BPM: An Ethical Perspective December 23, 2009 By Bob Larrivee, Director & Industry Analyst for AIIM

Looking at BPM holistically, we can define it as a means to study, identify, change, and monitor business processes. It includes techniques, methods and technology to improve and align business processes to organizational goals. It takes the as-is and transforms it to a future state or state of to-be for the organization. The questions we ask are often not merely what are you doing today but how do you want to do this tomorrow.

There is side of BPM that is at times is overlooked. That is the ethical side. When you implement a BPM project, you will map and document current processes. You look for inefficiencies and ways that to improve the process even before applying technology to automate. As you document and map these processes, you may suddenly face a situation where you have uncovered something significant and perhaps inappropriate that could have personal impact on colleagues and friends. When the project is complete, you may choose to use Business Activity Monitor (BAM) software to keep track of your processes for the purpose of refinement and improvement, but what if you find something here that seems out of order? What would you do? This is where ethics come into play.

Ethics for the purpose of this discussion is to focus on doing what is right. The sense it is right rather than the legal perspective. Sometimes what takes place may be legal but from an ethical viewpoint, it is not acceptable by society as a whole. So if you look at BPM from an ethical perspective, how do you address issues as they arise and when? BPM changes the way an organization works and will impact individuals within an organization, at times, removing them completely from the process. Imagine automating check processing. I worked for a Bank in the Northeast in the mid to late 1970’s where I collected checks from the branches, filmed and filed them then transferred them to the Federal Reserve clearing house. As part of the process in my bank, there were many people who did data entry and proof on these checks, every day. Enter process change and technology.

In a theoretical scenario today, that bank may no longer have to manage physical checks and as a result, the process may take the following appearance. Checks are now scanned at the teller window and potentially destroyed. The scanner used to capture and index the check image also captures the special MICR code launching a system to system process connecting one bank’s computer to another for fund verification and transfer. There is no longer a need for a courier to pick up the checks. There is no longer a need for the proof department or the microfilm person. It is all done electronically and much more efficiently. The question now becomes one of the people. What do you do with these employees who no longer have jobs due to the changes? Perhaps the approach is to offer them retraining and new positions within the bank as it expands rather than terminate their employment. I know I have simplified the story but hopefully it still sets the picture correctly. What we do and how we do it from an ethical perspective is relevant.

Beyond this, your projects will uncover and deal with information that is of a confidential or secure nature. We must be aware of this as well and maintain the highest level of confidentiality. We must be cognizant of the fact that we are exposed to personal information about fellow employees, product information, customer information and many other types of information that could be damaging to employees or the company as a whole should it not be handled correctly. In some regions, there are privacy protection acts in place that regulate how information is to be managed and monitored for the protection of the individual. In this case, if you use company email systems for personal use, even if it is against policy, the company cannot view or act upon the contents. In others, the company is deemed the owner of all information housed in their information management environment on their computers with no privacy consideration for the employees. In other words, if you are using the company’s email for personal use, the company has the right to view and act upon it. Some questions to ask before taking action include:

• Have you defined the situation accurately?
• How did this situation occur in the first place?
• Can you discuss the problem with the affected parties before you make your decision?
• Are you confident that your position will be as valid over a long period of time as it seems now?

You need to monitor your information and business environments to ensure you improve and grow. As you monitor and take action you also need to understand that you can never know everything but you do need to have sufficient checks and balances to avoid situations that may jeopardize your organization and place it at risk. Understand that things will not always happen and people will not always respond in ways you expect. You need to make the effort and demonstrate and prove that you tried to identify major risks and addressed them upfront. When you uncover something that seems to be wrong, gather all of the facts before you act, and remember that mistakes happen. The goal here should be to reduce or eliminate any uncertainty and focus on improvements that will benefit the organization as a whole.

Bob Larrivee is Director and Industry Analyst for AIIM. Bob can be reached through the AIIM Education Center at This e-mail address is being protected from spambots. You need JavaScript enabled to view it and followed on Twitter as @BobLarrivee.