scispace - formally typeset
Search or ask a question
Book ChapterDOI

A Process Deviation Analysis Framework

03 Sep 2012-pp 701-706
TL;DR: A framework which structures the field of process deviation analysis and identifies new research opportunities is presented and a general outline to detect high-level process deviations is formulated.
Abstract: Process deviation analysis is becoming increasingly important for companies. This paper presents a framework which structures the field of process deviation analysis and identifies new research opportunities. Application of the framework starts from managerial questions which relate to specific deviation categories and methodological steps. Finally a general outline to detect high-level process deviations is formulated.

Summary (2 min read)

1 Introduction

  • In order to understand and control business processes, reliable normative process models are crucial.
  • Some deviations are desirable and provide process flexibility, while others are errors or indications of fraud.
  • The remainder of this paper is organized as follows: section 2 describes the process deviation analysis framework; section 3 suggests a formal approach to detect high-level process deviations; section 4 covers related work; and section 5 concludes the work.
  • The authors wish it to be known that, in their opinion, both first two authors should be regarded as joint First Authors.

2 Process Deviation Analysis Framework (PDA-framework)

  • Figure 1 presents the Process Deviation Analysis framework (PDA-framework).
  • This framework structures process deviation research and identifies three important dimensions, i.e. the deviation category, the methodological research steps and the managerial questions to be addressed.
  • Note that this framework starts from a business perspective rather than focussing on the technical aspects.

2.1 Process Deviation Categories

  • Deviation denotes the fact that a process execution is not conform to the normative process model.
  • Exceptions are acceptable and guarantee necessary flexibility to operate effectively.
  • Exceptions can be divided into Explicit Exceptions and Implicit Exceptions.
  • Among anomalies, a distinction can be made between errors and fraud.
  • Fraud is the worst kind of process deviation and refers to deliberate actions by employees to work around the system for personal gains at the expense of the company.

2.2 Methodological Steps and Managerial Questions

  • The second and third part of the PDA-framework identify respectively two methodological steps and several managerial questions in process deviation analysis.
  • The ‘where’ question is typically asked first.
  • Once process deviations are discovered, managers typically want to know how the process deviates.
  • This can result in making the implicit exception explicit.

3 Detecting High-Level Deviations

  • While research predominantly focusses on where the process deviates, managers are more interested in how the process deviates.
  • This question has only been addressed in [2], where low-level deviations of skipped and inserted activities are discovered.
  • Examples of such higher level deviations are delayed activities, activities replaced by other activities, two activities which swapped places, a set of activities which is repeated and many others.
  • Given the space limitations, only a general approach for detecting higher level deviations is provided.

3.1 Basic Concepts

  • A process model M corresponds to a directed graph, which comprises activities and control connectors (e.g. XOR-split, ANDjoin).
  • Concurrency and choice constructs in the model allow multiple ways to execute the process from start to end.

3.2 Algorithm Structure

  • Therefore, the first step in the deviation detection algorithm is finding the appropriate execution path pi for a specific trace τ ∈ L. A first approach matches case information with decision rules in the process model to determine the correct execution path.
  • Note that the alignment stage of the algorithm deals with loops, i.e. it needs to determine how many times the trace should have repeated a specific loop.
  • More precisely, a trace is an ordered set of events where each event relates to a specific activity type and deleted activities.
  • Since any high-level deviation can be constructed from these two low-level deviations, it suffices to detect the low-level deviations in order to combine them into high-level deviations.

5 Conclusions

  • The PDA framework decomposes process deviation analysis into three dimensions, i.e. deviation categories, methodological steps and managerial questions.
  • The framework acts as a guidance to managers and allows them to quickly identify the type of deviation analysis they require.
  • The PDA framework also reveals that there are still many managerial questions that lack a sound scientific methodology and a set of appropriate algorithms.
  • The authors hope that the PDA framework will inspire other researchers to further develop the field of process deviation analysis.
  • To this end, a general three step approach to identify high-level deviations have been suggested in this paper.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

