Application 3 – Annotated Bibliography
tchyar
Surveyofbusinessprocessmanagementchallengesandsolutions.pdf
Full Terms & Conditions of access and use can be found at http://www.tandfonline.com/action/journalInformation?journalCode=teis20
Download by: [Walden University] Date: 21 October 2017, At: 18:18
Enterprise Information Systems
ISSN: 1751-7575 (Print) 1751-7583 (Online) Journal homepage: http://www.tandfonline.com/loi/teis20
Survey of business process management: challenges and solutions
Youseef Alotaibi & Fei Liu
To cite this article: Youseef Alotaibi & Fei Liu (2017) Survey of business process management: challenges and solutions, Enterprise Information Systems, 11:8, 1119-1153, DOI: 10.1080/17517575.2016.1161238
To link to this article: http://dx.doi.org/10.1080/17517575.2016.1161238
Published online: 28 Mar 2016.
Submit your article to this journal
Article views: 364
View related articles
View Crossmark data
REVIEW
Survey of business process management: challenges and solutions Youseef Alotaibia and Fei Liub
aDepartment of Computer Science, Umm Al-Qura University, Makkah, Saudi Arabia; bDepartment of Computer Science and Computer Engineering, La Trobe University, Bundoora, Australia
ABSTRACT The current literature shows that creating a good framework on business process model (PM) is not an easy task. A successful business PM should have the ability to ensure accurate alignment between business pro- cesses (BPs) and information technology (IT) designs, provide security protection, manage the rapidly changing business environment and BPs, manage customer power, be flexible for reengineering and ensure that IT goals can be easily derived from business goals and hence an informa- tion system (IS) can be easily implemented. This article presents an overview of research in the business PM domain. We have presented a review of the challenges facing business PMs, such as misalignment between business and IT, difficulty of deriving IT goals from business goals, creating secured business PM, reengineering BPs, managing the rapidly changing BP and business environment and managing customer power. Also, it presents the limitations of existing business PM frame- works. Finally, we outline several guidelines to create good business PM and the possible further research directions in the business PM domain.
ARTICLE HISTORY Received 2 April 2013 Accepted 29 February 2016
KEYWORDS Business process management (BPM); business process modelling (PM); business process (BP); business process reengineering (BPR); business PM challenges; alignment; customer power; manage change; security; survey
1. Introduction
Business process management (BPM) is a systematic approach to improve an organisation’s business processes (BPs) where the BPs are the set of coordinated activities and tasks performed by people in order to achieve the organisational goals and objectives. BPM activities aim to create efficient and effective BPs which can be adapted in a rapidly changing business environment (Arbogast et al. 2008; Doebeli et al. 2011).
BPM is usually the top business priority for organisations and constructing a BP capability is one of the main challenges for senior executives (Gartner GROUP 2010). Business process modelling (PM) is the act of capturing and graphically describing organisational processes. Business PM is widely used by organisations as a way to increase BP awareness and knowledge, and develop or change organisational structures (Bandara, Gable, and Rosemann 2005), information systems (IS) (Dreiling et al. 2006) and web services (Van-Der-Aalst, Benetallah et al. 2007; Recker et al. 2010; Vidgen and Wang 2006).
Business PM is a management discipline that provides support to organisational processes using different methods, techniques and software tools in order to control and analyse organisational processes and activities, which include people, organisations, applications, documents and other related information (Tan et al. 2013).
Business PM provides useful support for the following three business goals: (1) describing the BP where the BP is modelled in order to be able to be described by humans or machines (Curtis,
CONTACT Youseef Alotaibi [email protected]
ENTERPRISE INFORMATION SYSTEMS, 2017 VOL. 11, NO. 8, 1119–1153 https://doi.org/10.1080/17517575.2016.1161238
© 2016 Informa UK Limited, trading as Taylor & Francis Group
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Kellner, and Over 1992); (2) analysing the BP by using either a qualitative method or quantitative method (Phalp and Shepperd 2000; Reijers and Mendling 2011) and (3) enacting the BP for simulation purposes or to support BP execution (Mili et al. 2010).
The implementation of good business PM has many advantages, such as improving business performance, directly involving the employees from the beginning of the modification of the BP to ensure they understand and support the redesign of the BP and identifying erroneous models (Gruhn and Laue 2007; Schuh, Boos, and Kuhlmann 2010). However, there are several challenges to create a good business PM, such as the misalignment between BPs and IT designs, difficulties in driving the IT goals from business goals, difficulties in creating a secure business PM, difficulties in reengineering the BP, complexities in managing the rapidly changing business environment and BPs and problems associated with managing customer power.
The current literature shows that it is not easy to create a good business PM, therefore, a successful business PM should have the ability to ensure better alignment between BPs and IT goals, provide security, manage the rapidly changing business environment and BPs, manage customer power, be easy to reengineer, ensure IT goals can be easily derived from business goals and be built and implemented easily as a web service.
This article presents an overview of research in the business PM domain. It presents a review on the challenges associated with business PM and the limitations of existing business PM frame- works. Also, we outline several guidelines to create good business PM and the possible further research directions in the business PM domain.
This article is developed over the following sections. Section 2 presents an overview of the BPM history and lifecycle. Section 3 provides an overview of BPs and business PM. Section 4 outlines the challenges facing business PM. Section 5 describes our methodology to analyse and review the existing work on business PM to address these challenges and their limitations and possible further research directions in these areas. Section 6 outlines several guidelines to create good business PM. Finally, Section 7 presents the conclusion and recommendations.
2. Business process management (BPM)
Over recent years, managing the BPs of organisations have become increasingly important. There are several factors affecting the profitability and survival of small and large companies including (among others) an increase in the number of products and services ordered, a need for quick decision-making, fast information transfer, an ability to adapt to changes in demand, demands for shorter product development time and more international competitors (Simchi-Levi, Kaminsky, and Simchi-Levi 2000; Ko, Lee, and Lee 2009). Information technology (IT) has been used to manage BPs to deal with these challenges (Davenport 1993; Georgakopoulos, Hornick, and Sheth 1995; Ravesteyn and Versendaal 2009), marking the beginning of BPM.
BPM has been an important priority for organisations since the 1990s. Since the 1990s, many companies have tried to increase the number of products and services they offer, improve their relationships with customers, decrease the time it takes to launch new products and services and increase customer satisfaction (Sentanin, Santos, and Jabbour 2008). One of the major challenges for senior executives has been to build BP capability (Gartner GROUP 2009; Recker et al. 2009) to both understand, analyse and communicate organisational knowledge and to automate high functioning BP. BPM has also been used to establish quality manuals, establish control mechan- isms, assess and define added value and create an automatic workflow (Viriyasitavat, Li Da, and Martin 2012). Therefore, BPM tools and techniques are considered to be one of the most valuable and useful assets of business organisations (Turetken and Demirors 2011).
BPM uses methods, techniques and software to support the BPs to design, enact, control and analyse the operational processes involving organisations, humans, applications, documents and all other information sources (Rohloff 2009). Software tools support the management of the operational processes as the business process management system (BPMS) (Xu et al. 2009). The BPMS market reached
1120 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
approximately US$1.7 billion in total software revenue at the end of 2006 while it had a compound annual growth rate of more than 24% to 2011 (Hill et al. 2007, Hill, Kerremans, and Bell 2007).
2.1 BPM history
The literature shows that BPM research directions have been studied since 1770s. For example, the idea of managing labour in the manufacturing industry was proposed by Adam Smith in 1776. He divided the process into different sub-parts to make the process more efficient (Kesari, Chang, and Seddon 2003). Furthermore, ‘time and motion’ management method was proposed by Frederick Taylor in 1911 for documenting and analysing the work involved in the BPs. By using this method, the number of functions and the time involved in such process could be reduced. As a result, the quality of the end product and employees’ efficiency will be improved (Green and Rosemann 2000).
S. Williams was the first author used the term BPM in the field of system engineering in the 1960s (Becker, Rosemann, and Uthmann 2000). As in the 1960s, companies aimed to increase their production to meet consumer demands; this approach was to handle the BPM issues for support- ing the companies to produce a large amount of products in less time (Kim 1995).
Several techniques, such as workflow, manufacturing automation and transaction process systems as well as managing BPs automatically concept were proposed in the 1970s (Gao et al. 2013). In addition, the concept of total quality management (TQM) with some ideas, such as Six Sigma and lean manufacturing was proposed in the early 1980s. The benefits behind these concepts were produced the highest quality products with the most services in less time and the lowest cost (Weske, Van-Der-Aalst, and Verbeek 2004; Raghu and Vinze 2007; Antony 2006). In the 2000s, the TQM concept could be successfully adapted to suit BPs.
In the 1990s, business process reengineering (BPR) was proposed by Michael Hammer (Hammer 1990; Wu 2003). Davenport and Short (1990) defined BPR as a way to analysis and redesign BPs and their workflow between and in organisations (Herzog, Tonchia, and Polajnar 2009). Hammer and Champy (1993) defined BPR as a basic rethinking and a radical redesign of BPs that aims to improve business performance, quality, cost and services (Ramirez, Melville, and Lawler 2010; Ozcelik 2010). Talwar (1993) defined BPR as the way to rethink, restructure and streamline structured BPs, working methods, management systems and the external relationships throughout the created and deliv- ered value (O’neill and Sohal 1999).
Petrozzo and Stepper (1994) defined BPR as a technique involving the BPs of organisations, redesigning and supporting their IS in order to achieve radical improvement in cost, quality, time and consumer satisfaction regarding the company’s services and products. BPR aims to improve the critical measures of business performance by using IT services in order to fundamentally rethink and redesign BPs (Hammer and Champy 1993; Cheng, Tsai, and Sutan 2009). There are several tools and techniques used in BPR, such as process visualisation, process mapping/operation, change management, benchmarking and process and customer focus (Rao, Mansingh, and Osei-Bryson 2012).
In the twenty-first century, BPM is used to support different aspects of BPs in and between organisations, such as advanced reporting and analysis methodologies, executing BPs with work- flow management, BP quality assurance and optimising and redesigning BPs (Wang et al. 2012). In addition, an important omission in current development practice for workflow management systems is modelling of data and access for a BP. For example, Sun, Su, Wu et al. (2014) initiate a study on data mappings between BPs and databases through formalising the data models and formulating a mapping language. This study allows many interesting problems to be studied in the presence of data, such as process evolution.
In the twenty-first century, the aim of companies was provided the most high quality services. Thus, BPM helps the organisations to abstract their BPs from the IT innovations and supports them to adapt their BPs rapidly, according to different customers’ requirements (Kesari, Chang, and Seddon 2003).
ENTERPRISE INFORMATION SYSTEMS 1121
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
2.2 BPM lifecycle
Different techniques are used in the BP lifecycle for the effective management of BPs. BPM is a cycle methodology where several perspectives of BPs are investigated during its various stages (Lodhi, Koppen, and Saake 2011). In order to effectively understand BPM terminologies and features, we start with an overview of the BPM life cycle. There are many views of the BPM life cycle (Havey 2005; Hill et al. 2006; Van-Der-Aalst 2003; Van-Der-Aalst 2004; Van-Der-Aalst, Ter- Hofstede, and Weske 2003).
According to Van-Der-Aalst, Ter-Hofstede, and Weske (2003), the BPM life cycle comprises four stages: process design, system configuration, process enactment and diagnosis.
● In the process design stage, the AS-IS BPs are electronically modelled into the BPMS by using graphical standards, such as UML and BPMN.
● In the system configuration stage, the BPMS and the underlying system infrastructure are configured.
● In the process enactment stage, electronically modelled BPs are deployed in the BPMS engines by using execution standards, such as BPEL and BPML.
● In the diagnosis stage, the BPM analysts define and improve bottlenecks in the BPs by using analysis and monitoring tools, such as business activity monitoring (BAM) (Kang et al. 2009) and process mining (De Weerdt et al. 2013).
According to Lodhi, Koppen, and Saake (2011), the BPM lifecycle comprises seven stages: plan, design, implement, execute, evaluate, analyse or post-execution and recommend. In the planning stage, the BPs which need to be performed are defined by analysts in order to achieve the desired goals and objectives where the BP goals and objectives are described in detail. Thus, the processes are conceptualised and the design characteristics are identified at an abstract level. Furthermore, the desired output of the BP is identified in this stage and the target To-BE design characteristics are provided to the design stage. In the design stage, several aspects of the processes are considered in detail. For example, the BPs are analysed from different perspectives: functional, behavioural, organisational and informational (Curtis, Kellner, and Over 1992). Also, several ele- ments are explicitly involved, such as inputs, resources, operations, conditions and process flow. In addition, the target values of all objects are specified for the evaluation stage and thus the detailed design model is ready for the implementation stage.
In the implementation stage, process enactment where the resources are allocated to process operations is carried out which leads to the creation of the execution environment (Houy, Fettke, and Loos 2010). In the execution stage, the resources carry out operations on inputs and transform them into outputs with the help of IS in order to fulfil the customer requirements (Busch and Fettke 2011). IS is used to evaluate, analyse, control and manage the BP which consists of measuring, monitoring and analysing the BP to make changes in real time. In the evaluation stage, BPs are evaluated for performance analysis by using different quantitative and qualitative measurements, such as statistics and process mining (Van Der Aalst, Reijers et al. 2007). Moreover, the objects’ actual values are compared with the objects’ target values and actual process behaviour is compared with planned process behaviour. In the post-execution analysis stage, the results of the evaluation stage are used to analyse the BPs’ performance in a broader context and the enterprise’s achievement of its goals and objectives is analysed from process, customer and organisational performance perspectives. This is the starting point for the BP improvement tech- niques where the AS-IS PM is built. In the recommend stage, the BP is improved where the TO-BE concept is practiced (Xu et al. 2008).
According to Andrikopoulos et al. (2008), the BPM lifecycle comprises six stages: BP modelling, integrating, executing, analysing and monitoring, measuring and optimising (Papazoglou and Leymann 2008; Davenport 2004).
1122 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
● In the BP modelling stage, the PMs are used to graphically capture, design and simulate the BPs.
● In the BP integration stage, the process elements are connected to exchange information in order to achieve the business goals and objectives.
● In the BP execution stage, the BP is deployed and executed within the BPM execution engine. ● In the BP analysis and monitoring stage, the graphical administrative tools are provided to
illustrate the processes which are in progress and completed and to integrate the business metrics and the key performance indicators within the BP descriptions.
● In the BP measurement stage, the definition of familiar business metrics is captured and related to the computational measurements.
● In the BP optimisation stage, which refers to process improvement, process flows of all sizes involved across any application are optimised and BP design and BP maintenance are coordinated.
3. Business process modelling (business PM): an overview
3.1 Business process (BP)
BPs contain the transformation of inputs to outputs and express the behaviour of organisations (Goldkuhl and Lind 2008). The BP is a set of activities whose final purpose is the production of a specific output which has value to the customer (Melao and Pidd 2000). Each BP which has a goals and objectives can be affected by events that have happened in other BPs or in the external world. It is the central concept used to model the business (Capozucca and Guelfi 2010).
BPs can be classified into core or primary and supportive or secondary BPs. A core BP starts from outside the organisation, such as the chain of BP activities which realise product delivery to the customers. On the other hand, a supportive BP generates the conditions for the core BP to carry out. Many authors have defined BPs in different ways. Table 1 presents the most important definitions and comments:
In reviewing the literature on BPs, it can be observed that BPs include the following important elements which are related to each other (Aldin and De Cesare 2011).
● Process: is a major element of the business which is made up of several business activities and procedures that work together to achieve business goals, such as the mobile phone order management process.
● Activity: which can be a function, task or operation is the specific behaviour carried out in the organisation, such as collecting and passing the customer details to the account department.
● Product and service: is the value of the process outcome. ● Role: is the actor or agent types which take part in the BPs, such as the general office. ● Goal: is the aim of the process, such as serving the customer automatically and reducing the
number of staff. ● Event: is an occurrence which takes place at a specific time and is capable of inducing several
observable behaviours, processes or activities, such as a customer’s request for finance. ● Rule: which can be a behaviour, control or action is the constraint identified for any part of the
organisation and its BPs, such as only considering customers with a clear credit check for a loan.
3.2 Business PM
A process is a major element of the business which consists of several business activities and procedures that work together to achieve business goals. The literature shows many ISs fail due
ENTERPRISE INFORMATION SYSTEMS 1123
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
to a lack of information on BPs where the system is going to be used. As a result, business performance suffers. The Standish Group conducted a study on the success of ISs within the business organisational sector, finding 29% of ISs successfully fulfilled business needs, 53% were found to perform poorly and 18% failed to achieve fully their objectives. In other words, the success rate of IS projects was low. According to the results only 16–28% of IS projects were considered to be successful (Lee and Xia 2005; STANDISH GROUP 2001). However, managing BPs is a critical task which needs constant and rapid improvement and updating (Barjis 2008).
Business PM is an essential element in BPM as it enhances our understanding of business concerns and communication between stakeholders (Van-Der-Aalst, Ter-Hofstede, and Weske 2003). Business PM is used for visualising BP operations for a more thorough understanding and analysis (Leopold, Smirnov, and Mendling 2012). It can be used as a medium of communication between stakeholders, such as employees, developers and executives. It also increases manage- ment’s ability to understand BPs and to make rational decisions to enhance the traceability and understandability of organisational activities (Cumberlidge 2007).
