Business Process Management Workshops

In business processes within large organizations, one will often find variations stemming from segmentation along customer types, product lines, business units or geographical regions. For example, a business process for handling claims in an insurance company will vary depending on whether the claim relates to a car accident, a property damage or a personal incident. Also, in an insurance company that operates in several jurisdictions or countries, one is likely to observe variations in the way insurance claims are handled across these political boundaries. Similarly, in company mergers, the merged organization often ends up with multiple models describing “equivalent” processes previously executed separately in each organization prior to their merger.

Variants of the same process may be encountered in different organizations, e.g., any municipality will have a process to handle building permits. New paradigms such as Software-as-a-Service (SaaS) and Cloud Computing stimulate organizations to share a BPM infrastructure. The shared infrastructure has to support many processes and their variants. Dealing with such large collections of similar process models for multiple organizations is challenging. However, a shared BPM infrastructure also enables

cross-organizational process mining

. Since events are recorded in a unified way, it is possible to cross-correlate process models and the actual observed behavior in different organizations. This paper presents a novel approach to compare collections of process models and their events logs. The approach is used to compare processes in different Dutch municipalities.

Organizations often have to deal with large collections of business process models and compliance rules. Particular challenges in this context are compliance checks, consistency checks, and the maintenance of the process and rule repositories. In case that a-priory knowledge about dependencies within the process base and the rule base is not available, compliance checking must be performed by verifying all rules for each process, which turns out to be very costly in a context of large process and rule repositories. In this paper we present activity-oriented clustering techniques for efficient compliance checking which are particularly applicable in process and rule repositories where no a-priori clustering is considered. Further it is shown how the proposed clustering techniques influence the complexity of consistency checks. Finally, qualitative and quantitative aspects of the presented clustering techniques are discussed. The techniques provide a first step to effective and efficient management of large business process and compliance rule repositories.

Business process elicitation requires high human and financial resources, often only affordable to large organizations. We observed that many business processes are modeled redundantly consuming a lot of money and resources. Collecting, sharing, and re-using process models overcome this problem. Libraries in the real world are a good example of sharing resources among many members reducing the relative cost of each item.

In the same way we propose to collect, share, and exchange process models in a process library. This paper introduces the requirements, design and implementation for a process library with a use case from the public sector in its initial phase that allows collecting, sharing, and exchanging process models within or across public administrations. Building onto this, we propose challenging research opportunities in the field of process model libraries.

Nowadays, it is not uncommon that organisations maintain repositories containing hundreds or thousands of business process models. For the purpose of searching such a repository for models that are similar to a query model, many similarity measures have been suggested in the literature. Other measures have been suggested for different purposes like measuring compliance between a model and a reference model.

As those similarity measures differ in many aspects, it is an interesting question how they rank “similarity” within the same set of process models. In our study, we investigated, how different kinds of changes in a process model influence the values of 22 different similarity measures that have been published in academic literature.

Furthermore, we identified eight properties that a similarity measure should have from a theoretical point of view and analysed how these properties are fulfilled by the different measures. Our results show that there are remarkable differences among existing measures. We give some recommendations which kind of measure is useful for which kind of application.

Organizations are looking for ways to collaborate in the area of process management. Common practice until now is the (partial) standardization of processes. This has the main disadvantage that most organizations are forced to adapt their processes to adhere to the standard. In this paper we analyze and compare the actual processes of ten Dutch municipalities. Configurable process models provide a potential solution for the limitations of classical standardization processes as they contain all the behavior of individual models, while only needing one model. The question rises where the limits are though. It is obvious that one configurable model containing all models that exist is undesirable. But are company-wide configurable models feasible? And how about cross-organizational configurable models, should all partners be considered or just certain ones? In this paper we apply a similarity metric on individual models to determine means of answering questions in this area. This way we propose a new means of determining beforehand whether configurable models are feasible. Using the selected metric we can identify more desirable partners and processes before computing configurable process models.

The absence of a holistic industry-centric architecture for processes is an important BPM shortfall that impacts model collections. This paper introduces a

Componentized Industry Business Architecture

as a vehicle to address this gap and to make processes better integrated with other critical dimensions in organizational design. This architecture provides the foundation for a taxonomy of processes and enables process models to be created or potentially rationalized against a comprehensive framework.

Process theory and industrial organization show that processes have different structure and dynamics. However, most processes used in workflows and case management have a similar ‘factory’ nature, i.e., production processes in the enterprise. The Componentized Industry Business Architecture shows that not all processes that matter follow this type of behavior.

Oversight Processes

constitute an important example and will be studied in depth.

Most medium to large organizations support large collections of process designs, often stored in business process repositories. These processes are often inter-dependent. Managing such large collections of processes is not a trivial task. We argue that formalizing and establishing inter-process relationships play a critical role in that task leading to a machinery approach in the process repository management. We consider and propose three kinds of such relationships, namely

part-whole

,

inter-operation

and

generalization-specialization

, including their formal definitions, permitting us to develop a machinery approach. Analysis of the relationships relies on the semantically effects annotated process model in BPMN. This paper presents a rigorous approach to assist the designer to establish inter-process relationships in a process repository.

In complex business environments, business processes (e.g., engineering processes in the automobile industry) may comprise hundreds up to thousands of process steps. Though typically captured in a process model (or a collection of process models), these processes are presented to process participants in a rather static manner, e.g., as simple drawings. However, to effectively support process enactment and to link processes with relevant information, enterprises crave for new ways of visualizing processes and for interacting with them. In particular, process models must be provided in an interactive, more dynamic manner, i.e., they must be both ”experiencable” and user-adequate from the perspective of the user. In this paper, we introduce a new process navigation concept for querying process model collections. Specifically, we pick up an existing navigation concept for complex information spaces, namely Google Earth, and apply it to business processes. Thereby, we distinguish between geographical and semantic zoom functions, introduce different process views and filter mechanisms, and discuss options to manually configure needed process visualizations.

Healthcare enterprises involve complex processes involving clinical and administrative tasks that are supported by a variety of information and logistics systems. Although the workflow technology was introduced in various industries two decades ago, the use of Workflow Management Systems (WfMSs) is rather recent in the healthcare domain. This is due, in particular, by the fact that healthcare processes (or careflows) are highly flexible and extremely dynamic [1]. In this paper, we show how we can take advantage of description power of Recursive ECATNets for realizing flexible workflows in the healthcare domain.

Current logistics methods are more focused on strategic goals and do not deal with short term objectives, such as, reactivity and real-time constraints. Automated logistics management systems tend to facilitate information sharing between companies, in order to support cooperative strategies, improve productivity, control service quality and reduce administrative costs. In this paper, we discuss the application of Inter-Organizational Workflows (IOW) for automating logistic procedures in a collaborative context. A case study of healthcare process is presented, and focuses on the negotiations aspects of temporal constraints in critical situations. We show how our proposed temporal extension of the CoopFlow approach, brings advantages to automating logistics operational procedures, by providing real-time data knowledge and decision routing for the case of emergency healthcare.

Configuration based modelling is one of the reuse oriented modelling techniques that allows for exploiting proven best practices in business processes management. This paper is a case study of the use of configurable process models in logistics. It analysis and creates a set of process models for customs clearance services for import and export processes and delivers the configurable process model out of these models. The paper discusses main challenges for the use of configurable process models in such domain and draws some future work.

This paper presents a process calculus for specifying and reasoning about earth-friendly logistics management systems. It is necessary to reduce fossil fuel consumption and carbon dioxide emissions resulting from transport on account of environmental protection. Cooperative logistics enables multiple shippers to share trucks. It has been one of the most effective and popular solutions to this problem, but it makes it be complicated to implement in a logistics management system. We propose a language for specifying the routes of trucks and an order relation between the requirements of routes and the possible routes of trucks. The former is formulated as process calculus and the latter selects suitable trucks according to their routes. Our language and selection mechanism were implemented on a PaaS-based cloud computing infrastructure.

Home health care is a growing medical service. It includes medical, paramedical and social services delivered to patients at their own homes. The main benefits of home health care are the significant decrease in the hospitalization and the cost reduction in the entire health system. However, this service is not an easy task because it combines the vehicle routing problem and the nurse assignment problem.

In this paper we propose a linear integer scheduling model developed to provide staff short term planning in home care. In particular, the model deals with the problem of deciding (a) which patients should be assigned to each nurse and (b) when to execute the service during the planning horizon, in order to satisfy the time windows constraints for each patient.

We propose in this article an evolutionary algorithm for the problem of scheduling

N

production jobs on

M

parallel machines. Each machine should be blocked once during the planning horizon for reasons of preventive maintenance. In our study, the maintenance tasks should continuously be performed because the maintenance resources are not sufficient. We aim to find a schedule composed of the production jobs and the maintenance tasks with a minimal preventive maintenance cost and total sum of production job’s weighted completion times.

Computational experiments are performed on randomly generated instances. The results show that the evolutionary algorithm is able to produce appropriate solutions for the problem.

In this paper we present a mathematical model that illustrates the impact of supply chain activities on the environmental quality of manufactured products while maximizing the profits of the company under a set of constraints such as those related to the environmental legislation. We present the application of the model to a textile example and we focus on the sensitivity analysis.

In this paper, we focus on the supplier selection in a global context. The main features that characterize the global supplier selection are first identified. They mainly include the necessity of integrating inventory and transportation issues and considering several buyers’ sites. We then propose a two-phase global supplier selection approach: a first pre-selection phase with a scoring method and a final selection phase using a mathematical optimization model. Finally, we perform computational experiments in order to illustrate the consistency of the model.

Carefully defined processes can be effective tools for guiding and coordinating the actions of healthcare professionals. In past work our group has focused on defining such processes precisely and completely in order to support largely static analyses that demonstrate the absence from the processes of defects and vulnerabilities. Now increasingly our group’s focus has been turning to the execution of these processes, using them to provide run-time information to guide process participants. This new focus has made it clear that more thought must be given to how to communicate with participants in order to assure more effective guidance. Our work is suggesting that participants, especially human participants, will require that process-provided guidance be accompanied by context, history, and prospective information if the guidance is to be credible, acceptable, and ultimately useful. A process definition that merely provides needed inputs and resources, and informs a participant that it is time to perform a specified activity is likely to be received with skepticism and to be the target of searching follow-up questioning. Process participants are likely to require answers to questions such as, “why am I being asked to do this?”, “who else is doing what at this point?”, “what past events have gotten us to the point where we need to do this?”, “why am I being asked to do this again when I have already done it before?”, and “if I do this, what other activities and resources are going to be required next?”. The need for a process definition to be able to support the provision of answers to such questions relies upon the process definition’s access to the process execution’s current state, its past history, and its future execution possibilities. Providing such access poses difficult and important problems for the developers of process definition languages and formalisms. This talk identifies some of these problems, suggests possible approaches to them, and underlying challenges in solving them.

Several Computer Interpretable Guidelines (CIGs) languages have been proposed by the health community. Even though these CIG languages share common ideas each language has to be provided with his own mechanism of verification. In an earlier work we have shown that a DECLARE model can be used for checking the conformance of a PRO

forma

CIG. In this paper, we show that the same model can also be used for checking the conformance of a similar CIG expressed in the GLIF language. Besides, as the GLIF model has been expressed in terms of a Coloured Petri Net (CPN), we also elaborate on the experiences obtained when applying the model checking techniques supported by CPN tools.

Clinical Guidelines (CGs) capture medical evidence, but are not meant to deal with single patients’ peculiarities and specific context limitations and/or constraints. In practice, the physician has to exploit basic medical knowledge (BMK) in order to adapt the general CG to the specific case at hand. The interplay between CG knowledge and BMK can be very complex. In this paper, we explore such interaction from the viewpoint of the

conformance

problem, intended as the adherence of an observed CG execution trace to both types of knowledge. We propose an approach based on the GLARE language to represent CGs, and on an homogeneous formalization of both CGs and BMK using Event Calculus (EC) and its Prolog-based implementation

$\mathcal{REC}$

, focusing on “a posteriori” conformance evaluation.

Compliance management is a key factor for clinical trials. This paper overviews the current situation of compliance management in clinical trials. The shortcomings of the as-is situation are analyzed as well as the current scientific approaches. To overcome the deficiencies, a framework for process oriented compliance management is presented. The extraction and modeling of compliance requirements in a process oriented way is explained. In addition a matching operator is presented, showing how different compliance standards can be made comparable.

The

α

-Flow project enables process support in heterogeneous and inter-institutional scenarios in healthcare.

α

-Flow provides a distributed case file and represents workflow schemas as documents which are shared coequally to content documents. The activity progress and data flow is controlled by process-related metadata. A use case will motivate user-defined and demand-driven status attributes that are not known at design-time.

α

-Adaptive demonstrates how to apply the EAV data design approach and prototype-based programming concepts in order to provide an adaptive-evolutionary status attribute model for document-oriented processes.

Efficient process management becomes increasingly crucial for hospitals to survive on a competitive market. Process management in this domain must comply with individual conditions of patients and quickly react to changing requirements and organizational parameters. With Guarded Process Spaces (GPS) we developed a formally based concept that makes it possible to enable end-users to create and flexibly change processes themselves. Our approach makes use of existing BPM technology while abstracting from technical interfaces and system-specific modeling paradigms. In this way, it provides the basis to gain user acceptance and to achieve technological independence.

Clinical workflows are known to be often complex and have to be handled very flexible due to the patients individual anamnesis and state of health. Certain situations require urgent changes of the previously planned process at run time. Some choices to be made in this context depend very much on the data from clinical backend systems. Thus, data and processes cannot be treated independently of each other.

We present an approach for flexible, data centric workflows. It extends the control-flow perspective of a workflow management system with new concepts for handling process adaption at run-time. The approach combines the method of late modeling with declarative concepts and under-specification. Due to constraints on data from clinical backend systems, process adjustment is triggered at certain points of the process and is then performed at runtime.

Business process quality assessment plays an important role in business process management. Business process quality is often assessed by identifying potentials for improvement. In practice, a questionnaire is a commonly used means. However, creating a questionnaire requires a high expertise because systematic approaches are missing. Moreover, questionnaires for process improvement often focus on single quality aspects. In this paper, we describe a systematic approach to create a questionnaire to identify business process quality problems. The approach is based on a comprehensive business process quality model. We applied the approach in a case study at a German university hospital and present results of the preliminary evaluation phase.

Access control is one of the key features of any health care organization. Without a strong access control mechanism, there is a risk of inappropriate use of personal health information. Here we focus on Personalized Access Control (PAC) [1] where the patient decides who can access his/her health record. We enhance the PAC model of [1] by proposing a prototypical framework, which incorporates a workflow into the PAC model to express the context of health care processes, and by providing a mechanism to capture a patient’s consent to enforce the PAC policy. We enforce the “need to know” principle by associating roles with each task in a workflow and handle problems with delegation. We present a case study outlining the present working procedures of the Seniors’ Wellness Program in our local health authority, using NOVA Workflow for workflow modeling and Ponder2 for representing and enforcing policy.

This paper discusses three specific challenges for process model reuse. Models are intrinsically biased towards a particular purpose. For reuse this bias needs to be neutralized. We focus on research that can ultimately contribute to a canonical representation of behavior, a canonical formulation of labels, and canonical terminology. Each of these three challenges is sketched and pointers to technical papers are provided.

To provide BPM and workflow solutions with the dynamism to support frequent changes in the corporate environment, it is necessary to adopt novel strategies to efficiently develop and adapt workflow engines. One such strategy is to build new engines by reusing as much as possible from existing components. This requires two things: firstly, the mechanisms and technologies to build a library of reusable, extensible and adaptable workflow components; secondly, a platform to integrate those components into full applications. In this paper we show that Cumbia, being a platform for the development of workflow engines based on the modularization of workflows according to concerns, suits this task. This is illustrated with YOC, a Cumbia based implementation of YAWL.

With continued increase in business dynamics, it is becoming increasingly harder to deliver purpose-specific business system in the ever-shrinking window of opportunity. As business systems for the same intent tend to be similar but never the same, they have considerable overlap with well-defined differences. Software product line engineering techniques attempt to address this problem for software artifacts. Separation of business process concerns from application functionality, as advocated in process centric application development, demands solution on similar lines for business processes too. To this effect, we propose an abstraction for business processes that addresses composition, variability and resolution in a unified manner. We present the abstraction, its model-based realization, and illustration with an example.

Workflow activity patterns represent a set of recurrent behaviors that can be found in a wide range of business processes. In this paper we address the problem of determining the presence of these patterns in process models. This is usually done manually by the analyst, and it requires interpreting the process in terms of the semantics of those patterns. We describe an ontology-based approach to perform this discovery in an automated way. The approach makes use of an ontology, and a mapping between the elements in the given process and the classes in the ontology. A reasoner is then used to discover the patterns, and a SPARQL query is used to retrieve them. The approach is illustrated for a business process in a travel booking scenario.

Usually, for a particular business process different variants exist in order to fulfill the individual requirements of the different users. The management of the process variability is an important aspect mainly during modeling which serves for the purpose of documentation. One common way to deal with variability is configuration. This paper presents a generic

concept of a configurator

which captures the characteristics of the process domain, inter alia the multi-perspectives of processes. One of the main contributions of this paper is intended to be a

staged configuration process

. The sequence of the partial decisions concerning the selection of a variant can be determined individually. In order to capture the process variability we developed a

generic data model

which empowers the derivation of variants based on a process model which integrates all possible variants.

Patterns have been employed as a mechanism for reuse in several phases of software development. Analysis patterns consist of artifacts for reuse during the requirements analysis and conceptual modeling. However, they are generally, documented in a textual manner which is not precise to be treated by a computer, thus limiting the dissemination and a wider reuse. Within the geo-processing area, Spatial Data Infrastructures (SDI) has been used quite effectively as an instrument for the reuse of geospatial data and services. Based on the development of SDIs, this article proposes an Analysis Patterns Reuse Infrastructure (APRI) comprising web services and a metadata representation for the specification of analysis patterns, in order to support the cataloging and reusing of analysis patterns.

The paper discusses a selection of business challenges faced by organizations in context of integration between governance, risk, compliance and business process management. The focus is set on three complexity drivers for compliance, which are externally imposed on organizations by a business environment which itself is characterized by recent supervision system failures leading to major market crises as well as ongoing globalization. The examined complexity drivers are 1. heightened complexity of business processes with an increased number of process interfaces, 2. rising frequency of process changes and 3. a continuously growing amount of compliance regulations. A selection of fundamental research works is discussed to assess the visibility of the three complexity drivers, i.e. whether the authors show awareness of the selected complexity drivers implicitly or explicitly. The paper highlights a combined view on those three complexity drivers and, in consequence, derives requirements changes originating thereof for compliance management and modeling.

The risk exposure of an organization is the cost of being non-compliant for all process instances that are subject to auditing and it can be reduced by auditing internal controls for every process instance, detecting and eliminating the cause of non-compliance. This paper discusses the design consideration for an automated auditing tool to achieve the desired level of risk exposure reduction. A method is provided to measure the effectiveness and the limits of such tools and adjust their performance for various risk exposure levels.

Provenance of scientific data is a key piece of the metadata record for the data’s ongoing discovery and reuse. Provenance collection systems capture provenance on the fly, however, the protocol between application and provenance tool may not be reliable. Consequently, the provenance record can be partial, partitioned, and simply inaccurate. We use a workflow emulator that models faults to construct a large 10GB database of provenance that we know is noisy (that is, has errors). We discuss the process of generating the provenance database, and show early results on the kinds of provenance analysis enabled by the large provenance.

Semi-structured workflow approaches are essential to support collaboration whenever unanticipated events occur in dynamic environments. These approaches promote ad-hoc work. However, semi-structured workflows need to balance the support of unexpected situations with guidance for the situations where a standard behaviour is wanted. The blended workflow approach proposes an integration of two different workflow perspectives, the activity-based perspective, which precisely defines how to coordinate work for expected situations, and a goal-based perspective, which allows people to accomplish the business process goals without constraining their behaviour. The existing workflow engines do not provide support for an approach that fuse activity-based and goal-based perspectives. Therefore, this paper goal is to describe how both perspectives can be integrated. We describe an architecture for a blended workflow engine which combines activity and goal-based perspectives and supports the integrated execution of both specifications while keeping them consistent.

