An Integrated Approach to Improving Business Process Quality through Risk Modeling – Part 1

Registration is free. Login or register to view/download this content.


Sr. Architect, INTEGRITYOne Partners, Inc.
Ed Hollingsworth is an Enterprise Architect with over fourteen years experience in Information Technology and expertise in Service-Oriented Architecture (SOA) design and implementation. Creator of INTEGRITYOne’s innovative OP2EN Discovery methodology, he holds a Bachelor’s Degree in Computer Science from the University of Maryland University College, as well as a Graduate-level Certificate in Project Management. Mr. Hollingsworth has constantly championed Business Process Management (BPM) engagements at IOP and is presently in the formative stages of standing up a BPM practice area within the firm. Mr. Hollingsworth’s commitment to breaking down barriers between Business and IT is clearly evident in his client work.

Risk Management and Business Process Management have long been acknowledged as distinct disciplines. They seem to be getting more comfortable with one another. Business Process Model & Notation (BPMN) has emerged in the past decade as a powerful tool for visualizing and even operationalizing business processes. In an effort to further enhance the value of BPMN, we experimented with ways to integrate elements of traditional risk management directly into business process models, thus improving the quality of those processes and increasing the percentage of positive business outcomes those processes achieve. In this first of a two-part series, we explore the context and precedents for our research; Part 2 will describe an innovative approach to incorporating risk management directly into business process models using the open source BPMN 2.0 tool.

The traditional risk management approach, often considered a subset of project management, does little to actually improve the quality of business processes. It rather focuses on disjoint analysis and recovery plans that are separate from the process that produced the risk event. By integrating risks and their potential outcomes directly into business process models, we see a clearer connection between our operational workflows and the myriad risks inherent to each process. Let’s review some of the milestones along the path to where we are in the interest of getting to where we want to be, that is, to a place where Business Process and Risk Management can be seamlessly integrated.

Originally developed in the early 1990s, KNOWVA (Knowledge Value-Added) is an innovative framework for identifying and targeting “soft” environmental factors that can influence the effectiveness of business processes. While not comprehensive in its approach to enhancing the value of business process models, the KNOWVA Framework does succeed in identifying the contextual factors that influence the perception of risk within business processes and addresses how these risks can be systematically identified and modeled.

Introduced in the early 2000s and refined over the past decade, Risk-Aware Process Modeling builds on KNOWVA and other developments to achieve a link between a risk taxonomy and a business process taxonomy. Risk-Aware Process Modeling refines these previous methods by subdividing the task into a set of four different model types: the Risk Structure model, the Risk Goal model, the Risk State model, and Event-driven Process Chain (EPC)s that have been extended to include risks. This modeling notation, put forth by the research team of zur Muehlen and Rosemann, is based upon the Architecture of Integrated Information Systems (ARIS) and Event-driven Process Chain (EPC) extensions, though the concept is translatable to other notations, including the Universal Modeling Language (UML) and BPMN.

Another team of researchers, Neiger, Rotaru, and Caulfield, has developed a unique method of modeling risk minimization objectives in parallel with business processes and then combining the two models into a unified structure. The technique borrows heavily from a prior process methodology developed in the 1990s, value-focused process engineering (VFPE), and augments it by applying classic risk analysis techniques and linking the findings to the risk-prone activities in the process. This approach provides a procedural method for identifying process-related risk and associating those risks with the business process model.

The model proposed by Neiger, Rotaru, and Caulfield is related to zur Muehlen and Rosemann ’s Risk Goal Model. While both of these methods attempt to correlate risk events identified using a classical hierarchical approach with a separately-defined business process model, neither go as far as to actually represent the alternative process paths that these risks events would trigger.

This leaves us with a need to assimilate the best features of what’s been done to date and take this integration one step further so that the risk events themselves and their recovery plans are both built directly into the business process model from the start. To reinforce our integrated approach, we’ve found that the best place to start is to use BPMN 2.0 as the notation standard.

There are several elements of BPMN, some newly-introduced in the BPMN 2.0 specification, that facilitate the modeling of risk in line with a business process model. These include swimlane constructs, data objects, event-based gateways (new to BPMN 2.0), intermediate message events, and message flows. Since occurrences of risk in a business process will be represented as events, it is important that we understand the way in which BPMN 2.0 supports the representation of event-driven process models in general, before we explore how this type of approach can be used to reflect risk.

