Correo Electrónico
DNINFOA - SIA
Bibliotecas
Convocatorias
Identidad U.N.
Publicado
Convergencia entre la gestión de riesgos y la gestión por procesos: una revisión de la literatura
The Convergence of Risk Management and Business Process Management: A Literature Review
A convergência da gestão de riscos e da gestão de processos de negócios: uma revisão da literatura
DOI:
https://doi.org/10.15446/innovar.v35n97.102236Palabras clave:
bpm, gestión de riesgo, mejora de procesos, gestión por procesos (es)gestão de processos de negócios, BPM, gestão de riscos, melhoria de processos (pt)
Business process management, BPM, risk management, process improvement (en)
Descargas
El enfoque conjunto de la gestión por procesos y la gestión de riesgos constituye un marco gerencial integral. Mientras que la gestión por procesos se orienta a la mejora continua y la optimización de los métodos organizacionales, la gestión de riesgos se enfoca en mitigar amenazas potenciales y aprovechar oportunidades. En la intersección de ambos enfoques, se evidencia la importancia de incorporar una perspectiva de riesgos al momento de modificar o rediseñar procesos, lo cual resalta la necesidad de adoptar una visión holística para implementar mejoras efectivas. Este artículo presenta una revisión sistemática de la literatura sobre la convergencia entre la gestión procesos y la gestión de riesgos. Luego de evaluar 198 documentos, se seleccionaron 20 artículos que cumplieron con rigurosos criterios de inclusión para su análisis detallado. Las principales variables examinadas incluyen elementos del proceso, tipos de datos, metodologías y herramientas de minería de procesos. Este artículo ofrece una compilación exhaustiva de los temas abordados, identificando coincidencias en técnicas, herramientas y enfoques metodológicos. Asimismo, se destacan las limitaciones y contribuciones de cada estudio analizado, proponiendo una perspectiva innovadora que integra el ciclo de vida de la gestión por procesos con la gestión de riesgos. En síntesis, este trabajo busca constituirse en un recurso clave para directivos y profesionales interesados en optimizar procesos organizacionales y mitigar riesgos. Además, sienta las bases para el desarrollo de una herramienta integral capaz de anticipar y gestionar riesgos en todas las etapas del ciclo de vida de los procesos, mejorando así la eficiencia gerencial y la rentabilidad mediante la reducción de costos y pérdidas asociadas a los riesgos.
The focus on business process management (BPM) and risk management presents a comprehensive managerial framework. BPM emphasizes process improvement and optimization, while risk management seeks to mitigate potential threats and capitalize on opportunities. At the intersection of these domains, the importance of considering risks when modifying processes becomes evident, underscoring the need for a holistic perspective to implement practical enhancements. This article offers a literature review that explores the convergence between BPM and risk management. After evaluating 198 documents, 20 articles that met rigorous selection criteria were chosen for analysis. Key variables examined include process elements, data types, methodologies, and mining tools. The paper provides a thorough compilation of the investigated topics, identifying commonalities in techniques, tools, and methodologies. Additionally, it highlights the limitations and contributions of each author, advancing an innovative approach that integrates the life cycle of process management with risk management. In summary, this article aims to serve as an essential resource for executives and professionals seeking to optimize processes and mitigate risks. It also establishes a foundation for developing a comprehensive tool that anticipates and addresses risks at all stages of the process life cycle. Ultimately, such a tool would enhance management efficiency and profitability by reducing costs and losses associated with risks.
O foco na gestão de processos de negócios (BPM, sigla em inglês) e na gestão de riscos apresenta uma estrutura gerencial abrangente. O BPM enfatiza a melhoria e otimização de processos, enquanto a gestão de riscos busca mitigar ameaças potenciais e capitalizar oportunidades. Na intersecção desses domínios, torna-se evidente a importância de considerar os riscos ao modificar ou redesenhar processos, ressaltando a necessidade de uma perspectiva holística para implementar melhorias práticas. Este artigo oferece uma revisão da literatura que explora a convergência entre BPM e gestão de riscos. Após a avaliação de 198 documentos, foram escolhidos para a análise 20 artigos que atenderam a rigorosos critérios de seleção. As principais variáveis examinadas incluem elementos de processo, tipos de dados, metodologias e ferramentas de mineração. O artigo fornece uma síntese abrangente dos tópicos investigados, identificando semelhanças em técnicas, ferramentas e metodologias. Além disso, destaca as limitações e contribuições de cada estudo analisado, avançando uma abordagem inovadora que integra o ciclo de vida da gestão de processos com a gestão de riscos. Em resumo, este artigo tem como objetivo servir como um recurso essencial para executivos e profissionais que buscam otimizar processos e mitigar riscos. Ele também estabelece uma base para o desenvolvimento de uma ferramenta abrangente que antecipa e aborda os riscos em todos os estágios do ciclo de vida do processo. Por fim, essa ferramenta aumentaria a eficiência e a lucratividade da gestão, reduzindo custos e perdas associados aos riscos.
