Risk management for business processes is critical to the survival and performance of organizations, and has gained the interest of practitioners and academics. In this article, a fuzzy based multi-agent system (FMAS) is proposed as a practical solution to assess the process risk state and provide recommendations for the continuous improvement of business processes. To represent uncertain and ambiguous information obtained from experts, fuzzy theory is introduced to the FMAS. A fuzzy neural network is employed to implement an analysis agent capable of detecting the risk state of business processes within a firm. Furthermore, based on the predictions yielded by the analysis agent, the recommendation agent is then able to identify the possible deviations in the inconsistent process and provide suggestions for improvement. The effectiveness of the proposed FMAS is validated by its implementation in nine firms during twelve months, and the results are presented.
Business processes are constantly exposed to a wide range of risks [6, 31]. As demonstrated by recent incidents in the finance sector [9, 22, 20], failure of process-driven risk management can result in substantial financial and reputational consequences. Therefore, it is imperative to provide innovative approaches that are able to facilitate the continuous improvement of the performance of business processes [15, 21, 26].
Nevertheless, it is difficult to address the risks at the business process level. Figure 1 represents an example of an order fulfillment process. As shown in Fig. 1, a business process is a collection of related, structured tasks that aim to achieve a particular objective. Therefore, effective risk management at the process level must be realized by control procedures in tasks.
Existing research related to risk management for business processes primarily focuses on risk metrics and mitigation procedures, while little attention has been devoted to providing recommendations to an internal auditor to avoid risky situations and continuously improve the business processes within firms. Furthermore, effective control of the tasks, composing a process, is the foundation of risk management in business processes. Thus, consideration of task level analysis is imperative.
In this article, a fuzzy multi-agent system (FMAS) is proposed to facilitate the risk assessment and continuous improvement to business processes. The foundation of achieving these goals is business processes built by expert knowledge. The proposed FMAS contains two intelligent agents: the analysis agent and the recommendation agent, with learning and adaptation capabilities to realize the prediction of risk states and the detection of possible deviations in the inconsistent process by integrating fuzzy set, neural network, and multi-attribute decision making. In this respect, the proposed system can be considered as a decision support mechanism that facilitates the automatic adaptation and provides suggestions for the evolution of business processes.
The remaining sections of this article are organized as follows. The relevant literature is reviewed in Section 2. Then, the development of the FMAS is discussed in detail in Section 3. In Section 4, the results obtained after testing the proposed system are evaluated, and the conclusions are presented.
Previous process-based studies have emphasized the importance of explicit links between risks and business process models according to specific methodological approaches. The related work can be divided into the following two subdivisions. Approaches [1, 11, 23, 27] which propose risk-informed design, in which the idea of modeling business processes (in one or several stages) with risks and possible mitigation actions integrated into it are common. These models are then applied to a process model which has already been incorporated the mitigation activities. In particular, Betz, et al.  have proposed a simulation-based method of selecting the optimal business process model variant from several provided variants.
The second subdivision focuses on risk mitigation. Tomlin  has demonstrated the inevitability that risk-neutral firms in the context of a supply chain will select a single process-management strategy among these choices: mitigation by carrying inventory, mitigation by single-sourcing from the reliable supplier, or passive acceptance. Xue, et al.  have proposed that system modularity leads to a reduction in the risk level of adopting digital supply chain systems, and consequently inspires firms to digitize more of their supply chain operations. Based on the above research, Rajesh, et al.  have summarized twelve major supply chain risk categories and 21 risk mitigation strategies in the supply chain field. Grey theory and digraph-matrix methodologies were integrated in this work, whichcontributes to the quantification of various risk mitigation strategies.
While previous studies have provided the groundwork for the field of risk management for business processes, few of these approaches provide insight regarding how to support the generation of recommendations to avoid risky situations, and the continuous improvement of business processes. There is an increasing trend in the use of simulation techniques for risk management due to its modeling flexibility. Multi-agent based simulation (MAS) [21, 29], as a simulation technique, is commonly employed in risk management scenarios . In these scenarios, the agents are able to collaborate in order to establish an organizational model for providing effective risk management and supportive decision making.