A Process Deviation Analysis Framework
Benoˆıt Depaire
1,2??
, Jo Swinnen
1
, Mieke Jans
1
, and Koen Vanhoof
1
1
Hasselt University, Agoralaan Building D, 3590 Diepenbeek, Belgium,
{jo.swinnen;benoit.depaire;mieke.jans;koen.vanhoof}@uhasselt.be
2
Research Foundation Flanders (FWO), Egmontstraat 5, 1000 Brussels, Belgium
Abstract. Process deviation analysis is becoming increasingly impor-
tant for companies. This paper presents a framework which structures
the field of process deviation analysis and identifies new research oppor-
tunities. Application of the framework starts from managerial questions
which relate to specific deviation categories and methodological steps.
Finally a general outline to detect high-level process deviations is formu-
lated.
Key words: Conformance checking, Deviation Detection, High-level
Deviations, Deviation Diagnosis, Process Mining
1 Introduction
In order to understand and control business processes, reliable normative pro-
cess models are crucial. However, studies [7, 8] show that real process executions
often deviate from their designed model. Some deviations are desirable and pro-
vide process flexibility, while others are errors or indications of fraud. Monitoring
process deviations is needed for internal control purposes and has become in-
creasingly important (cfr. Sarbanes-Oxley Act (2002),Basel II (2004) and HIPAA
(1996)).
The current state of conformance checking research reveals a strong focus
on questions such as “Does a case deviate?” and “Where does the process devi-
ates?”. More important questions from a managerial perspective, such as “How
does the process deviate?” and “What is causing these deviations?” received
much less attention. Neither does the current literature make a clear distinction
between different natures of process deviations and the possible consequences.
This paper provides a managerial framework which guides and structures
process deviation analysis. The remainder of this paper is organized as follows:
section 2 describes the process deviation analysis framework; section 3 suggests a
formal approach to detect high-level process deviations; section 4 covers related
work; and section 5 concludes the work.
??
The authors wish it to be known that, in their opinion, both first two authors should
be regarded as joint First Authors.

92 B. Depaire et al.
2 Process Deviation Analysis Framework
(PDA-framework)
Figure 1 presents the Process Deviation Analysis framework (PDA-framework).
This framework structures process deviation research and identifies three impor-
tant dimensions, i.e. the deviation category, the methodological research steps
and the managerial questions to be addressed. Note that this framework starts
from a business perspective rather than focussing on the technical aspects.
Deviation detection
Frequency?
Cost/Benefit?
Prohibit/Oblige?
Managerial Questions
Deviation analysis
Cause/Context?
Explicit?
Managerial Questions
Frequency?
Cost?
Quality Control?
Managerial Questions
Context?
Cost?
Prevention?
Managerial Questions²
Where?
What?
Category?
Managerial Questions
Explicit
Implicit
Error
Fraud
Anomaly
Exception
Deviation
Deviation Category
Methodological Steps
Fig. 1. The PDA-framework
2.1 Process Deviation Categories
Deviation denotes the fact that a process execution is not conform to the nor-
mative process model. A first distinction must be made between exceptions and
anomalies. Exceptions are acceptable and guarantee necessary flexibility to op-
erate effectively. Anomalies are deviations that provoke undesirable business
results.
Explicit and Implicit Exceptions. Exceptions can be divided into Explicit Excep-
tions and Implicit Exceptions. Explicit exceptions are widely accepted and are
either explicitly depicted in the process model or described by a set of business
rules. Implicit exceptions are not formalized and are more ad-hoc, e.g. when
an employee asks his supervisor to skip a less relevant activity to operate more
quickly.