Business PM is a well-accepted method within the business organisational sector for structuring BPs (Koliadis et al. 2006). There are three important pillars to business PMs: model, strategy and operations. A business model includes knowledge of creating an organisation and deliverables, and identification of business goals and objectives. Business strategies provide rules and guidelines to fulfil all model-related elements. Business operations include people, processes and technology, where different people work in groups together to meet the organisational goals by using IS services help (Hung 2006).
Table 1. Different BP definitions.
Authors Definitions Comments
Hammer and Champy (1993)
BPs are a set of activities acquiring one or more inputs and generating output as rate to the customer.
The definition shows the importance of BP to organisations and highlights how business activities can be achieved which meet customers’ expectations.
Aguilar-Savén (2004), ENV (1995)
BPs are a set of organisational procedures that are structured together to achieve business goals.
BPs are made up of several business organisational activities, such as goals, people and objectives.
Jacobson (1995), Lindsay, Downs, and Lunn (2003)
BPs are a set of organisational procedures or activities that work together to achieve a business organisation’s goals and objectives to fulfil the customers’ expectations.
This definition first discusses the importance of BP activities within the organisation, especially internal activities (e.g. strategies, goals, policies and objectives); and second, how these activities can assist in increasing the satisfaction of customers.
Eriksson and Penker (2000)
BPs highlight how to execute work rather than how to model business services and products.
BPs are more concerned with the implementation of organisational activities rather than modelling them.
Davenport and Short (1990)
BPs are ways to simply design how to achieve specific tasks in the organisations.
BPs are only used to narrow the business activities.
Guha et al. (1997), Trkman (2010)
BPs are a complete set of related dynamic business organisational activities that are scientifically worked in order to meet customers’ expectations or fulfil the business goals and objectives that have been defined at the business strategic level.
A set of structured organisational activities needed to work together to increase customer satisfaction and meet company’s goals.
Hull, Su, and Vaculin (2013)
BPs refer to an assembly of tasks performed by humans to achieve business goals and they are ubiquitous and occur in all sectors, such as government agencies, universities and institutions, funding agencies and conference organisations, etc.
The definition shows the importance of BP to organisations and all sectors and highlights how business activities can be achieved (Sun, Su, and Yang 2014).
Rafael and Andreas (2012)
BPs specify how operational activities are executed to provide a service.
This definition shows how to execute the BPs activities to provide the customers services.
1124 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Business PM is used to achieve the following (Bernhard and Recker 2012):
● It supports BP reengineering and improvement through BP analysis and simulation (Recker, Safrudin, and Rosemann 2012; Damij 2007).
● It creates an appropriate IS which can support the organisation by providing the descriptive business model to learn (Wijesekera and Sykes 2003).
● It facilitates the ability of the organisation to share its understanding of BPs by using common BP representations which enhances understanding and communication. This occurs by agree- ing to adopt a well-defined set of BP concepts to be used by different stakeholders (Lind and Seigerroth 2010).
● It supports the decision-making process during BP control and execution (Caetano, Silva, and Tribolet 2005; Indulska, Green, et al. 2009; Indulska, Recker, et al. 2009; Luo and Tung 1999).
There are many techniques and methods available, such as BPMN (Dijkman, Dumas, and Ouyang 2008), BPEL (Ma, Xu, and Sanders 2009), i* (Yu, Mylopoulos, and Lesperance 1996) modelling language, etc. Many authors have defined business PM in different ways. Table 2 presents the most important definitions and comments:
In this literature review of business PM definitions, we selected Weske et al.’s (2004) which views business PM as a management discipline that provides support to organisational processes using different methods, techniques and software tools in order to control and analyse organisational
Table 2. Different BP modelling definitions.
Authors Definitions Commands
Amaral et al. (2011)
Business PM is a way to support BPs by using several techniques, methodologies, models and systems to design, control and analyse BPs, where many resources are used: human, applications, technology, organisations, etc.
This definition only focuses on how the processes are going to be operationalised, however, process clarification at the business strategic level is also important.
Tsalgatidou and Junginger (1995)
Business PM aims to provide information on real world activities at an abstract level rather than a detailed description of business activities and hence the information is used to reduce the complexity of real world activities.
This definition represents the BP as a slice of reality with only a brief description. However, in the context of business PM, a detailed description of each activity is required.
Kesari, Chang, and Seddon (2003)
PM is a way to assist humans to understand, describe and document process-related information using effective diagrams rather than explanations using text.
This definition shows that the BP and other process-related activities within the business organisation can be described easily using different UML diagrams: activity diagrams, state charts, use cases, sequence diagrams, etc.
Green and Rosemann (2000)
PM in an organisation is a method that focuses on the management of organisational activities in business transactions.
The BP activities need to be managed in a way that goals can be achieved.
Becker, Rosemann, and Uthmann (2000)
PM is the logical and temporal order of related business functions that have been performed on the process objectives.
Business activities have been used as functions that fulfil the process objectives.
Kim (1995) Business PM is a method to understand and redesign the BP to better support customer services.
This definition views the business PM as a technique for understanding and redesigning BPs.
Gambini et al. (2011)
Business PM documents organisational procedures in order to support both business and IT stakeholders. It is used to communicate and agree on requirements among business analysts.
This definition views the business PM as a technique for analysing and documenting the organisations.
Reijers et al. (2010)
BPM is an integrated management philosophy and set of practices including incremental change and radical change in BP, and emphasises continuous improvement, customer satisfaction and employee involvement.
This definition views the BPM from management view to understand the organisations and enhance their performance.
ENTERPRISE INFORMATION SYSTEMS 1125
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
processes and activities, including people, organisations, applications, documents and other related information. This definition incorporates all business PM-related components, as well as defines how to analyse business-included components, and highlights the role of business PM for organi- sational success.
There are two existing approaches for modelling BPs: the top-down approach and the bottom- up approach. On the one hand, in the top-down approach, a model of how BPs should be executed is proposed by experts. This approach starts from an overall assumption that BP can be considered as a black box. From this position, the black box is broken down into smaller details, such as tasks and activities, until all the details are specified. On the other hand, the bottom-up approach starts modelling the details at a lower level, looking at how the functions should be executed at an operational level. The next step is to combine the functions to make the activities where the activities are connected to each other to build processes. From here, the whole business PM is created. This approach presents detailed information on the processes and their execution (Lodhi, Koppen, and Saake 2011).
4. BPM challenges
Implementing a good business PM has many advantages, such as improving business performance, identifying erroneous models and directly involving the employees from the beginning of the modification of the BP to ensure they understand and support the redesign of the BP (Gruhn and Laue 2007; Schuh, Boos, and Kuhlmann 2010). However, there are several challenges in creating a good business PM. Acknowledging the different key stakeholders of business PM is an essential concept in order to understand the issues and future challenges of business PM (Rito Silva and Rosemann 2012).
There are three stakeholder groups involved in business PM. The first group of stakeholders is the practitioners, including the business analysts, the system designers and any staff who imple- ment business PM in their organisations. The second group of stakeholders is the academics who provide the educational services and develop the next generation of business PM. The third group of stakeholders is the business PM software designers and the consultants who provide support to the end users (Indulska, Recker, et al. 2009). The literature shows that business PM faces many challenges, as shown in Table 3.
Table 3. Challenges of business PM.
Challenges Descriptions References
People with different skills and background.
People working on business processes are not the same people working in software engineering to develop the system.
Gruhn and Laue (2007)
Misalignment between business strategies and IT.
The lack of alignment or misalignment between business strategies and IT results in the business failing to use the available IT support.
Silva and Chaix (2008)
Driving IT goals from business goals.
It is not easy to drive IT goals from business goals. Wim Van et al. (2007)
Security. Integrating security into a developed business process model is not very well understood.
Haley et al. (2006), Mcdermott and Fox (1999)
Manage BPs. IS managers view BPM from a technical perspective and senior executives view BPM from a business perspective.
Tosic (2006)
Business environment changes rapidly.
The business environment can be affected by several forces, such as the customers assuming they are in control instead of the product or service provider.
Hvolby and Trienekens (2010)
BPs change rapidly. The transition from one BP stage to another BP stage can be slow and can contain faults.
Alexandrou and Mentzas (2009)
Manage customer power. Flexibility is an important attribute for businesses in order to deal with the rapid changes in the business environment and manage customer power.
Lepmets, Mcbride, and Ras (2012)
1126 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
4.1 Misalignment between business and IT and the difficulty in deriving IT goals from business goals
IT has the power to change the way an organisation does business (Overby, Bharadwaj, and Sambamurthy 2006; Aburub and Almahamid 2010; Shin and Jemella 2002) and the role of IT in organisations is to make a value-added contribution to the business. However, it has been acknowledged that there is a gap between the IS department and the rest of the business in the majority of organisations (Peppard 2001) while strategic IT alignment occurs when the business goals and activities of the organisation are in harmony with the IS that support them (Onita and Dhaliwal 2011; Mckeen and Smith 2003).
Alignment between the needs of IT and business is considered to be one of the major challenges for many organisations (Luftman, Kampaiah, and Nash 2005; Khaiata and Zualkernan 2009). A survey conducted on European IT managers by SYNSTAR (2004) and WINMARK and SOFTWARE (2004) indicated that 78% of their projects do not have alignment with IT and business strategy (Silvius 2007). The literature shows that IT projects fail due to misalignment between IS and business at the implementation stage. For example, a study conducted by Taylor (2000) found that only 12.7% of IT projects were successful (Gutierrez et al. 2008).
Hence, it is important to develop a strong link between the IS and IT and business PM in order to support, mirror and automate BPs. However, there are several challenges to creating a good business PM to manage BPs and IS/IT (Odeh and Kamm 2003). Furthermore, it is very complicated to specify IT development requirements (Larsen and Klischewski 2004).
The alignment of IT with underlying BPs is one of the main challenges of business PM (Chan and Reich 2007). Commonly, the people who work in BPs are not the same people who work in software engineering to develop the system (Gruhn and Laue 2007). Studies show that a lack of alignment between business strategies and IT results in the business failing to use the available IT support (Sabherwal and Kearns 2007). However, several organisations have successfully aligned business strategies and IT service performance (Silva and Chaix 2008).
Another challenge facing business PM is that IS managers view business PM from a technical perspective and senior executives view business PM from a business perspective. For instance, the aim of the technical management of software and IS is to maximise the transaction system throughput while the objective of senior executives is to maximise the profits of the transaction system (Tosic 2006).
It is very difficult to manage BPs as they change rapidly (Alexopoulos and Theodoulidis 2003). Also, BPs involve people from different backgrounds, such as business or IT, and also involves difficult and comprehensive organisational analyses. It is very hard to find one person with a complete understanding of every system process because each person in the system is usually only familiar with one area of the overall system (Luftman 2003). For example, the IS team lacks BP knowledge and the BP team lacks IS knowledge. Furthermore, communication between IS and BP teams is very complicated because of their different experiences, culture and skills (Filipowska et al. 2009; Atle Gulla and Brasethvik 2000; Rosemann 2006). In addition, the relationship between IT professionals and business professionals is described in problematic terms (Van Den Hooff and De Winter 2011). Moreover, the number of model designers and users has increased dramatically, especially representatives from different IT and business departments who may not be fully involved in the business PM design (Becker, Rosemann, and Uthmann 2000).
4.2 Security
Security is an essential aspect in business PM (Rodríguez et al. 2011). For several reasons, it is quite challenging to add security into BPs (Backes, Pfitzmann, and Waidner 2003; Chung and Nixon 1995). First, it is not easy to understand the integration of security into a developed business PM (Haley et al. 2006; Mcdermott and Fox 1999). Second, security properties are complex and error
ENTERPRISE INFORMATION SYSTEMS 1127
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
prone when integrated manually (Alotaibi and Liu 2012b, 2012d). Furthermore, security leaks could be caused by a lack of experienced IS developers. Therefore, IS developers need to have appro- priate tools and guidelines to develop secured business PM applications (Alotaibi and Liu 2012a; Kokolakis, Demopoulos, and Kiountouzis 2000).
4.3 Business processes in a rapidly changing business environment, and managing customer power
The rapidly changing business environment and BPs are the major challenges of business PM (Neubauer 2009; Hwang and Yang 2002; Box and Platts 2005; Alexopoulos and Theodoulidis 2003). The business environment is continually and dramatically changing. Thus, companies face several challenges, such as increased competition, raised customer expectations and expanded markets. As a result, companies need to consider lowering costs, decreasing inventories, reducing throughput times, expanding product choices, improving the quality of customer services and supplying more delivery dates in order to compete (Simatupang, Wright, and Sridharan 2002).
Hummer and Champy (1993) found that the business environment can be affected by several forces. First, customers assume that they are in control instead of the product or service provider. Customers tell the product or service provider what kind of products they require, how much they can pay and, how and when they need them. Second, competition between companies is stronger (Olalla 1999).
Furthermore, the transition from one BP stage to another BP stage can be slow and error prone (Alexandrou and Mentzas 2009; Rosemann 2006). In order to decrease the costs and risks and to obtain an advantage from changing IT and business strategies, change management is considered as very important concept. For complex systems, it is impractical to modify them; rather, they need to be totally rebuilt in order to meet the system requirements. Hence, it is important to consider the rapidly changing requirements of BPs in a BPMS (Rajabi and Sai Peck 2009).
Another challenge in creating good business PM is managing customer power. Customer power manifests itself in two ways. First, customer power enhances the customers’ ability to improve their decision-making position to reduce the price; and second, it enables the customer to specify their required goods and services (Piccoli & Lloyd 2010; Alotaibi and Liu 2013a). Therefore, it is a priority to satisfy customers’ needs and demands in order to stay ahead of the competition in the current rapidly changing competitive business environment by managers of well-operating organisations (Fullerton and Ness 2010; Dominic et al. 2010; Daim, Basoglu, and Tanoglu 2010). Thus, in order to deal with the rapid changes in the business environment, manage customer power and respond quickly to customer requirements, flexibility is an important attribute that businesses need to possess (Cauvet and Guzelian 2008; Liu et al. 2012).
5. Methodology
This survey reports academic publications on business PM challenges over15 years from 2000 to 2014. It includes all business PM challenges, tools, standards, techniques and methodologies encountered in the literature resulting from an extensive and systematic search within the academic peer-reviewed literature. It reviews previous research on misalignment between business and IT, driving IT goals from business goals, security issues for better alignment between business and IT, managing the rapidly changing business environment and BPs and managing customer power (Alotaibi 2014).
It is important to establish an effective method to process this large amount of literature while capturing the essential elements of the overall picture. Therefore, our literature review comprises two stages, as depicted in Figure 1. As shown in Table 4, 36 IS journals were searched and we have also searched IEEE and ACM databases to identify relevant papers. Additionally, seven highly ranked conferences were also inspected. Details are listed in Table 5. A completed list of referred
1128 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
journals and conferences are shown in Appendix. In the first stage, we searched papers by using several keywords such as ‘business process’, ‘business process modelling’, ‘business process man- agement’, ‘model business process’, ‘process model’, ‘business and IT’, ‘alignment’, ‘BPM chal- lenges’, ‘secure BPM’, ‘manage change’ and ‘customer power’. We filtered the results based on the paper’s title, read the abstract of the selected papers and further filtered them to identify the most relevant papers to the topic of business PM challenges. In this stage, we identified 335 journal papers and 233 conference papers that were potentially suitable for inclusion in the literature review.
In the second stage, we read the conclusion of the selected papers and then read the full text of the papers to choose papers that were most relevant to our literature review topic, selecting 74 journal papers and 60 conference papers as being the most relevant to our topic (Tables 4 and 5).
5.1 First challenge: misalignment between business and IT
In this section, we review the existing research on the issue of alignment between business and IT which may have several challenges caused by: (1) misalignment between business strategies and IT strategies; (2) issues in specifying IT development requirements; (3) staff with different skills and backgrounds; (4) a lack of qualified modellers; (5) a lack of qualified business representatives and (6) issues in deriving IT goals from business goals.
An annual study conducted by the Society for Information Management for four years ranked the issue of alignment between IT and business as the primary concern for company executives and IT practitioners (Vaidya and Kumar 2006; Silvius and Smit 2011). For two decades, the alignment between business and IT appeared as a top concern for company executives and IT practitioners (Vargas, Johannesson, and Rusu 2010; Wagner 2008; Sledgianowski, Luftman, and
Filtering based on Conclusion Review
Filtering based on Full Text Reading
Information Capturing Stage 2
Reference Chasing
Literature Review Analysis
Database Search Journal & Conference Search
Citation and Sample Filtering
Filtering based on Paper Title Review
Filtering based on Abstract Review
Stage 1
Figure 1. Literature review methodology.
ENTERPRISE INFORMATION SYSTEMS 1129
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Reilly 2004; Marrone, Hoffmann, and Kolbe 2010; Yayla and Hu 2009; Cragg, Tagliavini, and Mills 2007; Chang et al. 2009; Silvius, Waal, and Smit 2009).
