Fearlessly Dominate the Digital Banking Revolution with Process Mining
Register
ARIS Process Mining in action - Live Demo
Register
ARIS Process Mining in action - Live Demo
Register
View all
Join now

#RiskTalk: Scenario-analysis:a new approach to process risk assessment

Profile picture for user gvandenbrink
Posted by Gerrit Jan van den Brink
Posted on in Professional ARIS

Scenario analysis?  A new approach to process risk management? You may ask yourself what is to be expected here. Is this just marketing by filling old wine in new bins? I would like to give you some comfort at the start: Scenario-analysis is taken seriously in this document.

If risks embedded in processes needs to be assessed, the first step is to identify and to assess all kind of risks, which may disturb the process. The analysis does not only include the disruptions as an effect but also the internal and external causes triggering various disruption events. It can be the number of processed items (like raw material, transactions of products) which cause capacity problems on the one hand and external factors at the other hand: Vendors not delivering in time, virus attacks which cause disturbances in the process, external work force causing errors or just third parties, which like to actively disturb the processes of a company (sabotage). These are all risk causes which should be taken seriously in case of an assessment of process immanent risks.

You may have already perceived, that we can easily identify a high number of influencing factors, which may even be dependent on each other. In case of complex processes, we are probably not able anymore to identify the risks and especially the dependencies among those risks upfront. In such cases many times a risk simulation is the only left over solution to assess various scenarios in order to assess the risks and their corresponding events.

The approach seems to be simple:

  1. In a first step the process is depicted. The process cascade is shown, the resources (like employees, roles, IT-systems, locations and external factors) are also depicted. The risks and the corresponding internal controls are included. Also the available capacities for each process step are added to the process reflection
  2. In a second step the inner life of the process is simulated. Various simulations show the rate of successful processed bunches of processed items. The opposite is a reflection of all materialized risks. If enough simulations are run, a clear picture of the risks exists and further analysis may discover dependencies, which were immediately visible at a first glance.
  3. In a subsequent step even more processes depending on the same resources could be simultaneously simulated. The results are even more close to reality.

A successful analysis prerequisite the following:

  • Risk identification of all material risks should as complete as possible. Therefore experienced domain experts and risk experts should work in close cooperation to achieve the best possible results. An external view may be often helpful in order to enlarge the horizon of the analysis.
  • The process including all the mentioned attributes should be depicted
  • Software supporting the simulation logic is of significant benefit, since it may prevent us from narrow focusing and therefore missing relevant risks and corresponding dependencies.

It is expected, that we open a door, if we are successful in implementing such a type of analysis. The analysis results may not only reveal the risks, but may also tell us about the efficiency and effectiveness of our processes. The combination of both perspectives makes such an analysis even more attractive to many companies.

For more information please visit www.grc-lounge.com.

25.7k
2
Profile picture for user GeoffHook
by Geoff Hook
Posted on Mon, 01/10/2011 - 13:05

Gerrit,

good to see you connecting quantitative analysis & simulation with process efficiency and risk. My perspective is that I provide the simulation capability embedded in ARIS and workedon the extensions for GRC Risk Simulation. I would be very interested to hear more when you have some implementation stories, and of course please get in touch if you have any general questions or points on simulation.

thanks

 

Geoff

 

 

0
Profile picture for user gvandenbrink
by Gerrit Jan van den Brink Author
Posted on Mon, 01/10/2011 - 21:22

Geoff,

thank you for you quick reaction. My current experience is outside of the GRC Risk Application, but together with IDS Scheer GRC specialists we have worked the GRC solution which should be ready for test implementation shortly. I am also very interested in the first practical results and we will post the expercience here.

In the meantime I am more than happy to discuss any process steps more in detail.

 

Gerrit Jan

 

0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|

View posts by tag

icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock