Evolving the Project Management Office: A Competency Continuum

Abstract

Many organizations today have recognized the need for a project management office (PMO) to achieve project management oversight, control, and support. the PMO's role is to help both the project manager and the relevant organization to not only understand and apply modern project management practices, but also to adapt and integrate business interests into the organization's project management efforts. This article describes a five-stage competency model for the PMO.     

FORMAL CONSIDERATIONS OF RULE-BASED MESSAGING FOR BUSINESS PROCESS INTEGRATION

ABSTRACT

In the last decade, with the expansion of organizational scope and the tendency for outsourcing, there has been an increasing need for Business Process Integration (BPI), understood as the sharing of data and applications among business processes. The research efforts and development paths in BPI pursued by many academic groups and system vendors, targeting heterogeneous system integration, continue to face several conceptual and technological challenges.

This article begins with a brief review of major approaches and emerging standards to address BPI. Further, we introduce a rule-driven messaging approach to BPI, which is based on the harmonization of messages in order to compose a new, often cross-organizational process.

We will then introduce the design of a temporal first order language (Harmonized Messaging Calculus) that provides the formal foundation for general rules governing the business process execution. Definitions of the language terms, formulae, safety, and expressiveness are introduced and considered in detail.     

General Misconceptions about Information Security Lead to an Insecure World

ABSTRACT

It is becoming clear that the underground hacking industry as a whole (not just individual hackers) is continually gaining ground despite the best efforts of the information security industry. It seems the latter should have an overwhelming advantage, as a multibillion dollar industry staffed with hundreds of thousands of security professionals. However, the efforts of the information security industry are almost always reactive, and in most cases amount to losing ground on the defensive. The unfortunate and seldom acknowledged truth is that the underground hacking industry is always one step ahead. Why are we so slow to respond when all evidence indicates that such delays lead to enormous business losses? Is it possible that the fundamental way our information system security is organized has some inherited deficiencies which are prohibiting us from successfully mounting an effective defense?

Today's losses are becoming too great to say that we are just in need of some evolutionary improvements. Instead, we need to reevaluate the way we go about security business as a whole. In this article, we consider various processes common to both information systems and information system security based on both well-known cases and personal experience. This is our initial attempt to analyze how information system security is organized and to suggest some core changes to its processes.     

Managing the alignment between business processes and software systems

ContextThe alignment degree existing between a business process and the supporting software systems strongly affects the performance of the business process execution. Methodologies and tools are needed for detecting the alignment level and keeping a business process aligned with the supporting software systems even when they evolve.ObjectiveThis paper aims to provide an adequate support for managing such a kind of alignment and suggesting evolution actions if misalignment is detected. It proposes an approach including modeling and measuring activities for evaluating the alignment level and suggesting evolution activities, if needed.MethodThe proposed approach is composed of three main phases. The first phase regards the modeling of business process and software systems supporting it by applying a modeling notation based on UML and adequately extended for representing business processes. The second phase concerns the evaluation of the alignment degree through the assessment of a set of metrics codifying the alignment concept. Finally, the last phase analyses the evaluation results for suggesting evolution activities if misalignment is detected.ResultsThe paper analyses the application of the proposed approach to a case study regarding a working business process and related software system. The obtained results provided useful suggestion for evolving the supporting software system and improving the alignment level existing between them and the supported business process.ConclusionThe approach contributes in all phases of the process and software system evolution, even if its improvement can be needed for identifying the impact of the changes. The proposed approach facilitates the understanding of business processes, software systems and related models. This favors the interaction of the software and business analysts, as it was possible to better formulate the interviews to be conducted with regard to the objectives and, thus, to collect the required data.     