IT alignment involves making better use of IT resources to meet the corporation’s business objectives (Peak, Guynes, and Kroon 2005). Better alignment between IT and business strategy can result in increased company profit, growth in sales, increased productivity, stronger business performance, a more highly perceived value of the role of IT in the organisation and improved IS
Table 4. Selected journal papers in the second stage.
Years
Journal name 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Total
ACM 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 AJIS 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 BPMJ 0 0 0 0 0 1 1 1 1 0 1 1 1 1 1 9 DS 0 0 0 1 0 1 0 0 1 1 0 0 0 0 0 4 DSS 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 EIS – – – – – – – 0 1 1 1 1 0 2 0 6 EJIS 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 2 I&M 1 0 0 0 1 0 1 0 0 1 1 0 0 0 0 5 I&O 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 IEEE 0 0 0 0 0 0 1 0 0 0 0 2 0 0 0 3 IJIM 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 IJIS – 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 IJMS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 IJOC 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 3 IPM 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 IS 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 ISEB – – – 0 0 0 0 0 0 1 0 1 0 0 0 2 ISJ 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 ISM 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ISR 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 IST 0 0 0 0 0 0 1 2 1 1 1 1 0 0 0 7 IT&M 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ITM 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 2 JAIS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 JEIM 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 JIIS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 JIS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 JIT 0 0 0 1 2 0 1 2 0 0 0 0 0 0 0 6 JMIS 0 0 0 0 0 0 0 1 1 0 0 2 0 0 0 4 JSIS 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 3 JSS 0 0 0 0 0 0 1 0 0 0 0 0 2 0 0 3 MISQ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 MKTS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 MS 0 0 0 1 0 1 1 0 1 0 0 0 1 0 0 5 OR 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 RBIS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SJIS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Total 1 2 1 3 5 4 10 9 8 6 7 8 6 3 1 74
Table 5. Selected conference papers in the second stage.
Conference name
Years
Total2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
ACIS 0 0 0 0 0 0 0 1 1 0 0 0 2 0 0 4 AMCIS 0 0 0 0 1 0 2 1 2 2 3 2 2 0 0 15 ECIS 0 0 0 0 0 0 0 1 2 0 0 3 1 0 0 7 HICSS 0 0 0 0 0 0 0 1 1 0 1 3 3 0 0 9 ICIS 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 2 PACIS 0 0 0 0 0 0 1 0 0 1 0 2 1 1 0 6 ICBPM – – – 3 1 2 0 1 2 1 3 2 1 0 1 17 Total 0 0 0 3 2 3 3 6 8 4 7 12 10 1 1 60
1130 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
strategic planning. For all these reasons, addressing the alignment issue is important (Tallon and Pinsonneault 2011; Chan et al. 1997; Chan, Sabherwal, and Thatcher 2006; Oh and Pinsonneault 2007; Preston and Karahanna 2009).
The misalignment between the IS department and other departments in an organisation has been shown to results in often serious and unsolved problems in today’s complex business environment. Misalignment results in a waste of time, confusion, diminished productivity and, ultimately, project failure (Box and Platts 2005). Benbya and Mckelvey (2006) propose that alignment between business and IT involves a series of adjustments at three different levels of analysis: (1) the strategic dimension where IS strategy, business strategy and strategic planning align; (2) the operational dimension where the locus of responsibility, decision-making rights, organisational actors’ values and the deployment of IS personnel align with the IS structure and (3) the individual dimension where the IS infrastructure aligns with user’s expec- tations and needs.
Research has explore the impact culture has on alignment. Silvius, Smit, and Driessen (2010) aimed to contribute to an understanding of the alignment challenge by exploring the relationship between the organisation’s culture and business and IT alignment maturity using Smit et al.’s (2008) organisation culture X-model. Luftman’s framework (Luftman 2000) to measure the maturity of business and IT alignment was also used. They conducted a quantitative study using ques- tionnaires to investigate middle-sized logistics service providers. The results indicated a relation- ship between the organisation’s culture and business and IT alignment maturity, especially in relation to governance, skills and partnership variables.
Strategic dimensions and culture have also been explored in the literature. Nickels and Janz (2010) used questionnaires to evaluate the relationship between organisational culture and the alignment of business and IT in the structural and strategic dimensions. The results indicated a significant association between organisational culture and strategic alignment maturity. Thus, if organisations have more congruent cultures, they have higher levels of strategic alignment maturity.
Bradley et al. (2012) found that the successful implementation of effective IT in healthcare was limited by cultural and technical difficulties encountered when organisations’ infrastructure was established or upgraded. They extended Ross’ (2003) four-stage model of organisational architec- ture maturity: (1) the business silo stage where the standards and guidelines for the system development are provided; (2) the standardised technology stage where information resources are identified throughout organisation, the systems integrated and data shared; (3) the optimised core stage where long-range planning is facilitated, strategic value is assessed and alignment for competitive advantage is made and (4) the business modularity stage where inter-organisational alignment and strategic agility occur. This model was a valuable resource to help healthcare organisations better align their business and IT strategies.
The researchers used the partial least squares structure equation model (Bradley et al. 2012) to analyse the survey data collected from 164 US hospitals at four different stages of organisational enterprise architecture maturity. The results indicated that this model directly influences the effectiveness of the hospitals’ IT resources to achieve their strategic goals while at the same time, this model indirectly influences the effectiveness of the hospitals’ IT resources when IT alignment is integrated as the interceding variable.
Silva, Figueroa, and González-Reinhart (2007) studied IS alignment in professional organisations. The study was based on three alignment conceptualisations of IS strategy: emergent, managerial and critical. Examining five different Chilean organisations, four of them being professional and one entrepreneurial (two being private and three being public), data was collected from 32 interviews. The interview questions were addressed to organisational members assigned to IS alignment domains based on their relative decision-making roles. The results indicated that achieving IS alignment for professional organisations is very complicated, especially in public organisations.
Organisations have to integrate IT when the company wants to merge with or acquire another company. This can be a complicated and time-consuming process due to a lack of
ENTERPRISE INFORMATION SYSTEMS 1131
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
understanding of the problems involved. Hence, Wijnhoven et al. (2006) proposed a new IT alignment model which identified three ambition levels in mergers and IT integration: (1) complete integration where ITs are merged, which is useful for small firms; (2) partial integra- tion with the establishment of priorities where the most important BPs are, first, integrated and the others are left for later stages and (3) co-existence integration where the two ITs of the merger partners remain unchanged. The authors used four different methods to complete these three IT integration levels: (1) renewal where all the IT departments in the merger partners are abolished and replaced by a completely new IT department; (2) takeover, where the IT depart- ment of one partner is closed down and the IT department of the other partner is used for both partners; (3) standardisation, where the best parts of both IT departments are combined as the new organisation standard and (4) co-existence, where the IT departments of both partners remain as they are. This proposed model was validated in three different hospitals as case studies.
Strategic alignment is a concept for understanding how organisations can translate their IT deployment to increased business performance. Bergeron, Raymond, and Rivard (2004) identify the performance impact of strategic alignment between IT structure, IT strategy and co-alignment patterns. They conducted a mailed survey of 110 small manufacturing and service firms, using cluster analysis to analyse the collected data. They found that low performance firms displayed a disagreement co-alignment pattern of IT structure, IT strategy, business structure and business strategy which differentiated them from other firms.
Cragg, King, and Hussin (2002) measured alignment between business strategy and IT strategy in small UK manufacturing firms, specifically, they examined the link between alignment and business performance. Questionnaires were used to collect data from 250 firms on nine different strategies, such as price, quality products, quality service and product differentiation, and compare the business and IT responses. The results indicated that small firms with a high level of IT alignment had better organisational performance than the firms with low levels of IT alignment.
Gutierrez et al. (2009) studied whether there is any difference in strategic alignment between small, medium and large enterprises. This study examined and compared the relevance of orga- nisational size ((small, medium and large) and their planned integration strategy (independent, simultaneous or sequential). Questionnaires were used to collect data from 104 participants based on several alignment factors: communication, governance, competency/value measurement, part- nership, scope and architecture and skills. The results indicated that there were no significant differences between the alignment of small, medium and large organisations. However, there were significant differences between small, medium and large organisations’ implementation and their planned integration strategies.
Croteau and Raymond (2004) evaluated the business performance outcomes of alignment between the organisation’s IT competencies which included connectivity, technological scanning, and flexibility and strategic competencies which included shared vision, empowerment, coopera- tion and innovation. They used questionnaires to collect data from the top managers of 104 randomly selected Canadian organisations with more than 250 employees. The structure equation modelling tool was used to analyse the collected data. The results indicated that perceived business performance could be increased by alignment of strategic and IT competencies.
Business analytics systems can possibly create value and provide competitive advantage to organisations. Shanks, Bekmamedova, and Willcocks (2012) argue that business analytics systems can also enable alignment between business strategy and IT strategy and support organisational transformation. They identified several critical factors to the success of the business analytics and to strategic alignment and organisational transformation: (1) the early definition of globally standard metrics and dimensions; (2) a high quality technology infrastructure and high quality data; (3) sustained senior management support together with strong leadership within the business analy- tics project; (4) effective governance structures that support change management and continual
1132 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
renewal of business analytics capabilities and (5) hybrid people with a mix of technical, business and strong communication skills.
Cohen and Toleman (2006) used questionnaires to collect data from 167 South African and Australian companies. The study examined the effect of commitment, shared vision and mutual understanding on the contribution of IS to the business performance. The findings suggest that when there is a strong relationship between IS and business, organisations will be more successful in their use of IS. The results also indicated that three factors contribute to increased IS perfor- mance: (1) strong loyalty on the part of the business to IS efforts; (2) a higher level of IS under- standing of the business and (3) a long-term agreement between the IS and business executives on IS priorities.
Grant (2003) explored the relationship between strategic alignment and the implementation of an enterprise system. As strategic IS alignment is important to organisational success to derive maximum value from IT assets, the author studied how the organisation can align its IT and business strategies and impact its global enterprise system deployment. The authors interviewed 15 senior managers from Canada, the US and Europe. This research results from the case study on the experience of one organisation shows that it is difficult to achieve alignment, as the company experienced difficulties deploying the planned system and there was considerable misalignment between the business operational model and the IT execution model.
Anthony et al. (2006) examined the influence of strategic alignment between IS strategy and business strategy on the payoff of the IT investment using questionnaires. This study also inves- tigated the moderating effects of strategic alignment on the relationship between IT investment and business performance for 344 manufacturing firms in the south of the United States. They investigated different perspectives on strategic alignment, two focusing on alignment between the business and IT planning process (coordination and integration), while two focused on the align- ment of business and IT strategy outcomes (matching and moderating). Responses to the ques- tionnaires were received from 84 of 275 manufacturers. The results showed a synergistic coupling between strategic alignment and IT investment with business performance.
Chen (2010) examined the relationship between alignment maturity dimensions and IS strategic alignment. Their collected data was based on strategic alignment maturity model (SAM) developed by Luftman (2000) which contained six maturity factors: competency, communication, governance, technology scope, partnership and skills. They collected data from 130 business and IT executives from 22 companies in China, 11 of these companies being multinationals operating in China. Their results showed that alignment between business and IT strategies can improve organisations’ competitive edge, thus achieving strategic alignment can be considered a major concern for business executives.
Avison et al. (2004) validated the strategic alignment model (SAM) proposed by (Henderson and Venkatramen 1989b) in a financial services firm. They applied data collected from completed projects to the model in order to determine whether the SAM is a useful model as a management tool to assess, create and sustain business and IT strategic alignment. The results indicated that the SAM has practical and conceptual value.
Newkirk, Lederer, and Johnson (2008) tested the impact of IT and business change on strategic IS planning and IS and business strategy alignment planning. The study used a questionnaire to collect data from 161 IS executives. The structure equation modelling was used to analyse the collected data. Newkirk et al. found that practitioners have to be more careful in setting their planning in response to IT and business changes and that practitioners may not have to shorten their planning in a rapidly changing business environment.
Willcoxson and Chatham (2004) investigated perceptions of the relationship between IT and business held by 653 IT managers and staff and 503 business managers and staff using surveys, collecting data over a 3-year period. The results indicated that there are significant differences in the perceptions of IT managers and business managers, particularly in relation to issues on IT systems and communication efficacy. Both groups agreed on the importance of seeing IT as the
ENTERPRISE INFORMATION SYSTEMS 1133
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
driver of business activities and the responses to the issues related to alignment between IT, business strategy and communication efficacy.
In Burn and Szeto (2000), the authors investigated whether there are any significant differences in business and IT managers’ perspectives to identify the factors that contribute to successful strategic alignment by using Henderson and Venkatraman’s (1999) strategic alignment model framework (Henderson and Venkatraman 1989a). Responses to questionnaires were received from 93 of 400 business and IT managers in different industries in Hong Kong to develop an effective alignment model between business and IT strategies to achieve a competitive advantage. The results indicated that there were no significant differences between business and IT managers’ perspectives with regard to strategic alignment. Both groups indicated that business strategy is the driver for strategic alignment and the role of IS management was to provide executive leadership to ensure the IT functions achieve the strategic goals and objectives of the organisation. However, the detailed case studies on the container terminal operators suggested that successful IT align- ment required different perspectives of business and IT managers.
Wang et al. (2013) studied a firm’s IT capabilities influencing by the IT department hard and soft skills and how these IT capabilities affect the alignment between business and IT. This study was focused on IT adaptability, IT innovation and IT-user collaboration. They collected their data from 120 IT directors and the results indicated that IT-user collaboration and IT adaptability have a positive impact on the alignment between business and IT.
Leonard (2007) compared the perceptions of IS and business managers in achieving alignment between IS and business. Previously, we defined the organisational position and understanding of the business of the IS managers, as well as the IS business partnerships, as important factors in achieving IS alignment. However, the author identified another three concepts: (1) the extent to which IS and business managers have to share the vision of the IS alignment profile; (2) the extent to which both the business and IS managers have a general understanding of the required time frame in which to attain alignment and (3) the need to teach business managers about possible IS strategy. This study used mixed methods with questionnaires as a quantitative method and inter- views as the qualitative method. The questionnaires were constructed based on Preston (2004) and Preston, Karahanna, and Rowe (2006) and 365 responses were received from top IS managers and senior executives in the organisation. Managers from four different organisations participated in the interviews: an electrical supplier in Australia and New Zealand, a company in the Asia Pacific region to represent a global organisation, the distributed arm company in Australia and a public sector organisation in Australia.
The IT service management (ITSM) framework is estimated to be used by over 45% of compa- nies. Marrone and Kolbe (2011) conducted an international survey of 441 firms to examine the benefits provided by the IT Infrastructure Library (ITIL), the de facto ITSM framework for IT organisations. This research focused on the strategic position and operational benefits of IT organisations, particularly those evolving from business and IT alignment maturity. The results indicated that as the adoption of ITIL was enhanced, the level of business and IT alignment maturity increased. Furthermore, the results indicated that the further ITIL was implemented, the higher the operational and strategic benefits to the organisations.
Cumps et al. (2009) inferred business rules between business and information and communica- tion technology alignment. The study appropriated a rule induction algorithm using a set of data consisting of rich alignment information collected from 641 organisations in 7 different European countries. These alignment rules were generated using AntMiner+, the rule induction technique well known for of its ability to obtain comprehensible, accurate and intuitive predictive models from data. This article aimed to describe practical guidelines for IT and business managers to obtain better alignment between information and communication technology and business requirements.
On the issue of IT and business strategy alignment, Bleistein et al. (2006b) proposed a business strategy, context and process (B-SCP) requirement engineering framework. This paper extended the framework proposed in Bleistein et al. (2005, 2006a) that enabled modelling the organisational
1134 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
IT requirements to validate the requirements against the business strategy. For goal modelling, Jackson context diagrams and the RAD were used respectively to represent business strategy, context and process. The Jackson problem diagram framework was used to integrate business strategy and context. This framework was validated using a Seven-Eleven store in Japan as a case study. The proposed B-SCP framework offered better alignment between the organisational IT requirements and the business strategy.
Engelsman et al. (2011) proposed a language, named ARMOR, to model business goals and requirements in the organisation’s architecture. The language is focused on alignment between business and IT. In using this language, the high level goals are modelled in stakeholder’s terms where the goals are refined into different sets of sub-goals throughout the goal trees. The low-level goals, the requirements, are related to the processes, services and applications implementing the requirements. This language is dependent on the existing requirements modelling languages and is aligned with the enterprise modelling language standard called ArchiMate1 (Lankhorst 2005). However, the authors didn’t validate their pro- posed language.
It is very complicated to create a productive intelligible bridge between a business model and an IT system model in order to mirror, support and automate BPs. Odeh and Kamm (2003) studied the links between the business PM and UML software specification techniques. They argued that the UML alone cannot capture all complex organisational activities. Their approach, in contrast, developed a set of use cases through conducting real life case studies on the administration of a research degree in the Faculty of Computing, Engineering and Mathematical sciences at UWE Bristol to provide the information support to the pre-identified organisational BPs. These use cases were translated from RAD.
