The Volkswagen problem is about managing risk. If they had processes in place to manage risks [any and all risks], they could have prevented this. BPM software can ensure that these processes are managed.
It's occurred to me that the "VW troubles"are ultimately due to an EPA problem... The testing procedures to measure compliance with enviromental regulations were insufficient and easily "gamed" by anyone who analyzed that process.
This reminds me of a anecdote from my early days at Lombardi. A client had implemented the process by which agents claimed and processed cases, and when deployed they found that some agents were coming into the office early, claiming all of the best cases, and then coasting through the rest of the day. When the other workers came in, only difficult to process cases remained.
When this was discovered, the client was very upset, but fortunately our sponsor champion helped out:
Angry Client: "You've built a process that allows agents to cherry pick assignments!"
Champion: "We've always suspected that our agents cherry picked assignments. Now we have proof and can do something about it!"
Fraud can, to some extent, be prevented by BPM. Among the fraud triangle - pressure, opportunity and rationalisation - BPM can prevent opportunity to arise via smart design of process controls.
At the same time, stupid BPM at the EPA (or lack of) created an unique opportunity for fraud: the test routines were so predictable that the fraudsters actually took their sweet time to write a software to bypass them.
If the rules, policy, risk assesment, controls are clearly updated and well defined in the business process execution, including in the executive's level, then BPM can contribute to avoid or mitigate problens like the VW one or like the huge environment impacts caused in recent case of mining "San Marco" in Brazil.
BPM can contribute, but while some executive actions and decisions are out of that chain (formal business process), problems may be not detected and neither avoided.
BPM can help the business to define, design and manage a process that can possibly avoid some problem areas and concerns.
There may be many processess outlined (may or may not be BPM), but defining a process just solves a theoritical side of it, the adoption, adherance and realization still resides in the hands of the individuals, stakeholders, business owners and end users.
The process, decisions, business rules and compliance validation checks etc.. will echo within the boundaries defined by the business and its stake holders.
"BPM can only enforces a well defined Process in the System, not the Minds and Behaviour of an Individual"
As long as human emotion (and therefore apperently decisions) are basically not ruled out, even BPM cannot prevent problems. So, short answer: No.
I am not allowed to drive faster than 50km/hour within a city. That's the rule. But how is this being mitigated? By putting signs and punishment (by chance). But I can still drive faster... Now... If my car (=technology) doesn't allow me to drive faster than 50km/hour in designated area's, we have ruled out the human / emotional factor...
The problem I therefore see (and growing over the last (say 25) years) is that creating more rules to mitigate risk is not a very constructive way forward. The problem VW had to cope with are the strict regulatory environmental rules. But where are these rules based on? And where do they come from? And why would you falsify results in order to comply to these rules?
I originally wondered if this was an interesting question or not (silly concern, all BPM.com questions turn out to be interesting!)
But what a "can of worms".
We are now into the realm of ethics and culture and corporate governance. And the fact that policies and procedures are only guardrails for behaviour.
Because tacit knowledge and thousands of daily human micro-decisions can never be economically abstracted into software.
But insofar as the scope of automated work can be systematically enlarged, then any resulting transparency should reduce the space available for fraud.
Whether this applies to VW is questionable though, given the very specific nature of the problem.
Who knows what evil lurks in the hearts of men?
Well, the Shadow may know, but BPM can only suspect. When used appropriately, BPM is reasonably good at sniffing out individual bad actors, but the perennial plague of concerted corruption and inept regulatory enforcement are simply out of BPM's scope.
Human innovation is our best weapon against human failure. To the extent BPM acts as an enabling technology for such innovation, great. But keep in mind that technology can cut both ways.Indeed, for all we know, the company was using a BPM workflow that included a decision step like, "If this vehicle is going to a dealer, load standard sensor software; otherwise, load fraudulent sensor software". Do I then blame BPM for the outcome?
“...via smart design of process controls” as Bogdan said (I think that the operative word is “smart”). Examples of such smartness:
A good question and one on my agenda as I raise such issues with my professional body. In terms of fraud generally. Almost impossible to catch one beforehand where bad people spot the opportunity and decide to grab and run! What next generation BPM software will do is spot it very quickly so”running” is the only option!
However in the Volkswagen situation such software managing reporting on activity would almost certainly have picked up something was “wrong”. Let’s look at how this could be achieved. There are likely 2 core processes; first the set up of the testing kit then the actual testing process. On the first there will be (or should be) a process whereby decisions are made and agreed by management on the parameters of measurements the kit will undertake. All recorded as collaboration amongst many that will ensure no “tinkering”! On the second as each test undertaken again a process who when results etc. The testing kit would be linked in to the process feeding data direct into the reporting process. All very simple and doable with direction from informed management.
Both have full audit trail of who is responsible and all results reported compared etc. Any significant variations would trigger a process as to why. Such a system driven by the BPM principles would indeed have avoided the misreporting as experienced at Volkswagen.
As we know, in any typical car incident, both parties are responsible but maybe in different proportion. Thus in our case, BPM must be implemented properly in both the governing agency and all governed bodies. Their processes must be analysed (e.g. simulated) together to prevent any “holes” (or opportunities as Bogdan said). See ref1 as an example.
Done correctly, processes are not just “operational artefact”. They are a dynamic enterprise-wide backbone to plan & coordinate all (not only operational) activities and to anticipate (positive and negative) results.