GoBIS: An integrated framework to analyse the goal and business process perspectives in information systems

ContextOrganisational reengineering, continuous process improvement, alignment among complementary analysis perspectives, and information traceability are some current motivations to promote investment and scientific effort for integrating goal and business process perspectives. Providing support to integrate information systems analysis becomes a challenge in this complex setting.ObjectiveThe GoBIS framework integrates two goal and business process modelling approaches: i^⁎ (a goal-oriented modelling method) and Communication Analysis (a communication-oriented business process modelling method).MethodIn this paper, we describe the methodological integration of both methods with the aim of fulfilling several criteria: i) to rely on appropriate theories; ii) to provide abstract and concrete syntaxes; iii) to provide scenarios of application; iv) to develop tool support; v) to provide demonstrable benefits to potential adopters.ResultsWe provide guidelines for using the two modelling methods in a top-down analysis scenario. The guidelines are validated by means of a comparative experiment and a focus-group session with students.ConclusionsFrom a practitioner viewpoint (modeller and/or analyst), the guidelines facilitate the traceability between goal and business process models, the experimental results highlight the benefits of GoBIS in performance and usability perceptions, and demonstrate an improvement on the completeness of the latter having an impact on efficiency. From a researcher perspective, the validation has produced useful feedback for future research.     

A systematic literature review of studies on business process modeling quality

ContextBusiness process modeling is an essential part of understanding and redesigning the activities that a typical enterprise uses to achieve its business goals. The quality of a business process model has a significant impact on the development of any enterprise and IT support for that process.ObjectiveSince the insights on what constitutes modeling quality are constantly evolving, it is unclear whether research on business process modeling quality already covers all major aspects of modeling quality. Therefore, the objective of this research is to determine the state of the art on business process modeling quality: What aspects of process modeling quality have been addressed until now and which gaps remain to be covered?MethodWe performed a systematic literature review of peer reviewed articles as published between 2000 and August 2013 on business process modeling quality. To analyze the contributions of the papers we use the Formal Concept Analysis technique.ResultsWe found 72 studies addressing quality aspects of business process models. These studies were classified into different dimensions: addressed model quality type, research goal, research method, and type of research result. Our findings suggest that there is no generally accepted framework of model quality types. Most research focuses on empirical and pragmatic quality aspects, specifically with respect to improving the understandability or readability of models. Among the various research methods, experimentation is the most popular one. The results from published research most often take the form of intangible knowledge.ConclusionWe believe there is a lack of an encompassing and generally accepted definition of business process modeling quality. This evidences the need for the development of a broader quality framework capable of dealing with the different aspects of business process modeling quality. Different dimensions of business process quality and of the process of modeling still require further research.     

Automating correctness verification of artifact-centric business process models

ContextThe artifact-centric methodology has emerged as a new paradigm to support business process management over the last few years. This way, business processes are described from the point of view of the artifacts that are manipulated during the process.ObjectiveOne of the research challenges in this area is the verification of the correctness of this kind of business process models where the model is formed of various artifacts that interact among them.MethodIn this paper, we propose a fully automated approach for verifying correctness of artifact-centric business process models, taking into account that the state (lifecycle) and the values of each artifact (numerical data described by pre and postconditions) influence in the values and the state of the others. The lifecycles of the artifacts and the numerical data managed are modeled by using the Constraint Programming paradigm, an Artificial Intelligence technique.ResultsTwo correctness notions for artifact-centric business process models are distinguished (reachability and weak termination), and novel verification algorithms are developed to check them. The algorithms are complete: neither false positives nor false negatives are generated. Moreover, the algorithms offer precise diagnosis of the detected errors, indicating the execution causing the error where the lifecycle gets stuck.ConclusionTo the best of our knowledge, this paper presents the first verification approach for artifact-centric business process models that integrates pre and postconditions, which define the behavior of the services, and numerical data verification when the model is formed of more than one artifact. The approach can detect errors not detectable with other approaches.     

Generating optimized configurable business process models in scenarios subject to uncertainty