Referencias
Aven, T. (2017). The flaws of the iso 31000 conceptualisation of risk. Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, 231(5), 467-468. https://doi.org/10.1177/1748006X17690672
Barafort, B., Mesquida, A. L., & Mas, A. (2019). iso 31000-based integrated risk management process assessment model for it organizations. Journal of Software: Evolution and Process, 31(1), e1984. https://doi.org/10.1002/smr.1984
Battisti, E., Shams, S. M. R., Sakka, G., & Miglietta, N. (2020). Big data and risk management in business processes: implications for corporate real estate. bpm Journal, 26(5), 1141-1155. https://doi.org/10.1108/BPMJ-03-2019-0125
Betz, S., Hickl, S., & Oberweis, A. (2011). Risk-aware business process modeling and simulation using xml nets. Proceedings - 13th ieee International Conference on Commerce and Enterprise Computing, cec 2011, 349-356. https://ieeexplore.ieee.org/document/6046998/ DOI: https://doi.org/10.1109/CEC.2011.58
Bielak, Ł., Grzesiek, A., Janczura, J., & Wyłomańska, A. (2021). Market risk factors analysis for an international mining company. Multi-dimensional, heavy-tailed-based modelling. Resources Policy, 74, 102308. https://arxiv.org/abs/2107.07142 DOI: https://doi.org/10.1016/j.resourpol.2021.102308
Bronkhorst, E., & Leask, E. (2016). bpm as a tax risk identification and management method. EJournal of Tax Research, 14(3), 567-586. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85013224113&partnerID=40&md5=7fe1a57c5a22d0b365db67b0cb9536bd
Committee of Sponsoring Organizations of the Treadway Commission [coso]. (2017). Enterprise risk management - integrating with strategy and performance. coso.
Conforti, R., de Leoni, M., la Rosa, M., van der Aalst, W. M. P., & ter Hofstede, A. H. M. (2015). A recommendation system for predicting risks across multiple business process instances. Decision Support Systems, 69, 1-19. https://doi.org/10.1016/j.dss.2014.10.006
Conforti, R., la Rosa, M., ter Hofstede, A. H. M., Fortino, G., de Leoni, M., van der Aalst, W. M. P., & Adams, M. (2013). A software framework for risk-aware bpm. In P. H. A. Deneckere R. (Ed.), ceur Workshop Proceedings (Vol. 998, pp. 130-137). ceur-ws. https://www.scopus.com/inward/record.uri?eid=2-s2.0-84924310249&partnerID=40&md5=b3cef4bf0235489738fc1bd186899b1a
Cruz, C. O., & Rodovalho, E. D. C. (2019). Application of iso 31000 standard on tailings dam safety. Revista Escola de Minas, 72(1), 47-54. https://doi.org/10.1590/0370-44672018720123
Dumas, M., la Rosa, M., Mendling, J., & Reijers, H. A. (2018). Fundamentals of bpm. Second Edition. Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-662-56509-4
Dvorsky, J., Belas, J., Gavurova, B., & Brabenec, T. (2021). Business risk management in the context of small and medium-sized enterprises. Economic Research-Ekonomska Istraživanja, 34(1), 1690-1708. https://doi.org/10.1080/1331677X.2020.1844588
Ensslin, L., Ensslin, S. R., Dutra, A., Nunes, N. A., & Reis, C. (2017). bpm governance: A literature analysis of performance evaluation. bpm Journal, 23(1), 71-86. https://doi.org/10.1108/BPMJ-11-2015-0159
Everett, C. (2011). A risky business: iso 31000 and 27005 unwrapped. Computer Fraud and Security, 2011(2), 5-7. https://doi.org/10.1016/S1361-3723(11)70015-X
Fabri, K. (2008). iso 31000 “Risk Management” as New Comprehensive Methodology. International Paperworld ipw, 10, 52-55.
Gošnik, D., & Stubelj, I. (2021). bpm and risk-adjusted performance in smes. Kybernetes, 51(2), 659-675. https://doi.org/10.1108/K-11-2020-0794
Hassel, H., & Cedergren, A. (2021). Integrating risk assessment and business impact assessment in the public crisis management sector. International Journal of Disaster Risk Reduction, 56, 102136. https://doi.org/10.1016/j.ijdrr.2021.102136.
