Describing the existing organization
The purpose of this step is to describe the org-units in the enterprise, its different processes, the risks encountered as well as the associated controls.
An org-unit represents a person or a group of persons that intervenes in the enterprise business processes or information system. An org-unit can be internal or external to the enterprise. An internal org-unit is an organizational element of enterprise structure such as a management, department, or job function. It is defined at a level depending on the degree of detail to be provided on the organization (see org-unit type). Example: financial management, sales management, marketing department, account manager. An external org-unit is an external entity that exchanges flows with the enterprise. Example: customer, supplier, government office.A risk is a hazard of greater or lesser probability to which an organization is exposed.A control is a set of rules and means enabling the assurance that a legal, regulatory, internal or strategic requirement is respected.This consists of the following tasks:
Describing the organization
With HOPEX Business Process Analysis the organizational chart shows the hierarchy of the org-units in the enterprise, their responsibilities with respect to the processes and specifies the persons associated with each org-unit and on which site.
Example of organizational chart:
For more information on describing enterprise org-units, see "Organizational Charts and Responsibilities", page 111.Describing processes
Describing organizational processes
An organizational process is a set of operations performed by org-units within a company or organization, to produce a result. It is depicted as a sequence of operations, controlled by events and conditions.With HOPEX Business Process Analysis, organizational processes are described in the form of diagrams.
In the example of the purchase request process, the organization is represented by the following diagram.
For more details describing an organizational process, see "Organizational Processes", page 35.Business process modeling
A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.The business process diagram enables representation of product or service offerings proposed by the enterprise to each of its markets, as well as the processes that produce these.
For more details describing an organizational process, see "Business processes", page 69.Describing value streams
A value stream is an end-to-end collection of Value Stages that creates an outcome for a customer, who may be the ultimate customer or an internal end-user of the value stream.The following diagram presents an example of a value stream:
For more details on value stream description, see "Value streams", page 77.Describing application processes
A system process is the executable representation of a process. the events of the workflow, the tasks to be carried out during the processing, the algorithmic elements used to specify the way in which the tasks follow each other, the information flows exchanged with the participants.HOPEX Business Process Analysisallows you to model the IT system process implemented when using an organizational process. This description is made in a BPMN model detailing the sequence flow of tasks performed when executing the application in the particular context.
The diagram below represents an example of a purchase request processing application process.
For more details describing a system process, see "System Processes", page 83.Describing controls and risks
A risk is a hazard of greater or lesser probability to which an organization is exposed.A control is a set of rules and means enabling the assurance that a legal, regulatory, internal or strategic requirement is respected.The HOPEX Business Process Analysis repository covers all enterprise resources, from global value streams to IT resources. The HOPEX Risk Mapper approach enables business and IT managers to guarantee traceability of compliance controls via application layers, data and infrastructures.
For more information, see HOPEX Control and Risk.