Future wish: Adding risks and controls on a BPMN levelNot planned
This is more a heads up for a future wish we expect to develop:
- the ability to link objects of type 'risks' as items to business process activities on a BPMN level (and be able to link a questionnaire - for further attributes such as description, risk classification, owner, risk chance, risk impact)
- the ability to link objects of type 'controls' to these risks, also with an questionnaire (such as description, owner, last audit-date)
- And the ability to report (reporting and interface) on risks and controls, such as: which processes have what risks? What risks have no controls attached? What processes have risk 'privacy data leak' (AVG)?
Challenge: of course we can do this on the Archimate level, but for certain risks we want to be more specific and be able to define where in a process the risk occurs. Challenge is that, as far as I know, there is no agreed upon Risk-extension to BPMN as of yet (unlike Aris' EPC standard)
- What is the problem you encounter?
BD does not support risk and control-definitions on a BPMN-level.
- Why do you want this wish?
- In the future we want to integrate our risk management system and process management solution.
- Do you have a workaround? And if so, what is it?
No, nothing. But currently is just a future wish
- How would you ideally solve the problem?
- How big is the problem on a scale from 1 to 5? 2
Post is closed for comments.