Moreover, as most of the risk factors in business processes are subjective in nature, its assessment relies on the linguistic judgment of decision makers . Therefore, in our proposed FMAS, fuzzy set theory [8, 3, 19] is introduced to account for the impression, vagueness and uncertainty conducted in linguistic information. A linguistic variable is a variable whose values are described in terms of a natural or artificial language, instead of expressed in numerical forms . Linguistic variables are widely used in complex environments, as well as in situations that are difficult to describe with traditional quantitative expressions .
3Development of the FMAS
In the proposed FMAS, there are five kinds of agents, in which the analysis and recommendation agents are the core. The various agents and their corresponding functions are given in Table 1.
As shown in Fig. 2, the proposed system is modeled as a modular multi-agent architecture, in which the analysis and recommendation agents, as the core agents, are capable of predicting the risk states of business processes and generating recommendations for the improvement of processes.
The following sub-sections present the internal structure of the agents in the proposed system.
3.1Expert agent: Data acquisition
Cases of business processes, as the foundation of the analysis and recommendation agents, are obtained by surveys conducted by firm experts in different functional areas. This type of survey is designed to reflect the experience of the experts in their respective fields. In the process of data acquisition, the risk state of a process will be evaluated by experts. Each process is composed of tasks, and each task includes an importance rate, and its realization state. These parameters are explained below in the case structure. The data acquired from experts is used to establish the prototype cases for the initial case base of the storage agent. Case items that comprise each case are shown in Fig. 3.
The analysis agent identifies the situation of each business process within the firm and predicts the risk state associated with each situation. The agent constructs the problem case based on the data for the process obtained from the firm agent. A problem case for a process of n tasks will be composed of a vector including the importance rate and realization state such as: ((IR 1, RS 1) , (IR 2, RS 2) , …, (IR n , RS n )).
The analysis agent communicates with the storage agent to retrieve the cases most similar to the problem case. This is a process of clustering, which partitions a set of cases into subsets. Each subset is a cluster, such that cases in a cluster are similar to one another, and dissimilar to cases in other clusters.
The most well-known and commonly used method for cluster analysis is k-means . However, thek-means algorithm is sensitive to outliers because such objects are far away from the majority of the data, and thus, when assigned to a cluster, can dramatically distort the mean value of the cluster. For this reason, we employ the k-medoids method  to retrieve cases from the case base.
In the k-medoids method, actual cases are selected to represent the clusters, using one representative case per cluster. Each remaining case is assigned to the cluster to which the representative case is the most similar. The partitioning method is then performed based on the principle of minimizing the sum of the dissimilarities between each object p and its corresponding representative case. That is, an absolute-error criterion is used, defined as
3.2.2Risk state assessment
This phase aims to obtain an estimation of the risk state of the process analyzed. In order to obtain this estimation, a fuzzy neural network (FNN) [10, 28] is employed.
One of the advantages of fuzzy sets is their ability to represent uncertain and ambiguous information. The difference between traditional sets  and fuzzy sets is that the latter involve a membership function, which is not discrete but continuous. Fuzzy sets can be illustrated by a linear membership function, such as triangular and trapezoidal functions, and also by nonlinear membership functions, such as the Gaussian function. Since the Gaussian function is more precise than other nonlinear membership functions , the membership function represented by linguistic variables is presented in this study in the form of a Gaussian function.
In the proposed framework, a multi-input and single-output FNN is introduced to predict the risk level of the process analyzed from the retrieved cases. The structure of the FNN is shown in Fig. 5.
For each layer in Fig. 5, a mathematical description is provided below.
The input layer: The input vector can be expressed as
where (i = 1, 2, … , k).
The inference layer: c j = [c 1j , c 2j , …, c kj ], σ j = [σ 1j , σ 2j , …, σ kj ] are the centers and widths of the jth neuron. Each neuron in this layer represents an if/then fuzzy rule. The outputs of neurons are computed by the products of the grades of membership functions. A Gaussian membership function is applied in this paper due to its ability to reduce the number of parameters to be optimized. The output values of this layer are
The normalization layer: the output values of this layer are
The output layer: the output is clarified as
Furthermore, a new case will be stored in the storage agent case base consisting of the analyzed process and its estimation of the risk level obtained through the FNN.
The aim of this agent is to help the internal auditor improve business processes by generating recommendations for the problem case. For this purpose, it is necessary to compare the problem case with the cases most similar to it.
Since there are K cases related to the problem case through the case retrieval of the analysis agent, these cases are used as the case base of the recommendation agent. In the case base, the cases with risk states 20% lower than the estimation generated by the analysis agent are selected as the guide for recommendation. If there are not enough cases (30 is considered sufficient), the above constraint is relaxed further by decreasing the risk state in increments of 5% .
During the recommendation process, the cases that are able to maximize the realization state (RS i ) of each task in the analyzed process are selected with consideration of the importance rate (IR i ). In this way, the problem of obtaining recommendations from the retrieved cases can be considered as a multi-criteria decision making  problem, in which these cases, as the alternatives, are used to maximize the values of the tasks of the problem case.
In this framework, fuzzy COPRAS (Complex Proportional Assessment) [12, 17] is employed to solve the multi-criteria decision making problem, as it can effectively reflect fuzzy inputs, which allows a more complete interpretation of model results. As illustrated in Fig. 4, the realization state (RS) and the importance rate (IR) of a task represent the attribute and weight, respectively, in fuzzy COPRAS. Figure 6 demonstrates the steps of the method.
For generating recommendations, the output from the fuzzy COPRAS is compared to the problem case. The objective is to detect which tasks should be improved, and establish an order of priorities through weighting each task with respect to the overall weight of the process. In other words, the recommendation agent helps the internal auditor identify the possible deviations of the process and analyze the extent of deviations in terms of the importance rate (IR) of each task. In this way, the FMAS generates recommendations associated with inconsistent processes, indicating the differences between the values of the attributes in the problem case and those in the output derived from the fuzzy COPRAS.
Based on the predictions and recommendations yielded by the FMAS, the internal auditor may inform the firm of inconsistent processes and provide suggestions for improvement. The realization process of the FMAS is presented in Fig. 7.
The developed system was tested for twelve months in nine firms in the textile sector of Tianjin, China. The data employed to generate the prototype cases and to construct the memory of cases for the store agent were obtained by surveying 30 auditors from China and 20 experts in different functional areas of the firms within the sector.
Various complete operation cycles were conducted to fully test the system. Each company’s business processes were analyzed, risk rates were estimated, and recommendations were generated. These recommendations were communicated to the internal auditors, who were given a period of three months to elaborate and apply an action plan based on the provided recommendations. The primary objective of each of these action plans was to reduce the number of inconsistent processes within each company. New analyses were performed every three months in order to record, compare and refine results.
In order to demonstrate the improvement of business process in detail, an example of a problem case is given, regarding the payment sub-process of an order fulfillment process described in Fig. 1. For the analyzed process, the FMAS identified two frauds which may occur during the execution of this process: payment fraud and approval fraud. According to the recommendations generated by the FMAS, the internal auditor improved the order fulfillment process (see Fig. 8).
As shown in Fig. 9, the obtained data demonstrates that the application of the FMAS caused a positive improvement in all firms, reflected in the reduction of inefficient processes. The indicator used to determine improvement was the risk state of each of the analyzed processes. After analyzing one of the firm’s processes, it is inevitable to prove that the risk state of the process had improved. Thus, it is possible to conclude that the inefficient processes had been reduced.
In order to reflect the suitability of the system for reliably resolving inefficient processes, the results from the analyses obtained from the nine studied firms are compared with those of three firms in which the recommendations generated by the FMAS were not applied. In these three firms, the processes were analyzed during a three month period, using the analysis agent. The recommendations generated by the FMAS were not presented to the firms’ managers. In addition, it should be noted that some recommendations may require such high costs as to be prohibitive, or to require long-term implementation. Therefore, we considered that a firm would have followed the recommendations if they were applied at a rate greater than 70% .
• In 78% of these firms, the number of inconsistent processes was reduced with an average improvement greater than 10% .
• In 11% of these firms, the average improvement of the risk state of processes is less than 3% but more than 0% . This indicates that the application of the recommendations generated by the proposed system has no significant effect on the processes of the firm. After analyzing the possible reasons for these results, it was determined that the recommendations given were not followed precisely; only certain measures were applied while the majority of the recommendations were ignored.
• In 11% of these firms, the inconsistent processes increased, indicating that the application of recommendations generated by the system was contrary to the positive improvement of the firm. Once the situation in the company had been analyzed, it was concluded that there was a high level of disorganization, without a clearly defined set of objectives.
In general, these results demonstrate that the proposed FMAS can effectively facilitate a positive improvement to business processes in firms.
Furthermore, for the three firms in which the recommendations generated by the system were not applied, their improvement percentages are significantly below the same measurement of other companies that employed the FMAS.
The proposed FMAS has demonstrated several advantages according to real-world implementation:
(1) FMAS can represent uncertain and ambiguous information derived from experts. This feature, achieved by fuzzy set theory, helps the firm auditor operate with linguistic variables that cannot be described numerically.
(2) FMAS is suitable for the distributed environment. In the FMAS, the multi-agent approach provides adaptive support to fit the distributed nature of networked enterprises.
(3) FMAS has learning capability by utilizing a fuzzy neural network for the prediction of the risk level of a target business process based on previously observed cases.
The complexity and dynamic nature of the organizational environment makes it difficult to predict risk associated with business processes faced by a firm. However, the developed FMAS is able to estimate the risk state of the firm with precision, and provide solutions that enable the improvement of each phase within a business process. The proposed system will produce better results if provided with cases related to the sector in which it will be used, due to the dependence that exists between processes in a firm and the sector in which it is located. Future experiments will seek to identify how the constructed prototype will perform in other sectors, and how it must be modified in order to improve its performance.
The research was supported by the National Natural Science Foundation of China (No. 71271149 and No. 71502125) and the Program for New Century Excellent Talents in University. The authors are very grateful to all anonymous reviewers whose invaluable comments and suggestions substantially helped improve the quality of the paper.
Varela-Vaca AJ, Gasca RM 2013 Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach Information and Software Technology 55 11 1948 1973
Kar AK 2015 A hybrid group decision support system for supplier selection using analytic hierarchy process, fuzzy set theory and neural network Journal of Computational Science 6 23 33
Alkouri AUM, Salleh AR 2014 Linguistic variable, hedges and several distances on complex fuzzy sets Journal of Intelligent & Fuzzy Systems 26 5 2527 2535
Tomlin B 2006 On the value of mitigation and contingency strategies for managing supply chain disruption risks Management Science 52 5 639 657
Samantra C, Datta S, Mahapatra SS 2014 Risk assessment in IT outsourcing using fuzzy decision-making approach: An Indian perspective Expert Systems with Applications 41 8 4010 4022
Wu D, Olson DL 2010 Enterprise risk management: Coping with model risk in a large bank Journal of the Operational Research Society 61 2 179 190
Zavadskas EK, Kaklauskas A 2007 Multi-attribute Decisions in Construction, Fraunhofer IRB Verlag, Stuttgart (in German)
Ai F, Yang J, Zhang P 2014 An approach to multiple attribute decision making problems based on hesitant fuzzy set Journal of Intelligent & Fuzzy Systems 27 6 2749 2755
Faulds F, Bessis J 2013 Rogue trading: Back to front Journal of Risk Management in Financial Institutions 6 4 5
Wu G, Zhu Z 2014 An enhanced discriminability recurrent fuzzy neural network for temporal classification problems Fuzzy Sets and Systems 237 16 47 62