A Process Deviation Analysis Framework 93
Errors and Fraud. Among anomalies, a distinction can be made between (oper-
ational) errors and fraud. (Operational) Errors refer to mistakes in the process
execution caused by information systems, human mistakes or a combination of
both. Fraud is the worst kind of process deviation and refers to deliberate ac-
tions by employees to work around the system for personal gains at the expense
of the company.
2.2 Methodological Steps and Managerial Questions
The second and third part of the PDA-framework identify respectively two
methodological steps and several managerial questions in process deviation anal-
ysis. The PDA-framework is a managerial framework and its application should
always start from a specific managerial question regarding process deviations.
Based on this question, the PDA-framework identifies the deviation type of in-
terest and the appropriate methodological step.
Process Deviation Detection For all deviations, except explicit exceptions, anal-
ysis always starts with a set of three managerial questions: “Where do deviations
occur?”, “What kind of deviations do occur?” and “To which deviation category
do they belong?”. All three questions deal with the first methodological step of
detecting process deviations. For explicit exceptions, the deviations are known
and this step can be skipped.
The ‘where’ question is typically asked first. It deals with identifying devi-
ating cases as well as locations within the process where something deviates. A
large part of conformance research deals with this particular question. LTL can
be used for identifying non-compliant cases and the ‘token game can be played
to find deviating locations in a process [10]. Once process deviations are discov-
ered, managers typically want to know how the process deviates. The current
literature only partially answers this important question by indicating where
activities are skipped or inserted [2]. However, managers are more interested in
high-level process deviations, such as delayed or swapped activities. Section 3
presents a general approach to detect high-level deviations. Finally, a manager is
often interested in a particular deviation category. Either he identifies a specific
category in advance or the detected deviations are classified afterwards. To our
knowledge, the work of Swinnen et al. [9] is the only research that deals with
this managerial question. They summarize the detected deviations in terms of
business rules to allow fast determination of the deviation category.
Process Deviation Diagnosis The second methodological step of the framework
diagnoses the detected process deviations. Each deviation category relates to a
different set of managerial questions. For explicit exceptions, it is important to
determine their frequency and perform a cost-benefit analysis. This can lead to
the integration of the exception in the main process execution, changing the pre-
conditions of the exception or prohibiting the exception. For implicit exceptions,
the cause or context should be determined and the desirability of the deviation
has to be assessed. This can result in making the implicit exception explicit.

94 B. Depaire et al.
For operational errors, their frequency and cost should be determined and their
analysis should be part of quality control programs. Corrective actions should
be taken to prevent these errors. As for fraud, the frequency and cost should be
determined to assess the consequences, but the process should also be redesigned
or controls should be implemented to prevent fraud in the future. To our knowl-
edge, the issue of process deviation diagnosis has not yet been addressed in the
academic literature.
3 Detecting High-Level Deviations
While research predominantly focusses on where the process deviates, managers
are more interested in how the process deviates. This question has only been
addressed in [2], where low-level deviations of skipped and inserted activities are
discovered. However, to be truly useful to management, higher level deviations
need to be identified. Examples of such higher level deviations are delayed activi-
ties, activities replaced by other activities, two activities which swapped places, a
set of activities which is repeated and many others. Given the space limitations,
only a general approach for detecting higher level deviations is provided.
3.1 Basic Concepts
To detect process deviations, a normative model M is compared with each trace
τ from an event log L. A trace can be represented as an ordered set of exe-
cuted activities
3
, τ = ha
1
, . . . , a
n
i. A process model M corresponds to a directed
graph, which comprises activities and control connectors (e.g. XOR-split, AND-
join). Concurrency and choice constructs in the model allow multiple ways to
execute the process from start to end. An execution path p
i
= ha
1
, . . . , a
n
i is
any sequence of activities that represent a valid execution of M .
3.2 Algorithm Structure
The identification of higher-level process deviations comes down to the com-
parison of a trace τ = ha
1
, . . . , a
n
i
t
with the correct execution path p
i
=
ha
1
, . . . , a
m
i
p
. Therefore, the first step in the deviation detection algorithm is
finding the appropriate execution path p
i
for a specific trace τ L. A first
approach matches case information with decision rules in the process model to
determine the correct execution path. A second approach, applied in [2], min-
imizes the cost of a case execution in terms of inserted and deleted activities.
Note that the alignment stage of the algorithm deals with loops, i.e. it needs to
determine how many times the trace should have repeated a specific loop.
Instead of searching for high-level deviations straight away, the second step in
the deviation detection algorithm searches for low-level deviations, i.e. inserted
3
More precisely, a trace is an ordered set of events where each event relates to a
specific activity type

A Process Deviation Analysis Framework 95
and deleted activities. Since any high-level deviation can be constructed from
these two low-level deviations, it suffices to detect the low-level deviations in
order to combine them into high-level deviations. This decomposition of the
problem also prevents the algorithm from having to pass the event log multiple
times to find all possible combinations of high-level deviations.
The third step of the algorithm is an optimization problem and combines
the set of low-level deviations into high-level deviations. Note that there are
multiple ways to combine low-level deviations into high-level deviations.
For example, assume τ = ha
1
, a
4
, a
3
, a
2
, a
5
i
t
and p
i
= ha
1
, a
2
, a
3
, a
4
, a
5
i
p
. The
deviation between τ and its matching execution path p
i
can be explained by
a switch between activities a
2
and a
4
, but also by a delay of activity a
2
and
activity a
3
.
4 Related Work
Various terms have been given to express non-conform patterns, i.e. anoma-
lies, outliers, discordant observations, exceptions, aberrations, surprises, peculiar-
ities or contaminants. In [5], a survey provides a structured and comprehensive
overview of the research on anomaly detection in general.
With regard to anomaly detection in process aware information systems,
various research has already been done [3, 4, 6, 11]. All this research is limited
to the determination of whether a trace is anomalous or not and only addresses
the ‘Where’ question in the deviation detection stage. It does not determine
in which way and how severe these deviations are. Adriansyah et al. address
these limitations [1, 2]. They defined the low-level deviations of ‘skipped’ and
‘inserted’ activities and identify their exact occurrence in a trace. The severity
of these deviations is expressed by assigning a cost to skipping or inserting a
certain activity. Their research focusses on the questions “Where in the process
does it go wrong?” and to some extent “How does the process deviate?”, albeit
at a low level of deviations.
The PDA-framework suggests that the existing research only covers a small
part of process deviation analysis from a managerial point of view and one of the
issues that should be addressed is the identification of high-level deviations. To
define interesting high-level deviations, the work of Weber et al. [12] on change
patterns in process aware information systems provides an interesting starting
point.
5 Conclusions
The PDA framework decomposes process deviation analysis into three dimen-
sions, i.e. deviation categories, methodological steps and managerial questions.
The framework acts as a guidance to managers and allows them to quickly iden-
tify the type of deviation analysis they require. However, the PDA framework

Citations
More filters
DOI
01 Jan 2014
TL;DR: In this article, a memory-efficient technique to compute alignments between event logs and process models has been developed, where low-level deviations, i.e., observed activities that are not allowed according to the model and the other way around, are explicitly identified.
Abstract: Aligning Observed and Modeled Behavior The availability of process models and event logs is rapidly increasing as more and more business processes are supported by IT. On the one hand, most organizations make substantial efforts to document their processes, while on the other hand, these processes leave footprints in their information systems. Although it is possible to extract event logs from today’s systems, the relation between event logs and process models is often identified using heuristics that may yield misleading insights. In this thesis, techniques to align event logs and process models are explored. Based on the obtained alignments, various analysis techniques are developed. The techniques are evaluated against both artificial and real-life process models and event logs. A memory-efficient technique to compute alignments between event logs and process models has been developed. Given an event log and a process model, low-level deviations, i.e., observed activities that are not allowed according to the model and the other way around, are explicitly identified. The technique can also be used to identify high-level deviations such as swapped and replaced activities. Our technique is applied to problems occurring in different domains. Unlike earlier approaches, alignment-based conformance checking techniques are shown to be robust against peculiarities of process models, such as duplicate and invisible tasks. Alignmentbased conformance metrics, such as fitness and precision, are shown to be more intuitive and can deal with multiple level of noise in event logs. Various visualizations of alignments provide powerful diagnostics to identify the context of frequently occurring deviations between process executions and prescribed process models. Applying data mining techniques to alignments yields root causes of deviations between the observed behavior in an event log and the modeled behavior in a process model. Alignments also improve the robustness of performance measurements based on event logs and process models, even if the logs are deviating from the models. From a computational point of view, computing alignments is extremely expensive. However, the obtained results indicate that alignments not only provide a theoretically solid basis for analysis based on both models and process executions, but are also able to handle problems of real-life complexity.

214 citations


Cites background from "A Process Deviation Analysis Framew..."

  • ...Often measures and diagnostics at a higher-level of granularity are desired [53, 162]....

    [...]

  • ...Without aiming to be complete, in this section we discuss the three deviation patterns mentioned in [53, 162]: (1) the activity replacement pattern, (2) the activity reordering pattern, and (3) the activity repetition pattern....

    [...]

