Workflows are the fundamental building blocks of business processes in any organization today. These workflows have attributes and outputs that make up various Operational, Management and Supporting processes, which in turn produce a specific outcome in the form of business value. Risk Assessment and Direct Assessment are examples of such processes; they define the individual tasks integrity engineers should carry out.
According to ISO 55000, achieving excellence in Asset Management requires clearly defined objectives, transparent and consistent decision making, as well as a long-term strategic view. Specifically, it recommends well-defined policies and procedures (processes) to bring about performance and cost improvements, improved risk management, business growth and enhanced stakeholder confidence through compliance and improved reputation. In reality, such processes are interpreted differently all over the world, and the workflows that make up these processes are often defined by individual engineers and experts. An excellent example of this is Risk Assessment, where significant local variations in data sources, threat sources and other data elements, require the business to tailor its activities and models used.
Successful risk management is about enabling transparent decision-making through clearly defined process-steps, but in practice it requires maintaining a degree of flexibility to tailor the process to the specific organizational needs. In this paper, we introduce common building blocks that have been identified to make up a Risk Assessment process and further examine how these blocks can be connected to fulfill the needs of multiple stakeholders, including data administrators, integrity engineers and regulators. Moving from a broader Business Process view to a more focused Integrity Management view, this paper will demonstrate how to formalize Risk Assessment processes by describing the activities, steps and deliverables of each using Business Process Model and Notation (BPMN) as the standard modeling technique and extending it with an integrity-specific notation we have called Integrity Modelling Language or IML.
It is shown that flexible modelling of integrity processes based on existing standards and best practices is possible within a structured approach; one which guides users and provides a transparent and auditable process inside the organization and beyond, based on commonalities defined by best practice guidelines, such as ISO 55000.