul><li>Evolving Compliance Requirements </li></ul><ul><ul><li>Automated controls across multiple applications (packaged and custom) </li></ul></ul><ul><ul><li>Process documents & auditable information outside applications </li></ul></ul><ul><ul><li>Reduce any costly, untrustworthy manual process </li></ul></ul><ul><ul><li>Proactive Compliance </li></ul></ul>
    11. 11. How Can SOA and BPM Help with Compliance? <ul><li>Enforce Enterprise-wide Risk and Compliance Policies </li></ul><ul><ul><li>Environment to define and execute business processes </li></ul></ul><ul><ul><li>Ability to control processes across the enterprise, across people, and across systems </li></ul></ul><ul><li>Monitoring Controls for Active Compliance </li></ul><ul><ul><li>Dynamic and graphical process modeling </li></ul></ul><ul><ul><li>Complete audit trail </li></ul></ul><ul><ul><li>Ability to capture data and events from all required systems to provide complete view of processes </li></ul></ul><ul><li>Event Driven Compliance </li></ul><ul><ul><li>Visibility into governance as they happen with control monitoring and alerts </li></ul></ul><ul><ul><li>Improved quality of compliance with less gaps at the end of each period </li></ul></ul><ul><ul><li>Evolution to a proactive versus reactive compliance strategy </li></ul></ul>
    12. 12. Our Agenda <ul><li>Brief Introduction to TIBCO Software Inc. </li></ul><ul><li>Overview of Risk and Compliance Challenges </li></ul><ul><li>Event-Decision Reference Architecture </li></ul><ul><ul><li>Service Oriented Architecture (SOA) </li></ul></ul><ul><ul><li>Business Process Management (BPM) </li></ul></ul><ul><li>TIBCO Customer Case Study </li></ul><ul><li>Example TIBCO SOA and BPM Products </li></ul>
    13. 13. Integrated BPM / SOA Solution Benefits <ul><li>Reduce Total Cost of Compliance and Risk Management </li></ul><ul><ul><li>Leverage initial investment in year one compliance effort </li></ul></ul><ul><ul><li>Achieve integration goals across the enterprise infrastructure </li></ul></ul><ul><li>Supports Sustainable, Ongoing Compliance Monitoring </li></ul><ul><ul><li>Enterprise platform for comprehensive governance and risk management </li></ul></ul><ul><ul><li>Platform for real-time event processing and reporting </li></ul></ul><ul><li>Enhance Business Performance and Drive Process Efficiencies </li></ul><ul><ul><li>Proactive detection not just reactive GAP correction </li></ul></ul><ul><ul><li>Improved information for decision-making holistic dashboards, drill-downs and real time visibility </li></ul></ul>
    14. 14. TIBCO SOA and BPM Architecture
    15. 15. A Functional Reference Event-Decision Architecture One View of Proactive Compliance Monitoring Flexible SOA and Event-Driven Architecture
    16. 16. How TIBCO Delivers: SOA <ul><li>TIBCO delivers a comprehensive integration platform capable of supporting virtually any integration scenario or IT asset </li></ul><ul><li>Accelerate event-driven, real-time integration with no coding required </li></ul><ul><li>Orchestrate and assemble reusable business services into flexible ‘composite’ services/applications </li></ul><ul><li>Deploy SOA to enable rapid adoption of advanced technologies (including TIBCO BPM and Business Optimization) </li></ul><ul><li>Functional Components of SOA and Business Integration: </li></ul><ul><li>Services Construction </li></ul><ul><ul><li>Create new services </li></ul></ul><ul><ul><li>Wrap & expose legacy assets </li></ul></ul><ul><li>Services Orchestration </li></ul><ul><ul><li>Model </li></ul></ul><ul><ul><li>Assemble </li></ul></ul><ul><ul><li>Deploy </li></ul></ul><ul><ul><li>Build composite service/apps </li></ul></ul><ul><li>Services Backbone & ESB </li></ul><ul><ul><li>Connect </li></ul></ul><ul><ul><li>Transport (multi-protocol messaging) </li></ul></ul><ul><ul><li>Mediate </li></ul></ul><ul><ul><li>Route & deliver </li></ul></ul><ul><ul><li>Event notification </li></ul></ul><ul><ul><li>Exception handling </li></ul></ul><ul><li>Services Lifecycle Management & Assurance </li></ul><ul><ul><li>Registry </li></ul></ul><ul><ul><li>Repository </li></ul></ul><ul><ul><li>Metadata management </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Policy </li></ul></ul>