Aburub and Almahamid (2010) proposed a new method to derive system models depending on the business PM. This method comprises five steps: (1) using RAD to develop business PM; (2) defining the automatic activities; (3) discovering the early functional system requirements; (4) generating the functional specifications document and (5) developing the DFD depending on the functional specifications document to model the software system. This method was used to develop the system models at an early stage. The authors used the process of cancer registration in Jordon as the case study to validate this method.
In Damij et al. (2008), business PM and improvement were studied to successfully generate a competitive enterprise. The Tabular Application Development (TAD) method, which comprises six phases, was used to achieve this objective. The first phase is BP identification which has three steps: determining the BPs, identifying the work processes and dealing with process table development. The second phase is business PM which has two steps: developing the activity tables and generating the property table. The third phase is BP improvement which has two steps: dealing with process analysis and implementing process simulation. The fourth phase is object model development which has two steps: dealing with the initial object model devel- opment and completing the object model by using inheritance in order to identify the hierarchies between classes. The fifth phase is designing the system and preparing it for implementation which has three steps: specifying the object model operations, developing the system model design and writing the required algorithms. The sixth phase is model implementation.
The TAD method is based on the premise that each enterprise has one or more BP where every BP contains a set of work processes which contains a group of activities and procedures. There are four tables used in the TAD method: tables to describe the BP functions, work processes table, procedures table and activities table. The tables are used because they are useful to represent the sequence of events, they are easily corrected and extended and easy to understand. The authors validated their proposed framework through a surgery BP as a case study to show how this framework can be implemented.
ENTERPRISE INFORMATION SYSTEMS 1135
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
5.1.1 Limitations and further research for the first challenge: misalignment between business and IT To date, the literature shows that the current research on requirement engineering research has not paid much attention to the issue of IT and business strategy alignment. The alignment between business and IT is an unsolved problem although it is considered to be of high impor- tance to researchers and practitioners (Walentowitz 2012; Saat et al. 2011). For example, most of the existing work explores the issues using the qualitative method, such as interview and group discussion, and quantitative methods, such as questionnaires as explained on the previous section. Past researchers studied the relationship between business strategy and IT strategy and between business and IT alignment and business performance.
However, in interpreting the results of these surveys, it is important to remember that most of these studies were conducted only in a small number of companies. It may be that only a small numbers of participants answered the questionnaires or took part in an interview. Furthermore, most of these studies were conducted in special countries. Therefore, the results of these studies cannot be used as a standard and might not be directly transferrable to firms of any size and from different countries. Moreover, the results of these studies may be affected by common method variance as data was collected from participants by using the same survey at the same time.
Furthermore, most of existing alignment research fails to capture the real business environment because of several reasons. For example, when the business strategy is unknown or in process, the alignment is not possible (Chan and Reich 2007).
Literature shows that there are many business PM standards, techniques, languages and tools, such as BPMN, UML, BPEL, etc. However, these techniques have several limitations and drawbacks. For example, they are not easily understood by IT people and thus they cannot completely implement the desired BP. Moreover, it is an important priority to develop the business PM where one BP can carry a set of sub-processes or business goals.
Proposing a business PM approach to model the process priority is one of the possible further research directions (Alotaibi and Liu 2012c). In addition, proposing a business PM framework easily understood by IT people is another of the possible further research directions (Alotaibi and Liu 2013b, 2016). Proposing a business PM framework linking IT and business modelling environments for better alignment where IT goals can be easily derived from business goals could be another possible further research direction.
5.2 Second challenge: security issues in business PM
Security is a serious concept on all information processing activities (Gritzalis and Lambrinoudakis 2004). Hence, the actively mechanisms and tools should be developed by each organisation in order to maintain and ensure information resources security and integrity (Herath and Rao 2009; Stahl, Doherty, and Shaw 2012).
‘The literature shows that only a few approaches consider security requirements as a primary part of all software development processes. Chung and Nixon (1995), for example, applied the process-oriented approach to represent security requirements as harmonious goals and used them throughout the software system development. This proposed non-functional requirements (NFRs) framework uses security requirements and permits system developers to consider design decisions which are related to the non-functional requirements’. More information can be founded in Alotaibi and Liu (2012a).
In Aburub, Odeh, and Beeson (2007), the authors demonstrated the application method for remodelling BP in order to attain better non-functional processes representation. They were adapted to link the NFRs to the conceptual models. A cancer registration process in Jordan was used as a case study to display the NFR goal operations. In addition, the RAD was used to create BPs NFR model throughout applying the goal evaluation and interaction analysis.
1136 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Rohrig and Ag (2002) proposed an approach that reuses the existing BPs descriptions. This approach was used for analysing the security requirements and deriving measure of security requirements. It has four main steps. In the first step, the general security objectives of the BP were identified. In the second step, the constructed security objectives, such as actors were examined. In the third step, these specifications were examined if they were consistent or not. In the last step, for each BP component, a list of important security measures was created.
In Giorgini et al. (2006), the requirements specification model was proposed for separating the delegation and trust relationships. The aim of this model was bridging the gap between the IT system functional and trust requirements and its trust management. A formal modelling language known as Delegation Logics (Li, Grosof, and Feigenbaum 2003) was used for automatic verifying the IS requirements. Moreover, this approach can support the trust management (Ninghui, Mitchell, and Winsborough 2002). A case study of health care process was used for validating.
The requirements engineering approach used for mapping and modelling the IS security goal for better alignment between business and IS at the early stage in the software development process was proposed in Mayer, Dubois, and Rifaut (2007). This technique has five main steps. In the first step, an organisational environment was identified. In the second step, the security goals were derived. In the third step, security requirements were detected from goals. In the fourth step, security requirements and constraints were detected. Lastly, risks were analysed at the architectural level.
In Jürjens (2001), an extension of UML known as UMLsec was proposed for providing security features in the UML model, such as confidentiality and access control. The class, interaction, state chart and deployment diagrams had used in the language. The class diagram was used to guarantee that the exchange of data conforms to the security levels. Furthermore, to guarantee the accuracy of essential security interactions between objects, the interaction diagram was used. In addition, the state chart diagram was used to avoid indirect flow of information. To guarantee meeting the security requirements by the physical layer in communication, the deployment diagram was used. Also, In Lodderstedt, Basin, and Doser (2002), an extension of UML known as SecureUML was proposed for modelling security. The authors used UML to identify the access control-related information in the design of all application.
In Basin et al. (2009), SecureUML, which is an expressive UML-based language, was proposed for constructing the security design model. They combined the security policy and design specifica- tions. In addition, a tool called SecureMOVA has been used for implementation.
BPs have been studied in software engineering and security literatures. For example, Strembeck and Mendling (2011) presented a formal model that integrating the role-based access control (RBAC) models and PMs in order to extend the UML2 activity models. RBAC model includes tasks’ duty constraints, role and role hierarchies.
Alghathbar (2007) presented a secured business PM for analysing the UML authorisation requirements. In addition, he advanced the Auth-UML model presented in Alghathbar and Wijesekera (2003) for validating enforcement of separation of duty (SoD) of the requirements engineering.
Understanding security risks is hardly task. The secured online BPs presented in Iyer, D’aubeterre, and Singh (2008) was extended in D’aubeterre, Singh, and Iyer (2008) for integrating security in the BPs analysis and model as a functional requirement and thus they proposed the secure activity resource coordination (SARC) framework. The enriched use case and UML activity diagram were used for evaluating (Siponen, Baskerville, and Heikka 2006).
In Rodríguez et al. (2010), the model-driven development (MDD) approach had proposed for ISs development. They had modelled all BPs and security and had identified all lists of constants for transferring use cases and class diagrams of the secured business PM presented in Rodríguez, Fernndez-Medina, and Piattini (2007b).
Mcdermott and Fox (1999) adapted the use cases to present an abuse case model. The abuse case model was used for security requirement analysis. The specification of each interaction between actors and the system were identified in this model.
ENTERPRISE INFORMATION SYSTEMS 1137
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
The systems may not permit some functions and thus the misuse case model has been used to describe them (Sindre and Opdahl 2000, 2005). The security requirements could be specified and elicited using the misuse case model. Also, it is a fundamental concept to create the design of other UML diagrams in order to implement the target system. In addition, if anyone starts the misuse case intentionally or accidentally, the miss-actor concept will be defined.
Literature shows that several researches have been done in the misuse case model in order to present a secured system. For example, an approach for improving the misuse case model quality was proposed by El-Attar (2012a). He validated his approach using online bookstore system as a case study.
Furthermore, El-Attar (2012b) proposed the structured misuse case description (SMCD). He argued that SMCD can guide the misuse case modellers for structurally and syntactically develop- ing the misuse case model. Nevertheless, the reliable domain representation cannot be assured by using the SMCD. Moreover, in order to generate misuse skeletons and the descriptions of use case, he proposed the reverse engineering of misuse case description (REMCD) method. Nevertheless, the order of developing the components of misuse case model cannot be specified by using the REMCD.
In Dardenne, Fickas, and Van Lamsweerde (1991), the obstacle concept was used in the KAOS framework to capture undesirable system properties and to identify and relate security require- ments to other system requirements. There are two sets of techniques based on the temporal logic formalisation because of obstacle goal satisfaction and requirements.
5.2.1 Limitations and further research for the second challenge: security issues in business PM There are many commercial methods available to be used by the IT security officers in every organisation, such as ITBPM, CRAMM, OCTAVE, MEHARI, EBIOS, etc., to implement risk analysis on security problems and identify security solutions (Anderson 2008; Mouratidis and Jurjens 2010). However, most of these approaches were not considered security requirements as a key element of the process of software development and only provide the first stage of the integration between security and software engineering. For example, Jürjens (2001) proposed an approach applicable only through the design stage while McDermott and Fox (1999) proposed an approach used in early requirements analysis stage.
Consequently, proposing a security approach that can cover all software development process stages: early requirement, late requirement, architectural design, details design and implementa- tion stages, is one of the possible further research directions. This approach must limit the conflicts through identify them at the early stage of the system development.
Another limitation of the existing work is that most of the previously mentioned approaches only deal with specific security requirements, goals and constraints. For example, UMLsec proposed by Jürjens (2001) focuses on access control security requirements and integrates this into the model-driven software development process.
Therefore, another possible further research direction is to propose a security approach which considers all security requirements, such as access control, encryption, security goals, such as integrity and secrecy, and security constraints, such as authorised and unauthorised access (Alotaibi and Liu 2014b; Alotaibi 2016).
Table 6 summarises the existing literature on software development process stages and security goals.
5.3 Third challenge: managing customer power
In the current business environment customers have the power. For example, they can specify their demands through identifying their services and product’s needs. They have the ability to improve their decision-making for decreasing the price (Piccoli and Lloyd 2010; Rezabakhsh et al. 2006). In
1138 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Ta b le
6. Re la te d w or k on
ex is ti n g so ft w ar e d ev el op
m en t p ro ce ss
st ag es
an d se cu ri ty
g oa ls
So ft w ar e d ev el op
m en t p ro ce ss
st ag es
Se cu ri ty
g oa ls
Re fe re n ce s
Ea rl y
re q ui re m en t
La te
re q ui re m en t
A rc h it ec tu ra l
d es ig n
D et ai l
d es ig n
Im p le m en ta ti on
In te g ri ty
C on
fi d en ti al it y
A va ila b ili ty
Re lia b ili ty
Pr iv ac y
A cc es s
C on
tr ol
M cd er m ot t an d Fo x (1 99 9)
√ Jü rj en s (2 00 1)
√ √
√ Li u,
Yu , an d M yl op
ou lo s (2 00 3)
√ √
√ √
√ Ro h ri g an d A g (2 00 2)
√ √
√ √
Lo d d er st ed t, Ba si n , an d D os er
(2 00 2)
√ √
M an a et
al . (2 00 3)
√ √
√ M ay er , D ub
oi s, an d Ri fa ut
(2 00 7)
√ √
√ √
Ro d rí g ue z, Fe rn n d ez -M
ed in a, an d
Pi at ti n i (2 00 7a )
√ √
√ √
G ol uc h et
al . (2 00 8)
√ √
√ M ay er
et al . (2 00 8)
√ √
M at ul ev ic iu s, M ay er , an d H ey m an s
(2 00 8)
√ √
√
W ol te r et
al . (2 00 9)
√ √
√ √
√ Ro d rí g ue z et
al . (2 01 1)
√ √
√ √
√
ENTERPRISE INFORMATION SYSTEMS 1139
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
addition, the BPs could be reengineered by different organisations in order to develop their cost and efficiency and thus they could be still in the competitive position with other organisations in the marketplace. For example, in the hospital management system, there is some modifications can be implemented to improve the patient waiting time in the emergency care process (Shim and Kumar 2010).
According to the literature, different companies used the strategy of dividing the customers into different groups for services based on the price they paid or time they could wait (Gilland and Warsing 2009). For example, according to Keon and Anandalingam (2005), the highest priority class customers receive immediate services while the lowest priority class customers can have some discount by accepting the delay. In addition, different delivery time options could be offered by the most popular e-commerce companies, such as eBay and Amazon. For example, the highest price is guarantee the fastest delivery time while the lowest price results in a delayed delivery. By using this strategy, companies can provide flexible purchasing services for customers (Alotaibi and Liu 2013c).
There are several options for shipment price proposed by Yao and Zhang (2012). For example, it will be free shipment where there is no charge to the customer as the company subsidises the shipment cost. ‘Another option is the company shares some of the shipment cost with customers. Also, the company may use the profit shipment where the company charges customers a shipment fee which is higher than the actual shipment cost to make a profit. For example, Amazon.com uses the free shipment policy with the minimum order amount and ebay.com offers free shipment because it is a competitive strategy. However, CDNow.com uses the profit shipment policy’. More information could be founded in Alotaibi and Liu (2013c).
Conversely, this system is very complicated to be designed, controlled and managed and thus Duran et al. (2008) and Chan, Simchi-Levi, and Swann (2006) have used the delayed production strategy and the tactical inventory strategy to solve these issues.
For example, a single item inventory system was proposed by Tempelmeier (2006) in order to serve two different customer groups. There are three concepts used in this study known as the critical level, order quantity and reorder point (s, q, k) policy. In addition, the queuing inventory system was proposed by Schwarz and Daduna (2006). In this technique, once the customer is served, the inventory will be decreased by one and the customer will left the queue. However, the service can be interrupted if there is no inventory. Furthermore, this technique is limited for only one class of customers. Hence, Zhao and Lian (2011) proposed a queuing system within inventory management for two different classes of customers to the Poisson process.
According to Ryan and Valverde (2005, 2006), customers have to wait for services in different situation. For example, they have to wait for receiving the reminder for password and username. Waiting for replying their service enquiries and checking-out process for complex purchases are others waiting situation. Furthermore, they have to wait for receiving the online transactions and payments confirmation.
In Frank, Zhang, and Duenyas (2003) and Sobel and Zhang (2001), the authors investigated companies providing services for two different customer groups: (1) customers with long-term supply contracts; and (2) customers who request items irregularly. The order of the first group is modelled as a deterministic order as it is known in advance. Thus, their order must be delivered without any delay. On the other hand, the order of the second group is modelled as a stochastic order as it is unknown until it has been received.
Dobson and Sainathan (2011) examined the prioritisation in the service system and analyse whether prioritisation can improve system performance where there are two different classes of customers for service time. The first class is the customers who require urgent services and have a high waiting cost while the second class is the customers who require non-urgent service and have a low waiting cost.
1140 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
5.3.1 Limitations and further research for the third challenge: managing customer power According to Swink, Narasimhan, and Kim (2005), flexibility is an essential aspect to deal with the rapidly changing business environment. By introducing a new product, process or production technique, the flexibility can be raised by manufacturers. Hence, the flexibility will result in rising the improvement and assessment of BPs (Lepmets, Mcbride, and Ras 2012).
In order to reach the flexibility, several strategies can be used by companies. For example, one of the best strategies is to divide the company’s customers into different priority groups for services. By doing this, companies can assist their customers to receive services according to their accepted time and the amount of payment (Drekic and Stanford 2001). For example, customers in a high priority group would receive immediate services while customers in a lower priority group may need to accept a delay while paying a discounted price. However, literature shows that no research has yet been conducted to classify customers for different levels of services, customer feedbacks and the history of payment. This research will help in the growth of the company’s profit and performance as well as raising the level of customers’ satisfaction. However, managing this system is a difficult task (Alotaibi and Liu 2014a).
Proposing a requirements engineering-based approach for modelling the BPs in order to support enhancing the organisation performance is one of the possible research directions. Proposing a mathematical model for developing the customer satisfaction based on the delivery of waiting time for different customers’ priority classes is another possible research direction.
6. BPM guidelines
There are several guidelines which need to be followed when modelling BPs. For example, business goals and objectives need to be easily identified, and the PM ought to be easily understood. A good business PM project should provide detailed information on the BP to be managed when analysing and developing BPs to establish the best coupling between the organisation’s needs and demands (why) and the system functions (what) such as between the business PM and the IS specifications (Nurcan et al. 2005).
Furthermore, the modellers require the least number of elements in the model as possible because when the model has a large number of elements, it will be difficult to understand and hence errors may occur. Modellers also have to minimise the element routing path such as the input and output arcs and only use one start event and one end event in order to avoid errors as well as decomposing models with often more than 50 elements. The model needs to be structured as soundly as possible by matching each spilt connector with the respective join connector within the same type. The literature suggests using AND and XOR connectors and suggests not using OR routing element because AND and XOR may be less error prone (Mendling et al. 2012).
In addition, business PM is easy to understand if the modellers use verb object activity labels (Mendling, Reijers, and Van-Der-Aalst 2010; Zur-Muehlen, Wisnosky, and Kindrick 2010), using different colours for the PMs to distinguish the different business PM elements types (Reijers et al. 2011). Moreover, they should design syntactically and semantically correct models. When the model follows all business PM notation primitives, it will be syntactically correct (La Rosa et al. 2011). The model requires being completed by the real world satiation and acknowledged by the stockholders.
Successful business PMs should have the ability to ensure better alignment between business and IT staff, provide security protection, manage the rapidly changing business environment and BPs, manage customer power, be flexible for reengineering, ensure IT goals can be easily derived from business goals and therefore an IS can be easily implemented.
ENTERPRISE INFORMATION SYSTEMS 1141
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
7. Conclusion and recommendations
In this article, we have presented an overview of research on the business PM domain. We have presented a review of challenges facing by business PM, such as misalignment between business and IT, difficulty of deriving IT goals from business goals, creating secured business PM, reengi- neering BPs, managing the rapidly changing BP and business environment and managing custo- mer power. According to the review of existing business PM frameworks, there are several limitations as follows:
● Previous requirement engineering research has not paid much attention to the issue of strategic alignment between business and as most of the existing work explores the issues using a qualitative method, such as interviews and group discussion, and quantitative methods, such as questionnaires.
● The existing literature on alignment is limited because it is almost all mechanistic and fails to capture the real business environment.
● Understanding BP is a complicated task for the IT analysts, and this explains why IT analysts experience difficulties in developing the right IS for BPs.
● Previous secured business PM techniques cannot deal with all security goals and requirements.
● No research has been conducted to separate consumers into priority groups for services according to the accepted time, customer feedbacks and the history of payment. This research will be certainly beneficial to the company’s performance as well as its customers’ satisfactory level.
A number of recommended further research directions are listed as follows:
● To develop a business PM approach to model the process priority and to implement the process.
● To develop a business PM framework that can be easily understood by IT specialists. ● To develop a business PM framework that can link the business modelling environment and
IT modelling environment in a more effective way. ● To develop a business PM framework that can easily drive IT goals from business goals ● To propose a business PM framework which has a positive influence on system implementa-
tion according to business expectations ● To propose a business PM framework which has a positive influence on the social and cultural
relationship between IT and business staff in the organisation. ● To propose a security mechanism that covers all processes of software development. ● To propose a security technique that fulfils all security requirements and goals. ● To propose a requirement engineering-based approach for business PM to assist businesses
improve their performance in such an environment. ● To propose a numerical model to improve customers’ satisfactory level in terms of service
delivery time according to customers’ priority classes.
Disclosure statement
No potential conflict of interest was reported by the authors.
1142 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
References
Aburub, F., and S. M. Almahamid. 2010. “A Method for Deriving System Models Based on Business Process Models.” Journal of Information Technology Management XXI (2): 35–43.
Aburub, F., M. Odeh, and I. Beeson. 2007. “Modelling Non-Functional Requirements of Business Processes.” Information and Software Technology 49 (11–12): 1162–1171. doi:10.1016/j.infsof.2006.12.002.
Aguilar-Savén, R. 2004. “Business Process Modelling: Review and Framework.” International Journal of Production Economics 90 (2): 129–149. doi:10.1016/S0925-5273(03)00102-6.
Aldin, L., and S. De Cesare. 2011. “A Literature Review on Business Process Modelling: New Frontiers of Reusability.” Enterprise Information Systems 5 (3): 359–383. doi:10.1080/17517575.2011.557443.
Alexandrou, D., and G. Mentzas. 2009. “Research Challenges for Achieving Healthcare Business Process Interoperability.” In International Conference on eHealth, Telemedicine, and Social Medicine (eTELEMED ‘09), February 1–7, 2009, 58–65. Cancun: IEEE.
Alexopoulos, E., and B. Theodoulidis. 2003. “The Generic Information Business Model.” International Journal of Information Management 23 (4): 323–336. doi:10.1016/S0268-4012(03)00054-9.
Alghathbar, K. 2007. “Validating the Enforcement of Access Control Policies and Separation of Duty Principle in Requirement Engineering.” Information and Software Technology 49 (2): 142–157. doi:10.1016/j. infsof.2006.03.009.
Alghathbar, K., and D. Wijesekera. 2003. “Authuml: A Three-Phased Framework to Analyze Access Control Specifications in Use Cases.” In Proceedings of the Workshop on Formal Methods in Security Engineering (FMSE), 2003, Washington, DC: ACM Press.
Alotaibi, Y. 2014. “Business Process Modelling Challenges and Solutions: A Literature Review.” Journal of Intelligent Manufacturing 1–23. doi:10.1007/s10845-014-0917-4.
Alotaibi, Y. 2016. “A Secure Business Process Modelling for Better Alignment between Business and IT.” In 49th Hawaii International Conference on System Science (HICSS), January 5–8, 2016, Kauai, Hawaii, 4793–4802. IEEE. doi:10.1109/ HICSS.2016.595.
Alotaibi, Y., and L. Fei. 2012d. “A Novel Framework to Model a Secure Information Systems.” International Conference on Information Computer Applications 24: 84–89.
Alotaibi, Y., and F. Liu. 2012a. “A New Framework to Model a Secure E-Commerce System.” International Journal of Social and Human Sciences 6 (6): 162–168.
Alotaibi, Y., and F. Liu. 2012b. “How to Model a Secure Information System (IS): A Case Study.” International Journal of Information and Education Technology 2 (2): 94–102. doi:10.7763/IJIET.2012.V2.89.
Alotaibi, Y., and F. Liu. 2012c. “Business Process Modelling Towards Derivation of Information Technology Goals.” In 45th Hawaii International Conference on System Science (HICSS), January, 4–7, Maui, Hawaii, US, 4307–4315. IEEE.
Alotaibi, Y., and F. Liu. 2013a. “Average Waiting Time of Customers in a New Queue System with Different Classes.” Business Process Management Journal 19 (1): 146–168. doi:10.1108/14637151311294903.
Alotaibi, Y., and F. Liu. 2013b. “Business Process Modelling towards Derive and Implement IT Goals.” In 8th IEEE Conference on Industrial Electronics and Applications (ICIEA 2013), June 19–21, 2013, Melbourne, Australia, 1739– 1744. IEEE.
Alotaibi, Y., and F. Liu. 2013c. “Queuing System for Different Classes of Customers.” International Journal of Business Information Systems 13 (4): 418–434. doi:10.1504/IJBIS.2013.055299.
Alotaibi, Y., and F. Liu. 2014a. “An Empirical Study of a Novel Managing Customer Power Model and Business Performance in the Mobile Service Industry.” Business Process Management Journal 20 (6): 816–843. doi:10.1108/ BPMJ-07-2013-0099.
Alotaibi, Y., and F. Liu. 2014b. “A Novel Secure Business Process Modeling Approach and Its Impact on Business Performance.” Information Sciences 277 (277): 375–395. doi:10.1016/j.ins.2014.02.088.
Alotaibi, Y., and F. Liu. 2016. “Business Process Modelling Framework Derive and Implement IT Goals: A Case Study.” International Journal of Industrial and Systems Engineering 22 (2): 161–190. doi:10.1504/IJISE.2016.073961.
Amaral, C. S. T., H. Rozenfeld, J. M. H. Costa, M. D. F. D. A. Magon, and Y. M. Mascarenhas. 2011. “Improvement of Radiology Services Based on the Process Management Approach.” European Journal of Radiology 78 (3): 377–383. doi:10.1016/j.ejrad.2010.12.025.
Anderson, R. J. 2008. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Publishing. Andrikopoulos, V., S. Benbernou, M. Bitsaki, O. Danylevych, M. S. Hacid, W. J. Van-Den-Heuvel, D. Karastoyanova, et al.
2008. Survey on Business Process Management. Zurich: The S-CUBE consortium (the European Network of Excellence in Software Services and Systems).
Anthony Byrd, T., B. R. Lewis, and R. W. Bryan. 2006. “The Leveraging Influence of Strategic Alignment on IT Investment: An Empirical Examination.” Information & Management 43 (3): 308–321. doi:10.1016/j.im.2005.07.002.
Antony, J. 2006. “Six Sigma for Service Processes.” Business Process Management Journal 12 (2): 234–248. doi:10.1108/ 14637150610657558.
Arbogast, G., J. Nackashi, A. Rittscher, and B. Thornton. 2008. “Enterprise Resource Planning and Business Process Management – A Marriage Of Convenience?” Review of Business Information Systems 12 (3): 1–4.
ENTERPRISE INFORMATION SYSTEMS 1143
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Atle Gulla, J., and T. Brasethvik. 2000. “On the Challenges of Business Modeling in Large-Scale Reengineering Projects.” In Proceedings of 4th International Conference on Requirements engineering, edited by W. van der Aalst, J. Desel, and A. Oberweis, 17–26. Schaumburg, IL: IEEE.
Avison, D., J. Jones, P. Powell, and D. Wilson. 2004. “Using and Validating the Strategic Alignment Model.” The Journal of Strategic Information Systems 13 (3): 223–246. doi:10.1016/j.jsis.2004.08.002.
Backes, M., B. PfiTzmann, and M. Waidner. 2003. Security in Business Process Engineering. BPM. Berlin, Heidelberg: Springer-Verlag.
Bandara, W., G. Gable, and M. Rosemann. 2005. “Factors and Measures of Business Process Modelling: Model Building through a Multiple Case Study.” European Journal of Information Systems 14 (4): 347–360. doi:10.1057/palgrave. ejis.3000546.
Barjis, J. 2008. “The Importance of Business Process Modeling in Software Systems Design.” Science of Computer Programming 71 (1): 73–87. doi:10.1016/j.scico.2008.01.002.
Basin, D., M. Clavel, J. Doser, and M. Egea. 2009. “Automated Analysis of Security-Design Models.” Information and Software Technology 51 (5): 815–831. doi:10.1016/j.infsof.2008.05.011.
Becker, J., M. Rosemann, and C. V. Uthmann. 2000. “Guidelines of Business Process Modeling.” In Business Process Management: Models Techniques and Empirical Studies, edited by W. van der Aalst, J. Desel, and A. Oberweis. Berlin: Springer-Verlag.
Benbya, H., and B. Mckelvey. 2006. “Using Coevolutionary and Complexity Theories to Improve IS Alignment: A Multi- Level Approach.” Journal of Information Technology 21 (4): 284–298. doi:10.1057/palgrave.jit.2000080.
Bergeron, F., L. Raymond, and S. Rivard. 2004. “Ideal Patterns of Strategic Alignment and Business Performance.” Information & Management 41 (8): 1003–1020. doi:10.1016/j.im.2003.10.004.
Bernhard, E., and J. C. Recker. 2012. “Preliminary Insights from a Multiple Case Study on Process Modelling Impact.” In 23rd Australasian Conference on Information Systems, December, 3–5, 2012, Deakin University, Geelong, VIC.
Bleistein, S. J., K. Cox, and J. Verner. 2005. “Strategic Alignment in Requirements Analysis for Organizational It: An Integrated Approach.” In: 20th ACM Symposium on Applied Computing (SAC’05). Santa Fe, NM: ACM.
Bleistein, S. J., K. Cox, and J. Verner. 2006. “Validating Strategic Alignment of Organizational IT Requirements Using Goal Modeling and Problem Diagrams.” Journal of Systems and Software 79 (3): 362–378. doi:10.1016/j. jss.2005.04.033.
Bleistein, S. J., K. Cox, J. Verner, and K. T. Phalp. 2006b. “B-SCP: A Requirements Analysis Framework for Validating Strategic Alignment of Organizational IT Based on Strategy, Context, and Process.” Information and Software Technology 48 (9): 846–868. doi:10.1016/j.infsof.2005.12.001.
Box, S., and K. Platts. 2005. “Business Process Management: Establishing and Maintaining Project Alignment.” Business Process Management Journal 11 (4): 370–387. doi:10.1108/14637150510609408.
Bradley, R. V., R. M. E. Pratt, T. A. Byrd, C. N. Outlay, and D. E. Wynn Jr. 2012. “Enterprise Architecture, IT Effectiveness and the Mediating Role of IT Alignment in US Hospitals.” Information Systems Journal 22 (2): 97–127. doi:10.1111/ j.1365-2575.2011.00379.x.
Burn, J. M., and C. Szeto. 2000. “A Comparison of the Views of Business and IT Management on Success Factors for Strategic Alignment.” Information & Management 37 (4): 197–216. doi:10.1016/S0378-7206(99)00048-8.
Busch, P., and P. Fettke. 2011. “Business Process Management under the Microscope: The Potential of Social Network Analysis.” In 44th Hawaii International Conference on System Sciences (HICSS), January, 4–7, 2011, 1–10. IEEE.
Caetano, A., A. R. Silva, and J. Tribolet. 2005. “Using Roles and Business Objects to Model and Understand Business Processes.” In 2005 ACM Symposium on Applied Computing, 2005, 1308–1313. Santa Fe, NM: ACM.
Capozucca, A., and N. Guelfi. 2010. “Modelling Dependable Collaborative Time-Constrained Business Processes.” Enterprise Information Systems 4 (2): 153–214. doi:10.1080/17517571003753266.
Cauvet, C., and G. Guzelian. 2008. “Business Process Modeling: a Service-Oriented Approach.” In Proceedings of the 41st Annual Hawaii International Conference on System Sciences, January, 7–10, 98–105. IEEE.
Chan, L. M. A., D. Simchi-Levi, and J. Swann. 2006. “Pricing, Production, and Inventory Policies for Manufacturing with Stochastic Demand and Discretionary Sales.” Manufacturing & Service Operations Management 8 (2): 149–168. doi:10.1287/msom.1060.0100.
Chan, Y. E., S. L. Huff, D. W. Barclay, and D. G. Copeland. 1997. “Business Strategic Orientation, Information Systems Strategic Orientation, and Strategic Alignment.” Information Systems Research 8 (2): 125–150. doi:10.1287/ isre.8.2.125.
Chan, Y. E., and B. H. Reich. 2007. “IT Alignment: What Have We Learned?” Journal of Information Technology 22 (4): 297–315. doi:10.1057/palgrave.jit.2000109.
Chan, Y. E., R. Sabherwal, and J. B. Thatcher. 2006. “Antecedents and Outcomes of Strategic IS Alignment: An Empirical Investigation.” IEEE Transactions on Engineering Management 53 (1): 27–47. doi:10.1109/TEM.2005.861804.
Chang, H.-L., H.-E. Hsiao, Y.-J. Lee, and J. Chang. 2009. “Assessing IT-Business Alignment in Service-Oriented Enterprises.” In Proceedings of Pacific Asia Conference on Information Systems (PACIS), July 10–12, 2009, 1–12. Hyderabad: AIS Electronic Library (AISeL).
Chen, L. 2010. “Business–IT Alignment Maturity of Companies in China.” Information & Management 47 (1): 9–16. doi:10.1016/j.im.2009.09.003.
1144 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Cheng, M.-Y., M.-H. Tsai, and W. Sutan. 2009. “Benchmarking-Based Process Reengineering for Construction Management.” Automation in Construction 18 (5): 605–623. doi:10.1016/j.autcon.2008.12.004.
Chung, L., and B. A. Nixon. 1995. “Dealing with Non-Functional Requirements: Three Experimental Studies of a Process-Oriented Approach.” In Proceedings of the 17th International Conference on Software Engineering (ICSE), April 23–30, 1995. Seattle, WA: ACM.
Cohen, J. F., and M. Toleman. 2006. “The IS–Business Relationship and Its Implications for Performance: An Empirical Study of South African and Australian Organisations.” International Journal of Information Management 26 (6): 457– 468. doi:10.1016/j.ijinfomgt.2006.06.002.
Cragg, P., M. King, and H. Hussin. 2002. “IT Alignment and Firm Performance in Small Manufacturing Firms.” The Journal of Strategic Information Systems 11 (2): 109–132. doi:10.1016/S0963-8687(02)00007-0.
Cragg, P., M. Tagliavini, and A. Mills. 2007. “Evaluating the Alignment of IT with Business Processes in SMEs.” In 18th Australasian Conference on Information Systems, December 5–7, 2007, 38–48. Toowoomba: AIS Electronic Library (AISeL).
Croteau, A.-M., and L. Raymond. 2004. “Performance Outcomes of Strategic and IT Competencies Alignment.” Journal of Information Technology 19 (3): 178–190. doi:10.1057/palgrave.jit.2000020.
Cumberlidge, M. 2007. Business Process Management with Jboss Jbpm: A Practical Guide for Business Analysts. Birmingham: Packt Publishing.
Cumps, B., D. Martens, M. De Backer, R. Haesen, S. Viaene, G. Dedene, B. Baesens, and M. Snoeck. 2009. “Inferring Comprehensible Business/Ict Alignment Rules.” Information & Management 46 (2): 116–124. doi:10.1016/j. im.2008.05.005.
Curtis, B., M. I. Kellner, and J. Over. 1992. “Process Modeling.” Communications of the ACM 35 (9): 75–90. doi:10.1145/ 130994.130998.
D’aubeterre, F., R. Singh, and L. Iyer. 2008. “Secure Activity Resource Coordination: Empirical Evidence of Enhanced Security Awareness in Designing Secure Business Processes.” European Journal of Information Systems 17 (5): 528– 542. doi:10.1057/ejis.2008.42.
Daim, T., N. Basoglu, and I. Tanoglu. 2010. “A Critical Assessment of Information Technology Adoption: Technical, Organisational and Personal Perspectives.” International journal of Business Information Systems 6 (3): 315–335. doi:10.1504/IJBIS.2010.035048.
Damij, N. 2007. “Business Process Modelling Using Diagrammatic and Tabular Techniques.” Business Process Management Journal 13 (1): 70–90. doi:10.1108/14637150710721131.
Damij, N., T. Damij, J. Grad, and F. Jelenc. 2008. “A Methodology for Business Process Improvement and IS Development.” Information and Software Technology 50 (11): 1127–1141. doi:10.1016/j.infsof.2007.11.004.
Dardenne, A., S. Fickas, and A. Van Lamsweerde. 1991. “Goal-Directed Concept Acquisition in Requirements Elicitation.” In Proceedings of the Sixth International Workshop on Software Specification and Design, October 25–26, 1991, 14–21. Los Alamitos, CA: IEEE Computer Society Press.
Davenport, T. H. 1993. Process Innovation: Reengineering Work through Information Technology. Boston, MA: Harvard Business School Press.
Davenport, T. H. 2004. “The E-Process Evolution.” Business Process Management Journal 10 (1): 12–15. Davenport, T. H., and J. E. Short. 1990. The New Industrial Engineering: Information Technology and Business Process
Redesign. Sloan Management Review. De Weerdt, J., A. Schupp, A. Vanderloock, and B. Baesens. 2013. “Process Mining for the Multi-Faceted Analysis of
Business Processes—A Case Study in a Financial Services Organization.” Computers in Industry 64 (1): 57–67. doi:10.1016/j.compind.2012.09.010.
Dijkman, R. M., M. Dumas, and C. Ouyang. 2008. “Semantics and Analysis of Business Process Models in BPMN.” Information and Software Technology 50 (12): 1281–1294. doi:10.1016/j.infsof.2008.02.006.
Dobson, G., and A. Sainathan. 2011. “On the Impact of Analyzing Customer Information and Prioritizing in a Service System.” Decision Support Systems 51 (4): 875–883. doi:10.1016/j.dss.2011.02.006.
Doebeli, G., R. Fisher, R. Gapp, and L. Sanzogni. 2011. “Using BPM Governance to Align Systems and Practice.” Business Process Management Journal 17 (2): 184–202. doi:10.1108/14637151111122310.
Dominic, P. D. D., A. Abdelwhab, G. Kannabiran, and O. M. Foong. 2010. “A New Hybrid Model for the Supplier Selection Decision.” International journal of Business Information Systems 5 (3): 230–247. doi:10.1504/ IJBIS.2010.031928.
Dreiling, A., M. Rosemann, W. Van-Der-Aalst, L. Heuser, and K. Schulz. 2006. “Model-Based Software Configuration: Patterns and Languages.” European Journal of Information Systems 15 (6): 583–600. doi:10.1057/palgrave. ejis.3000645.
Drekic, S., and D. A. Stanford. 2001. “Reducing Delay in Preemptive Repeat Priority Queues.” Operations Research 49 (1): 145–156. doi:10.1287/opre.49.1.145.11186.
Duran, S., T. Liu, D. Simchilevi, and J. Swann. 2008. “Policies Utilizing Tactical Inventory for Service-Differentiated Customers.” Operations Research Letters 36 (2): 259–264. doi:10.1016/j.orl.2007.05.013.
El-Attar, M. 2012a. “A Framework for Improving Quality in Misuse Case Models.” Business Process Management Journal 18 (2): 168–196. doi:10.1108/14637151211225162.
ENTERPRISE INFORMATION SYSTEMS 1145
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
El-Attar, M. 2012b. “Towards Developing Consistent Misuse Case Models.” Journal of Systems and Software 85 (2): 323– 339. doi:10.1016/j.jss.2011.08.023.
Engelsman, W., D. Quartel, H. Jonkers, and M. Van Sinderen. 2011. “Extending Enterprise Architecture Modelling with Business Goals and Requirements.” Enterprise Information Systems 5 (1): 9–36. doi:10.1080/17517575.2010.491871.
ENV. 1995. “Advanced Manufacturing Technology-Systems Architecture-Constructs for Enterprise Modelling.” CEN/ CENELEC.
Eriksson, H.-E., and M. Penker. 2000. Business Modeling with UML: Business Patterns at Work. Chichester, New York: John Wiley & Sons.
Filipowska, A., M. Kaczmarek, M. Kowalkiewicz, X. Zhou, and M. Born. 2009. “Procedure and Guidelines for Evaluation of BPM Methodologies.” Business Process Management Journal 15 (3): 336–357. doi:10.1108/14637150910960594.
Frank, K. C., R. Q. Zhang, and I. Duenyas. 2003. “Optimal Policies for Inventory Systems with Priority Demand Classes.” Operations Research 51 (6): 993–1002. doi:10.1287/opre.51.6.993.24923.
Fullerton, T., and L. R. Ness. 2010. “Information Technology Flexibility: A Synthesized Model from Existing Literature.” Journal of Information Technology Management XXI (3): 51–59.
Gambini, M., M. La Rosa, S. Migliorini, and A. Ter Hofstede. 2011. “Automated Error Correction of Business Process Models”. In Proceedings Of BPM, Vol. 6896 of LNCS, 148–165. Clermont-Ferrand: Springer.
Gao, X., L. Xu, X. Wang, Y. Li, M. Yang, and Y. Liu. 2013. “Workflow Process Modelling and Resource Allocation Based on Polychromatic Sets Theory.” Enterprise Information Systems 7 (2): 198–226. doi:10.1080/17517575.2012.745617.
Gartner GROUP. 2009. “Meeting the Challenge: The 2009 CIO Agenda.” EXP Premier Report, January 2009. Gartner, Stamford, CT.
Gartner GROUP. 2010. “Leading in Times of Transition: The 2010 CIO Agenda.” EXP Premier Report No January2010, Gartner, Stamford, CT.
Georgakopoulos, D., M. Hornick, and A. Sheth. 1995. “An Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure.” Distributed and Parallel Databases 3 (2): 119–153. doi:10.1007/BF01277643.
Gilland, W. G., and D. P. Warsing. 2009. “The Impact of Revenue-Maximizing Priority Pricing on Customer Delay Costs.” Decision Sciences 40 (1): 89–120. doi:10.1111/deci.2009.40.issue-1.
Giorgini, P., F. Massacci, J. Mylopoulos, and N. Zannone. 2006. “Requirements Engineering for Trust Management: Model, Methodology, and Reasoning.” International Journal of Information Security 5 (4): 257–274. doi:10.1007/ s10207-006-0005-7.
Goldkuhl, G., and M. Lind. 2008. “Coordination and Transformation in Business Processes: Towards an Integrated View.” Business Process Management Journal 14 (6): 761–777. doi:10.1108/14637150810915964.
Goluch, G., A. Ekelhart, S. Fenz, S. Jakoubi, S. Tjoa, and T. Muck. 2008. “Integration of an Ontological Information Security Concept in Risk-Aware Business Process Management.” In Proceedings of the 41st Annual Hawaii International Conference on System Sciences, January 7–10, 2008, 377–377.
Grant, G. G. 2003. “Strategic Alignment and Enterprise Systems Implementation: The Case of Metalco.” Journal of Information Technology 18 (3): 159–175. doi:10.1080/0268396032000122132.
Green, P., and M. Rosemann. 2000. “Integrated Process Modeling: An Ontological Evaluation.” Information Systems 25 (2): 73–87. doi:10.1016/S0306-4379(00)00010-7.
Gritzalis, D., and C. Lambrinoudakis. 2004. “A Security Architecture for Interconnecting Health Information Systems.” International Journal of Medical Informatics 73 (3): 305–309. doi:10.1016/j.ijmedinf.2003.12.011.
Gruhn, V., and R. Laue. 2007. “What Business Process Modelers Can Learn from Programmers.” Science of Computer Programming 65 (1): 4–13. doi:10.1016/j.scico.2006.08.003.
Guha, S., V. Grover, W. J. Kettinger, and J. T. C. Teng. 1997. “Business Process Change and Organizational Performance: Exploring an Antecedent Model.” Journal of Management Information Systems 14 (1): 119–154. doi:10.1080/ 07421222.1997.11518156.
Gutierrez, A., C. Mylonadis, J. Orozco, and A. Serrano. 2008. “Business-IS Alignment: Assessment Process to Align IT Projects With Business Strategy.” In Fourteenth Americas Conference on Information Systems (AMCIS), August 14–17, 2008. Toronto, ON, Canada.
Gutierrez, A., J. Orozco, A. Serrano, and Y. K. Dwivedi. 2009. “Factors Affecting IT and Business Alignment: A Comparative Study in Smes and Large Organisations.” Journal of Enterprise Information Management 22 (1–2): 197–211. doi:10.1108/17410390910932830.
Haley, C. B., J. D. Moffett, R. Laney, and B. Nuseibeh. 2006. “A Framework for Security Requirements Engineering.” In Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems. Shanghai: ACM, 35–42.
Hammer, M. 1990. “Reengineering Work: Don’t Automate, Obliterate.” Harvard Business Review 68 (4):104–112. Hammer, M., and J. Champy. 1993. Reengineering the Corporation a Manifesto for Business Revolution. New York: Harper
Business. Havey, M. 2005. Essential Business Process Modeling. Sebastopol, CA: O’Reilly Media. Henderson, J., and N. Venkatramen. 1989b. “Strategic Alignment: A Model for Organisational Transformation.” In 1992
Transforming Organisations, edited by T. Kochan and M. Unseem. New York: OUP. Henderson, J. C., and H. Venkatraman. 1999. “Strategic Alignment: Leveraging Information Technology for
Transforming Organizations.” IBM Systems Journal 38 (3): 472–484. doi:10.1147/SJ.1999.5387096.
1146 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Henderson, J. C., and N. Venkatraman. 1989a. “Strategic Alignment: A Framework for Strategic Information Technology Management.” Centre for Information System Research, CISR Working Paper no. 190, Massachusetts Institute of Technology. Cambridge, MA.
Herath, T., and H. R. Rao. 2009. “Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations.” European Journal of Information Systems 18 (2): 106–125. doi:10.1057/ejis.2009.6.
Herzog, N. V., S. Tonchia, and A. Polajnar. 2009. “Linkages between Manufacturing Strategy, Benchmarking, Performance Measurement and Business Process Reengineering.” Computers & Industrial Engineering 57 (3): 963– 975. doi:10.1016/j.cie.2009.03.015.
Hill, J. B., M. Cantara, E. Deitert, and M. Kerremans. 2007. “Magic Quadrant for Business Process Management Suites.” ID Number: G001252906. Gartner Research.
Hill, J. B., M. Kerremans, and T. Bell. 2007. “Cool Vendors in Business Process Management.” Gartner Research. Hill, J. B., J. Sinur, D. Flint, and M. J. Melenovsky. 2006. “Gartner’s Position on Business Process Management.” Business
Issues. Gartner. Houy, C., P. Fettke, and P. Loos. 2010. “Empirical Research in Business Process Management – Analysis of an Emerging
Field of Research.” Business Process Management Journal 16 (4): 619–661. doi:10.1108/14637151011065946. Hull, R., J. Su, and R. Vaculin. 2013. “Data Management Perspectives on Business Process Management: Tutorial
Overview.” In SIGMOD Conference 2013, 943–948. New York, NY: ACM. Hung, R.-Y.-Y. 2006. “Business Process Management as Competitive Advantage: A Review and Empirical Study.” Total
Quality Management & Business Excellence 17 (1): 21–40. doi:10.1080/14783360500249836. Hvolby, -H.-H., and J. H. Trienekens. 2010. “Challenges in Business Systems Integration.” Computers in Industry 61 (9):
808–812. doi:10.1016/j.compind.2010.07.006. Hwang, S.-Y., and W.-S. Yang. 2002. “On the Discovery of Process Models from Their Instances.” Decision Support
Systems 34 (1): 41–57. doi:10.1016/S0167-9236(02)00008-8. Indulska, M., P. F. Green, J. Recker, and M. Rosemann. 2009. “Business Process Modeling: Perceived Benefits.” In
International Conference on Conceptual Modeling (ER 2009). Heidelberg: Springer. Indulska, M., J. Recker, M. Rosemann, and P. F. Green. 2009. “Process Modeling: Current Issues and Future Challenges.”
In Lecture Notes in Computer Science, Conference on Advanced Information Systems Engineering (CAiSE 2009), 501– 514. Amsterdam: Springer.
Iyer, L., F. D’aubeterre, and R. Singh. 2008. “A Semantic Approach to Secure Collaborative Inter-Organizational Ebusiness Processes (SSCIOBP).” Journal of the Association for Information Systems 9 (3): 233–269.
Jacobson, I. 1995. The Object Advantage. New York, NY: Addison-Wesley. Jürjens, J. 2001. “Towards Development of Secure Systems Using UMLsec Fundamental Approaches to Software
Engineering.” In Proceedings of 4th International Conference Joint European Conferences on Theory and Practice of Software (ETAPS 2001), April 2–6, 2001. Genova, Italy: 187–200.
Kang, D., S. Lee, K. Kim, and J. Y. Lee. 2009. “An OWL-Based Semantic Business Process Monitoring Framework.” Expert Systems with Applications 36 (4): 7576–7580. doi:10.1016/j.eswa.2008.09.027.
Keon, N., and G. A. Anandalingam. 2005. “A New Pricing Model for Competitive Telecommunications Services Using Congestion Discounts.” INFORMS Journal on Computing 17 (2): 248–262. doi:10.1287/ijoc.1030.0062.
Kesari, M., S. Chang, and P. B. Seddon. 2003. “A Content-Analytic Study of the Advantages and Disadvantages of Process Modelling.” In 14th Australasian Conference on Information Systems (ACIS). Perth: AIS Electronic Library (AISeL).
Khaiata, M., and I. A. Zualkernan. 2009. “A Simple Instrument to Measure IT-Business Alignment Maturity.” Information Systems Management 26 (2): 138–152. doi:10.1080/10580530902797524.
Kim, Y.-G. 1995. “Process Modeling for BPR: Event-Process Chain Approach.” In 16th International Conference on Information Systems (ICIS). Amsterdam: AIS Electronic Library (AISeL).
Ko, R. K. L., S. S. G. Lee, and E. W. Lee. 2009. “Business Process Management (BPM) Standards: A Survey.” Business Process Management Journal 15 (5): 744–791. doi:10.1108/14637150910987937.
Kokolakis, S. A., A. J. Demopoulos, and E. A. Kiountouzis. 2000. “The Use of Business Process Modelling in Information Systems Security Analysis and Design.” Information Management & Computer Security 8 (3): 107–116. doi:10.1108/ 09685220010339192.
Koliadis, G., A. Vranesevic, M. Bhuiyan, A. Krishna, and A. Ghose. 2006. “Combined Approach for Supporting the Business Process Model Lifecycle.” In Proceedings of the Tenth Pacific Asia Conference on Information Systems (PACIS), July 6–9, 1305–1319. Kuala Lumpur: AIS Electronic Library (AISeL).
La Rosa, M., A. H. M. Ter Hofstede, P. Wohed, H. A. Reijers, J. Mendling, and W. M. P. Van Der Aalst. 2011. “Managing Process Model Complexity via Concrete Syntax Modifications.” IEEE Transactions on Industrial Informatics 7 (2): 255– 265. doi:10.1109/TII.2011.2124467.
Lankhorst, M. 2005. “Enterprise Architecture at Work: Modelling, Communication and Analysis. New York: Springer. Larsen, M. H., and R. Klischewski. 2004. “Process Ownership Challenges in IT-Enabled Transformation of
Interorganizational Business Processes.” In Proceedings of the 37th Annual Hawaii International Conference on System Sciences, January 5–8, 2004, 1–11.
ENTERPRISE INFORMATION SYSTEMS 1147
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Lee, G., and W. Xia. 2005. “The Ability of Information Systems Development Project Teams to Respond to Business and Technology Changes: A Study of Flexibility Measures.” European Journal of Information Systems 14 (1): 75–92. doi:10.1057/palgrave.ejis.3000523.
Leonard, J. 2007. “Sharing a Vision: Comparing Business and IS Managers’ Perceptions of Strategic Alignment Issues.” Australasian Journal of Information Systems 15 (1): 95–112. doi:10.3127/ajis.v15i1.299.
Leopold, H., S. Smirnov, and J. Mendling. 2012. “On the Refactoring of Activity Labels in Business Process Models.” Information Systems 37 (5): 443–459. doi:10.1016/j.is.2012.01.004.
Lepmets, M., T. Mcbride, and E. Ras. 2012. “Goal Alignment in Process Improvement.” Journal of Systems and Software 85 (6): 1440–1452. doi:10.1016/j.jss.2012.01.038.
Li, N., B. N. Grosof, and J. Feigenbaum. 2003. “Delegation Logic: A Logic-Based Approach to Distributed Authorization.” ACM Transactions of Information and Security System 6 (1): 128–171. doi:10.1145/605434.
Lind, M., and U. Seigerroth. 2010. “Multi-Layered Process Modeling for Business and IT Alignment.” In 43rd Hawaii International Conference on System Sciences (HICSS), January 5–8, 2010, 1–10.
Lindsay, A., D. Downs, and K. Lunn. 2003. “Business Processes-Attempts to Find a Definition.” Information and Software Technology 45 (15): 1015–1019. doi:10.1016/S0950-5849(03)00129-0.
Liu, L., E. Yu, and J. Mylopoulos. 2003. “Security and Privacy Requirements Analysis within a Social Setting.” In Proceedings of 11th IEEE International Requirements Engineering Conference, September 8–12, 2003: 151–161. Washington, DC: IEEE Computer Society.
Liu, R., F. Y. Wu, F. Pinel, and Z. Shan. 2012. “A Two-Tier Data-Centric Framework for Flexible Business Process Management.” In Proc. AMCIS 12: 2012.
Lodderstedt, T., D. Basin, and J. Doser. 2002. “SecureUML: A UML-Based Modeling Language for Model-Driven Security.” In Proceedings of the 5th International Conference on the Unified Modeling Language, 2002, 426-441. Dresden: Springer-Verlag.
Lodhi, A., V. Koppen, and G. Saake. 2011. Business Process Modeling: Active Research Areas and Challenges. Dekanat: Otto-von-Guericke-Universität Magdeburg, Fakultät Für Informatik.
Luftman, J. 2000. “Assessing Business-IT Alignment Maturity.” Communications of the Association for Information Systems 4 (14): 1–50.
Luftman, J. 2003. “Assessing It/Business Alignment.” Information Systems Management 20 (4): 9–15. doi:10.1201/1078/ 43647.20.4.20030901/77287.2.
Luftman, J., R. Kampaiah, and E. Nash. 2005. “Key Issues for IT Executives 2005.” MIS Quarterly Executive 5 (2): 81–101. Luo, W., and Y. A. Tung. 1999. “A Framework for Selecting Business Process Modeling Methods.” Industrial
Management & Data Systems 99 (7): 312–319. doi:10.1108/02635579910262535. Ma, C., Q. Xu, and J. W. Sanders. 2009. “A Survey of Business Process Execution Language (BPEL).” UNU-IIST Report No.
425, 1-25. Mana, A., J. A. Montenegro., C. Rudolph, and J. L. Vivas. 2003. “A Business Process-Driven Approach to Security
Engineering.” In Proceedings of 14th International Workshop on Database and Expert Systems Applications, September 1–5 2003, 477–481.
Marrone, M., L. Hoffmann, and L. M. Kolbe. 2010. “IT Executives’ Perception of CobiT: Satisfaction, Business-IT Alignment and Benefits.” In Proceedings of the Sixteenth Americas Conference on Information Systems (AMCIS), August 12–15, 2010. Lima, Peru, 1–10.
Marrone, M., and L. M. Kolbe. 2011. “Uncovering ITIL Claims: IT Executives’ Perception on Benefits and Business-IT Alignment.” Information Systems and E-Business Management 9 (3): 363–380. doi:10.1007/s10257-010-0131-7.
Matulevicius, R., N. Mayer, and P. Heymans. 2008. “Alignment of Misuse Cases with Security Risk Management.” In Proceedings of the Third International Conference on Availability, Reliability and Security (ARES 08), March 4–7, 2008, 1397–1404. Barcelona: IEEE.
Mayer, N., E. Dubois, R. Matulevicius, and P. Heymans. 2008. “Towards a Measurement Framework for Security Risk Management.” In Modeling Security Workshop (MODSEC’08), in conjunction with the 11th International Conference on Model Driven Engineering Languages and Systems (MODELS’08). Toulouse: IEEE.
Mayer, N., E. Dubois, and A. Rifaut. 2007. Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods Enterprise Interoperability II. London: Springer.
McDermott, J., and C. Fox. 1999. “Using Abuse Case Models for Security Requirements Analysis.” In Proceedings of the 15th Annual Computer Security Applications Conference, 55–64. Phoenix, AZ: IEEE Computer Society.
Mckeen, J. D., and H. A. Smith. 2003. Making IT Happen: Critical Issues in IT Management. Chichester, Hoboken, NJ: John Wiley Series in Information Systems.
Melao, N., and M. Pidd. 2000. “A Conceptual Framework for Understanding Business Processes and Business Process Modelling.” Information Systems Journal 10: 105–129. doi:10.1046/j.1365-2575.2000.00075.x.
Mendling, J., H. A. Reijers, and W. M. P. Van-Der-Aalst. 2010. “Seven Process Modeling Guidelines (7PMG).” Information and Software Technology 52 (2): 127–136. doi:10.1016/j.infsof.2009.08.004.
Mendling, J., L. Sánchez-González, F. García, and M. La Rosa. 2012. “Thresholds for Error Probability Measures of Business Process Models.” Journal of Systems and Software 85 (5): 1188–1197. doi:10.1016/j.jss.2012.01.017.
1148 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Mili, H., G. B. Jaoude, É. Lefebvre, G. Tremblay, A. Petrenko, and G. E. Boussaidi. 2010. “Business Process Modeling Languages: Sorting Through the Alphabet Soup.” ACM Computing Surveys 43 (1): 4–56. doi:10.1145/1824795.1824799.
Mouratidis, H., and J. Jurjens. 2010. “From Goal-Driven Security Requirements Engineering to Secure Design.” International Journal of Intelligent Systems 25 (8): 813–840. doi:10.1002/int.v25:8.
Neubauer, T. 2009. “An Empirical Study about the Status of Business Process Management.” Business Process Management Journal 15 (2): 166–183. doi:10.1108/14637150910949434.
Newkirk, H. E., A. L. Lederer, and A. M. Johnson. 2008. “Rapid Business and IT Change: Drivers for Strategic Information Systems Planning?” European Journal of Information Systems 17 (3): 198–218. doi:10.1057/ejis.2008.16.
Nickels, D. W., and B. D. Janz. 2010. “Organizational Culture: Another Piece of the IT-Business Alignment Puzzle.” Journal of Information Technology Management XXI (3): 1–14.
Ninghui, L., J. C. Mitchell, and W. H. Winsborough 2002. “Design of a Role-Based Trust-Management Framework.” In Proceedings of IEEE Symposium on Security and Privacy, 2002, 114–130. Oakland, CA: IEEE Press.
Nurcan, S., A. Etien, R. Kaabi, I. Zoukar, C. Rolland, and I. Bider. 2005. “A Strategy Driven Business Process Modelling Approach.” Business Process Management Journal 11 (6): 628–649. doi:10.1108/14637150510630828.
O’neill, P., and A. S. Sohal. 1999. Business Process Reengineering: A Review of Recent Literature. Technovation 19 (9): 571–581. doi:10.1016/S0166-4972(99)00059-0.
Odeh, M., and R. Kamm. 2003. “Bridging the Gap between Business Models and System Models.” Information and Software Technology 45 (15): 1053–1060. doi:10.1016/S0950-5849(03)00133-2.
Oh, W., and A. Pinsonneault. 2007. “On the Assessment of the Strategic Value of Information Technologies: Conceptual and Analytical Approaches.” MIS Quarterly 31 (2): 239–265.
Olalla, M. F. 1999. “Information Technology in Business Process Reengineering.” In The Forty-Seventh International Atlantic Economic Conference. Vienna: IAEC.
Onita, C., and J. Dhaliwal. 2011. “Alignment within the Corporate IT Unit: An Analysis of Software Testing and Development.” European Journal of Information Systems 20 (1): 48–68. doi:10.1057/ejis.2010.52.
Overby, E., A. Bharadwaj, and V. Sambamurthy. 2006. “Enterprise Agility and the Enabling Role of Information Technology.” European Journal of Information Systems 15 (2): 120–131. doi:10.1057/palgrave.ejis.3000600.
Ozcelik, Y. 2010. “Do Business Process Reengineering Projects Payoff? Evidence from the United States.” International Journal of Project Management 28 (1): 7–13. doi:10.1016/j.ijproman.2009.03.004.
Papazoglou, M. P., and F. Leymann. 2008. “Business Process Management.” IEEE Encyclopedia of Software Engineering. Peak, D., C. S. Guynes, and V. Kroon. 2005. “Information Technology Alignment Planning—A Case Study.” Information
& Management 42 (4): 619–633. doi:10.1016/S0378-7206(04)00077-1. Peppard, J. 2001. “Bridging the Gap between the IS Organization and the Rest of the Business: Plotting a Route.”
Information Systems Journal 11 (3): 249–270. doi:10.1046/j.1365-2575.2001.00105.x. Petrozzo, D. P., and J. C. Stepper. 1994. Successful Reengineering. New York: Van Nostrand Reinhold. Phalp, K., and M. Shepperd. 2000. “Quantitative Analysis of Static Models of Processes.” The Journal of Systems and
Software 52: 105–112. doi:10.1016/S0164-1212(99)00136-3. Piccoli, G., and R. Lloyd. 2010. “Strategic Impacts of IT-Enabled Consumer Power: Insight from Internet Distribution in
the U.S. Lodging Industry.” Information & Management 47 (7–8): 333–340. doi:10.1016/j.im.2010.07.002. Preston, D. 2004. “Shared Mental Models between the Chief Information Officer and Top Management Team: Towards
Information Systems Strategic Alignment.” PhD, University of Georgia, 178. Preston, D. S., and E. Karahanna. 2009. “Antecedents of IS Strategic Alignment: A Nomological Network.” Information
Systems Research 20 (2): 159–179. doi:10.1287/isre.1070.0159. Preston, D. S., E. Karahanna, and F. Rowe. 2006. “Development of Shared Understanding between the Chief
Information Officer and Top Management Team in U.S. and French Organizations: A Cross-Cultural Comparison.” IEEE Transactions on Engineering Management 53 (2): 191–206. doi:10.1109/TEM.2006.872244.
Rafael, A., and L. Andreas. 2012. “Automatic Information Flow Analysis of Business Process Models.” In Business Process Management – 10th International Conference, BPM 2012, Volume 7481 of Lecture Notes in Computer Science, edited by A. P. Barros, A. Gal, and E. Kindler, 172–187. Tallinn: Springer.
Raghu, T. S., and A. Vinze. 2007. “A Business Process Context for Knowledge Management.” Decision Support Systems 43 (3): 1062–1079. doi:10.1016/j.dss.2005.05.031.
Rajabi, B. A., and L. Sai Peck. 2009. “Change Management in Business Process Modeling Survey.” In International Conference on Information Management and Engineering (ICIME ‘09), April 3–5, 2009, 37–41.
Ramirez, R., N. Melville, and E. Lawler. 2010. “Information Technology Infrastructure, Organizational Process Redesign, and Business Value: An Empirical Analysis.” Decision Support Systems 49 (4): 417–429. doi:10.1016/j.dss.2010.05.003.
Rao, L., G. Mansingh, and K.-M. Osei-Bryson. 2012. “Building Ontology Based Knowledge Maps to Assist Business Process Re-Engineering.” Decision Support Systems 52 (3): 577–589. doi:10.1016/j.dss.2011.10.014.
Ravesteyn, P., and J. Versendaal. 2009. “Constructing a Situation Sensitive Methodology for Business Process Management Systems Implementation.” Proceedings of Pacific Asia Conference on Information Systems (PACIS), July 10–July 12, 2009. Hyderabad, India, 1–12.
Recker, J., M. Indulska, M. Rosemann, and P. Green. 2009. “Business Process Modeling – A Comparative Analysis.” Journal of the Association for Information Systems 10 (4): 333–363.
ENTERPRISE INFORMATION SYSTEMS 1149
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Recker, J., M. Indulska, M. Rosemann, and P. Green. 2010. “The Ontological Deficiencies of Process Modeling in Practice.” European Journal of Information Systems 19 (5): 501–525. doi:10.1057/ejis.2010.38.
Recker, J., N. Safrudin, and M. Rosemann. 2012. “How Novices Design Business Processes.” Information Systems 37 (6): 557–573. doi:10.1016/j.is.2011.07.001.
Reijers, H., S. Van Wijk, B. Mutschler, and M. Leurs. 2010. “BPM in Practice: Who Is Doing What?” Business Process Management, Proceedings of 8th International Conference, BPM 2010, September 13–16, 10: 45–60. Hoboken, NJ: Springer.
Reijers, H. A., T. Freytag, J. Mendling, and A. Eckleder. 2011. “Syntax Highlighting in Business Process Models.” Decision Support Systems 51 (3): 339–349. doi:10.1016/j.dss.2010.12.013.
Reijers, H. A., and J. Mendling. 2011. “A Study Into the Factors That Influence the Understandability of Business Process Models.” IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans 41 (3): 449–462. doi:10.1109/TSMCA.2010.2087017.
Rezabakhsh, B., D. Bornemann, U. Hansen, and U. Schrader. 2006. “Consumer Power: A Comparison of the Old Economy and the Internet Economy.” Journal of Consumer Policy 29 (1): 3–36. doi:10.1007/s10603-005-3307-7.
Rito Silva, A., and M. Rosemann. 2012. “Processpedia: An Ecological Environment for BPM Stakeholders’ Collaboration.” Business Process Management Journal 18 (1): 20–42. doi:10.1108/14637151211214993.
Rodríguez, A., E. Fernández-Medina, J. Trujillo, and M. Piattini. 2011. “Secure Business Process Model Specification through a UML 2.0 Activity Diagram Profile.” Decision Support Systems 51 (3): 446–465. doi:10.1016/j.dss.2011.01.018.
Rodríguez, A., E. Fernndez-Medina, and M. Piattini. 2007a. “A BPMN Extension for the Modeling of Security Requirements in Business Processes.” IEICE Transactions on Information and Systems 90 (4): 745–752. doi:10.1093/ietisy/e90-d.4.745.
Rodríguez, A., E. Fernndez-Medina, and M. Piattini. 2007b. “M-Bpsec: A Method for Security Requirement Elicitation from A UML 2.0 Business Process Specification.” In Proceedings of the 2007 Conference on Advances in Conceptual Modeling: Foundations and Applications. Auckland, New Zealand: Springer-Verlag.
Rodríguez, A., I. G.-R. D. Guzmán, E. Fernández-Medina, and M. Piattini. 2010. “Semi-Formal Transformation of Secure Business Processes into Analysis Class and Use Case Models: An MDA Approach.” Information and Software Technology 52 (9): 945–971. doi:10.1016/j.infsof.2010.03.015.
Rohloff, M. 2009. “Case Study and Maturity Model for Business Process Management Implementation.” LNCS 5701: 128–142.
Rohrig, S., and S. S. Ag. 2002. “Using Process Models to Analyze Health Care Security Requirements.” In International Conference Advances in Infrastructure for e-Business, e-Education, e-Science, and e-Medicine on the Internet. Italy: CiteSeerX.
Rosemann, M. 2006. “Potential Pitfalls of Process Modeling: Part A.” Business Process Management Journal 12 (2): 249– 254. doi:10.1108/14637150610657567.
Ross, J. W. 2003. “Creating a Strategic IT Architecture Competency: Learning in Stages.” MIS Quarterly Executive 2 (1): 31–43.
Ryan, G., and M. Valverde. 2005. “Waiting for Service on the Internet: Defining the Phenomenon and Identifying the Situations.” Internet Research: Electronic Networking Applications and Policy 15 (2): 220–240. doi:10.1108/ 10662240510590379.
Ryan, G., and M. Valverde. 2006. “Waiting in Line for Online Services: A Qualitative Study of the User’s Perspective.” Information Systems Journal 16 (2): 181–211. doi:10.1111/isj.2006.16.issue-2.
Saat, J., R. Winter, U. Franke, R. Lagerstrom, and M. Ekstedt. 2011. “Analysis of IT/Business Alignment Situations as a Precondition for the Design and Engineering of Situated IT/Business Alignment Solutions.” In 44th Hawaii International Conference on System Sciences (HICSS), January 4–7, 2011, 1–9.
Sabherwal, R., and G. S. Kearns. 2007. “Strategic Alignment Between Business and Information Technology: A Knowledge-Based View of Behaviors, Outcome, and Consequences.” Journal of Management Information Systems 23 (3): 129–162. doi:10.2753/MIS0742-1222230306.
Schuh, G., W. Boos, and K. Kuhlmann. 2010. “Modelling Business Processes for Limited-Lot Producers with Aixperanto.” In International Conference on Management and Service Science (MASS), August 24-26, 2010, 1–4.
Schwarz, M., and H. Daduna. 2006. “Queueing Systems with Inventory Management with Random Lead Times and with Backordering.” Mathematical Methods of Operations Research 64 (3): 383–414. doi:10.1007/s00186-006-0085-1.
Sentanin, O. F., F. C. A. Santos, and C. J. C. Jabbour. 2008. “Business Process Management in a Brazilian Public Research Centre.” Business Process Management Journal 14 (4): 483–496. doi:10.1108/14637150810888037.
Shanks, G., N. Bekmamedova, and L. Willcocks. 2012. “Business Analytics: Enabling Strategic Alignment and Organisational Transformation.” ECIS 2012 Proceedings. Paper 18.
Shim, S. J., and A. Kumar. 2010. “Simulation for Emergency Care Process Reengineering in Hospitals.” Business Process Management Journal 16 (5): 795–805. doi:10.1108/14637151011076476.
Shin, N., and D. F. Jemella. 2002. “Business Process Reengineering and Performance Improvement: The Case of Chase Manhattan Bank.” Business Process Management Journal 8 (4): 351–363. doi:10.1108/14637150210435008.
Silva, E., and Y. Chaix. 2008. “Business and IT Governance Alignment Simulation Essay on a Business Process and IT Service Model.” In Proceedings of the 41st Annual Hawaii International Conference on System Sciences, January 7–10, 2008, 434–434. Waikoloa, Big Island, HI: IEEE Computer Society.
1150 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Silva, L., E. Figueroa, and J. González-Reinhart. 2007. “Interpreting IS Alignment: A Multiple Case Study in Professional Organizations.” Information and Organization 17 (4): 232–265. doi:10.1016/j.infoandorg.2007.08.001.
Silvius, A. J. 2007. “Aligning IT Strategy to Business Strategy in a Multi-Business Company.” In Americas Conference on Information Systems (AMCIS). Keystone, CO: AIS Electronic Library (AISeL).
Silvius, A. J. G., and J. Smit. 2011. “Maturing Business and IT Alignment Capability; the Practitioner’s View.” In 44th Hawaii International Conference on System Sciences (HICSS), January 4–7, 2011, 1–10. Kauai, HI: IEEE Computer Society.
Silvius, A. J. G., B. D. Waal, and J. Smit. 2009. “Business and IT Alignment; Answers and Remaining Questions.” In Proceedings of Pacific Asia Conference on Information Systems (PACIS), July 10–July 12, 2009. Hyderabad, India, 1–15. Paper 44.
Silvius, G., J. Smit, and H. Driessen. 2010. “The Relationship between Organizational Culture and the Alignment of Business and IT.” In Proceedings of the Sixteenth Americas Conference on Information Systems (AMCIS), August 12–15, 2010, Lima, Peru, 1–14. Paper 186.
Simatupang, T. M., A. C. Wright, and R. Sridharan. 2002. “The Knowledge of Coordination for Supply Chain Integration.” Business Process Management Journal 8 (3): 289–308. doi:10.1108/14637150210428989.
Simchi-Levi, D., P. Kaminsky, and E. Simchi-Levi. 2000. “Designing and Managing the Supply Chain: Concepts, Strategies, and Case Studies. Hill/Irwin: McGraw.
Sindre, G., and A. L. Opdahl. 2000. “Eliciting Security Requirements by Misuse Cases.” In Proceedings 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-Pacific 2000), 120–131. Sydney: IEEE Computer Society.
Sindre, G., and A. L. Opdahl. 2005. “Eliciting Security Requirements with Misuse Cases.” Requirements Engineering 10 (1): 34–44. doi:10.1007/s00766-004-0194-4.
Siponen, M., R. Baskerville, and J. Heikka. 2006. “A Design Theory for Secure Information Systems Design Methods.” Journal of the Association for Information Systems 7 (8): 568–592.
Sledgianowski, D., J. Luftman, and R. Reilly. 2004. “Identification of IT-Business Strategic Alignment Maturity Factors: an Exploratory Study.” In Proceedings of the Americas Conference on Information Systems, August 2004, 3717–3725. New York, NY: AIS Electronic Library (AISeL).
Smit, J., J. Ludik, and S. Forster. 2008. “Organizational Culture in the South African Context: The X Model.” The International Journal of Knowledge, Culture & Change Management 7 (10): 73–86.
Sobel, M. J., and R. Q. Zhang. 2001. “Inventory Policies for Systems with Stochastic and Deterministic Demand.” Operations Research 49 (1): 157–162. doi:10.1287/opre.49.1.157.11197.
Stahl, B. C., N. F. Doherty, and M. Shaw. 2012. “Information Security Policies in the UK Healthcare Sector: A Critical Evaluation.” Information Systems Journal 22 (1): 77–94. doi:10.1111/isj.2012.22.issue-1.
STANDISH GROUP. 2001. “The Chaos Report.” The Standish Group. Strembeck, M., and J. Mendling. 2011. “Modeling Process-Related RBAC Models with Extended UML Activity Models.”
Information and Software Technology 53 (5): 456–483. doi:10.1016/j.infsof.2010.11.015. Sun, Y., J. Su, B. Wu, and J. Yang. 2014. “Modeling Data for Business Processes.” ICDE 2014: 1048–1059. Sun, Y., J. Su, and J. Yang. 2014. “Separating Execution and Data Management: A Key to Business-Process-as-a-Service
(BPaaS).” BPM 2014: 374–382. Swink, M., R. Narasimhan, and S. W. Kim. 2005. “Manufacturing Practices and Strategy Integration: Effects on Cost Efficiency,
Flexibility, and Market-Based Performance.” Decision Sciences 36 (3): 427–457. doi:10.1111/deci.2005.36.issue-3. SYNSTAR. 2004. “The Pressure Point Index: V.” Synstar. Tallon, P. P., and A. Pinsonneault. 2011. “Competing Perspectives on the Link between Strategic Information
Technology Alignment and Organizational Agility: Insights from a Mediation Model.” MIS Quarterly 35 (2): 463–486. Talwar, R. 1993. “Business Re-Engineering—A Strategy-Driven Approach.” Long Range Planning 26 (6): 22–40.
doi:10.1016/0024-6301(93)90204-S. Tan, W., W. Xu, F. Yang, L. Xu, and C. Jiang. 2013. “A Framework for Service Enterprise Workflow Simulation with Multi-
Agents Cooperation.” Enterprise Information Systems 7 (4): 523–542. doi:10.1080/17517575.2012.660503. Taylor, A. 2000. “IT Projects: Sink or Swim.” Computer Bulletin, January. 10.1093/combul/42.1.24 Tempelmeier, H. 2006. “Supply Chain Inventory Optimization with Two Customer Classes in Discrete Time.” European
Journal of Operational Research 174 (1): 600–621. doi:10.1016/j.ejor.2005.01.044. Tosic, V. 2006. “The 5 C Challenges of Business-Driven IT Management and the 5 A Approaches to Addressing Them.”
In The First IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM ‘06. 07 April 2006, 11–18. IEEE. doi:10.1109/BDIM.2006.1649206.
Trkman, P. 2010. “The Critical Success Factors of Business Process Management.” International Journal of Information Management 30 (2): 125–134. doi:10.1016/j.ijinfomgt.2009.07.003.
Tsalgatidou, A., and S. Junginger. 1995. “Modelling in the Re-Engineering Process.” SIGOIS Bull. 16 (1): 17–24. doi:10.1145/209891.
Turetken, O., and O. Demirors. 2011. “Plural: A Decentralized Business Process Modeling Method.” Information & Management 48 (6): 235–247. doi:10.1016/j.im.2011.06.001.
Vaidya, O. S., and S. Kumar. 2006. “Analytic Hierarchy Process: An Overview of Applications.” European Journal of Operational Research 169 (1): 1–29. doi:10.1016/j.ejor.2004.04.028.
ENTERPRISE INFORMATION SYSTEMS 1151
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Van Den Hooff, B., and M. De Winter. 2011. “Us and Them: A Social Capital Perspective on the Relationship between the Business and IT Departments.” European Journal of Information Systems 20 (3): 255–266. doi:10.1057/ejis.2011.4.
Van Der Aalst, W. M. P., H. A. Reijers, A. J. M. M. Weijters, B. F. Van Dongen, A. K. Alves De Medeiros, M. Song, and H. M. W. Verbeek. 2007. “Business Process Mining: An Industrial Application.” Information Systems 32 (5): 713–732. doi:10.1016/j.is.2006.05.003.
Van-Der-Aalst, W., B. Benatallah, F. Casati, F. Curbera, and H. Verbeek. 2007. “Business Process Management: Where Business Processes and Web Services Meet.” Data & Knowledge Engineering 61 (1): 1–5. doi:10.1016/j.datak.2006.04.005.
Van-Der-Aalst, W. M. P. 2003. “Don’t Go with the Flow: Web Services Composition Standards Exposed.” IEEE Intelligent Systems 18 (1): 72–76.
Van-Der-Aalst, W. M. P. 2004. “Business Process Management: A Personal View.” Business Process Management Journal 10 (2): 5. doi:10.1108/bpmj.2004.15710baa.001.
Van-Der-Aalst, W. M. P., A. H. M. Ter-Hofstede, and M. Weske. 2003. “Business Process Management: a Survey.” In International Conference on Business Process Management (BPM), June 26–27, 2003. Eindhoven: Springer Berlin Heidelberg.
Vargas, N., P. Johannesson, and L. Rusu. 2010. “A Unified Strategic Business and IT Alignment Model: A Study in the Public Universities of Nicaragua.” In Proceedings of the Sixteenth Americas Conference on Information Systems, August 12–15, 2010, 1–12. Lima: AIS Electronic Library (AISeL).
Vidgen, R., and X. Wang. 2006. “From Business Process Management to Business Process Ecosystem.” Journal of Information Technology 21 (4): 262–271. doi:10.1057/palgrave.jit.2000076.
Viriyasitavat, W., X. Li Da, and A. Martin. 2012. “SWSpec: The Requirements Specification Language in Service Workflow Environments.” IEEE Transactions on Industrial Informatics 8 (3): 631–638. doi:10.1109/TII.2011.2182519.
Wagner, H.-T. 2008. “The Development of IT Business Alignment and Usage Patterns Over Time in SME: a Longitudinal Case Study.” In Proceedings of the Fourteenth Americas Conference on Information Systems, August 14–17, 1–10. Toronto, ON: AIS Electronic Library (AISeL).
Walentowitz, K. 2012. “Aligning Multiple Definitions of Alignment – A Literature Review.” In 45th Hawaii International Conference on System Sciences, January 4–7, 4962–4971. Maui, HI: IEEE Computer Society.
Wang, E. T. G., Chiu, C.-H, Chen, K. X. 2013. “Effect of IT Skills on IT Capabilities and IT-Business Alignment.” PACIS 2013 Proceedings. Paper 113.
Wang, Y., J. Yang, W. Zhao, and J. Su. 2012. “Change Impact Analysis in Service-Based Business Processes.” Service Oriented Computing and Applications 6 (2): 131–149. doi:10.1007/s11761-011-0093-8.
Weske, M., W. M. P. Van-Der-Aalst, and H. M. W. Verbeek. 2004. “Advances in Business Process Management.” Data & Knowledge Engineering 50 (1): 1–8. doi:10.1016/j.datak.2004.01.001.
Wijesekera, H., and J. Sykes. 2003. “An ORM based Meta-Schema to Model Business Processes.” In Proceedings of 7th Pacific Asia Conference on Information Systems (PACIS), July 10-13, 2003. Adelaide, South Australia: 1175–1191.
Wijnhoven, F., T. Spil, R. Stegwee, and R. T. A. Fa. 2006. “Post-Merger IT Integration Strategies: An IT Alignment Perspective.” The Journal of Strategic Information Systems 15 (1): 5–28. doi:10.1016/j.jsis.2005.07.002.
Willcoxson, L., and R. Chatham. 2004. “Progress in the IT/Business Relationship: A Longitudinal Assessment.” Journal of Information Technology 19 (1): 71–80. doi:10.1057/palgrave.jit.2000004.
Wim Van, G., H. Steven De, and B. Hilde Van. 2007. “Prioritising and Linking Business and IT Goals in the Financial Sector.” In 40th Annual Hawaii International Conference on System Sciences, (HICSS), January 2007, 235–245. Waikoloa, Big Island, HI: IEEE Computer Society.
WINMARK & SOFTWARE, B. M. C. 2004. “The Communication Gap: The Barrier to Aligning Business and IT.” Wolter, C., M. Menzel, A. Schaad, P. Miseldine, and C. Meinel. 2009. “Model-Driven Business Process Security
Requirement Specification.” Journal of Systems Architecture 55 (4): 211–223. doi:10.1016/j.sysarc.2008.10.002. Wu, I.-L. 2003. “Understanding Senior Management’s Behavior in Promoting the Strategic Role of IT in Process
Reengineering: Use of the Theory of Reasoned Action.” Information & Management 41 (1): 1–11. doi:10.1016/ S0378-7206(02)00115-5.
Xu, L., H. Liu, S. Wang, and K. Wang. 2009. “Modelling and Analysis Techniques for Cross-Organizational Workflow Systems.” Systems Research and Behavioral Science 26 (3): 367–389. doi:10.1002/sres.v26:3.
Xu, L., W. Tan, H. Zhen, and W. Shen. 2008. “An Approach to Enterprise Process Dynamic Modeling Supporting Enterprise Process Evolution.” Information Systems Frontiers 10 (5): 611–624. doi:10.1007/s10796-008-9114-3.
Yao, Y., and J. Zhang. 2012. “Pricing for Shipping Services of Online Retailers: Analytical and Empirical Approaches.” Decision Support Systems 53 (2): 368–380. doi:10.1016/j.dss.2012.01.014.
Yayla, A. A., and Q. Hu. 2009. “The Impact of IT-Business Strategic Alignment on Firm Performance: The Role of Environmental Uncertainty and Business Strategy.” In Proceedings of the Fifteenth Americas Conference on Information Systems, August 6–9, 2009, 1–9. San Francisco, CA: AIS Electronic Library (AISeL).
Yu, E. S. K., J. Mylopoulos, and Y. Lesperance. 1996. “Modelling the Organization: New Concepts and Tools for Re- Engineering.” IEEE Expert 16–23. doi:10.1109/64.511773.
Zhao, N., and Z. Lian. 2011. “A Queueing-Inventory System with Two Classes of Customers.” International Journal of Production Economics 129 (1): 225–231. doi:10.1016/j.ijpe.2010.10.011.
Zur-Muehlen, M., D. E. Wisnosky, and J. Kindrick. 2010. “Primitives: Design Guidelines and Architecture for BPMN Models.” In 21st Australasian Conference on Information Systems, December 1–3, 2010. Brisbane, 1–11.
1152 Y. ALOTAIBI AND F. LIU
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
Appendix
(A) List of journal names for Table 4.
(B) List of conference names for Table 5.
Journal name
ACM Database ACM Australasian Journal of Information Systems AJIS Business Process Management Journal BPMJ Decision Sciences DS Decision Support Systems DSS Enterprise Information Systems EIS European Journal of Information Systems EJIS Information and Management I&M Information and Organisation I&O IEEE Database IEEE International Journal of Information Management IJIM International Journal of Information Security IJIS International Journal of Management and Systems IJMS INFORMS Journal on Computing IJOC Information Processing and Management IPM Information Systems IS Information Systems and e-Business Management ISEB Information Systems Journal ISJ Information Systems Management ISM Information Systems Research ISR Information and Software Technology IST Information Technology and Management IT&M Information Technology Management ITM Journal of the Association for Information Systems JAIS Journal of Enterprise Information Management JEIM Journal of Intelligent Information Systems JIIS Journal of Information Systems JIS Journal of Information Technology JIT Journal of Management Information Systems JMIS Journal of Strategic Information Systems JSIS Journal of Systems and Software JSS Management Science MS Marketing Science MKTS MIS Quarterly MISQ Operations Research OR Review of Business Information Systems RBIS Scandinavian Journal of Information Systems SJIS
Conference name
Australasian Conference on Information Systems ACIS Americas Conference on Information Systems AMCIS European Conference on Information Systems ECIS Hawaii International Conference on System Sciences HICSS International Conference in Business Process Management ICBPM International Conference on Information Systems ICIS Pacific Asia Conference on Information Systems PACIS
ENTERPRISE INFORMATION SYSTEMS 1153
D ow
nl oa
de d
by [
W al
de n
U ni
ve rs
it y]
a t
18 :1
8 21
O ct
ob er
2 01
7
- Abstract
- 1. Introduction
- 2. Business process management (BPM)
- 2.1 BPM history
- 2.2 BPM lifecycle
- 3. Business process modelling (business PM): an overview
- 3.1 Business process (BP)
- 3.2 Business PM
- 4. BPM challenges
- 4.1 Misalignment between business and IT and the difficulty in deriving IT goals from business goals
- 4.2 Security
- 4.3 Business processes in a rapidly changing business environment, and managing customer power
- 5. Methodology
- 5.1 First challenge: misalignment between business and IT
- 5.1.1 Limitations and further research for the first challenge: misalignment between business and IT
- 5.2 Second challenge: security issues in business PM
- 5.2.1 Limitations and further research for the second challenge: security issues in business PM
- 5.3 Third challenge: managing customer power
- 5.3.1 Limitations and further research for the third challenge: managing customer power
- 6. BPM guidelines
- 7. Conclusion and recommendations
- Disclosure statement
- References
- Appendix