ContextThe quality of business process models (i.e., software artifacts that capture the relations between the organizational units of a business) is essential for enhancing the management of business processes. However, such modeling is typically carried out manually. This is already challenging and time consuming when (1) input uncertainty exists, (2) activities are related, and (3) resource allocation has to be considered. When including optimization requirements regarding flexibility and robustness it becomes even more complicated potentially resulting into non-optimized models, errors, and lack of flexibility.ObjectiveTo facilitate the human work and to improve the resulting models in scenarios subject to uncertainty, we propose a software-supported approach for automatically creating configurable business process models from declarative specifications considering all the aforementioned requirements.MethodFirst, the scenario is modeled through a declarative language which allows the analysts to specify its variability and uncertainty. Thereafter, a set of optimized enactment plans (each one representing a potential execution alternative) are generated from such a model considering the input uncertainty. Finally, to deal with this uncertainty during run-time, a flexible configurable business process model is created from these plans.ResultsTo validate the proposed approach, we conduct a case study based on a real business which is subject to uncertainty. Results indicate that our approach improves the actual performance of the business and that the generated models support most of the uncertainty inherent to the business.ConclusionsThe proposed approach automatically selects the best part of the variability of a declarative specification. Unlike existing approaches, our approach considers input uncertainty, the optimization of multiple objective functions, as well as the resource and the control-flow perspectives. However, our approach also presents a few limitations: (1) it is focused on the control-flow and the data perspective is only partially addressed and (2) model attributes need to be estimated.     

Using intentional fragments to bridge the gap between organizational and intentional levels

ContextBusiness process models provide a natural way to describe real-world processes to be supported by software-intensive systems. These models can be used to analyze processes in the system-as-is and describe potential improvements for the system-to-be. But, how well does a given business process model satisfy its business goals? How can different perspectives be integrated in order to describe an inter-organizational process?ObjectiveThe aim of the present paper is to link the local and the global perspectives of the inter-organizational business process defined in BPMN 2.0 (Business Process Model and Notation) to KAOS goal models (Keep All Objectives Satisfied). We maintain a separation of concerns between the intentional level captured by the goal model and the organizational level captured by the process model. The paper presents the concept of intentional fragment (a set of flow elements of the process with a common purpose) and assess its usefulness.MethodWe conducted empirical experiments where the proposed concepts – here the intentional fragments – are validated by users. Our method relies on an iterative improvement process led by users feedback.ResultsWe find that the concept of intentional fragment is useful for (1) analyzing the business process model (2) reasoning about the relations between the goal model and the business process model and (3) identifying new goals. In a previous work we focused on BPMN 2.0 collaboration models (local view). This paper extends the previous work by integrating the global view given by choreography models in the approach.ConclusionWe conclude that the notion of intentional fragment is a useful mean to relate business process models and goal models while dealing with their different nature (activity oriented vs goal oriented). Intentional fragments can also be used to analyze the process model and to infer new goals in an iterative manner.     

A visual language and environment for enterprise system modelling and automation

ObjectiveWe want to support enterprise service modelling and generation using a more end user-friendly metaphor than current approaches, which fail to scale to large organisations with key issues of “cobweb” and “labyrinth” problems and large numbers of hidden dependencies.MethodWe present and evaluate an integrated visual approach for business process modelling using a novel tree-based overlay structure that effectively mitigate complexity problems. A tree-overlay based visual notation (EML) and its integrated support environment (MaramaEML) supplement and integrate with existing solutions. Complex business architectures are represented as service trees and business processes are modelled as process overlay sequences on the service trees.ResultsMaramaEML integrates EML and BPMN to provide complementary, high-level business service modelling and supports automatic BPEL code generation from the graphical representations to realise web services implementing the specified processes. It facilitates generated service validation using an integrated LTSA checker and provides a distortion-based fisheye and zooming function to enhance complex diagram navigation. Evaluations of EML show its effectiveness.ConclusionsWe have successfully developed and evaluated a novel tree-based metaphor for business process modelling and enterprise service generation. Practice implications: a more user-friendly modelling approach and support tool for business end users.     

STRATEGIC BUSINESS PLANNING Aligning Business Goals with Technology

Abstract

For strategic business planning to be successful in the prevailing competitive business environment, current and future technology needs must be considered. In many organizations, it is the responsibility of the IS manager to ensure that the information systems support these business needs. The IS manager must have a clear understanding of the organization's strategic business plan and must tailor IS projects to meet that plan's objectives. Enterprisewide information management and enterprise analysis can help the IS manager understand the business strategy and predict the effects of technology on that strategy.     

VIVACE: A framework for the systematic evaluation of variability support in process-aware information systems

ContextThe increasing adoption of process-aware information systems (PAISs) such as workflow management systems, enterprise resource planning systems, or case management systems, together with the high variability in business processes (e.g., sales processes may vary depending on the respective products and countries), has resulted in large industrial process model repositories. To cope with this business process variability, the proper management of process variants along the entire process lifecycle becomes crucial.ObjectiveThe goal of this paper is to develop a fundamental understanding of business process variability. In particular, the paper will provide a framework for assessing and comparing process variability approaches and the support they provide for the different phases of the business process lifecycle (i.e., process analysis and design, configuration, enactment, diagnosis, and evolution).MethodWe conducted a systematic literature review (SLR) in order to discover how process variability is supported by existing approaches.ResultsThe SLR resulted in 63 primary studies which were deeply analyzed. Based on this analysis, we derived the VIVACE framework. VIVACE allows assessing the expressiveness of a process modeling language regarding the explicit specification of process variability. Furthermore, the support provided by a process-aware information system to properly deal with process model variants can be assessed with VIVACE as well.ConclusionsVIVACE provides an empirically-grounded framework for process engineers that enables them to evaluate existing process variability approaches as well as to select that variability approach meeting their requirements best. Finally, it helps process engineers in implementing PAISs supporting process variability along the entire process lifecycle.     

Planning the Integration of Information Technology into Business Curricula

Abstract

The impact of information technology on business and industry is increasing steadily — in some cases, almost exponentially — as new applications are developed to make business operations more efficient and effective. To keep pace with this changing business environment, business school graduates need information technology skills. This article presents a planning methodology for the integration of information technology into business curricula and considers factors that are important for a successful integration. The methodology is sufficiently flexible and general so that it can be followed, with appropriate modifications, by any business school.     

Introduction to Secure Global Collaboration

ABSTRACT

Collaboration capabilities within a network, as well as, access to data with business partners are being viewed as a vital part of doing business. This paper discusses some of the concepts and methods that can be used to enable collaboration while still keeping the business data secure.     

A complete approach for CIM modelling and model formalising

ContextComputation Independent Model (CIM) as a business model describes the requirements and environment of a business system and instructs the designing and development; it is a key to influencing software success. Although many studies currently focus on model driven development (MDD); those researches, to a large extent, study the PIM-level and PSM-level model, and few have dealt with CIM-level modelling for case in which the requirements are unclear or incomplete.ObjectiveThis paper proposes a CIM-level modelling approach, which applies a stepwise refinement approach to modelling the CIM-level model starting from a high-level goal model to a lower-level business process model. A key advantage of our approach is the combination of the requirement model with the business model, which helps software engineers to define business models exactly for cases in which the requirements are unclear or incomplete.MethodThis paper, based on the model driven approach, proposes a set of models at the CIM-level and model transformations to connect these models. Accordingly, the formalisation approach of this paper involves formalising the goal model using the category theory and the scenario model and business process model using Petri nets.ResultsWe have defined a set of metamodels and transformation rules making it possible to obtain automatically a scenario model from the goal model and a business process model from the scenario model. At the same time, we have defined a mapping rule to formalise these models. Our proposed CIM modelling approach and formalisation approach are implemented with an MDA tool, and it has been empirically validated by a travel agency case study.ConclusionThis study shows how a CIM modelling approach helps to build a complete and consistent model at the CIM level for cases in which the requirements are unclear or incomplete in advance.     

Effectiveness of Security Control Risk Assessments for Enterprises: Assess on the Business Perspective of Security Risks

ABSTRACT

Today's businesses being IT enabled, the complexity of risks affecting the business has increased manifold and the need to gauge the Information Technology risks acting on the business operations has become paramount. The business managers who run business operations need to operate securely and seamlessly leveraging Information Technology and ability to recover and resume the business without any loss of confidentiality, integrity and availability of business information/data in any event of a security incident.

There is a need to quantify the impact of the IT security risk on the critical business processes, and provide the business-level insight at the management level. It is critical to classifying the Risk Ratings as per the impact on the business operations. This approach allows the organizations to understand and prioritize the security risk management activities that make the most sense for their organization to secure the business operations instead of trying to protect against every conceivable threat.     

