Profile picture for user mkli

What keeps fascinating me is the reaction of people attending our conferences on what is getting nearly famous as "The Door". People always ask me if they may use this example! That's the most frequent question after our presentations. Well here you are!

But let's start from the beginning for those who didn't attend one of our GRC conferences. During my speeches I try to give easy to follow explanations why there is a clear connection between Business Processes, effective controls and reliable risk evaluations. The first perception you have to discard is the assumption that As-Is-Processes are running as the documented To-Be-Flow. If you reconstruct processes from the transactions in an ERP system you can easily prove that. Very often controls are well thought of but do not take into account the "other 20%" of instances the process is running out of the main stream. One example is the case where a lead engineer took a half-produced product directly with his personal stuff to speed up time and delivered it himself to the next production facility in China.

There was a sophisticated export control at the shipping center that was smoothly circumvented without any bad intentions - but unfortunately the product was on the list of goods that should never have been imported to China. 

The Door

The second perception to question is that this line of thinking does not apply for sure for the assessment of risks. Far from it - risk levels for operational risks can only be judged appropriately if the real life process is taken into consideration during assessment. The prominent example here is the well known case of Societe Generale, the French bank. Assessing risk positions without knowledge about the “real” processes used (by purpose or without ill intent) may lead to catastrophic misjudgments.

But back to the door - another illustrating example to show a ill designed control. Obviously a locked security door with a alarm system and emergency exit opening device should control people to follow another way to the exit of a parking lot. I'm sure there was reasoning behind why especially this exit needs to be blocked - maybe security, maybe compliance requirements. So to make sure that this control is reliable we take a look at this from another angle: 

The Door

 

by Site Administrator
Badge for 'Contributor' achievement
Posted on Tue, 10/14/2008 - 11:23

Jens Lühning said:

Mr Kling,

I find “the door” is a perfectly fitting example for your keypoint, that real processes do often not match the defined processes.

I think good process design should take this more into consideration. maybe by introducing some control spots, “doors”, into the process, that have to be passed. (this reminds me very much of the LKW Maut control spots above the german or french Autobahn..)

I wish you all a very successful day.

1

Featured achievement

Genius
You like to help others solve their problems by answering questions.
Recent Unlocks
  • KF
  • KH
  • RG
  • Profile picture for user Vee_ARIS
  • Profile picture for user smarty
  • PacMan

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock