Professional Documents
Culture Documents
Business process analysis (BPA) is the investigation of various business operations classified into processes, or
series' of related tasks, where observation revolves around the specific ways in which these processes happen
along a life cycle from beginning to end.
A business process consists of a series of related tasks or events with a particular end objective, business process
analysis uses various tools and methodologies to look at these processes in a variety of ways, and to monitor
efficiency and productivity.
Business process analysis helps an organization improve how it conducts its functions and activities in order to:
reduce overall costs,
provide more efficient use of scarce resources, and
better support customers.
It introduces the notion of process orientation, of concentrating on and rethinking end-to-end activities that
create value for customers, while removing unnecessary, non-value-added work.
Generally technology is implemented to automate or streamline business processes, so it is important to
conduct a business process analysis to understand how the process works and how it can be improved
A Business Process Model is a step-by-step description of what one or more business users does to accomplish
a specific goal. Those steps can be manual, paper-based, or software-based.
A Business Process Model also covers the variations and exceptions in the process.
A Business Process Model contains the following elements:
Statement of Scope – It’s very easy for one process to turn into several. Naming your process with a
clear name in the [Verb] [Noun] syntax and writing a starts with / ends when statement will help you
clearly identify the scope of the process.
Desired Outcome – It’s easy for a process to get ingrained in ―how we do it here‖ but lose its value over
time. As a BA, it’s also very easy to jump into the details of what we do before considering why we do
it.
Process Flow or Activity Descriptions – It’s a list of the steps completed by people in certain roles.
This is the primary path through the business process.
Exceptions –These are variations. What happens if information on a form is illegible, a required piece of
information is not provided, or a special condition is met?
Business Rules – Your process flow will presume a certain set of rules are followed or enforce those
rules. As processes get more complex, it often makes sense to break the business rules out separately so
they can be more easily managed as they change.
Entry Criteria and Inputs – Entry Criteria identify what needs to be true in order for the process to
start. Inputs identify any tangible work items someone executing the business process needs to have
present-at-hand.
Exit Criteria and Outputs – Exit Criteria identify what needs to be true when the process
ends. Outputs identify tangible work items generated through the course of the business process.
Workflow Diagram – It makes sense to include a visual model showing the primary activity steps and
exceptions. When multiple roles are involved, a swimlane diagram is a good choice.
Document your business process and think about what type of process you’ve created.
Separating each process by type can help you analyze the process and make improvements. If two processes are
the same type, their process improvements may be similar.
A particular process may be an operating, support, or management process.
Your operations refer to the day-to-day tasks you complete to deliver a product or service to a client.
A support process supports the operations of your firm.
Every organization needs management to run the overall direction of the business. The process of
planning and implementing a budget is a management process. Every company should have a formal
process to create a budget.
Analyze business process for signs of process inefficiency. A business process consists of inputs and outputs.
Labor, energy, materials and capital equipment are considered inputs.
An input is an asset you use to produce revenue and profits.
An output, on the other hand, is a physical product or service.
Inputs go into your process and create an output.
You need to perform analysis to find inefficiencies.
Your process should use inputs efficiently to produce outputs.
Long repair times or large work backlogs are an indication that something is wrong with your process. The
problem may be that you’re scheduling repairs too close together.
If the cost of your replacements parts is far higher than you budgeted, that is another indication that
something is wrong. Specifically, you may have a problem with your purchasing department, or the with
vendors who sell you parts
Based on the problems you identify, decide which processes need to be improved. If you need to prioritize
between several processes, select the process that has the biggest impact on your business.
Conduct a brainstorming session to find process improvements. Many processes involve more than one
department in your business. Group sessions can identify process inefficiencies that impact more than one
department. These sessions can also validate the information provided during your one-on-one interviews with
participants.
Summarize the information you have received and distribute it to process participants. This should
include both participants you have interviewed and others that you did not interview. Ask for feedback
from everyone. The feedback will provide additional guidance for your analysis.
Information received from participants in the process should provide you with a clear idea how the
process works, and what its issues are.
The discussions with personnel become the basis for making changes to a process. Your changes may
reduce costs, reduce cycle time, simplify a process or improve customer service.
Create a business process flowchart for each process. A process flowchart can help you visualize a business
process. You can use the documentation from your process discussions to create the flowchart. The flowchart
should contain all of the steps required to complete a particular business process.
It is important to note that a business process flowchart should only contain the defined procedures that
employees must follow.
Flowcharts may be prepared manually or with the use of software. Word processors and spreadsheet
programs with charting functionality can be used. You can also find software that is designed to draw
flowcharts.
The flowchart is an excellent tool to clearly see the business process in front of you. This visual tool can
make it is much easier to identify and fix inefficiencies.
Once you make changes to a process, review the outcomes and see if the process made the
improvements you expected. If not, analyze the process again and try to identify areas of improvement.
Process analysis should be an ongoing task for your business.
Risk Assessments
Is the "possibility of an event occurring that will have an impact on the achievement of objectives." The impact
of these risks could affect a department's finances, operations, sponsored funding, or reputation. To effectively
manage these risks, it is necessary for management to implement a process to identify, assess, prioritize, and
manage them.
The primary risk factors that an organization may consider evaluating in the organizational risk
assessment include:
Market/Reputation risk
Financial risk
Operational risk
Legal/regulatory risk
Strategic risk
Technology risk
People/culture risks
Fraud risk
Some areas of rationale for performing an enterprise security risk assessment include:
Cost justification—Added security usually involves additional expense. Since this does not generate easily
identifiable income, justifying the expense is often difficult. An effective IT security risk assessment process
should educate key business managers on the most critical risks associated with the use of technology, and
automatically and directly provide justification for security investments.
Productivity—Enterprise security risk assessments should improve the productivity of IT operations,
security and audit. By taking steps to formalize a review, create a review structure, collect security knowledge
within the system’s knowledge base and implement self-analysis features, the risk assessment can boost
productivity.
Self-analysis—The enterprise security risk assessment system must always be simple enough to use, without
the need for any security knowledge or IT expertise. This will allow management to take ownership of
security for the organization’s systems, applications and data. It also enables security to become a more
significant part of an organization’s culture.
Communication—By acquiring information from multiple parts of an organization, an enterprise security
risk assessment boosts communication and expedites decision making.
Process
The objective of a risk assessment is to understand the existing system and environment, and identify risks
through analysis of the information/data collected. By default, all relevant information should be considered,
irrespective of storage format. Several types of information that are often collected include:
Security requirements and objectives
System or network architecture and infrastructure, such as a network diagram showing how assets are
configured and interconnected
Information available to the public or accessible from the organization’s web site
Physical assets, such as hardware, including those in the data center, network, and communication
components and peripherals (e.g., desktop, laptop, PDAs)
Operating systems, such as PC and server operating systems, and network management systems
Data repositories, such as database management systems and files
A listing of all applications
Network details, such as supported protocols and network services offered
Security systems in use, such as access control mechanisms, change control, antivirus, spam control and
network monitoring
Security components deployed, such as firewalls and intrusion detection systems
Processes, such as a business process, computer operation process, network operation process and
application operation process
Identification and authentication mechanisms
Government laws and regulations pertaining to minimum security control requirements
Documented or informal policies, procedures and guidelines
Customer experience
Customer experience (CX) is the product of an interaction between an organization and a customer over the
duration of their relationship.
Customer experience implies customer involvement at different levels – such as rational, emotional, sensorial,
physical, and spiritual.
This interaction is made up of three parts:
1. the customer journey,
2. the brand touch points the customer interacts with, and
3. the environments the customer experiences (including digital environment) during their experience.
A good customer experience means that the individual's experience during all points of contact matches the
individual's expectations
Customers respond diversely to direct and indirect contact with a company.
Direct contact usually occurs when the purchase or use is initiated by the customer.
Indirect contact often involves advertising, news reports, unplanned encounters with sales representatives,
word-of-mouth recommendations or criticisms.