Business Process Level Research Articles

REAL-WORLD ACCESS CONTROL SYSTEMATIC FAILURES; REALITY OR VIRTUAL REALITY?

This paper examines the true causes of systematic failures of real-world access control within the context of modern business transactions. Today’s business transactions depend heavily on systems that were developed and protected by off-the-shelf, checklist-mentality security technologies/products such as firewalls, intrusion detection systems and anti-virus software. This dependency, as well as the oversight of system level security requirements, frequently leads to incorrect and incomplete security implementation at the business process and transaction levels. To fully illustrate the critical issues faced by today’s system, this paper utilizes a real-life cyber crime case for analytical purposes. This case was successfully prosecuted by a jury trial at the US Federal Court in Seattle during the period of 1999-2000. It revealed many fatal system security failures and business process trust collapses in an environment involving multiple online web-based systems. The paper then shows how such failures are directly attributed from the inappropriate application of technologies/products based on false assumptions of trust, as well as the lack of appropriate security engineering process during the systems development phase. Observations and recommendations are also made regarding what can be done to enhance security and trust requirements at the levels of business transactions and processes.

Quality of Information and Access Cost of IoT Resources in BPMN Processes

From an Internet of Things aware business processes perspective, quality of information of physical resources as well as access cost information provide important criteria to differentiate resource providers and to choose the one that meets process requirements. Despite business process languages, such as Business Process Model and Notation (BPMN2.0) do not foresee quality of information aspects, recent works extend the BPMN2.0 to include them. This way, the definition of process models can include quality requirements and process execution can be adapted considering these criteria. In this paper we take a step forward by bringing access cost information (e.g. energy consumption) to the business process level. Quality of information cannot be assessed alone due to its interdependency with access cost (e.g. increasing sensor sampling rate will improve not only information quality but also energy consumption). Therefore, quality of information and access cost can be used in process definitions, as well as to optimize and adapt process execution. Additionally, changing quality and cost requirements can also influence physical resources behavior at runtime as, for instance, in dealing with unexpected exceptions. Hence, processes can control and make tradeoffs regarding quality of information and access cost.

XrML-RBLicensing approach adapted to the BPEL process of composite web services

Web service orchestration represents an open and standards-based approach for connecting web services together leading to higher level of business processes. Business Process Execution Language (BPEL) engines are designed to handle this orchestration. However, web service compositions into BPEL suffer from several non-functional requirements such as security. To address this problem, we propose in this paper a novel approach that is based on a harmony between the licensing concept offered by eXtensible rights Markup Language (XrML), aspect-oriented programming (AOP), and web service compositions in BPEL. Our proposed approach, based on XrML, offers the ability to associate security licenses with activities offered by the composite web services. It allows to automatically generate BPEL aspects depending on the developed licenses, to separate between crosscutting concerns of the composed web services, and provides an easy way to include and update the non-functional requirements (e.g., security) into a BPEL process. It offers also the ability to validate the licenses, at runtime and without affecting the business logic of this model. To evaluate our approach, we have developed an inventory control system (ICS) sample that is composed of several web services. Case study and performance analysis are presented to demonstrate its feasibility as well.

ERP system implementation in SMEs: exploring the influences of the SME context

Small and medium-sized enterprises (SMEs) are increasingly implementing enterprise resource planning (ERP) systems. Compared to large enterprises, SMEs differ in a number of inherent characteristics, which are likely to impact the ERP system implementations. The purpose of this study is to explore these influences of the SME context on the ERP system implementation process. SME characteristics are synthesised from relevant literature and the influences of the contextual factors on various activities across the ERP life cycle are investigated. The study presents findings from a multiple case study of four SMEs. The ownership type of the companies and limited resources were identified as the most influential contextual factors. Among the ERP life-cycle phases, the implementation phase was affected most by the SME context. The case studies also illustrate the need for a more nuanced view on what should be considered general characteristics of SMEs; for example, regarding the level of IS knowledge, business processes, and market characteristics.

Sophisticating business performance management for banks: using data envelopment analysis on business process level

Crucial bank inefficiencies are rooted in the bank’s production processes. From an operations perspective, the assessment of inefficiencies, especially in highly standardised processes, should lead to better directed action for improvement and hence efficiency enhancement. This paper presents a new application of DEA for the measurement of business process efficiency. In our case study, the efficiency of the securities settlement and clearing process of a large European bank is analysed. It is a unique, large-scale dataset containing actual production data of this bank. Two different input-output models are used, representing most important objectives of operations managers in process performance analysis. The results show a high variance in process performance among different perspectives of analysis, indicating production inefficiencies in the process execution.

Process clusters for information system diagnostics: an approach by Organisational Urbanism

The objective of this research is to use enterprise architecture models in order to develop a decision aid approach to facilitate change management of information systems (ISs). Therefore, we propose to use Organisational Urbanism. One of the principal added-values of this approach is its ability to analyse IS change constraints at the business process level. Organisational Urbanism starts by generating business process cluster maps, which are based on criteria that facilitate changes. These clusters will then constitute pertinent business domains used to structure the deployment of IS changes. Moreover, they can be used to diagnose specific aspects of ISs transformations. Thus, the objective of this study is to help IS managers to better select and implement change scenarios. The clustering method as well as an application for IS diagnostics are explained. The results are illustrated with a case study in partnership with STMicroelectronics.

Is there a tactical level of business processes?

PurposeAs companies are facing an increased need for knowledge creation, innovation, improvement, and change, the processes that enable these matters should be identified. The purpose of this paper is to identify and find a way of classifying these processes.Design/methodology/approachThe paper conducted literature studies to identify what could be the tactical processes. This has then been exemplified through a case study in the automotive industry where the focus has been on the formal process descriptions and how decisions and roles are distributed.FindingsFrom the case study the paper can identify processes that could be classified as tactical, as they are not only “something between” the strategic and operational processes, but also different by nature, as they are related to certain dynamic elements of a company, such as knowledge creation, innovations and improvements.Research limitations/implicationsTo some extent the research is based on formal descriptions in systems and documents from a case in the automotive industry. Interviews have been conducted but more cases and interviews would provide a better picture of the tactical processes and how they are designed and implemented.Practical implicationsThe paper argues that there is a level of processes that could be classified as tactical as well as strategic and operational. These processes are increasingly important as they represent activities within R&D and improvement, which are important aspects of, for example, lean strategies. Design, responsibilities and ownership of these tactical processes are important strategic decisions.Originality/valueThe original value of the paper is that introducing the tactical level could facilitate the identification, analyses and decisions regarding the processes that play an increasingly important role in manufacturing strategies.

Combining business process and failure modelling to increase yield in electronics manufacturing

The prediction and capturing of defects in low-volume assembly of electronics is a technical challenge that is a prerequisite for design for manufacturing (DfM) and business process improvement (BPI) to increase first-time yields and reduce production costs. Failures at the component-level (component defects) and system-level (such as defects in design and manufacturing) have not been incorporated in combined prediction models. BPI efforts should have predictive capability while supporting flexible production and changes in business models. This research was aimed at the integration of enterprise modelling (EM) and failure models (FM) to support business decision making by predicting system-level defects. An enhanced business modelling approach which provides a set of accessible failure models at a given business process level is presented in this article. This model-driven approach allows the evaluation of product and process performance and hence feedback to design and manufacturing activities hence improving first-time yield and product quality. A case in low-volume, high-complexity electronics assembly industry shows how the approach leverages standard modelling techniques and facilitates the understanding of the causes of poor manufacturing performance using a set of surface mount technology (SMT) process failure models. A prototype application tool was developed and tested in a collaborator site to evaluate the integration of business process models with the execution entities, such as software tools, business database, and simulation engines. The proposed concept was tested for the defect data collection and prediction in the described case study.

Integrating the critical success factor method into the business process outsourcing decision

This paper outlines a framework that integrates the critical success factor (CSF) method into the outsourcing decision. The framework builds upon the generic outsourcing evaluation methodology and uses the CSF method as a means of evaluating outsourcing at the business process level. The findings from applying the outsourcing framework in a retail bank are presented. The research found the application of the framework delivered positive results in business process outsourcing decisions. As well as linking outsourcing with organisational strategy, it provided a mechanism and language for prioritising which processes require attention through either internal improvement or outsourcing. However, the findings identified a number of challenges with applying the framework including defining processes and understanding complex interdependencies between business processes prior to outsourcing.

Quantifying coordination work as a function of the task uncertainty and interdependence

PurposeThe purpose of this paper is to contribute to the understanding of coordination in business processes by quantifying how the coordination load is affected by changes in task structure and task characteristics.Design/methodology/approachA model is presented that quantifies the amount of coordination work as a function of the task characteristics analyzability and variability and the task structure factor of interdependence. To test the model, a management simulation game is used with a full factorial design of experiments. Two replications are conducted for each treatment. Validated questionnaires and time studies are used to obtain the data.FindingsAnalyses of the experimental results indicate that as task analyzability decreases and task interdependence increases then the coordination load increases. The increase in coordination load is greater for changes in task interdependence than for changes in task analyzability.Practical implicationsThe experimental results indicate the time savings from doing tasks in parallel versus sequential are less than what would expected due to the increased interdependence between tasks and the resulting requirements for coordination. These results can be used to understand the trade‐offs of different process configurations, primarily how coordination load changes when a process is changed from sequential to parallel.Originality/valueThis research deviates from previous research in that the coordination load difference is measured when going from a sequential process to a parallel process. Most previous studies have shown differences but not the magnitude of the difference. Moreover, most previous studies have been at the organization level, while this research focuses on the business process level.

An Adaptive E-Commerce Architecture for Enterprise Information Exchange

This article contributes to the design of a generic framework for providing a new way to exchange information between enterprises. This concept is a well addressed in the context of B2B standards. Many organizations are increasingly searching for adopting these standards to automate data exchange. But the limit of such models resides in the fact that the content of exchange is defined in several formats which make their use difficult. To overcome this difficulty, we have explored the possibility to integrate new models for describing content involved in B2B transaction which represent a key issue. Our finding establishes the feasibility of integrating product models described by ontology with e-commerce standards especially at the business process level. This article presents a descriptive model allowing partners to exchange information with other organisations without modifying their Information System. The case study also indicates that our system is developed as a Service Oriented Architecture.

A business process-oriented method of KM solution design: A case study of Samsung Electronics

Improving how knowledge is leveraged in organizations for improved business performance is today considered as a major organizational change. Knowledge management (KM) projects are stigmatized as demanding, fuzzy and complex, with questionable outcomes—more than 70% of them do not deliver what they promised. A case of Samsung Electronics mobile branch we present shows how KM projects can be more successful if they are treated as business process-oriented organizational change projects. Both organizations and academia can stand on the shoulders of giants as previous experience and research in that area is rich. Adding the KM flavor to such organizational change is the goal of this case study; the learning outcomes include a six-step KM solution design method, a justification for the business process level of analysis and managerial action, and the need for modest and just-do-it approach when introducing KM-related organizational interventions.

A BPMN Extension for the Modeling of Security Requirements in Business Processes

Business Processes are considered a crucial issue by many enterprises because they are the key to maintain competitiveness. Moreover, business processes are important for software developers, since they can capture from them the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. Security is important for business performance, but traditionally, it is considered after the business processes definition. Empirical studies show that, at the business process level, customers, end users, and business analysts are able to express their security needs. In this work, we will present a proposal aimed at integrating security requirements through business process modeling. We will summarize our Business Process Modeling Notation extension for modeling secure business process through Business Process Diagrams, and we will apply this approach to a typical health-care business process.

From IT Leveraging Competence to Competitive Advantage in Turbulent Environments: The Case of New Product Development

A burning question for information systems (IS) researchers and practitioners is whether and how IT can build a competitive advantage in turbulent environments. To address this question, this study focuses on the business process level of analysis and introduces the construct of IT leveraging competence—the ability to effectively use IT functionalities. This construct is conceptualized in the context of new product development (NPD). IT leveraging competence is shown to indirectly influence competitive advantage in NPD through two key mediating links: functional competencies (the ability to effectively execute operational NPD processes) and dynamic capabilities (the ability to reconfigure functional competencies to address turbulent environments). Environmental turbulence is also shown to moderate the process by which IT leveraging competence influences competitive advantage in NPD. Empirical data were collected from 180 NPD managers. Through the construct of IT leveraging competence, the study shows that the effective use of IT functionalities, even generic functionalities, by business units can help build a competitive advantage. The study also shows that the strategic effect of IT leveraging competence is more pronounced in higher levels of environmental turbulence. This effect is not direct: It is fully mediated by both dynamic capabilities and functional competencies. Taken together, these findings suggest that IS researchers should look beyond the direct effects of firm-level IT infrastructures and focus their attention on how business units can leverage IT functionalities to better reconfigure and execute business processes. In turbulent environments, focusing on these aspects is even more vital.

Business process modeling approaches in the context of process level audit risk assessment: An analysis and comparison

Current auditing standards emphasize the importance of auditors gaining a broader understanding of an organization's operations to perform risk assessment (i.e. assess the risks of material misstatement). Auditors' ability to effectively analyze operations in the form of business processes is by definition a key determinant of their ability to appropriately plan and conduct the audit. However, to date there has been little consideration of how best to represent or organize the information required about business processes for audit risk assessment purposes. This paper identifies a number of commonly used business process modeling conventions, and characterizes them relative to the needs of auditors in performing risk assessments at the business process level. To provide a context for the process modeling conventions examined, international standards on enterprise modeling are outlined, and the constructs they identify are compared to those identified as needed for process level risk assessment. This comparison helps provide some assurance that the knowledge needed for audit risk assessment at the process level is similar to that needed for management understanding and control of business processes more generally. A number of commonly used business process modeling conventions are identified based on a literature review, including data flow diagrams, system flowcharts, REA models, event process chains, IDEF0 and IDEF3, UML diagrams, and business process diagrams (BPMN). The constructs represented in each of these models are compared to those identified as needed for process level audit risk assessment, and the merits of each convention are discussed. The paper concludes by noting particular areas where additional research is needed before more definitive answers regarding which process modeling conventions are most appropriate for auditor use are possible.

The impact of ERP systems on firm and business process performance

PurposeThe purpose of this article is to provide further insights into the adoption of enterprise resource planning (ERP) systems and the impacts on organisational performance. It aims at challenging existing claims of ERP vendors with regard to the benefits of their products and at providing evidence of the benefits of bundling ERPS with supply chain management systems.Design/methodology/approachA survey was conducted to collect data on several aspects of organisational performance in companies that adopted ERPS and/or SCMS and the respective control groups. Financial key performance indicators were used to measure overall firm performance and the supply‐chain operations reference model to operationalise performance at the business process (supply chain) level.FindingsThe key results contradict the claims of ERPS vendors insofar as no significant performance differences were found between ERPS adopters and non‐adopters, either at the business process level, or at the overall firm level. While it could be confirmed that the longer the experience of firms with ERPS, the higher their overall performance, no evidence was found of a similar effect on business process (supply chain) performance. Only those ERPS adopters that also adopted SCMS achieved significantly higher performance at the business process level.Originality/valueDespite the small size of the SCMS user sample, the results do provide some important insights into the relationships between ERPS, SCMS and performance which might encourage both researchers and practitioners in that field to critically reflect on the “optimal” mix of modules and software packages within increasingly diverse forms of enterprise systems.