Book ChapterDOI
01 Jan 2014
TL;DR: This tutorial paper introduces basic process mining techniques that can be used for process discovery and conformance checking and some very general decomposition results are discussed, thus enabling process mining in the large.
Abstract: Recently, process mining emerged as a new scientific discipline on the interface between process models and event data. On the one hand, conventional Business Process Management (BPM) and Workflow Management (WfM) approaches and tools are mostly model-driven with little consideration for event data. On the other hand, Data Mining (DM), Business Intelligence (BI), and Machine Learning (ML) focus on data without considering end-to-end process models. Process mining aims to bridge the gap between BPM and WfM on the one hand and DM, BI, and ML on the other hand. Here, the challenge is to turn torrents of event data (“Big Data”) into valuable insights related to process performance and compliance. Fortunately, process mining results can be used to identify and understand bottlenecks, inefficiencies, deviations, and risks. This tutorial paper introduces basic process mining techniques that can be used for process discovery and conformance checking. Moreover, some very general decomposition results are discussed. These allow for the decomposition and distribution of process discovery and conformance checking problems, thus enabling process mining in the large.

55 citations


Cites background from "A Process Deviation Analysis Framew..."

  • ...First of all, it may be used to audit processes to see whether reality conforms to some normative or descriptive model [14,41]....

    [...]

Journal ArticleDOI
TL;DR: A formal method for modeling and verification of online shopping business processes with malicious behavior patterns considered based on Petri nets is presented, which can make the software design provably secured from the malicious attacks at process design time and reduces the difficulty and cost of modification for imperfect systems at the release phase.
Abstract: Recently, online shopping integrating third-party payment platforms (TPPs) introduces new security challenges due to complex interactions between Application Programming Interfaces (APIs) of Merchants and TPPs. Malicious clients may exploit security vulnerabilities by calling APIs in an arbitrary order or playing various roles. To deal with the security issue in the early stages of system development, this paper presents a formal method for modeling and verification of online shopping business processes with malicious behavior patterns considered based on Petri nets. We propose a formal model called E-commerce Business Process Net to model a normal online shopping business process that represent intended functions, and malicious behavior patterns representing a potential attack that violates the security goals at the requirement analysis phase. Then, we synthesize the normal business process and malicious behavior patterns by an incremental modeling method. According to the synthetic model, we analyze whether an online shopping business process is resistant to the known malicious behavior patterns. As a result, our approach can make the software design provably secured from the malicious attacks at process design time and, thus, reduces the difficulty and cost of modification for imperfect systems at the release phase. We demonstrate our approach through a case study.

40 citations


Cites background from "A Process Deviation Analysis Framew..."

  • ...Today's businesses are inherently process-driven, and the security of business processes is increasingly important [36]–[39]....

    [...]

Proceedings ArticleDOI
08 Sep 2013
TL;DR: A flexible framework for controlling the use of break-the-glass using the notion of alignments and extends alignment-based deviation analysis techniques by supporting the detection of high-level deviations such as activity replacements and swaps, hence providing a more accurate diagnosis of deviations than classical optimal alignments.
Abstract: Modern IT systems have to deal with unpredictable situations and exceptions more and more often. In contrast, security mechanisms are usually very rigid. Functionality like break-the-glass is thus employed to allow users to bypass security mechanisms in case of emergencies. However, break-the-glass introduces a weak point in the system. In this paper, we present a flexible framework for controlling the use of break-the-glass using the notion of alignments. The framework measures to what extent a process execution diverges from the specification (i.e., using optimal alignments) and revokes the exceptional permissions granted to cope with the emergency when the severity of deviations cannot be tolerated. For the quantification of the severity of deviations, we extend alignment-based deviation analysis techniques by supporting the detection of high-level deviations such as activity replacements and swaps, hence providing a more accurate diagnosis of deviations than classical optimal alignments.

35 citations


Cites background from "A Process Deviation Analysis Framew..."

  • ...Nonetheless, the severity of deviations should be assessed in terms of high level deviations like replacements and swaps [11]....

    [...]

Journal ArticleDOI
TL;DR: This paper presents an actionable framework to address one specific level of continuous auditing: the transaction verification level, which combines the techniques of data mining and process mining on one hand, and includes the auditor as a human expert to deal with the typical alarm flood.

