UML and Business Processes
Catherine Dwyer, PhD.
Seidenberg School of Computer Science &
Information Systems

2
Markets: Increasing Complexity
 Relationship between complexity and information
technology
 Relationship between complexity and risk
 The only way to model risk in a socio-technical
system is to use system models
3
Example: Audit Assurance
 You are given the following flowchart and source
code as evidence for your audit of procurement
procedures
 Can you offer assurance that:
 Segregation of duties is maintained within the
process
 It is clear exactly what steps in process are handled
by an information system, and that adequate
controls are in place
4
5
6
Managing Risk From IT enabled Procesess
 Information technology has slashed the time needed to
complete a transaction
 For example, high frequency traders will buy and sell
stock within a 1-2 second window
 The audit process has not increased its efficiency to keep
up with speed of transactions
 The gap is growing between the time required to
complete a transaction (seconds) versus the time
required to audit that transaction (hours, days or
unknown)
7
What is needed
 Auditors must develop more efficient procedures, can
only happen by leveraging information technology
 Auditors need insight into information systems
 Tools that offer auditors real time view of transaction
activities and the operation of controls
 Need visual diagramming tools that can capture broad
scope (“the big picture”) and the ability to decompose
the exact logic of a process (“in the weeds”)
8
UML Concepts
 Unified Modeling Language (UML)
 Use simple, intuitive diagrams to capture stages of a
business process
 We will look at two specific UML diagrams
 Use Case Diagram – “bird’s eye” view of processes
supported by an IS
 Activity Diagram – describes logic flow through a
process
9
•
•
•
•
Actor – Role (accountant, shipping clerk) that will use IS
Use case – a collection of activities that lead to a goal or an objective
System – represents operations of information system
System boundary – defines specific responsibilities of IS
10
UML Concepts
 Actor – a role (“customer,” “manager”) who will use
an information system for specific purpose
 Use case – description of a “goal” or “objective” for
an actor (“withdraw cash,” “deposit check,”
“register for class”)
 System boundary – also referred to as automation
boundary, defines what steps in a process are part
of an information system
11
12
Activity Diagram Symbols
 Start –defines beginning of the activity
 Action – steps take by an actor or by an IS
 Swim lane – defines boundary of activity
 Transfer of control – represents interactive process
 Decision – branch or choice based on specific
condition
 End – defines end of activity
13
Procurement example
 Magal chapter 3
 Look at narrative of procurement process on
handout
 Identify actors
 Identify use cases
Use Case Diagram
Does this diagram provide evidence
of segregation of duties?
14
15
Example of Activity Diagram
 Can show cooperation between actors and system
 Describes the flow of logic for a process
 Library example
16
17
18
In class group work
 Create a use case diagram for the “fulfillment”
process (on handout)
 Identify actors and uses cases
 Hand in at end of class
19
UML Group Homework
 Part 1: The system you will be diagramming is an
Automated Teller Machine (ATM)
 Create a Use Case Diagram for ATM
 Write 1-2 paragraph narrative that describes your
diagram
 Create an Activity Diagram for cash withdrawal activity
 Write 1-2 paragraph narrative that describes your
diagram
20
Group Homework cont.
 Part 2: Post to Discussion Board – due by 6 pm
March 20th
 Each group must post 3 examples of processes
and/or accounting conditions that can be
diagrammed with UML
 Hand in Part 1 hard copy in class March 20th