    17. 17. How TIBCO Delivers: BPM TIBCO delivers a comprehensive business process management suite that is built on an SOA foundation and capable of supporting virtually processes <ul><li>Functional Components of BPM: </li></ul><ul><li>Process Modeling </li></ul><ul><ul><li>Team environment </li></ul></ul><ul><ul><li>Built for the business users </li></ul></ul><ul><li>Implementation </li></ul><ul><ul><li>Robust and scaleable engine </li></ul></ul><ul><ul><li>Leverage an SOA </li></ul></ul><ul><ul><li>Event driven </li></ul></ul><ul><li>Business Rules </li></ul><ul><ul><li>Built for the business users </li></ul></ul><ul><ul><li>Completeness and Ambiguity checking </li></ul></ul><ul><ul><li>Complete audit trail of decisions </li></ul></ul><ul><li>Measurement & Management </li></ul><ul><ul><li>Full audit trail of process </li></ul></ul><ul><ul><li>Real-time and historical reports </li></ul></ul><ul><ul><li>Unlimited access to external data </li></ul></ul><ul><li>User Interaction </li></ul><ul><ul><li>Portal services </li></ul></ul><ul><ul><li>Rich clients </li></ul></ul>Increase operational efficiency and effectiveness
    18. 18. Our Agenda <ul><li>Brief Introduction to TIBCO Software Inc. </li></ul><ul><li>Overview of Risk and Compliance Challenges </li></ul><ul><li>Event-Decision Reference Architecture </li></ul><ul><ul><li>Service Oriented Architecture (SOA) </li></ul></ul><ul><ul><li>Business Process Management (BPM) </li></ul></ul><ul><li>TIBCO Customer Case Study </li></ul><ul><li>Example TIBCO SOA and BPM Products </li></ul>
    19. 19. TIBCO Financial Services Customer Case Study Business Objectives and Operational Challenges <ul><li>Business Objectives </li></ul><ul><ul><li>Better exception management </li></ul></ul><ul><ul><li>Increase operational efficiency </li></ul></ul><ul><ul><li>Improve operational risk </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Processes span multiple application domains </li></ul></ul><ul><ul><li>Current integration is brittle </li></ul></ul><ul><ul><li>Redundant functionality and differences in data semantics further adds to the complexity </li></ul></ul><ul><li>Impact on the Users </li></ul><ul><ul><li>Trade status is not current or completely accurate </li></ul></ul><ul><ul><li>Exception management is often slow and labor intensive </li></ul></ul><ul><ul><li>Little formal prioritization of work </li></ul></ul>
    20. 20. The TIBCO Solution Enterprise Applications Legacy, Packaged, and Custom Trade Capture Security Masters Reference Data Clearing Apps Settlement Apps End-User Services Means of accessing and analyzing underlying information and activities Presentation Services Analytics and Reporting Portals Workflow UI Rich Applications Event Correlation Process Analysis Real-Time Dashboards Service Orchestration Orchestration of services and tasks (BPM) Business Process Management Reclaim Bad Broker Id Security Not Found Client Account Setup SLA violation Library of reusable services SMDB lookup Client lookup SWIFT Creation Event Handler Transform data Reference data Notification Messaging Integration Layer of Abstraction Business Services
    21. 21. The Proof of Concept Experience <ul><li>Business Requirements </li></ul><ul><ul><li>Provide timely and accurate view of trades </li></ul></ul><ul><ul><li>Manage exceptions using workflow </li></ul></ul><ul><ul><li>Prioritize of work </li></ul></ul><ul><ul><li>Reporting, Reporting, Reporting </li></ul></ul><ul><li>Technology Requirements </li></ul><ul><ul><li>Integration of several core applications using a variety of technologies </li></ul></ul><ul><ul><ul><li>Via native MQ-series, MQ-series to JMS, COBOL, SWIFT, XML, custom formats </li></ul></ul></ul><ul><ul><li>Architect the integration so it is easy to use, reusable, flexible </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Many interpretations of the business process </li></ul></ul><ul><ul><li>Different data semantics </li></ul></ul><ul><ul><li>Changing reporting requirements </li></ul></ul>
    22. 22. Project Highlighted Three Approaches <ul><li>Service Oriented Architecture (SOA) </li></ul><ul><ul><li>Master Security Lookup </li></ul></ul><ul><ul><ul><li>Created a web service to create a corporate-wide access to security master reference data </li></ul></ul></ul><ul><li>Event-Driven Architecture (EDA) </li></ul><ul><ul><li>Trade Status </li></ul></ul><ul><ul><ul><li>Tracked automatically every key stage of a trade, providing instant visibility of the status </li></ul></ul></ul><ul><ul><li>Exception-based processing </li></ul></ul><ul><ul><ul><li>When trade exception were raised, instantly launched a business process to manage it </li></ul></ul></ul><ul><li>Business Process Management (BPM) </li></ul><ul><ul><li>Processing “Don’t Knows” (DKs) </li></ul></ul><ul><ul><ul><li>Managing the process of manually handling and repairing DK’s </li></ul></ul></ul>