Previous process modeling notations (including BPMN itself, prior to 2.0) had notable limitations. One of these, a particular challenge that arose when modeling processes for execution, was the tight coupling between swimlanes (roles) and sub-processes. Historically, it was very difficult to divide a complex process into deployable, short-running sub-processes, without also defining some overarching construct that served as a “manager” for the various pieces. In reality, rather than creating loosely coupled microflows, we were simply changing what the pieces were coupled to. Event-driven processes provide the solution to this dilemma by allowing the process modeler to define the independent microflows that will be used to respond to the many business events that can occur within an organization. With BPMN 2.0, the Event-based Gateway can be used to represent the point where one role (lane) within the process ceases activity and waits for the next business event to occur.

The introduction of the Event-based Gateway construct in BPMN 2.0 was really the key enabler that allows modeling of event-driven processes using this standard notation. An Event-based gateway can essentially be viewed as a “hold” in the process, more specifically, within one lane of the process. Regardless of the specific process being modeled, the activity immediately preceding the gateway basically amounts to “Wait for something to happen.” The various somethings that could happen are then modeled as intermediate message receive events flowing out of the gateway. The semantics of this combination of elements indicate that any of the modeled events could occur at this point in the process, and whichever one happens first will be responded to. Parallel and Exclusive (instantiate) permutations of the Event-based Gateway exist as well, but the semantics of these elements are not relevant to the topic at hand.

By using these powerful features of BPMN in conjunction with classic Risk Management techniques, we are able to establish a much more robust model of our enterprise. The value of incorporating risk into business process models should not be underestimated. Not only does an integrated model such as this provide a better understanding of risks that threaten an organization’s success, it can also bring to light the points in a process when it may be advantageous to explore an opportunity. Part 2 of this series will describe a unique approach for accomplishing this goal.

Similar Resources

Featured Certificate: BPM Specialist

Everyone starts here.

You're looking for a way to improve your process improvement skills, but you're not sure where to start.

Earning your Business Process Management Specialist (BPMS) Certificate will give you the competitive advantage you need in today's world. Our courses help you deliver faster and makes projects easier.

Your skills will include building hierarchical process models, using tools to analyze and assess process performance, defining critical process metrics, using best practice principles to redesign processes, developing process improvement project plans, building a center of excellence, and establishing process governance.

The BPMS Certificate is the perfect way to show employers that you are serious about business process management. With in-depth knowledge of process improvement and management, you'll be able to take your business career to the next level.

Learn more about the BPM Specialist Certificate





  • Business Process Management Specialist
  • Earning your Business Process Management Specialist (BPMS) Certificate will provide you with a distinct competitive advantage in today’s rapidly evolving business landscape. With in-depth knowledge of process improvement and management, you’ll be able to take your business career to the next level.
  • BPM Professional Certificate
    Business Process Management Professional
  • Earning your Business Process Management Professional (BPMP) Certificate will elevate your expertise and professional standing in the field of business process management. Our BPMP Certificate is a tangible symbol of your achievement, demonstrating your in-depth knowledge of process improvement and management.


BPM Certification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Process Management Certification from the industry's top BPM educational organization.




  • Operational Excellence Specialist
  • Earning your Operational Excellence Specialist Certificate will provide you with a distinct advantage in driving organizational excellence and achieving sustainable improvements in performance.


OpEx Professional Certificate

  • Operational Excellence Professional
  • Earn your Operational Excellence Professional Certificate and gain a competitive edge in driving organizational excellence and achieving sustainable improvements in performance.



  • Agile BPM Specialist
  • Earn your Agile BPM Specialist Certificate and gain a competitive edge in driving business process management (BPM) with agile methodologies. You’ll gain a strong understanding of how to apply agile principles and concepts to business process management initiatives.  

Business Architecture



  • Business Architecture Specialist
  • The Business Architecture Specialist (BAIS) Certificate is proof that you’ve begun your business architecture journey by committing to the industry’s most meaningful and credible business architecture training program.

  • Business Architecture Professional
  • When you earn your Business Architecture Professional (BAIP) Certificate, you will be able to design and implement a governance structure for your organization, develop and optimize business processes, and manage business information effectively.

BA CertificationCertification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Architecture Certification from the industry's top BPM educational organization.




  • Digital Transformation Specialist
  • Earning your Digital Transformation Specialist Certificate will provide you with a distinct advantage in today’s rapidly evolving business landscape. 


  • Digital Transformation Professional
  • The Digital Transformation Professional Certificate is the first program in the industry to cover all the key pillars of Digital Transformation holistically with practical recommendations and exercises.



  • Agile Business Analysis Specialist
  • Earning your Agile Business Analysis Specialist Certificate will provide you with a distinct advantage in the world of agile software development.


  • DAS Certificate
  • Decision Automation Specialist
  • Earning your Decision Automation Certificate will empower you to excel in the dynamic field of automated decision-making, where data-driven insights are pivotal to driving business innovation and efficiency.