An Integrated Methodology on Business Process Management and Risk Management, A Suggested Approach
Author(s)
Katsirou, Ioanna
Date Issued
2024-05
Faculty
Enterprise Risk Management
Abstract
One of the most crucial challenges organizations face is to improve their bottom line results, with the operational risks being the basic and most common events for any business unit in an organization (Callahan and Soileau, 2017). While the identification of critical success factors for managing projects has been addressed (Muehlen, 2005), the risks related to business process models incorporated by organizations, have not received relevant attention. This is a concern, since although what an organization does in terms of processes documentation relates to a series of activities its executives manage and aim to improve, they largely depend on the identification of risks.
Risk identification is the process via which organizations recognize the risks they are exposed. The identification process is comprised of reviewing, analyzing and determining the risk profiles of the business units. A number of tools, methods, methodologies have been developed as enablers to this need. It is important to note that the approach proposed in this study is indicative and is not intended to cover every single risk of every organization.
Aim and Objectives
The objective was to combine perspectives, evaluate current approaches, deduce relevant taxonomies and conclude to a proposed approach (theoretical model). In that respect, the purpose was to synthesize research questions and sample characteristics indicatively research articles, books and other published texts.
By providing the linking chain between risk management and business process management, this paper aims to enhance the approach for a more efficient risk assessment towards a more concrete and risk informed decision making, based on a risk self-assessment method. This study leads to the development of “risk library”, enabling risk identification in key business areas, to further strengthen the way risk management is being implemented in typical organizations in Greece.
Structure of the thesis
Based in the rationale that risks are inherent properties of every business process and techniques are needed to identify and finally treat them, this paper aims to address the topic of risk management in the context of business process management. The introduction of this paper (chapter 1), is triggered by the latest results on the maturity of risk management in telecom business process management, and conducted by the American Productivity & Quality Center (APQC).
The second chapter provides an overview of the theoretical underpinnings of literature review. Its first part delves into the concept of risk management and elaborates on risk taxonomy. Its second part elaborates on business process management concept and reviews two well-known process frameworks that will be used as a reference for our study, that of Process Classification Framework (PCF) developed by the American Productivity & Quality Center (APQC) and that of e-TOM framework developed by TeleManagement (TM) Forum. The latter part of this chapter synthesizes on the above mentioned frameworks and presents a taxonomy of processes based on BPM frameworks. The consequent part synthesizes on the above mentioned frameworks and presents a process based taxonomy, ending with the research gap identified.
Chapter three presents the research methodology that has been applied. Its objective was to validate the perception of the business need for the proposed approach of a “risk library”, by evaluating participants’ insight on the maturity of process documentation, on the extent of risks being documented in business processes and on the potential benefit such an approach could provide to organizations in core business processes.
Chapter four is the apposition of the proposed approach and its relevant matrix, a risk self-assessment method to be applied by team of executives who will perform the walkthroughs / assessments and conduct the interviews when drafting processes, imperative to be knowledgeable in BPM frameworks and in the risk management process implemented in the organization. The final part of the thesis, chapter five, is composed by limitations and concluding remarks.
Risk identification is the process via which organizations recognize the risks they are exposed. The identification process is comprised of reviewing, analyzing and determining the risk profiles of the business units. A number of tools, methods, methodologies have been developed as enablers to this need. It is important to note that the approach proposed in this study is indicative and is not intended to cover every single risk of every organization.
Aim and Objectives
The objective was to combine perspectives, evaluate current approaches, deduce relevant taxonomies and conclude to a proposed approach (theoretical model). In that respect, the purpose was to synthesize research questions and sample characteristics indicatively research articles, books and other published texts.
By providing the linking chain between risk management and business process management, this paper aims to enhance the approach for a more efficient risk assessment towards a more concrete and risk informed decision making, based on a risk self-assessment method. This study leads to the development of “risk library”, enabling risk identification in key business areas, to further strengthen the way risk management is being implemented in typical organizations in Greece.
Structure of the thesis
Based in the rationale that risks are inherent properties of every business process and techniques are needed to identify and finally treat them, this paper aims to address the topic of risk management in the context of business process management. The introduction of this paper (chapter 1), is triggered by the latest results on the maturity of risk management in telecom business process management, and conducted by the American Productivity & Quality Center (APQC).
The second chapter provides an overview of the theoretical underpinnings of literature review. Its first part delves into the concept of risk management and elaborates on risk taxonomy. Its second part elaborates on business process management concept and reviews two well-known process frameworks that will be used as a reference for our study, that of Process Classification Framework (PCF) developed by the American Productivity & Quality Center (APQC) and that of e-TOM framework developed by TeleManagement (TM) Forum. The latter part of this chapter synthesizes on the above mentioned frameworks and presents a taxonomy of processes based on BPM frameworks. The consequent part synthesizes on the above mentioned frameworks and presents a process based taxonomy, ending with the research gap identified.
Chapter three presents the research methodology that has been applied. Its objective was to validate the perception of the business need for the proposed approach of a “risk library”, by evaluating participants’ insight on the maturity of process documentation, on the extent of risks being documented in business processes and on the potential benefit such an approach could provide to organizations in core business processes.
Chapter four is the apposition of the proposed approach and its relevant matrix, a risk self-assessment method to be applied by team of executives who will perform the walkthroughs / assessments and conduct the interviews when drafting processes, imperative to be knowledgeable in BPM frameworks and in the risk management process implemented in the organization. The final part of the thesis, chapter five, is composed by limitations and concluding remarks.
Publisher
Ανοικτό Πανεπιστήμιο Κύπρου
Format
iii, 70 p., 30 cm.
File(s)![Thumbnail Image]()
Loading...
Name
ERM-2024-00073.pdf
Size
1.78 MB
Format
Adobe PDF
Checksum
(MD5):9c2a690179300b8f02598b0a7477200c