    23. 23. Benefits to Customer <ul><li>Exposed application functionality as global, reusable services </li></ul><ul><ul><li>For example, reference databases </li></ul></ul><ul><li>Orchestrated business processes that span business domains </li></ul><ul><ul><li>For example, repairing DKs </li></ul></ul><ul><li>Prioritized work based on rules aligned with business goals </li></ul><ul><ul><li>Operations personnel work on higher priority trades, based on trade value and customer SLAs </li></ul></ul><ul><li>Improved operational efficiency </li></ul><ul><ul><li>Mean time to repair and mean time between failures were reduced </li></ul></ul><ul><li>Increased visibility, reporting and analysis </li></ul><ul><ul><li>Enabled process improvements and better customer service </li></ul></ul>
    24. 24. Global Security Master Lookup Service Enterprise Backbone Security Master Lookup Client Master Database DTC SWIFT Order Management System SWIFT Security Master Database Settlement product detail Operations Specialist
    25. 25. End-To-End Business Process Management Straight Through Process (No Exceptions) Bad Broker ID Repair Process DK Repair Process Single model managing multiple business processes, tracking trade status and reporting on key milestones
    26. 26. Immediate Visibility of Trade Status TIBCO CUSTOMER URL - CONFIDENTIAL
    27. 27. Improved Operations Reporting TIBCO CUSTOMER URL - CONFIDENTIAL
    28. 28. Improved Analysis “ WHAT“ happened? “ HOW“ did it happen? “ WHY“ did it happen? Improved Analysis: Drives better processes and improved client service Monitoring KPIs (number of DKs per client ) Analyze DKs, reasons and resolutions Identify top- tier clients Evaluate behavior patterns in business processes Identify poorly performing clients
    29. 29. Customer Selected TIBCO Because: <ul><li>Our Products and Services Provide the Fastest Time to Market </li></ul><ul><ul><li>Complete Methodology for designing, deploying, managing services </li></ul></ul><ul><ul><ul><li>“You can’t help but develop in an SOA style” – Top 10 US Retail Bank </li></ul></ul></ul><ul><ul><li>“Out-of-the-box” connectivity to enterprise applications </li></ul></ul><ul><ul><ul><li>“TIBCO has reduced our integration from efforts from 13 weeks to 2 weeks” – Top 10 European Bank </li></ul></ul></ul><ul><ul><ul><li>“With TIBCO we completed the project in half the time with fewer resources” – Top 5 Global Fund Management Company </li></ul></ul></ul><ul><li>We Offer the Most Complete Set of Enabling Technologies to Support </li></ul><ul><ul><li>Process efficiency, client service, exception management, and visibility </li></ul></ul><ul><li>Our Experience </li></ul><ul><ul><li>Leading Wall Street firms are using our products for SOA, EDA, and BPM </li></ul></ul><ul><ul><li>20 years in building distributed applications in mission critical environments </li></ul></ul>
    30. 30. Our Agenda <ul><li>Brief Introduction to TIBCO Software Inc. </li></ul><ul><li>Overview of Risk and Compliance Challenges </li></ul><ul><li>Event-Decision Reference Architecture </li></ul><ul><ul><li>Service Oriented Architecture (SOA) </li></ul></ul><ul><ul><li>Business Process Management (BPM) </li></ul></ul><ul><li>TIBCO Customer Case Study </li></ul><ul><li>Example TIBCO SOA and BPM Products </li></ul>
    31. 31. Modeling & Simulation for the Process Owner TIBCO’s iProcess Studio Process Navigation Process Map Process Controls Simulation
    32. 32. Rules Designed for Process TIBCO’s iProcess Decision Studio Rules Vocabulary Spreadsheet Like Environment Ambiguity and Completeness Checking
    33. 33. Business Integration: Implement and Execute TIBCO’s BusinessWorks™ Native Standards based XSLT Mapper Drag-n-Drop Access to Resources Adapters, Resources, Deployment, & Management Configs Fully Integrated Test Environment Graphical Design
    34. 34. Real-Time Visibility & Continuous Improvement TIBCO’s BusinessFactor™ Process Maps Time Analysis Case Data Intuitive Navigation
    35. 35. High Performance, Event-Driven Rules-Engine TIBCO’s BusinessEvents™ Object Oriented Design-Time Environment Example View of BE State Machine – Operational Risk Management
    36. 36. The TIBCO Advantage for Your Business <ul><li>High-Performance Process Management & Integration </li></ul>No Rip and Replace Quick Wins, Strategic Advantage <ul><ul><li>Leverage and extend your existing assets and investments </li></ul></ul><ul><ul><li>Choose your own road…don’t get locked into a single application, appserver, database or platform </li></ul></ul><ul><ul><li>Individual project deployments for rapid ROI </li></ul></ul><ul><ul><li>Strategic architecture and approach lowers TCO </li></ul></ul><ul><ul><li>Select and implement the capabilities you need now; then add more as your requirements grow over time </li></ul></ul>
    37. 37. Thank You! Tim Bass, CISSP Principal Global Architect. Director [email_address]