Business Process Management: Quantifying IT Risks With Value At Risk Financial Techniques


According to the author’s business process are generally considered as the core operational asset in order to control the efficiency of the firms while generating the value. But despite of this the execution along with the control of various kind of business processes which are having a high rate of dependency upon the various kind of Information Technology. So from this it can be stated that the risk which arises while depending upon the IT in the various processes involved in the business should also be quantified. In this paper the authors have also shown the way by which the Value at risk financial technique can be adapted in order to determine the level of risk that exists within a process portfolio. The way by which this has been achieved is by quantifying the impacts that have been resulted due to the various kind of changes that has taken place in the performance of the various IT services. Along with this the measurement of the probability of the IT have been done at a regular basis for the purpose of modeling the volatility of the various services related to IT, and the main occurrence of this is generally visible when they are seen to be flexible and changeable. The method which has been proposed is associated with enabling the prediction and the estimation of the losses due to the IT risks along with their impact on the various processes which are generally dependent over the time horizon. Besides this the paper also states that the incorporation of the risk management mechanism is associated with enriching the various business processes along with the organizational management capabilities.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

According to the paper the business processes generally acts as the core operational assets in order to control the efficiency of the firm while generating the values. Besides this they also acts as the carriers of the operational risks and this is particularly to be considered when the execution and the control becomes highly dependent on the IT or the Informational Technology. The inherent volatility of the IT services is associated with generating and creating continuous changes of the value which is delivered by the business processes. So according to the paper the IT risk quantification can be considered to become a critical mechanism in order to manage the various operational risks. In this paper the identification of the gaps on the tools associated with manufacturing and forecasting of the values of the business processes while analyzing the various IT-related operational risks. The author have reviewed the paper by Seddon et al. from where it is totally clear that the various type of methods which are used for the purpose of valuating the impact of the IT on the business concerns. Besides this the authors have not been capable of finding out the mechanisms which are associated with allowing the quantification of IT risks which I generally done by considering the occurrence of the probability and the impacts that the IT failures are having by taking into account the various kind of time horizons and the level of confidence. Additionally the paper is also associated with showing a mechanism in order to link the IT risks explicitly with the various delivery of the values within the processes is also missing. Besides the authors have also reviewed the paper by Suriadi et al. which is associated with presenting the two main gaps in the research related to the Risk aware Business Process Management and this includes the limited capabilities for the risk analysis at the runtime and the post-execution process stages in order to detect, quantify and manage the events related to risks. Along with this the paper is also associated with describing the needs of applying the existing risk analysis techniques in order to perform the richer formal analysis on the impacts of the process risks.

Requirements for evaluating business processes

The authors have been associated with identifying the requirements in order to evaluate the business processes and this requirements mainly includes the following:

R1. Quantify the risk of a business process: This requirements if generally associated with quantifying the various level of ?nancial risk that are generally linked with each and every IT service that are responsible for providing support to the various processes of the business. by Performing the quanti?cation it would be associated with allowing the various answering of the common organizational questions.

R2. Quantify the risk of an IT service for a process portfolio: In this it is generally required to measure the various kind of expected incomes due to the business processes, along with the probability for IT threats, as well as the various changes that are taking place in the performance of the various quality attributes.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

R3. Forecast the expected value for business processes: along with analyzing the various kind of current a?ectation of IT risks, there is also an general requirement of analyzing various kind of historic events in order to quantify the impact that the IT failure is having which is mainly dependent of the various time horizons (i.e. daily, n-day) along with the con?dence levels (occurrence probability).

According the paper the main concept which is involved in the business processes is associated with validating is the approach mainly includes the “architecture of the process”, “Architecture of the IT services”, “quanti?cation of the risk”, and lastly the “IT governance”. An architecture can be described as the “the fundamental organization of a system embodied in its component”. Due to this reason a Business Process Architecture (BPA) is generally associated wit involving various kind of elements like the “value chain activities”, “process speci?cations”, and the “tasks” as well. An IT services architecture is associated with linking the software as well as the hardware components, data structures, and many more. According to the paper IT Risk Governance (ITRG) is generally considered as a wealth-protecting form which is generally associated with seeking in order to prevent IT-related disasters or for the purpose of minimize their consequences for the business.