Self-adaptive middleware: Supporting business process priorities and service level agreements

This paper deals with quality of service, defined at the application level, with respect to business constraints expressed in terms of business processes. We present a set of adaptive methods and rules for routing messages in an integration infrastructure which yields a form of autonomic behavior, namely the ability to dynamically optimize the flow of messages in order to comply with SLAs according to business priorities. EAI (Enterprise Application Integration) infrastructures may be seen as component systems that exchange asynchronous messages over an application bus, under the supervision of a processflow engine that orchestrates the messages. The QoS (Quality of Service) of the global IT system is defined and monitored with SLAs (Service Level Agreements) that apply to each business process. The goal of this paper is to propose routing strategies for message handling that maximize the ability of the EAI system to meet these requirements in a self-adaptive and self-healing manner, i.e., its ability to cope with sudden variations of the event flow or temporary failures of a component system. These results are a first contribution towards deployment of autonomic computing concepts into BPM (Business Process Management) architectures. This approach marks a departure from previous approaches in which QoS constraints are pushed to the lower level (e.g., the network). Although the techniques, such as adaptive queuing, are similar, managing QoS at the business process level yields more flexibility and robustness.

A study of hotel information technology applications

PurposeInformation technology (IT) applications in the hotel industry have largely been devoted to the handling of the routine operational problems that crop up while running a hotel. Previously, the hotel industry has been criticised as reluctant to make full use of IT. This paper reports and analyses the findings of a recent survey on IT applications in Hong Kong hotels.Design/methodology/approachThrough personal interviews with 21 managers of hotel electronic data processing/management information systems (EDP/MIS) in 2003, different technical and behavioural aspects of IT were examined.FindingsCompared with a similar study performed in 1997, the empirical findings in 2003 showed that IT was used not merely to replace the existing paper system but also to improve customer services and to enhance operational effectiveness. Unfortunately, the empirical findings also indicated that hotel decision makers did not seem to realise the importance of IT for the purpose of developing business strategies and, therefore, IT was generally not used in hotels for high‐level business decision‐making.Research limitations/implicationsA limitation of this study was the fairly low participation rate of hotel managers.Practical implicationsThe study does offer useful insights for hoteliers to realistically analyse the potential benefits of IT applications to their business.Originality/valueThis paper will contribute to help raise the awareness of IT involvement at all levels of hotel business processes, and facilitate hoteliers to proactively incorporate IT into their efforts to remain competitive in the industry.

Specification and design of advanced authentication and authorization services

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.

AVENTEON Mobile Business Assistant

With the emergence of new mobile data technologies such as GPRS, WLAN and UMTS, corporations now realize that it is possible for the first time to create “real-time” mobile business processes that can truly deliver greater efficiencies at the business process level. ‘Realtime’ here refers to constant data exchanges that ultimately enable seamless interactions between central planners and mobile workers. As with most IT investments, the key factor that will lead to the adoption of mobile business processes among enterprises will be the generation of a positive “mobile” Return on Investment (mROI) based on a stable business case. This can be best performed in an ongoing iterative approach where learning from the current implemented process is always used for further process improvements. This paper primarily examines how existing mobile business processes can be optimized in order to deliver truly greater business process efficiencies for companies that are looking to deploy mobile solutions and also examines some of the best practices that enterprises should consider before making any substantial investment decision into a new mobile process. Finally the paper takes a look at the Aventeon Mobile Business Assistant (MBA) which is a new, cutting edge software that is particularly designed for creation and optimization of “Real-time Mobile Business Processes”. The MBA offers specific products for key verticals including utilities, repair services, logistics, sales and pharmaceuticals. In the development, the MBA strictly follows the key success factors of a process oriented mobile solution and is set up to deal with the complex challenges of the mobile business world.