CMMN Modeling of the Risk Management Process Extended Abstract

CMMN modeling of the risk management process Extended abstract

Tiago Barros Ferreira Instituto Superior Técnico [email protected]

ABSTRACT Enterprise Risk Management (ERM) is thus a very important activity to support the Risk management is a development activity and achievement of the organizations' goals. increasingly plays a crucial role in Risk management is defined as “coordinated organization´s management. Being very activities to direct and control an organization valuable for organizations, they develop and with regard to risk” [1]. ERM, as a risk implement enterprise risk management management activity, comprises the strategies that improve their business model identification of the potential events in the whole and bring them better results. Enterprise risk organization that can affect the objectives, the management strategies are based on the respective risk appetite, and thus, with implementation of a risk management process reasonable assurance, the fulfillment of the and supporting structure. Together, this process organization's goals [2]. and structure form a framework. ISO 31000 Many organizations nowadays have their standard is currently the main global reference risk management framework, including framework for risk management, proposing the activities to identify their risks, and their general principles and guidelines for risk prevention measures, documented. To this end, management, regardless of context. The most [1] is at this moment the main reference for risk recent revision of the standard ISO 31000:2018 management frameworks, proposing the [1] depicts the process of risk management as general principles and guidelines for risk a case rather than a sequential process. To that management, regardless of their context. end, it was explored the potential and limitations The guidelines for risk management of the conceptual modeling language “Case processes described in [1] suggest a process in Management Model and Notation” (CMMN) for which the flow is not always deterministic, the elaboration of the related diagrams, and the where the decision of which next activity to “Decision Model and Notation” (DMN) notation perform depends on the judgment of the case to model risk decisions. The application of the worker. Moreover, different techniques, such as model is also demonstrated for a real case. those described in [3], may be applied in risk

identification and should consider several KEYWORDS factors such as causes, events, consequences Risk, risk management, enterprise risk and risk sources. These facts make the management, CMMN, DMN problem potentially relevant to be modeled with 1. Introduction CMMN, a modeling language that has been As described in [1], risk is the “effect of recently affirmed for this type of processes. uncertainty on objectives” an effect being “a This paper is structured in eight more deviation from the expected”. The effect can be sections. Section two describes the main positive, negative or both, and thus it can concepts of risk management related to ISO address, create or result in opportunities or 31000. Section three presents the concept of threats. Still according to [1], risk can be case management and the CMMN language. In expressed in terms of: (i) Risk sources: An section four a preliminary analysis of the element that, alone or in combination with problem is made where it is proposed a CMMN others, has the potential to cause the risk; (ii) modelling of the ISO 31000 risk management Potential events: Occurrence or change of a process. Section five presents the analysis and particular set of circumstances; (iii) solution for the problem with the resulting Consequences: Outcome of an event that CMMN models for the risk management affects the objectives; (iv) Likelihood: Chance of process defined in the INCM´s ERM framework something happening. [4]. Section six presents the UML models of the In an organization, every process, from the domain model and the use cases that will serve simplest to the most complex, is subject to risks as the basis for the construction of an and its consequences can have positive or application1 using the Outsystems2 negative effects on the organizations' goals. methodology. Section seven presents a

1 Work already started in another dissertation 2 https://www.outsystems.com/

1 comparative analysis on the two CMMN models understand the basis for the decisions made that were modeled. Last section presents the and the reasons for the need for specific conclusions of the dissertation and define future actions. steps to continue this dissertation. I) Recording and reporting: aims to communicate risk management activities and 2. Risk management concepts – ISO results across the organization; support 31000:2018 standard interaction with those who have responsibility The risk management process described in [1] and accountability for risk management and illustrated in Figure 1, “should be an integral activities; provide information for decision- part of management and decision-making and making; and improve risk management integrated into the structure, operations and activities. processes of the organization. It can be applied at strategic, operational, programme or project 3. Case management and case levels” [1]. It is up to each organization to adapt management model and notation the risk management process to its goals and to Automating processes increases their the context in which it is inserted. However, the efficiency. But not all processes can be main references activities of this process should automated, and as such, for situations where be: they require more flexibility, a proper approach A) Scope, context and criteria: since the is required in building the process where flow process can be applied at different levels, it is control is not used to describe the process. essential for the organizations to clearly define Case management empowers workers by the scope of its risk management activities and providing them with access to all information to understand the internal and external context about the process and giving them autonomy in which it operates. For the definition of the risk and control over how a process evolves [5]. criteria, the organization shall specify the In this type of process, the main concepts magnitude and types of risk that it may or may are: (i) A set of unordered activities that can be not assume considering its goals, values and performed completely to solve a business resources. problem; (ii) Activities occur in an unpredictable B) Risk assessment: should be carried out in a order; (iii) Events determine the process; systematic, iterative and collaborative manner, therefore, the resulting case may vary using the best available information. This depending on the current event. The activities activity is composed of the sub-activities: risk are not linked to each other; (iv) External identification, risk analysis and risk evaluation. documents are a fundamental part of the C) Risk identification: aims to “find, recognize process. and describe risks that might help or prevent an The OMG (Object Management Group) organization achieving its objectives” [1]. introduced CMMN [6], a notation to model and D) Risk analysis: aims to “comprehend the graphically express these knowledge-intensive nature of the risk and its characteristics” [1]. and weakly-structured processes. Detailed consideration of the risk characteristics CMMN can be used in addition to BPMN. (uncertainties, sources, consequences, events, CMMN uses an event-centric and case file controls and their effectiveness) allow the risk concept approach, bringing new flexibility to level to be calculated where appropriate. business process. It can specify what can E) Risk assessment: results obtained in the risk happen in a process, but not how it should analysis are compared with the risk criteria happen. initially established in order to determine what From this perspective, a case has two action to take against the risks analyzed. distinct phases, the design-time phase and the F) Risk treatment: based on the outcome of the run-time phase. During the design-time phase risk evaluation activity, the process moves to the business analysts model the plan items that the treatment phase where risk treatment are always part of the case model and the options will be selected and implemented. discretionary items, that are modeled but are G) Monitoring and review: monitoring and not immediately added to the execution plan. review the risk management process and its During the run-time phase case workers results should be an integral part of all phases execute the plan executing the planned items of the process with the aim of improving its and optionally add, in current time, discretionary effectiveness and quality. items to the execution plan of the case instance. H) Communication and consultation: should The flow control of the case is thus exercised by take place throughout the process on a the case workers assigning them greater continuous basis. It allows stakeholders to responsibility in the case.

Figure 1 - Risk management process according to [1] The complete case behavior is modeled using execution (entry criteria) or when a case the elements illustrated in Figure 23 and is (case plan), stage, or task should terminate captured by the case plan model: abnormally (exit criteria). Criteria can be • Stage: It can be seen as an “episode” of the IfPart meaning that there is a Boolean case. It groups various language elements expression which is part of the criteria and including tasks, milestones, case file items, should evaluate to true for the criteria to be and events. satisfied, or OnPart which indicates which • Task: It is a unit of work. They can be divided standard event can satisfy the entry criteria into blocking and non-blocking human tasks, or exit criteria process-tasks, case-tasks, and decision- To represent certain dependencies and tasks. associations between non-discretionary • Discretionary element (only for tasks and elements of the plan, CMMN uses connectors. stages): An element that can be added, These connectors are illustrated by a line with optionally and in current time, to the the “dash-dot-dot-dash” sequence. As for the execution plan of the case instance by the dependencies between human tasks and case worker. discretionary items, they are represented • Event listener: Represents an event that through discretionary associations, which is a may occur during a case instance. They dashed line. distinguish themselves in timer event In order to represent behaviors of certain listener and user event listener. items in the process plan, CMMN uses • Case file item: All data and data structures decorators: stored in the case file. It can represent all • AutoComplete decorator ( ): Indicates kinds of data, including a data value in a that the stage or case will complete when all database, a row in a database, a document, the required case plan items are completed. a spreadsheet, a picture, a video, a voice • ManualActivation decorator ( ): Indicates recording, a directory, a folder, etc. that the stage or task must be manually • Milestone: Represents an achievable initiated after the entry criteria has been target, defined to enable evaluation of satisfied. progress of the case. The completion of a set • Required decorator ( ): Indicates that the of tasks or the availability of key deliverables stage, task, or milestone must be executed (information in the case file) typically leads for the scope (stage or case) to complete. to achieving a milestone. • Repetition decorator ( ): Indicates that a • Criteria: Allow us to describe when a task, stage, task, or milestone can be repeated stage, or milestone should be available for multiple times.

3 Adapted from Denis Gagné, BPMN-CMMN-DMN: An https://pt.slideshare.net/dgagne/bpmncmmndmn-an- intro to the triple crown of process improvement intro-to-the-triple-crown-of-process-improvement- standards, standards-denis-gagne (accessed April 25th, 2019)

Figure 2 - Graphical representation of the main elements of CMMN notation 4. Preliminary analysis: Modeling of “S02” contains three blocking human tasks, the generic risk management each one with the repetition decorator, so they process can also be repeated each time their entry 4 criteria are satisfied. All the information created The Enterprise Architect modeling tool was and used during this stage is also kept in “F01”, used to model the risk management process and each time it is modified, “M02” is achieved. described in [1]. Because CMMN does not offer The “S02” case worker is the risk owner, so the a visual representation for the roles associated stage contains an IfPart entry criteria that is with each stage or task, we opted to color them defined by the risk owner. according to the role with which it is associated. “T06” has an IfPart entry criteria defined by Green is used to represent top management, the risk owner (possibly defining the condition is blue for the risk owner, yellow for the owner of that “T06” is the first task of the stage). The the control and orange for the Chief Risk Officer other “T06” entry criteria, an OnPart, is triggered (CRO). by “T13”, since a monitoring and revision of the The final diagram results from a careful process can identify new risks. Being the risk analysis of the risk management process as owner in charge of this tasks, the manual described in [1]. Each requirement of the activation decorator associated to the task gives process was analyzed to extract the key factors risk owner the ability to decide if it should initiate to be covered. The result is represented in the task even if any of the entry criteria is true. Figure 3. Since “T08” can only execute with the “S01” contains four blocking human tasks as outputs from “T07” and “T07” uses the outputs they all must wait until the case worker from T06, that means that both “T07” and “T08” associated with them completes the task. have an OnPart entry criteria associated with According to [1], the risk criteria “are dynamic “T06” and “T07” respectively. and should be continually reviewed and “S03” contains four blocking human tasks amended, if necessary” which means that “T04” and all the information created and used during is not a mandatory task (discretionary task), and the stage is also kept in “F01”, being “M03” as a result the stage must contain a planning achieved every time “F01” is modified during table. All the information created and used “S03”. It depends from the outputs of “T08”, so during this stage is kept in the “F01” case file it has an OnPart entry criteria from “T08”. The item, and each time it is modified the milestone IfPart entry criteria is a condition defined by the “M01” is achieved (milestone with repetition case worker assigned to the stage, the decorator). As top management oversees this treatment owner. stage, this stage is triggered by an IfPart entry “S04” is triggered by its two events (OnPart criteria, which is a condition defined by top entry criteria) and can be repeated every time management. It is also triggered by the result of that any of the events occur (repetition “T13” (the OnPart entry criteria linked by “T13”). decorator). It contains a milestone, “M04”, that The stage has the repetition decorator, so it can is achieved every time the stage modifies “F02”. be repeated multiple times (each time one of the The blocking human task “T13” is triggered entry criteria activates it), and the manual by its two OnPart entry criteria and can also be activation decorator, so it gives top repeated several times (repetition decorator). management the ability to decide if it should initiate the stage even if any of the entry criteria is true.

4 https://sparxsystems.com/

Figure 3 - CMMN model of the ISO 31000 risk management process 5. Problem analysis and solution: covered by the phase. When necessary, Modeling of the INCM risk interviews with the CRO helped understanding the details. management process 5 In line with the ISO 31000 case model, Imprensa Nacional – Casa da Moeda (INCM) because CMMN does not offer a visual is a Portuguese organization that is responsible representation for the roles associated with for the production of goods and services that are each stage or task, we opted to color them fundamental to the functioning of the according to the role with which it is associated. Portuguese State, such as the minting of coins, Green is used to represent the corporate risk the publication of official publications and management committee (CGRC), blue for the production of security documents like the citizen risk owner, yellow for the owner of the control card. and orange for the CRO. INCM already established an ERM structure “S01” can perform a different set of activities [4], where it defined the elements to for each case instance, menacing that the four continuously design, implement, monitor, tasks associated with this stage are review, and improve risk management in the discretionary, and the stage must contain a organization. Figure 4 illustrates the high level planning table. In those four tasks it defines the CMMN model of the application case, defined scope, context in which they will operate and the as an application of the ISO 31000 generic risk criteria they will be able to follow. All the model illustrated in 4. All documentation information created and used during this stage regarding this ERM framework were provided is kept in “F01”, and each time it is modified, by the INCM´s CRO. Each phase of the process M01 is achieved (milestone with the repetition was analyzed in order to extract the key factors decorator). Being the CGRC in charge of this

5 https://www.incm.pt/

5 stage, this stage is triggered by an IfPart entry 6.1. Domain model criteria, which is a condition defined by CGRC. The analysis and information gathering of It is also triggered by “T13” (the OnPart entry INCM's ERM structure allowed the construction criteria linked by “T13”). The stage has the of a domain model. The result of this work is repetition decorator, so it can be repeated each illustrated in Figure 5. time that one of the entry criteria activates it, Although it is in line with the risk and the manual activation decorator, so it gives management process described in [1], ERM Corporate risk management committee the structures differ from organization to ability to decide if it should initiate the stage organization adjusting to their context, meaning even if any of the entry criteria is true. that some of the associations, classes, and their Being the application case a specific case attributes and scales result from the context in and not a generic one, the work associated with which the INCM is inserted and are defined in the “S02” was more detailed in the application [4]. case framework than in the generic ISO 31000 Describing the domain model, we have as model, so “S02” contains three stages instead main concepts the "Scope" and "Risk" classes. three tasks. Scope refers to the purpose of risk “S001” executes two blocking human tasks management, which may be more than one. In where identifies the risk and modifies “F01”, the case of INCM, the broader scope is each time achieving “M02.1”. When new risks corporate risk, encompassing even more are communicated or when “T13” originates specialized areas such as information security new ones, “S001” is triggered (two OnPart entry (ISO27001 certification), quality management criteria). The risk owner can decide if any of the (ISO9001 certification), etc. entry criteria is enough to initiate the stage. A risk can be classified as a "Threat" or an “S002” has a decision task where it is "Opportunity" according to the effects of its calculated the risk level according to application consequences. If the effects are negative, the case metrics and modifies “F01”, reaching risk poses a threat. If they are positive the risk “M02.2”. It is triggered by the event “E002” and is considered an opportunity. by the outputs of “S001” (two OnPart entry The "Risk" class also contains an attribute, criteria). the risk state, which indicates the phase of its “S003” executes four blocking human tasks life cycle, and the risk level operation (results in where the risk is evaluated and modifies from the intersection between the maximum “F01”, being the progress of this stage impact and the derivative probability of loss of associated with “M02.3”. It is triggered by three the “Risk condition” class). It also derives from OnPart entry criteria, “E003”, “S002” and “S03”. two classes, the "Condition of risk ", which is The risk owner, once again, can decide if any of composed of the derivative probability of loss the entry criteria is enough to initiate the stage operation (results from the intersection between (manual activation decorator) the event probability and the control “S03” performs three blocking human tasks, effectiveness) and the" Impact ". related to the risk treatment, and all the The "Control" class is characterized by the information created and used during this stage quality, monitoring and evaluation attributes and is also kept in “F01”, being “M03” achieved by the control effectiveness operation (defined every time “F01” is modified during “S03”. It has as the sum of the classification of its three a dependency with the “S003” outputs, so it has attributes, scaled from 0 to 3, divided per 9). It an OnPart entry criteria from “S003”. It has a has two specializations: "Mitigation and second OnPart entry criteria, “E004”. recovery controls" and "Prevention controls". “S04” is triggered by its three events (OnPart "Mitigation and recovery controls" act on entry criteria) and can be repeated every time impacts (class "Impact") and "Prevention that any of the events occur (repetition controls" act on risk conditions (class "Risk decorator). Three different case file items can condition"). be produced during this stage, all of them being Because it depends on the probability of the associated with a different milestone. "Event" and the "Causes" associated with the The blocking human task “T13” is triggered event, "Risk condition" is an association class. by its two OnPart entry criteria (events “E03” Also is the class "Impact", which depends on the and “E04”) and can be repeated any time one of probability of the "Event" and the the events occur (repetition decorator). "Consequences" associated with the event. The consequences associated with events 6. Modeling of the risk management can affect the assets of the organization. The application "Assets" class has the attributes: name, id, This section presents the UML models of the category, description, location, owner, application´s domain model and use cases. redundancy, level and observations. It

6 specializes in "Processes" or "Goals" and can be associated with other assets.

Figure 4 - High level CMMN model of the application case 6.2. Use cases characterization of the new risks the events, This section describes the main use case (UC) consequences, causes and controls that are that affect the classes present in the application associated with it are identified. Once the risk domain model. Figure 6 illustrates the identified has been set this is recorded in the Risk use cases following the description of scenarios Register. The risk characterization inherent to associated with the use cases present in the UC02 provides access to and change figure. information of the domain model associated UC1 describes the process stage where the with the classes "Control", "Cause", "Event", CGRC defines the scope of the organization's "Consequence", "Assets", "Risk", "Threat" or risk activities, which further includes defining “Opportunity” and “Mitigation and recovery the internal and external contexts and the risk control” or “Prevention control". criteria to be considered. Once the scope has UC3 describes the stage of the process been defined, it is registered in the case file item where the Risk owner, after having called Risk Register. To accomplish this UC an characterized the new risk(s) that were access and record is made to the information reported, calculates the risk level. In order to associated with the class of domain model calculate the risk level, the Risk owner first "Scope". calculates the loss event probability using the UC2 describes the stage of the process event likelihood and the control effectiveness of where the Risk owner characterizes the new the prevention control. Then estimates the risk(s) that were reported. In the maximum impact of the consequences. The risk

7 level is calculated by the intersection between Corporate Risk Report, it includes information the loss event probability and the maximum on risks with a high-risk level. Accessing the impact. All results are logged in the Risk information that is associated with the "Risk" Register. In order to calculate the risk level, and "Threat" or "Opportunity" classes of the UC03 includes access and change of domain model. information in domain model associated with The Specialized Risk Report includes risk the classes "Cause", "Event", "Risk condition", listings grouped or ordered by risk components "Consequence", "Asset", "Impact", "Risk" and (for example, risks ordered by their risk level, "Threat" or "Opportunity". likelihood or impact, risks grouped by cause, UC4 describes the process step where the event or consequence, among others) [4]. This Risk owner selects the existing controls for the case of use (UC06.2), in order to produce the risk(s). This will require that the risk level is corresponding risk report, accesses the classes already calculated. Before selecting the "Risk", "Event", "Impact", "Consequence", controls, the Risk owner categorizes the risk "Asset", "Cause", and "Threat" Or according to the categorization map defined in "Opportunity". [4] and selects the risks considered not Finally, the Risk Mitigation Report includes acceptable according to their risk level. After information regarding the monitoring and this, selects the existing controls for these risks. implementation of the implemented risk Finally, calculates the residual risk inherent in controls. All these reports will then be shared these risks. The calculation of the residual risk with stakeholders accessing the "Control" and results from the estimation of the risk level after "Mitigation and recovery control" or "Prevention the implementation of the controls. All results control" classes of the domain model. are recorded by the Risk owner in the Risk register. UC04 conclusion includes access and 7. Comparison between generic and change of domain model information associated INCM models with the classes "Control", "Cause", "Event", From the analysis of the processes described in "Risk condition", "Consequence", "Asset", [1] and [4] it was noticeable that they described "Impact", "Risk", "Threat" or "Opportunity" and the process as a case since they only specified "Mitigation and recovery control" or "Prevention what should happen during the process but control". didn’t specify how the process should evolve. UC5 describes the process step where the The process flow was determined by the case Treatment owner reports the effectiveness of worker and depended from a set of different the applied control. For this use case to occur, events. The case file items presented in both the controls must have been previously diagrams were a fundamental part of the case selected by the Risk owner. At this phase of the since they kept all the information produced by process the Treatment owner will plan and each case instance and were used by the case implement the selected controls. The control worker to decide what they should do next. planning includes the activities of estimating the The risk management process proposed by cost / benefit of the implementation of the [1] is intended to be a generic reference. Its control and the expected date for the implementation in a specific context must take completion of the implementation of the control, in consideration the specificities of that context. among others. The use case ends with As a specialization example of the ISO checking the quality of the controls and 31000 model to the application case, it is recording all the information generated in the possible to verify that the ISO 3100 standard Risk register. This use case accesses and defines the tasks “T01” and “T02”. However, in changes information about the "Control" and the context of the application case, the work "Mitigation and Recovery Control" or covered by these two tasks is divided into three "Prevention Control" classes of the domain distinct tasks: the tasks “T01.1+T01.2”, model. “T01.2+T02.2” and “T01.3+T02.3”. The last use case (UC6) describes the Another example involves the tasks “T03” and process stage where the CRO prepares the risk “T04”. While in the context of the standard these reports. This use case, as illustrated in Figure 6, two tasks are modeled separately, in the specializes in three types of use cases: UC06.1, context of the application case they are UC06.2 and UC06.3. This specialization comes condensed in only one, being therefore this task from the event that triggers the beginning of the identified as “T03 + T04”. production of the report. Each of the three types A final example is the fact that the standard of risk reports provided by INCM is associated foresees the creation of one generic report, with a different event, and the occurrence of one being identified as “F02” while the application of these events leads to a corresponding risk case foresees the creation of three different report being produced. When preparing the

8 types of risk reports, which are therefore identified as “F02.1”, “F02.2” and “F02.3”.

Figure 5 - Application´s domain model Also, in the application case are new specific the milestone “M02.1”. Thus, all these elements not detailed in [1]: elements are grouped within the stage • “E001”, “E002”, “E003” and “E004”: “S001- Risk Identification”. These result from the fact that INCM is a specific case and so it defines in his process A final example of the specialization of the a set of specific events that fit their context; application case relates to an extra entry criteria • “T001”: This is relevant because INCM has in stage “S003”. its specific risks categorized, which does not As in Figure 3, “T08” only contains the entry exist in a generic reference as the ISO criteria activated by “T07”, while in Figure 4 31000; “S003” contains the entry criteria activated by • “S001”, “S002” and “S003”: These are “S002” and “S003” (the entry criteria related to derived from the CMMN language modeling “E003”, as explained above, is due to the fact syntax. Wanting to decompose a task into that INCM defines in its process specific events multiple tasks it is necessary to include them that fit its context). This derives from the in one stage. Taking as an example the risk process stage where each one performs “T09” identification phase: while the standard and “T12”. While in the context of the standard identifies that phase as a task (“T06”), in the “T09” and “T12” are executed in “S03”, in the application case context the risk context of application case “T09” is executed in identification phase includes the tasks “S003” and “T12” in “S03”. Since “T12” can “T06.1”, “T06.2”, the case file item “F01” and initiate a new execution of “T09”, the latter being modeled in different steps as in the application

9 case process, it is necessary that the stage again, this happens due the fact that the where “T12” is inserted re-activates the stage application case process is a specialization of where “T09” is inserted, thus forcing a new entry the proposed ISO 31000 process. criteria associated with “S003” (Figure 4). Once

Figure 6 - Application´s use cases 8. Conclusions and future work use case diagram that will serve as the starting The implementation of an efficient ERM point for the construction of an risk presents itself as a competitive advantage in the management application. business world. Although not mandatory, the CMMN, as a recent modeling language, still organizations, including the application case lacks references to help in its practical detailed in this paper, have been developing application. As such, in the future and as more ERM structures following the good practices information becomes public, it will become a described in [1] and [2]. Although organizations more relevant model and notation for case try to automate their processes in order to management. optimize their work pace and maximize profit, As future steps, and following the work many of these processes involve collaboration developed here, it will be possible to continue to between various types of stakeholders and are develop the application. event dependent. The growth of case management techniques, namely the CMMN References modeling language, has been playing an important role in supporting this kind of [1] International Organization for Standardization, "ISO processes that are unpredictable, knowledge 31000:2018(E)," Risk management - guidelines, 2018. intensive and weakly structured. [2] Committee of Sponsoring Organizations of the In this paper an intensive analysis was Treadway Commission, ERM - Integrating with performed on the risk management processes Strategy and Performance, 2017. described in the ISO 31000 standard and in the [3] International Organization for Standardization, "ISO/IEC 31010:2009," Risk management – risk application case framework and it was assessment techniques, 2009. concluded that they were both capable of being [4] R. Vieira, "PA18 - Descrição do processo. Framework modeled through the CMMN language. From de gestão de riscos corporativos," INCM, 2018. the resulting CMMN model it was possible to [5] M. Marin, "Introduction to the Case Management Model establish a comparison between the two and Notation (CMMN)," 18 August 2016. [Online]. processes and to conclude that the process Available: https://arxiv.org/pdf/1608.05011.pdf%20- %20conceitos%20cmmn22.pdf. [Accessed 25 April described in the application case follows the 2019]. model proposed in the standard. [6] Object Management Group, "Case Management Model Also based on the process described in the and Notation (CMMN)," 01 December 2016. [Online]. structure of the risk management defined in [4], Available: http://www.omg.org/spec/CMMN/1.1. it was developed in UML a domain model and a