The paper has also been associated with presenting the specialization of the Value at Risk financial techniques which are needed in order to measure and forecast the various level of risks which exists within the process portfolios. In this paper the proposed method has been named as the BP-VAR which is generally composing of three algorithms which are associated with navigating amongst the various dependencies of the processes and the IT service architectures in order to quantify the various type of risks. The first algorithm has been associated with quantifying the current value that the particular business processes is having and this is done by measuring the changes on the performance associated with the leveraging the IT services. Authors of this paper has also depicted the fact the current value of the IT services for a process portfolio has been quantified with respect to the incomes which are expected in the business processes and the losses caused due to the materialization of the threats, losses in the service level agreement and the income affectation which generally occurs due to the degradation of the services. Along with this the second algorithm is associated with quantifying the value at risk of the processes and the IT assets which is done by modeling of the parameters which are generally required in order to quantify the VaR metrics. After this the third algorithm is associated with forecasting the various losses related to the IT risks along with the effect on the various business processes which are dependent over a given time horizon and this generally done by considering the multiple number of pessimistic as well as the optimistic risk scenarios. And for doing this measuring and analyzing of the various daily IT risk probabilities which are generally resulting from the various volatility of the IT services which are generally inherited. Measuring of the values at the risks which are present within the process portfolio is associated with allowing the decision makers to define the strategies in order to control the various type of risks present in the business process

Architecture of business processes and IT services

The authors of this process has been associated with incorporating the mathematical technique which is highly used for the various financial analysis on the firm investments which can be considered to be a novel approach which exists within the business process management as well as on the disciplines related to IT risk governance. In this paper a method has been proposed which generally contains formal mechanism as the support of the tools in order to understood the various kind of behaviors of the current as well as on the values which are expected and delivered within the business process which takes place over time and also according to the behavior of various assets related to IT. These measures have been associated with helping team related to process management in order to identify the various business specific processes which are mostly susceptible to the different kind of operational risks. So it can be stated that a greater time spending is avoided by the project managers and an additional attention is put by them upon the broad IT issues in order to complete the process portfolio. Besides this a high level of accuracy has also been obtained in this paper while comparing the values of the assets which are expected and are generally estimated by the BP-VAR and also by the actual values which are obtained in the subsequent days.

Besides this, in this paper a generating simulating scenario has been provided on the various IT service performances which is associated with showing the process management teams where various kind of operational problems are likely to occur. While executing this scenario a graphical demonstration of the value at risk is provided which is generally occurring within the business process assets. Despite of this the expected values are also capable of helping the process mangers to promote the contingency plans and for this they have to be aware of the fact that the quantitative processes analysis which are not capable of define them. Along with this the paper also shows that the governance of the IT service is associated with leveraging the various kind of processes which is an effective way of reducing the various kind of risks and also for the purpose of creating a stable process value.


The paper is also associated with showing the fact that the BP-VAR process valuation method is also expected to be used for the purpose of combining it with the wide amount of processes as well as the IT assets. Besides this the large amount of analysis information within their dependencies are also to be modeled which is to be done before quantifying the value of the various business processes. Along with this the paper also states that multiple improvement of the presented approach is to be considered in order to conduct the further research process. Firstly the risk quantification of the IT services are to be computed to the losses which generally occurs due to the degradation of the services and this is to be done by considering the various weights in order to combine with the deviations occurring in the value. This are generally generated for each of the quality attribute. The authors have also been associated with making plans regarding the these weights and this has been done by them by usage of a correlation analysis amongst the quality attributes of various levels as well as the IT service values. Secondly the additional risk metrics which includes the conditional VAR is also to be integrated with the BP-VAR in order to quantify the various losses which are generally beyond a critical threshold. Lastly, there is a need of conducting further investigations which is generally required for the purpose of supporting the correlation analysis of the VAR amongst the various assets which are generally having an implicit interconnection between them which mainly means the process-process, process-IT service, IT service-IT service

Aharoni, Y., 2015. The foreign investment decision process. In International Business Strategy (pp. 24-34). Routledge.

Dumas, M., La Rosa, M., Mendling, J. and Reijers, H.A., 2013. Fundamentals of business process management (Vol. 1, p. 2). Heidelberg: Springer.

Fleischmann, A., Schmidt, W., Stary, C., Obermeier, S. and Börger, E., 2012. Subject-oriented business process management. Springer Science & Business Media.

Grayson, D. and Hodges, A., 2017. Corporate social opportunity!: Seven steps to make corporate social responsibility work for your business. Routledge.

Hammer, M., 2015. What is business process management?. In Handbook on Business Process Management 1 (pp. 3-16). Springer, Berlin, Heidelberg.

Kaplan, R. S., & Mikes, A. (2012). Managing risks: a new framework.

Rosemann, M. and vom Brocke, J., 2015. The six core elements of business process management. In Handbook on business process management 1 (pp. 105-122). Springer Berlin Heidelberg.

Sadgrove, K., 2016. The complete guide to business risk management. Routledge.

Trimi, S. and Berbegal-Mirabent, J., 2012. Business model innovation in entrepreneurship. International Entrepreneurship and Management Journal, 8(4), pp.449-465.

Van Der Aalst, W.M., La Rosa, M. and Santoro, F.M., 2016. Business process management. Jeston, J., 2014. Business process management. Routledge.