0
Process Innovation versus
Governance, Risk and Compliance
Michael zur Muehlen, Ph.D.
Center of Excellence in Business Proc...
2
3
4
What this Talk is About
 Risk: Driving Process Management
 What are operational risks in the context of BPM?
 How to ident...
Governance, Risk, Compliance

  G   Governance: Effective Process Management



  R   Risk: The Probability of Process Fai...
Motivation
                           Drivers for
          Business Process Management (BPM)




       Performance      ...
High Performance Processes
 Text2Insure: Provide Travel and
 Car Insurance via SMS
 Provides Quote within 60 seconds
 Repl...
High Compliance Processes
 Sample Application: Rules engine with decision tree
 for underwriting and claims handling
 Rule...
Great!
Now What Do We Do
     With It?

                10
Process
Innovation
 Project Autograph
 Usage-based Insurance
 Billing
 New Process
 New Technology
 New Value Proposition
...
Process
Innovation
 Project Failed
 Lack of Standard Process
 Expensive Technology
 Customers not ready




              ...
Learn from Outside
 Telecom Billing Process
 Free GPS
 Rate depends on mileage driven
 Industry-strength Billing Process

...
Operational Process Risk
                       14
BPM                         Risk Management
   Focus on providing value for
                                          Focu...
Payroll date < 3
                                                               days from today




Payroll Process       ...
Payroll date < 3
             days from today




             Enter Payroll run
               information




          ...
Payroll date < 3
days from today




Enter Payroll run   Data Entry
                                 !     Sign-off Payrol...
Payroll date < 3
                  days from today




                  Enter Payroll run   Accounting Staff
 Payroll Sys...
Payroll date < 3
                                  days from today      Data Entry
                                       ...
Faults, Errors, Failures
                       21
Fault Latency                                             Payroll date < 3
                                               ...
Event
Sequence

  A          B          C           D            E            F             G
 Fault      Error     Error ...
Hard and Soft Constraints
Hard Constraints: Process Rules      Soft Constraints: Business Rules
   Data dependencies      ...
25
regulatory
& oversight
  value
preserving


   value
  adding




              26
Balloon vs. Marble




“Lean” Process                   “Fat” Process
Vulnerable to Outside Risk       (Nearly) immune to ...
Alternative Control Patterns
                           28
Alternative Control Patterns
                           29
Payroll date < 3
                                             days from today




                                        ...
Exception Based Underwriting
                                                                                 Underwriter ...
Takeaways
 BPM-based Process Governance creates room for Innovation
 Operational Risk Management requires separation of
  ...
Thank You - Questions?
Michael zur Muehlen, Ph.D.
Center of Excellence in Business Process Innovation
Howe School of Techn...
Upcoming SlideShare
Loading in...5
×

Process Innovation vs. Governance, Risk and Compliance

5,362

Published on

Presentation on the interplay of risk and innovation, given at the 2008 International BPM Standards Conference in Seoul, Korea on Oct 17th, 2008.

1 Comment
12 Likes
Statistics
Notes
  • What does the Kanji symbol mean, Michael? I get 'danger tree desk' (generally) from online search- do you have amore specific context in mind? Thanks!

    Hope things are progressing with the paperwork update fiasco!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
5,362
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
731
Comments
1
Likes
12
Embeds 0
No embeds

No notes for slide

Transcript of "Process Innovation vs. Governance, Risk and Compliance"

  1. 1. Process Innovation versus Governance, Risk and Compliance Michael zur Muehlen, Ph.D. Center of Excellence in Business Process Innovation Howe School of Technology Management Stevens Institute of Technology Hoboken NJ Michael.zurMuehlen@stevens.edu 1
  2. 2. 2
  3. 3. 3
  4. 4. 4
  5. 5. What this Talk is About Risk: Driving Process Management What are operational risks in the context of BPM? How to identify operational risks How to prioritize operational risks How to make better decisions based on risk information 5
  6. 6. Governance, Risk, Compliance G Governance: Effective Process Management R Risk: The Probability of Process Failure C Compliance: Meeting Regulatory Requirements 6
  7. 7. Motivation Drivers for Business Process Management (BPM) Performance Compliance Business Process Improvement Mandated compliance (e.g. SOX) Engineering of Process-aware IS Desired compliance (e.g. ISO, ITIL) 7
  8. 8. High Performance Processes Text2Insure: Provide Travel and Car Insurance via SMS Provides Quote within 60 seconds Reply “BUY” Call from agent within 10 min for payment details Cover2go: Accidental Death Insurance Fees taken from cell phone bill 8
  9. 9. High Compliance Processes Sample Application: Rules engine with decision tree for underwriting and claims handling Rules engine evaluates case in parallel with employee If discrepancy between outcomes is detected, case is flagged and sent to manager 9
  10. 10. Great! Now What Do We Do With It? 10
  11. 11. Process Innovation Project Autograph Usage-based Insurance Billing New Process New Technology New Value Proposition 11
  12. 12. Process Innovation Project Failed Lack of Standard Process Expensive Technology Customers not ready 12
  13. 13. Learn from Outside Telecom Billing Process Free GPS Rate depends on mileage driven Industry-strength Billing Process 13
  14. 14. Operational Process Risk 14
  15. 15. BPM Risk Management Focus on providing value for Focus on ensuring value for stakeholders stakeholders Performance depends on effectiveness Risk is an inherent property of business of business processes processes Performance is influenced by process Risk is mitigated by process design design Feedback is obtained through Feedback is obtained through Risk Performance Indicators assigned to Indicators assigned to systems and systems and processes processes Performance objectives are achieved Risk is mitigated through optimized through optimized processes processes Compare Frew (2006) Risk Management and BPM 15
  16. 16. Payroll date < 3 days from today Payroll Process Payroll System Enter Payroll run information Accounting Staff Member Payroll run information entered Supervisor 1 Approve Payroll run Supervisor 2 XOR Payroll run Payroll run not approved approved Transmit Payroll Payroll System run information to Bank Payroll run information transmitted 16
  17. 17. Payroll date < 3 days from today Enter Payroll run information Payroll run information entered Transmit Payroll run information to Bank Payroll run information transmitted Process without Control Activities 17
  18. 18. Payroll date < 3 days from today Enter Payroll run Data Entry ! Sign-off Payroll information Mistake Run Payroll run information entered Transmit Payroll run information Transmission ! Verify Transmission Failure Acknowledgement to Bank Payroll run information transmitted Common Risk Modeling 18
  19. 19. Payroll date < 3 days from today Enter Payroll run Accounting Staff Payroll System Member information Payroll run Payroll Run information Request entered Transmit Payroll Payroll System run information to Bank Payroll run information transmitted Closer Look At The Process 19
  20. 20. Payroll date < 3 days from today Data Entry ! Sign-off Payroll ! Sign-off Failure Mistake Run ! Payroll System Payroll System Enter Payroll run Accounting Staff Member ! Staff member not Failure information available Payroll Run ! Payroll Run Payroll run Staff member ! enters fraudulent Request made information data Request entered public Staff member not sufficiently Transmit Payroll qualified Payroll System run information to Bank Transmission ! Verify Transmission Failure Acknowledgement Payroll run information transmitted Component Risk 20
  21. 21. Faults, Errors, Failures 21
  22. 22. Fault Latency Payroll date < 3 days from today Inexperienced Staff Member on Duty Wrong Date Enter Payroll run Accounting Staff Payroll System Member information Entered Fault Payroll run information entered Complacent Supervisors Supervisor 1 Error Approve Payroll run Faulty Payroll Supervisor 2 Run Approved XOR Failure Payroll run Payroll run not approved approved Faulty Payroll System Transmit Payroll run information Payroll Run Transmitted to Bank Payroll run information transmitted 22
  23. 23. Event Sequence A B C D E F G Fault Error Error is Action is Action is Point of no Consequence exists occurs identified initiated completed return ensues Possible Event Sequences 23
  24. 24. Hard and Soft Constraints Hard Constraints: Process Rules Soft Constraints: Business Rules Data dependencies Risk mitigation activities Resource dependencies Documentation Must not be violated Checks and Balances Failure leads to broken process Can be worked around Failure leads to non-compliance 24
  25. 25. 25
  26. 26. regulatory & oversight value preserving value adding 26
  27. 27. Balloon vs. Marble “Lean” Process “Fat” Process Vulnerable to Outside Risk (Nearly) immune to Outside Risk Few, if any, Internal Controls Strong Governance Component Bottom line: Need to know context to choose 27
  28. 28. Alternative Control Patterns 28
  29. 29. Alternative Control Patterns 29
  30. 30. Payroll date < 3 days from today Enter Payroll run Accounting Staff Payroll System Member information Payroll run information Process Control Pattern entered Supervisor 1 Supervisor 1 Approve Payroll Approve Payroll run run Supervisor 2 Supervisor 2 XOR XOR Payroll run Payroll run not Payroll run Payroll run not approved approved approved approved Transmit Payroll Payroll System run information to Bank Payroll run information Control Patterns transmitted 30
  31. 31. Exception Based Underwriting Underwriter reviews APS’s and some complex cases Rule Engine validates App is Scanned Data Entry Application information and OCR’ed And Validation and Issues some policies FileNet 24/7 Issue System Workflow Admin System Image System and Rule Engine Expanded Rules with Automatic Interface Producer functionality may include: receives policy Straight-through processing for delivery. Intelligent requirement processing Automated issue Minimized admin system entry 31 Source: Royce (2007) Workload Balancing
  32. 32. Takeaways BPM-based Process Governance creates room for Innovation Operational Risk Management requires separation of Value-adding activities Control activities BPM Solutions can help enforce Compliance Access Control Audit Trail Logging Enforcement of QoS such as response times 32
  33. 33. Thank You - Questions? Michael zur Muehlen, Ph.D. Center of Excellence in Business Process Innovation Howe School of Technology Management Stevens Institute of Technology Castle Point on the Hudson Hoboken, NJ 07030 Phone: +1 (201) 216-8293 Fax: +1 (201) 216-5385 E-mail: mzurmuehlen@stevens.edu Web: http://www.cebpi.org slides: www.slideshare.net/mzurmuehlen 33
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×