Context aware exception handling in business process execution language

ContextFault handling represents a very important aspect of business process functioning. However, fault handling has thus far been solved statically, requiring the definition of fault handlers and handling logic to be defined at design time, which requires a great deal of effort, is error-prone and relatively difficult to maintain and extend. It is sometimes even impossible to define all fault handlers at design time.ObjectiveTo address this issue, we describe a novel context-aware architecture for fault handling in executable business process, which enables dynamic fault handling during business process execution.MethodWe performed analysis of existing fault handling disadvantages of WS-BPEL. We designed the artifact which complements existing statically defined fault handling in such a way that faults can be defined dynamically during business process run-time. We evaluated the artifact with analysis of system performance and performed a comparison against a set of well known workflow exception handling patterns.ResultsWe designed an artifact, that comprises an Observer component, Exception Handler Bus, Exception Knowledge Base and Solution Repository. A system performance analysis shows a significantly decreased repair time with the use of context aware activities. We proved that the designed artifact extends the range of supported workflow exception handling patterns.ConclusionThe artifact presented in this research considerably improves static fault handling, as it enables the dynamic fault resolution of semantically similar faults with continuous enhancement of fault handling in run-time. It also results in broader support of workflow exception handling patterns.     

A rigorous methodology for specification and verification of business processes

Both specification and verification of business processes are gaining more and more attention in the field. Most of the existing works in the last years are dealing with important, yet very specialized, issues. Among these, we can enumerate compensation constructs to cope with exceptions generated by long running business transactions, fully programmable fault and compensation handling mechanism, web service area, scope-based compensation and shared-labels for synchronization, and so on. The main purpose of this paper is to present a semi-automatized framework to describe and analyse business processes. Business analysts can now use a simple specification language (e.g., BPMN [Obj06]) to describe any type of activity in a company, in a concurrent and modular fashion. The associated programs (e.g., BPDs [Obj06]) have to be executed in an appropriate language (e.g., BPEL4WS [ACD⁺03]). Much more, they have to be confirmed to be sound, via some prescribed (a priori) conditions. We suggest how all the issues can be embedded in a unifying computer tool. We link our work with similar approaches and we justify our particular choices (besides BPMN and BPD): the TLA+ language for expressing the imposed behavioural conditions and Petri Nets ([EB87], [EB88]) to describe an intermediate semantics. In fact, we want to manage in an appropriate way the general relationship diagram (Fig. 1). Examples and case studies are provided. General relationship diagram     

A metamodel to integrate business processes time perspective in BPMN 2.0

ContextBusiness Process Management (BPM) is becoming a strategic advantage for organizations to streamline their operations. Most business experts are betting for OMG Business Process Model and Notation (BPMN) as de-facto standard (ISO/IEC 19510:2013) and selected technology to model processes. The temporal dimension underlies in any kind of process however, technicians need to shape this perspective that must also coexist with task control flow aspects, as well as resource and case perspectives. BPMN poorly gathers temporary rules. This is why there are contributions that extend the standard to cover such dimension. BPMN is mainly an imperative language. There are research contributions showing time constraints in BPMN, such as (i) BPMN patterns to express each rule with a combination of artifacts, thus these approaches increase the use of imperative BPMN style, and (ii) new decorators to capture time rules semantics giving clearer and simpler comprehensible specifications. Nevertheless, these extensions cannot yet be found in the present standard.ObjectiveTo define a time rule taxonomy easily found in most business processes and look for an approach that applies each rule with current BPMN 2.0 standard in a declarative way.MethodA model-driven approach is used to propose a BPMN metamodel extension to address time-perspective.ResultsWe look at a declarative approach where new time specifications may overlie the main control flow of a BPMN process. This proposal is totally supported with current BPMN standard, giving a BPMN metamodel extension with OCL constraints. We also use AQUA-WS as a software project case study which is planned and managed with MS Project. We illustrate business process extraction from project plans.ConclusionThis paper suggests to handle business temporal rules with current BPMN standard, along with other business perspectives like resources and cases. This approach can be applied to reverse engineering processes from legacy databases.