In the first book on process mining, Wil van de Aalst densely defines the goal of process mining “to use event data to extract process-related information”, like automatically discovering a process model by observing events that are recorded by some information system. This definition is broad, since it addresses the mining of all processes that are supported by an information system, revealing the wide range of possible applications of process mining. With the growing of the digital universe, the recording of events reaches new heights all the time. Given this omnipresence of recorded events and hence the large amount of possibilities to apply process mining, a well-defined focus on an application field is essential. Auditing is such a field. The auditor functions as an independent examiner of financial statements to give reasonable assurance on the accuracy of these statements. That way, the auditor provides ‘trust’ to shareholders and other third parties related to the audited organization. This trust is a crucial element of the economic system.

Data privacy is a major issue for companies today. Risks can come from external attacks or from internal users disclosing sensitive data to the public. In the latter case, restricting user access to data mitigates the risk. Thanks to role-based access models, users see only the data that they need for their work. This paper presents a methodology for assessing how effective such restrictions are. It is based on classifying data, analyzing access paths, and understanding the impact of design principles. Its special contribution is its end-to-end view. It is applicable directly to complex IT landscapes being the norm today.

Real-life business process specifications include situations where work may be repeated due to exceptions such as the lack of resources or failed approvals. However, most authorization constraint models for business processes describe them as partially ordered sets of tasks. This abstraction simplifies the analysis of constraints greatly but prevents their use in real systems because control flows with loops are not supported. To overcome this limitation, we scope authorization constraints to task instances using the concept of release, which removes associations between users and their previously executed tasks. We define a model applying releases to cardinality and interval constraints, such as Separation of Duty (SoD). The latter is based on the notion of intervals defined by pairs of tasks and imposing conditions on the users executing them. We extend BPMN to visualize our constraints, bridging the gap between IT and business people as well as to auditors.

Many business processes are modeled as workflows, which often need to comply with business rules, legal requirements, and authorization policies.

Workflow satisfiability

is the problem of determining whether there exists a workflow instance that realizes the workflow specification while simultaneously complying with such constraints. Although this problem has been studied by the computer security community in the past, existing solutions are tailored for particular workflow models, so their applicability to other models or richer forms of analysis is questionable. We here investigate whether the satisfiability of formulas in an NP-complete fragment of linear-time temporal logic can serve as a more expressive and versatile tool for deciding the satisfiability of workflows. We also show that this fragment can solve this problem for a standard model from the literature.

A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.

Companies are demanding more flexibility from their Process Aware Information Systems (PAIS). However, regulations and standards that impose limits to process executions are becoming increasingly important for business process management. The need for a compliance agenda and the security requisites for PAIS are pushing companies to search and to acquire new systems and technics for control and audit business processes. The aim is to avoid process execution that violates some business rules. In order to build an approach that support companies in auditing and controlling their business processes, there is a need for a formal and systematic modeling of business rules. In the present paper we have two objectives. The first one is to propose a set of business rules related to the ordering of tasks and to the involvement of a role or agent in cases. The second one is to build a supervisory control of PAIS that ensures compliance of business rules. To evaluate the correctness of our approach we applied it in two different business processes.

The ever growing set of regulations and laws organizations have to comply to, introduces many new challenges. Current approaches that check for compliance by implementing controls in an existing information system (IS) decrease the maintainability of both the set of compliance rules and the IS. In this position paper, we advocate the separation of the compliance process from the organization’s business processes. We introduce a life cycle for the management of compliance rules. A separate compliance engine is used to define and check compliance rules independent from the existing IS within an organization.

Binding of Duty (BOD) constraints define that the same subject (or role) who performed a certain task

t

1

must also perform a corresponding bound task

t

2

. In this paper, we describe algorithms for checking the

satisfiability of binding constraints

in a business process context. In particular, these algorithms check the configuration of a process-related RBAC model to find satisfiability conflicts. Furthermore, we discuss options to resolve satisfiability conflicts.

This paper proposes a novel trace clustering approach for workflow mining to allow for security audits that regard the evolution of process models along time. Specifically, the trace-clustering method allows auditors to distinguish between different “active” process variants within a timeframe, thereby allowing the visualization of the process evolution. Separately analyzing subsequent process variants allows auditors to localize time-frames and corresponding models for identified vulnerabilities and thus more sophisticated security audits.