Process Innovation vs. Governance, Risk and Compliance

5,688
-1

Published on

Presentation on the interplay of risk and innovation, given at the 2008 International BPM Standards Conference in Seoul, Korea on Oct 17th, 2008.

1 Comment
13 Likes
Statistics
Notes
  • What does the Kanji symbol mean, Michael? I get 'danger tree desk' (generally) from online search- do you have amore specific context in mind? Thanks!

    Hope things are progressing with the paperwork update fiasco!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
5,688
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
739
Comments
1
Likes
13
Embeds 0
No embeds

No notes for slide

Process Innovation vs. Governance, Risk and Compliance

  1. 1. Process Innovation versus Governance, Risk and Compliance Michael zur Muehlen, Ph.D. Center of Excellence in Business Process Innovation Howe School of Technology Management Stevens Institute of Technology Hoboken NJ Michael.zurMuehlen@stevens.edu 1
  2. 2. 2
  3. 3. 3
  4. 4. 4
  5. 5. What this Talk is About Risk: Driving Process Management What are operational risks in the context of BPM? How to identify operational risks How to prioritize operational risks How to make better decisions based on risk information 5
  6. 6. Governance, Risk, Compliance G Governance: Effective Process Management R Risk: The Probability of Process Failure C Compliance: Meeting Regulatory Requirements 6
  7. 7. Motivation Drivers for Business Process Management (BPM) Performance Compliance Business Process Improvement Mandated compliance (e.g. SOX) Engineering of Process-aware IS Desired compliance (e.g. ISO, ITIL) 7
  8. 8. High Performance Processes Text2Insure: Provide Travel and Car Insurance via SMS Provides Quote within 60 seconds Reply “BUY” Call from agent within 10 min for payment details Cover2go: Accidental Death Insurance Fees taken from cell phone bill 8
  9. 9. High Compliance Processes Sample Application: Rules engine with decision tree for underwriting and claims handling Rules engine evaluates case in parallel with employee If discrepancy between outcomes is detected, case is flagged and sent to manager 9
  10. 10. Great! Now What Do We Do With It? 10
  11. 11. Process Innovation Project Autograph Usage-based Insurance Billing New Process New Technology New Value Proposition 11
  12. 12. Process Innovation Project Failed Lack of Standard Process Expensive Technology Customers not ready 12
  13. 13. Learn from Outside Telecom Billing Process Free GPS Rate depends on mileage driven Industry-strength Billing Process 13
  14. 14. Operational Process Risk 14
  15. 15. BPM Risk Management Focus on providing value for Focus on ensuring value for stakeholders stakeholders Performance depends on effectiveness Risk is an inherent property of business of business processes processes Performance is influenced by process Risk is mitigated by process design design Feedback is obtained through Feedback is obtained through Risk Performance Indicators assigned to Indicators assigned to systems and systems and processes processes Performance objectives are achieved Risk is mitigated through optimized through optimized processes processes Compare Frew (2006) Risk Management and BPM 15
  16. 16. Payroll date < 3 days from today Payroll Process Payroll System Enter Payroll run information Accounting Staff Member Payroll run information entered Supervisor 1 Approve Payroll run Supervisor 2 XOR Payroll run Payroll run not approved approved Transmit Payroll Payroll System run information to Bank Payroll run information transmitted 16
  17. 17. Payroll date < 3 days from today Enter Payroll run information Payroll run information entered Transmit Payroll run information to Bank Payroll run information transmitted Process without Control Activities 17
  18. 18. Payroll date < 3 days from today Enter Payroll run Data Entry ! Sign-off Payroll information Mistake Run Payroll run information entered Transmit Payroll run information Transmission ! Verify Transmission Failure Acknowledgement to Bank Payroll run information transmitted Common Risk Modeling 18
  19. 19. Payroll date < 3 days from today Enter Payroll run Accounting Staff Payroll System Member information Payroll run Payroll Run information Request entered Transmit Payroll Payroll System run information to Bank Payroll run information transmitted Closer Look At The Process 19
  20. 20. Payroll date < 3 days from today Data Entry ! Sign-off Payroll ! Sign-off Failure Mistake Run ! Payroll System Payroll System Enter Payroll run Accounting Staff Member ! Staff member not Failure information available Payroll Run ! Payroll Run Payroll run Staff member ! enters fraudulent Request made information data Request entered public Staff member not sufficiently Transmit Payroll qualified Payroll System run information to Bank Transmission ! Verify Transmission Failure Acknowledgement Payroll run information transmitted Component Risk 20
  21. 21. Faults, Errors, Failures 21
  22. 22. Fault Latency Payroll date < 3 days from today Inexperienced Staff Member on Duty Wrong Date Enter Payroll run Accounting Staff Payroll System Member information Entered Fault Payroll run information entered Complacent Supervisors Supervisor 1 Error Approve Payroll run Faulty Payroll Supervisor 2 Run Approved XOR Failure Payroll run Payroll run not approved approved Faulty Payroll System Transmit Payroll run information Payroll Run Transmitted to Bank Payroll run information transmitted 22
  23. 23. Event Sequence A B C D E F G Fault Error Error is Action is Action is Point of no Consequence exists occurs identified initiated completed return ensues Possible Event Sequences 23
  24. 24. Hard and Soft Constraints Hard Constraints: Process Rules Soft Constraints: Business Rules Data dependencies Risk mitigation activities Resource dependencies Documentation Must not be violated Checks and Balances Failure leads to broken process Can be worked around Failure leads to non-compliance 24
  25. 25. 25
  26. 26. regulatory & oversight value preserving value adding 26
  27. 27. Balloon vs. Marble “Lean” Process “Fat” Process Vulnerable to Outside Risk (Nearly) immune to Outside Risk Few, if any, Internal Controls Strong Governance Component Bottom line: Need to know context to choose 27
  28. 28. Alternative Control Patterns 28
  29. 29. Alternative Control Patterns 29
  30. 30. Payroll date < 3 days from today Enter Payroll run Accounting Staff Payroll System Member information Payroll run information Process Control Pattern entered Supervisor 1 Supervisor 1 Approve Payroll Approve Payroll run run Supervisor 2 Supervisor 2 XOR XOR Payroll run Payroll run not Payroll run Payroll run not approved approved approved approved Transmit Payroll Payroll System run information to Bank Payroll run information Control Patterns transmitted 30
  31. 31. Exception Based Underwriting Underwriter reviews APS’s and some complex cases Rule Engine validates App is Scanned Data Entry Application information and OCR’ed And Validation and Issues some policies FileNet 24/7 Issue System Workflow Admin System Image System and Rule Engine Expanded Rules with Automatic Interface Producer functionality may include: receives policy Straight-through processing for delivery. Intelligent requirement processing Automated issue Minimized admin system entry 31 Source: Royce (2007) Workload Balancing
  32. 32. Takeaways BPM-based Process Governance creates room for Innovation Operational Risk Management requires separation of Value-adding activities Control activities BPM Solutions can help enforce Compliance Access Control Audit Trail Logging Enforcement of QoS such as response times 32
  33. 33. Thank You - Questions? Michael zur Muehlen, Ph.D. Center of Excellence in Business Process Innovation Howe School of Technology Management Stevens Institute of Technology Castle Point on the Hudson Hoboken, NJ 07030 Phone: +1 (201) 216-8293 Fax: +1 (201) 216-5385 E-mail: mzurmuehlen@stevens.edu Web: http://www.cebpi.org slides: www.slideshare.net/mzurmuehlen 33
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×