Skip to main content

3.6 Business Process Review Tools and Techniques


3.6 Business Process Review Tools and Techniques



  • Purpose of a business process review is to the effectiveness and efficiency of processes in achieving its objective.


  • Process review can be carried out from knowledgeable representatives within the organization or with the help of external experts.


  • Business process review is carried out for following objective:


  • To identify the issues with current process

  • To gather information for improvement of the process

  • To review and monitor the progress of the project and milestone


  • Business process review is conducted in following steps:


  1. Review the current documentation and processes and understand roles and responsibilities of each process. Understand the current risk and control environment.

  2. Identify the areas of improvement through focus groups and workshops.

  3. Implement the changes

  4. Obtain feedback about changes and evaluate the same for further improvement.


  • Business process owners are best to provide feedback about the effectiveness of the IT system. To determine whether an IT system supports the business objectives; it is best to interact with the business process owners. Process owners are well versed about the system functionalities and its linkage to business objectives. They are the first one to notice any loopholes or limitations of the system. Their viewpoint will be unbiased.


  • Primary reason an external team reviews documentation before starting the actual risk assessment is to understand the current business process. Risk assessment will be effective only if the assessor is aware about business objectives, business processes and business environment.



Key aspects from CRISC exam perspective
CRISC Question
Possible Answer
To determine the effectiveness of the system, interview should be conducted of
Business process owners
Primary reason an external team reviews documentation before starting the actual risk assessment
To understand the current business process


Flashcards - 3.6 Business Process Review Tools and Techniques

Popular posts from this blog

2.7 Risk Analysis Methodologies

2.7 Risk Analysis Methodologies Risk analysis is the process of ranking of various risk so that areas of high can be prioritized for treating them.   Risk can be measured and ranked by use of any of the following methods:   Quantitative Risk Assessment Qualitative Risk Assessment Semi-quantitative Risk Assessment   Factor that influence the selection for above technique is availability of accurate data for risk assessment. When data source is accurate and reliable, organization will prefer quantitative risk assessment as it will give risk value in some numeric terms like monitory values. Monetary value is easy to evaluate to determine the risk response. Quantitative Risk Assessment In quantitative risk assessment, risk is measured on the basis on numerical values. This helps in cost benefit analysis as risk in monetary term can be easily compared to cost of various risk responses.   In quantitative risk assessment, various statist...
Read more

30% Discount - CRISC Recorded Lecture

We are pleased to announce that we are offering CRISC recorded lectures at 30% discount. Please use below link to avail the discount https://www.udemy.com/course/crisc-with-hemang-doshi/?couponCode=CRISCMARCH21037
Read more

2.5 Project & Program Management

2.5 Project & Program Management ·          It is very important for a risk practitioner to monitor the risk related to the management of the projects.   ·          Some of major reason for failing of IT projects are:   §   Scope creep i.e. requirements are not properly defined at the initial phase. §   Lack planning resulting into over budget and unavailability of skilled resources. §   Lack of structured project management process. §   Systems not tested before implementation §   Compliance or regulatory issues   ·          Root cause for the system failure is to be determined so the learnings can be applied to all the future projects.   ·          Major cause for a project failure is delay in completion. It may happen to make for the time lapsed...
Read more