International Organization for Standardization [iso]. (2015). iso 9001:2015 - Quality management systems - Requirements. iso.
International Organization for Standardization [iso]. (2018). iso 31000:2018 - Risk management - Guidelines. iso.
International Organization for Standardization [iso]. (2019). iso 22301:2019 - Security and resilience - Business continuity management systems - Requirements. iso.
Kar, A. and Rai, R.N. (2025), "A modified fuzzy PFMEA model for risk-centric Six Sigma assessment under the paradigm of Quality 4.0", International Journal of Lean Six Sigma, Vol. 16 No. 1, pp. 197-230. https://doi.org/10.1108/IJLSS-08-2023-0131
Karanja, E. (2017). Does the hiring of chief risk officers align with the coso/iso enterprise risk management frameworks? International Journal of Accounting and Information Management, 25(3), 274-295. https://doi.org/10.1108/IJAIM-04-2016-0037
Lamine, E., Thabet, R., Sienou, A., Bork, D., Fontanili, F., & Pingaud, H. (2020). bprim: An integrated framework for bpm and risk management. Computers in Industry, 117, 103199. https://doi.org/10.1016/j.compind.2020.103199
Leu, J. D., Huang, Y.-T., Schmiedel, T., Recker, J., vom Brocke, J., Syed, R., Bandara, W., French, E., Stewart, G., Mezouar, H., el Afia, A., Kratsch, W., Manderscheid, J., Reißner, D., Röglinger, M., Lamine, E., Thabet, R., Sienou, A., Bork, D., … Jelenc, F. (2019). bprim: An integrated framework for bpm and risk management. bpm Journal, 7(1), 1-19. https://doi.org/10.1007/978-3-642-20508-8_4
Li, L., Wang, J., & Li, X. (2020). Efficiency analysis of machine learning intelligent investment based on K-Means algorithm. ieee Access, 8, 147463-147470. https://doi.org/10.1109/ACCESS.2020.3011366
Li, Y., & Wang, X. (2019). Using fuzzy analytic network process and ism methods for risk assessment of public-private partnership: A china perspective. Journal of Civil Engineering and Management, 25, 168-183. https://doi.org/10.3846/jcem.2019.8655
Livshitz, I. I., Lontsikh, P. A., Stefanovskay, O. M., Golovina, E. Y., & Kibirev, Y. v. (2019). Simulation method within integrated management systems and affects for digital enterprises processes support. In S. S. O. (Ed.), Proceedings of the 2019 ieee International Conference Quality Management, Transport and Information Security, Information Technologies it and qm and is 2019 (pp. 33-36). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ITQMIS.2019.8928308
Lückmann, P., & Feldmann, C. (2017). Success factors for business process improvement projects in small and medium sized enterprises - Empirical evidence. Procedia Computer Science, 121, 439-445. https://doi.org/10.1016/j.procs.2017.11.059
Marrella, A., & Mecella, M. (2018). Cognitive bpm for adaptive cyber-physical processes. Lecture Notes in Business Information Processing, 308, 429-439. https://doi.org/10.1007/978-3-319-74030-0_33
National Institute of Standards and Technology. (2012). nist Special Publication 800-30 Rev. 1 - Guide for Conducting Risk Assessments. U.S. Department of Commerce.