Gewald H, Dibbern J 2009 Risks and benefits of business process outsourcing: A study of transaction services in the German banking industry Information & Management 46 4 249 257
Zimmermann HJ 2001 Fuzzy set theory and its applications 2nd Boston, Dordrecht, London Kluwer Academic Publishers,
Park HS, Jun CH 2009 A simple and fast algorithm for K-meds clustering Expert Systems with Applications 36 2 3336 3341
Cano JR, Cordon O, Herrera F, Sanchez L 2002 A greedy randomized adaptive search procedure applied to the clustering problem as an initialization process using K-Means as a local search procedure Journal of Intelligent & Fuzzy Systems 12 3-4 235 242
Tian J, Feng N 2014 Adaptive generalized ensemble construction with feature selection and its application in recommendation International Journal of Computational Intelligence Systems 7 2 35 43
Zadeh LA 1975 The concept of a linguistic variable and its application to approximate reasoning— II Information Sciences 8 4 301 357
Abdullah L, Najib L 2014 A new preference scale of intuitionistic fuzzy analytic hierarchy process in multi-criteria decision making problems Journal of Intelligent & Fuzzy Systems 26 2 1039 1049
Xue L, Zhang C, Ling H 2013 Risk mitigation in supply chain digitization: System modularity and information technology governance Journal of Management Information Systems 30 1 325 352
Cagman N, Karatas S 2013 Intuitionistic fuzzy soft set theory and its decision making Journal of Intelligent & Fuzzy Systems 24 4 829 836
Feng N, Zheng C 2014 A cooperative model for IS security risk management in distributed environment Scientific World Journal 2014 1 10
Feng N, Wang HJ, Li M 2014 A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis Information Sciences 256 57 73
Feng N, Li M 2011 An information systems security risk assessment model under uncertain environment Applied Soft Computing 11 7 4332 4340
Conforti R, La Rosa M, Fortino G, ter Hofstede AHM, Recker J, Adams MI 2013 Real-time risk monitoring in business processes: A sensor-based approach Journal of Systems and Software 86 11 2939 2965
Rajesh R, Ravi V, Rao RV 2015 Selection of risk mitigation strategy in electronic supply chains using grey theory and digraph-matrix approaches International Journal of Production Research 53 1 238 257
Sikora R, Shaw MJ 1998 A multi-agent framework for the coordination and integration of information systems Management Science 44 11 S65 S78
Ali S, Soh B, Torabi T 2006 A novel approach toward integration of rules into business processes using an agent-oriented framework IEEE Transactions on Industrial Informatics 2 3 145 154
Betz S, Hickl S, Oberweis A 2011 Risk-aware business process modeling and simulation using xml nets CEC IEEE Hofreiter B, Dubois E, Lin KJ, Setzer T 349 356
Long S, Xu D 2014 Global exponential p-stability of stochastic non-autonomous Takagi–Sugeno fuzzy cellular neural networks with time-varying delays and impulses Fuzzy Sets and Systems 253 16 82 100
Wang T, Tadisina SK 2007 Simulating Internet-based collaboration: A cost-benefit case study using a multi-agent model Decision Support Systems 43 2 645 662
Cao Y, Yu W, Ren W, Chen G 2013 An overview of recent progress in the study of distributed multi-agent coordination IEEE Transactions on Industrial Informatics 9 1 427 438
Li Y, Cao B, Xu L, Yin J, Deng S, Yin Y, Wu Z 2014 An efficient recommendation method for improving business process modeling IEEE Transactions on Industrial Informatics 10 1 502 513
Figures and Tables
|Firm agent||This agent is assigned to each firm in order to collect new data and introduce consultations; the firm can interact with the FMAS by means of this agent.|
|Analysis agent||This agent is responsible for the prediction of potential risk states. The recovery of information from previous experiences simplifies the prediction process by detecting and eliminating relevant and irrelevant patterns detected in previous analyses.|
|Recommendation agent||The objective of this agent is to generate recommendations to help the internal auditor provide suggestions to improve inconsistent processes and control risks.|
|Expert agent||This agent helps the auditors and experts to provide information and feedback to the FMAS. These experts generate prototypical cases from their experience and receive assistance in developing the storage agent case base.|
|Storage agent||This agent has a memory that is composed of cases constructed with information provided by the firm and with prototypical cases identified by experts.|