29 citations

References
More filters
Journal ArticleDOI
TL;DR: This survey tries to provide a structured and comprehensive overview of the research on anomaly detection by grouping existing techniques into different categories based on the underlying approach adopted by each technique.
Abstract: Anomaly detection is an important problem that has been researched within diverse research areas and application domains. Many anomaly detection techniques have been specifically developed for certain application domains, while others are more generic. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection. We have grouped existing techniques into different categories based on the underlying approach adopted by each technique. For each category we have identified key assumptions, which are used by the techniques to differentiate between normal and anomalous behavior. When applying a given technique to a particular domain, these assumptions can be used as guidelines to assess the effectiveness of the technique in that domain. For each category, we provide a basic anomaly detection technique, and then show how the different existing techniques in that category are variants of the basic technique. This template provides an easier and more succinct understanding of the techniques belonging to each category. Further, for each category, we identify the advantages and disadvantages of the techniques in that category. We also provide a discussion on the computational complexity of the techniques since it is an important issue in real application domains. We hope that this survey will provide a better understanding of the different directions in which research has been done on this topic, and how techniques developed in one area can be applied in domains for which they were not intended to begin with.

9,627 citations


"A Process Deviation Analysis Framew..." refers background in this paper

  • ...In [5], a survey provides a structured and comprehensive overview of the research on anomaly detection in general....

    [...]

Journal ArticleDOI
TL;DR: It is shown that a combination of rippling and the use of meta-variables as a least-commitment device can provide novelty in induction rule construction techniques that can introduce novel recursive structures.

2,969 citations

Journal ArticleDOI
TL;DR: An incremental approach to check the conformance of a process model and an event log is proposed and a Conformance Checker has been implemented within the ProM framework and it has been evaluated using artificial and real-life event logs.

1,111 citations


"A Process Deviation Analysis Framew..." refers background in this paper

  • ...However, studies [7, 8] show that real process executions often deviate from their designed model....

    [...]

BookDOI
TL;DR: This paper presents a support method which allows the process designer to quantitatively measure the compliance degree of a given process model against a set of control objectives, which will allow process designers to comparatively assess the Compliance degree of their design as well as be better informed on the cost of non-compliance.
Abstract: Historically, business process design has been driven by business objectives, specifically process improvement. However this cannot come at the price of control objectives which stem from various legislative, standard and business partnership sources. Ensuring the compliance to regulations and industrial standards is an increasingly important issue in the design of business processes. In this paper, we advocate that control objectives should be addressed at an early stage, i.e., design time, so as to minimize the problems of runtime compliance checking and consequent violations and penalties. To this aim, we propose supporting mechanisms for business process designers. This paper specifically presents a support method which allows the process designer to quantitatively measure the compliance degree of a given process model against a set of control objectives. This will allow process designers to comparatively assess the compliance degree of their design as well as be better informed on the cost of non-compliance.

780 citations

Journal ArticleDOI
01 Sep 2008
TL;DR: A set of 18 change patterns and seven change support features are suggested to foster the systematic comparison of existing process management technology in respect to process change support to facilitate the selection of technologies for realizing flexible PAISs.
Abstract: Companies increasingly adopt process-aware information systems (PAISs), which offer promising perspectives for more flexible enterprise computing. The emergence of different process support paradigms and the lack of methods for comparing existing approaches enabling PAIS changes have made the selection of adequate process management technology difficult. This paper suggests a set of 18 change patterns and seven change support features to foster the systematic comparison of existing process management technology in respect to process change support. While the proposed patterns are all based on empirical evidence from several large case studies, the suggested change support features constitute typical functionalities provided by flexible PAISs. Based on the proposed change patterns and features, we provide a detailed analysis and evaluation of selected approaches from both academia and industry. The presented work will not only facilitate the selection of technologies for realizing flexible PAISs, but can also be used as a reference for implementing flexible PAISs.

630 citations


"A Process Deviation Analysis Framew..." refers background in this paper

  • ...[12] on change patterns in process aware information systems provides an interesting starting point....

    [...]

Frequently Asked Questions (1)
Q1. What are the contributions in "A process deviation analysis framework" ?

This paper presents a framework which structures the field of process deviation analysis and identifies new research opportunities.