Panjehfouladgaran, H., & Lim, S. F. W. T. (2020). Reverse logistics risk management: identification, clustering and risk mitigation strategies. Management Decision, 58(7), 1449-1474. https://doi.org/10.1108/MD-01-2018-0010
Papanikolaou, M., & Xenidis, Y. (2020). Risk-informed performance assessment of construction projects. Sustainability (Switzerland), 12(13), 5321. https://doi.org/10.3390/su12135321
Patel, M., & Desai, D. A. (2018). Critical review and analysis of measuring the success of Six Sigma implementation in manufacturing sector. International Journal of Quality and Reliability Management, 35(8), 1519-1545. https://doi.org/10.1108/IJQRM-04-2017-0081
Pehlivanlı, D., Eken, S., & Ayan, E. (2019). Detection of fraud risks in retailing sector using mlp and svm techniques. Turkish Journal of Electrical Engineering and Computer Sciences, 27, 1-15. https://doi.org/10.3906/elk-1902-18
Pröllochs, N., & Feuerriegel, S. (2020). Business analytics for strategic management: Identifying and assessing corporate challenges via topic modeling. Information & Management, 57(1), 103070. https://doi.org/https://doi.org/10.1016/j.im.2018.05.003
Purwanggono, B., & Margarette, A. (2017). Risk assessment of underpass infrastructure project based on iso 31000 and iso 21500 using fishbone diagram and rfmea (project risk failure mode and effects analysis) method. In M. R. (Ed.), iop Conference Series: Materials Science and Engineering (Vol. 277, Issue 1). Institute of Physics Publishing. https://doi.org/10.1088/1757-899X/277/1/012039
Qayyum, S., Ullah, F., Al-Turjman, F., & Mojtahedi, M. (2021). Managing smart cities through six sigma dmadicv method: A review-based conceptual framework. Sustainable Cities and Society, 72, 103022. https://doi.org/10.1016/j.scs.2021.103022
Schardt, C., Adams, M., Owens, T., Keitz, S., & Fontelo, P. (2007). Utilization of the pico framework of improve searching PubMed for clinical question. bmc Medical Informatics and Decision Making, 7, 16. https://doi.org/10.1186/1472-6947-7-16
Sun, Y., AI-Khazrage, L., & Özümerzifon, Ö. (2021). Generating high quality samples of process cases in internal audit. Lecture Notes in Business Information Processing, 427, 263-279. https://doi.org/10.1007/978-3-030-85440-9_16
Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A. H. M., Adams, M., Conforti, R., Fidge, C., la Rosa, M., Ouyang, C., Pika, A., Rosemann, M., & Wynn, M. (2014). Current research in risk-aware bpm-overview, comparison, and gap analysis. Communications of the Association for Information Systems, 34(1), 933-984. https://doi.org/10.17705/1cais.03452
Thabet, R., Bork, D., Boufaied, A., Lamine, E., Korbaa, O., & Pingaud, H. (2021). Risk-aware bpm using multi-view modeling: Method and tool. Requirements Engineering, 26(3), 371-397. https://doi.org/10.1007/s00766-021-00348-2
Thabet, R., Boufaied, A., Korbaa, O., Lamine, E., Bork, D., & Pingaud, H. (2020). Formal specification, implementation, and evaluation of the Adobprim approach. 26th Americas Conference on Information Systems, amcis 2020. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85097707452&partnerID=40&md5=c7330ea9f97d53666e8aa931a202d785
Thabet, R., Boufaied, A., Lamine, E., Bork, D., Korbaa, O., & Pingaud, H. (2020). Adobprim: Towards a new healthcare risk-aware bpm tool. In G. H. Cabitza F. Fred A. (Ed.), healthinf 2020 - 13th International Conference on Health Informatics, Proceedings; Part of 13th International Joint Conference on Biomedical Engineering Systems and Technologies, biostec 2020 (pp. 498–505). SciTePress. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85083745172&partnerID=40&md5=b8b80daa5766ce3354653aaf5c144479
United States Government Publishing Office. (2002). Sarbanes-Oxley Act of 2002. u.s. Government Printing Office.
Weeserik, B. P., & Spruit, M. (2018). Improving operational risk management using business performance management technologies. Sustainability, 10(3), 640. https://doi.org/10.3390/su10030640
Wu, Q., He, Z., Wang, H., Wen, L., & Yu, T. (2019). A business process analysis methodology based on process mining for complaint handling service processes. Applied Sciences, 9(16), 3313. https://doi.org/10.3390/app9163313
Zerbino, P., Aloini, D., Dulmin, R., & Mininno, V. (2018). Process-mining-enabled audit of information systems: Methodology and an application. Expert Systems with Applications, 110, 80-92. https://doi.org/10.1016/j.eswa.2018.05.030
Zur Muehlen, M., & Ho, D. T.-Y. (2005). Risk management in the bpm lifecycle. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3812, 454-466. https://www.scopus.com/inward/record.uri?eid=2-s2.0-33745161888&partnerID=40&md5=dcec2687f532f3a76e9fff5851c03ae6
Cómo citar
APA
ACM
ACS
ABNT
Chicago
Harvard
IEEE
MLA
Turabian
Vancouver
Descargar cita
Licencia
Derechos de autor 2025 Innovar
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial-SinDerivadas 4.0.
Todos los artículos publicados por Innovar se encuentran disponibles globalmente con acceso abierto y licenciados bajo los términos de Creative Commons Atribución-No_Comercial-Sin_Derivadas 4.0 Internacional (CC BY-NC-ND 4.0).
Una vez seleccionados los artículos para un número, y antes de iniciar la etapa de cuidado y producción editorial, los autores deben firmar una cesión de derechos patrimoniales de su obra. Innovar se ciñe a las normas colombianas en materia de derechos de autor.
El material de esta revista puede ser reproducido o citado con carácter académico, citando la fuente.
Esta obra está bajo una Licencia Creative Commons:
