Value-Driven Risk Analysis of Coordination Models

Coordination processes are business processes that involve independent profit-and-loss responsible business actors who collectively provide something of value to a customer. Coordination processes are meant to be profitable for the business actors that ex

  • PDF / 1,786,467 Bytes
  • 15 Pages / 439.37 x 666.142 pts Page_size
  • 56 Downloads / 208 Views

DOWNLOAD

REPORT


Cybersecurity and Safety Group, University of Twente Services, Drienerlolaan 5, 7522 NB Enschede, The Netherlands {d.ionita,r.j.wieringa}@utwente.nl 2 Vrije Universiteit Amsterdam, De Boelelaan 1105, 1081 HV Amsterdam, Netherlands [email protected] 3 D-Telekom Chair of Mobile Business & Multilateral Security, Goethe University, Frankfurt am Main, Germany [email protected] http://scs.ewi.utwente.nl/

Abstract. Coordination processes are business processes that involve independent profit-and-loss responsible business actors who collectively provide something of value to a customer. Coordination processes are meant to be profitable for the business actors that execute them. However, because business actors are independent, there is also an increased risk of fraud. To compute profitability as well as quantify the risk of fraud, we need to attach value models to coordination process models. In this paper, we propose guidelines for deriving a value model from any coordination process model. Next, we show how our approach can be used to identify possibilities of fraud offered by a coordination process, as well as quantify the financial impact of known fraudulent processes. Finally, we discuss additional applications, such as identifying commercially superfluous tasks, or missing tasks needed to achieve a financially sustainable process. Keywords: Risk-aware BPM · Cost-aware BPM · Process analysis and improvement

1

Introduction

Today, electronic commercial services, are an important source of revenue for many businesses. For instance, consider companies such as Netflix, Spotify, or in our case study domains, Internet service providers and telecoms. Most e-services share two common attributes: (1) they are paid, usually by a customer and (2) they are provided by a complex network of enterprises. As a result, these services are open to opportunities to commit fraud. For example, a fraudulent actor may use the telephone subscription of someone else to place expensive phone calls. c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing Switzerland 2016. All Rights Reserved J. Horkoff et al. (Eds.): PoEM 2016, LNBIP 267, pp. 102–116, 2016. DOI: 10.1007/978-3-319-48393-1 8

Value-Driven Risk Analysis of Coordination Models

103

Although fraud is often performed by misusing a business or coordination processes, its impact is actually on the business value level. Therefore, we need an instrument to analyze and express its financial effects for all actors involved. In line with previous work on value-based fraud analysis [1,2], we use an e3 value model [3] for this purpose. Because a value model represents what actors exchange with each other in terms of economically valuable objects (such as products, services or information), it is fundamentally different from a process model. Abstracting away from operational details, e3 value models only show what is offered, and not how. Unfortunately, for many commercial services, information contained in a value model only exists in the mi