Collaboration best practice

Within an enterprise there are many people with specific tasks and responsabilities. Frequently banks and insurances have to describe a process using a workflow model. For some kinds of compliances, often there are some auditors that don’t have any grant to create or modify the process but they can add some controls or modify some properties of the process. In another perspective, there is a official process published for the enterprise (all the operations), but behind there is an extension of that process with audit activities and controls. These audit activities and controls are visible only to auditors.
Any ideas for modeling and for user profiling using Knowledge Exchange? What is your experience on that?

Gabriele

Find more posts tagged with

BPM

Comments

Gerry_Victoria

Hello Gabriele:

First I would like to explain how we created our SOX Finance and Audit models to give you and idea of how we model risks and controls. Secondly I will address the 'Auditors View'.

When we built the process models for our SOX reference model set we also built risk and control models and associated the risks and controls to the appropriate process activities. We repurposed the Problem object and renamed it to Risk and renamed the Rule object to Control. When this information gets published to Word or HTML it gives the user the perspective of viewing the entire process and seeing what controls are tied to certain activities to mitigate risk.

The Auditor View as I refer to it could be for example published ProVision Association Matrices showing relationships of process activities to risks and process activities to controls (published to Word, HTML or Excel). This would be a read only view (Word and HTML) or the view in Excel could be edited for risks and controls by the auditor for import to ProVision.

Our Knowledge Exchange product would provide a read only view of all content and if you wish to create an auditors view where only they can view risks and controls that data could be stored in a separate repository for auditor access only.

Regards,

Gerry Victoria