Strengthening Business Process Modeling with the Application / Combination of Viable System Model in ICT Policy Analysis Context

Information and Communication Technology (ICT) policy is a code that clarifies the duties, responsibilities and rights of technology stakeholders and specifies acceptable and efficient ICT utilization. ICT policy life cycle encompasses four main processes which are: development, implementation, monitoring and evaluation. In many cases, the processes that form the life cycle of ICT policy usually stopped or failed at starting phase(s), including the case study in this research (one of the Malaysian Public Institutions of Higher Education). Failures in ICT policy management may compromise ICT security, control and strategy in addition to incurring unnecessary expense. This paper discusses the methods utilized in conducting the study. Qualitative research and case study method were utilized to provide greater insight into this complicated phenomenon. An in-depth analysis and elaboration was performed using Viable System Model (VSM) and Hermeneutics method to diagnose and identify weaknesses, mismatches and viable requirements. The proposed model combined the perspectives of systemic functions and organizational structure of VSM with organizational processes and entities of Business Process Modeling (BPM). The application of VSM accommodated environmental dynamism, encouraged sustainable development and provided a sound theoretical platform. In combination with BPM, emphasis shifted from a specific, isolated policy domain to a business process model designed to manage overall ICT policy. An ICT policy management prototype was also developed based on the model. The model and prototype system have been verified through the case study.


INTRODUCTION
Information and Communication Technology (ICT) is a powerful tool that helps organizations to participate in the global market by promoting political accountability, improving service delivery and enhancing opportunity development. In today's world in which ICT is considered as an enabler in business, and where organizations take competitive advantage from their ICT, organizations need to unlock the power of technology and align their ICT to the business objectives in order to compete. However, though organizations are increasingly spending on ICT, there is a long history of ICT failures or at best mitigated successes. [1] reveals that organizations need to improve the way ICT is invested and exploited. In other words, marketers cannot exploit ICT unless the right ICT infrastructure and development take place to meet the demands of the users [2]. Therefore, one element of having strategic ICT aligned with business goals is to standardize, direct and control the operation of the currently installed technology in order to detect the need for improvements, upgrades or changes. Thus, a mechanism is essential to ensure that ICT investments and operations are effective, efficient and acceptable. Innovative, well-formulated and successfully implemented ICT policies have the potential to provide effective and efficient mechanisms in order to standardize, direct and control the technology and its development and exploitation. [3,4] discussed ICT policy significances, challenges, issues and problem background in detail. However, BPM as a proposed technique for ICT policy analysis [5] has issues and challenges [6] that can be tackled with the application/combination of VSM.

Business Process Modelling Constituting Elements, Suitability, Benefits, Challenges and Issues
BPM is used to transform the knowledge and related activities of business into models describing the organizational processes [7]. It is a fundamental pre-requisite for business process improvement and management [8]. In addition, decision makers are able to filter out irrelevant complexities and direct their efforts towards the most important parts through the application of BPM [9]. [10] indicated that developing the model can be instructive by revealing anomalies, inefficiencies, inconsistencies and improvement opportunities. The author argued that a model can consist of processes, concepts, constraints, objectives and goals. A model has to provide its users with informational elements such as: what activities constitute the process, when and where the activities are performed, who performs the activities, how and why the activities are performed, and what data elements they manipulate [9]. According to [11], a business model focuses on collecting and maintaining the knowledge, strategies, goals, risks and management-related issues of an organization. Therefore, a valuable means of knowledge sharing is provided, which potentially extends to an organization's ICT infrastructure that can also be used to formulate and evaluate changes within the organization.
The two most predominant formalisms of process modeling development languages are graph based and rule based. A graph based formalism is rooted in graph theory and a rule based formalism is based on formal logic [12]. According to [13], the two BPM graphical notations are the Business Process Modeling Notation (BPMN) and UML Activity Diagram. The author also claimed that the preferred, popular and most advanced execution language is the Business Process Execution Language (BPEL). However, according to the later discussions BPEL is not apparently as popular as BPMN and UML Activity Diagram. Graph theory is simple and intuitively understandable at a glance, which also intends to bridge the gap between business process design and information systems implementation [14]. It is useful for knowledge formalization [11]. Graph theory is well-known, well-studied, explicit and visually appealing to all kinds of workflow designers with or without technical knowledge. In contrast, rule based modeling languages are less attractive and less usable since it requires good understanding of complex propositional and logical syntax expressions [12]. These three languages operate at different levels. BPMN and UML Activity Diagrams are informal graphical notations used at the analysis level and BPEL is a textual executable language used at the development level [15]. In other words, business process models are commonly distinguished and intended for business analysis and improvement or automation (that reflects their levels of abstraction) [16]. However, both formalisms are required in forming a good BPM architecture [13].
Combining several modeling methods and techniques in formulating Business Process Model is necessary to present the characteristics of essential process theory and achieve desired outcome(s) [17].
On the other hand, a model is not supposed to be designed as a domain of modeling specialists. According to [18], the model is not supposed to be understandable by modeling specialists only. The model should serve as a base of communication for all involved persons, because information system professionals and business analysts may potentially have distinct roles, skills, equipment, tools, techniques and terminology [19]. Therefore, a model is better accepted and used if it is developed in a way that is understood by all its users effortlessly. In other words, emphasis must be placed on modeling perspectives and goals associated with projects instead of setting strict guidelines for selecting a modeling technique in order to reduce the model's complexity and increase its ease of use [9]. [13] recommended restricting the size of a process model to a single page and focused on the main activities (coarse-grained), which are difficult to follow [20]. [13] also stated that a good Business Process Model is developed through the application of a divide-and-conquer technique, which helps reduce a difficult problem to smaller and more manageable parts and if possible by using the existing approaches instead of inventing new technology. However, according to the author, very vague descriptions may not provide enough guidance to operational support and very detailed models may have too many rules and be restrictive for use in routine everyday tasks or exceptional situations. In addition, incomplete process models can also result in computer applications that have data fields and functions not used or needed [21]. [22] argued that processes should be flexible and reusable in order to adapt to environmental changes. According to the authors, interoperability also plays an important role in BPM and it is met in heterogeneous systems through the application of web service, which provides a general and high level communication.
However, BPM is only suitable for applications with an essential sense of process or state. In other words, processoriented applications have at least one of the following characteristics: (1) Long running-the process spans hours, days, weeks, months or more from start to finish, (2) Persisted state-the process state is persisted to a database to outlast the server hosting it because the process is long lived, (3) Bursty and sleeps most of the time-the process mostly spends its time asleep waiting for the occurrence of the next triggering event and (4) Orchestration of system or human communications-management and coordination of communications between various systems or human actors is the responsibility of the process [13]. The application of business model analysis in the context of policy analysis is a relatively new approach [5] that could be a tool for policy makers to better understand ICT innovation dynamics, market developments, and accurate assessment of potential impact of policy. The author argued that policy makers may take more appropriate measures and illustrations through the application of an integrated business model framework. Such a framework can potentially be an effective cognitive tool shifting emphasizes from specific isolated policy domains or markets in traditional policy analysis towards the determinants of successful business models. [5] also highlighted the three main challenges for policy makers and analysts as: (1) the dynamic, multi-domain and multi-stakeholder character of ICT market, (2) the multi-sided nature of ICT market mediated between various groups of stakeholders and (3) the manifold implications of policy formulation and analysis. Therefore, it is less relevant to study ICT policy in isolation. The author explained that an integrated framework can be more effective than a partial analysis since it helps policy makers to understand ICT developments, monitor progress, identify opportunities and bottlenecks and assess the policy role.
[8] represents the top ten BPM benefits. The authors indicated that many of the BPM benefits are naturally intangible and difficult to quantify and make a business case for. The authors also stated that the majority of the benefits lie in the managerial and organizational dimensions in addition to a good representation of the operational dimension. Therefore, ICT policy management business process model can potentially benefit the organization from various perspectives such as: ICT policy process understanding, communication, improvement, execution, performance measurement, analysis and change management. In general, an ICT policy business process model can help the organization benefit from good representations of operational, managerial and organizational dimensions. However, [6] represents the top ten challenges of BPM. According to the authors, establishing business value proposition, support for process automation or execution and standardization of process modeling tools, techniques and methods are among the top ten challenges of BPM. Therefore, although the application of BPM in ICT policy analysis can benefit the organization from various perspectives discussed earlier, process modelers have to take into account the respective issues and challenges of BPM as well. As a result, more attention and higher priority should be given to modeling perspectives and goals rather than focusing on less important areas such as the selection of BPM tools, techniques and methods. In addition, [6] also listed the top ten BPM issues as well. According to the authors, standardization of modeling approaches, identification of BPM value proposition and model driven process executions are among the critical areas of concern. The authors indicated that these areas are expected to persist as roadblocks in the future of BPM. Therefore, some issues of the BPM can be tackled through the application or combination of VSM in the ICT policy management modeling process, issues such as: standardization of methodology, methodology governance, management of the model, modeling level of detail, value proposition of process modeling and process orientation. Next section discusses the application of VSM in more detail.

Application of VSM
There are different methods available for organizational analysis and management where, each method has its own weaknesses and strengths. Therefore, practitioners and researchers are required to design or choose methods according to their perception of the situation [23]. There are several methods for organizational management such as Systems Analysis (SA), Systems Engineering (SE), System Dynamics (SD), Operational Research (OR) and Management Cybernetics. They are derived from methods used to solve engineering problems [24,25]. However, applications of such methods are limited in situations that significantly constitute the human factor. In other words, these approaches are generally not applicable to societal problems due to the objectivity assumptions of systems made by analysts [23]. Therefore, although ICT policy management is concerned with technology on one hand, it is highly concerned with human factors and societal problems on the other. In addition, methods such as Interactive Planning (IP), Soft Systems Methodology (SSM) and Strategic Assumption Surfacing and Testing (SAST) emerged as an organized way of exploring human problems and related situations. They were primarily developed to manage problems related to organizational culture (i.e. purpose, roles, values and motivation). For instance, SSM is particularly suited to situations that need participants to develop and debate their ideas [23]. ICT policy may be concerned with culture as one of the human factors but it mainly engages with issues and requirements (but not ideas) which originate from wider perspectives such as: human, technology and economy. [26] made a comparison among several enterprise analysis approaches. According to them, approaches such as Critical Success Factor (CSF), Strengths, Weaknesses, Opportunities, and Threats (SWOT) Analysis, Process Analysis, Normative Analysis, End Means Analysis, Business Strategy Analysis, Value Chain Analysis and Porter Five Forces do not place emphasize on supporting data or information modeling. With the exception of Normative Analysis, these approaches do not address complex situations. The approaches place low to no emphasis on supporting multiple level analyses. They do not have a sound theoretical basis to provide a holistic understanding of enterprise requirements except for End Means Analysis. However, an ICT policy is formulated based on the information or data generated from ICT issues and requirements. An ICT policy may potentially encounter complex situations due to its fluid and bilateral nature (human and technology focus). The case study is also comprised of multiple levels, hence the requirement for multiple level analysis.
As a diagnostic tool to (re-)design organizational processes, VSM is considered to be "the most usable and developed organizational cybernetics expression" [25]. The VSM's intention is to develop functions within an organization that enable it to survive in its given environment [23]. It is recursive, reduces variety, is quick on the draw and adaptive. The VSM seizes its opportunities, which guarantees its survival. The diagnostic power of the tool has been proven worthy, and has been determined through its application to all kinds of organizations [27]. VSM is flexible and robust, two advantages that are a prerequisite in fast-changing environments [28]. It is flexible because new strategic components can be easily inserted into any level without having to make dramatic changes to its surrounding structures. It is robust because it has a long term focus rooted in the identity of the organization. ICT policy is very fluid and is rooted in a fast changing technology that subsequently generates new issues and requirements. The study of ICT policy requires the organization to continuously adapt without having to make dramatic structural changes, and with keeping long term focus. Therefore, the VSM is the most suitable analytical approach to ICT policy analysis. In fact, VSM has been applied to the fields of corporate and IT governance. [29] stated that the VSM and its application to IT governance (the Viable Governance Model, VGM) have proven to be a comprehensive blueprint for designing viable organizations and IT governance arrangements.
However, [30] used Beer's system framework to examine and reinterpret views and conceptions of governance practices, processes and systems. He indicated that evaluation of alternative models of governance shows that explicit emphasis is given to a subset of systemic features. He claimed that models or views of governance bear a superficial resemblance to viable systems thinking. For instance, a model seemingly emphasizes feedback and control whereas another emphasizes coordination. He concluded that when setting such models alongside Beer's model of viability and systemic functioning, they can be regarded as incomplete and perhaps their resemblance of the 'institutional' sub-system to Beer's meta-system is coincidental rather than based on cybernetic consideration. [31] also introduced a theoretical viable model (derived from a theoretical foundation) for the governance of IT. However, [32] claimed that: "we seemingly know little about VSM practical application and the related difficulties and factors of success". Therefore, it can be concluded that available VGMs are: (1) incomplete (bear surface resemblance) or not founded on or legitimized by viable systems thinking and / or (2) derived from a theoretical foundation instead of practical application.
Consequently, [33] argued that VSM should be chosen over other approaches because it represents types of activity rather than things. According to them, VSM doesn't model a number of quite important things required in understanding an organization such as: what it does and how, how and where performance is managed, how the parts are coordinated, how the organization adapts, how or where it takes decisions, and on what information those decisions are taken. They claimed that VSM allows understanding of organizations far better than anything else, which shows that organizations work when they do and why they don't work when they don't. Therefore, what is not addressed by the VSM could be addressed through the application of BPM. According to [33], VSM is used in diagnosis as a normative model, comparing itself to the real world situation to find mismatches, weaknesses or missing systemic elements that explain the problem being experienced. The authors explained that modelers use VSM in analysis and / or design by: (1) doing a "filling in the boxes" exercise and (2) showing the connections between the component sub-systems that represent a feedback loop and a complex equation or (3) going quickly to the core of the organizational issue and focusing on that. On the other hand, [32] demonstrated the classical distinction between organizational structure, processes, diagnosis, design and representation. According to the author, VSM can be used in diagnosis and design of a deep organizational structure whereas BPM can be used in the representation of a surface structure. VSM focus is more on the structural aspect and BPM on the process aspect of an organization. In other words, VSM helps identify viable requirements and structure in ICT policy management and BPM contributes well to the representation of knowledge and operational dimensions that can improve process understanding and execution. The author also stated that more application research is necessary here because we are dealing with the problem of combining the view of systemic functions (VSM) with the view of organizational entities (BPM). [34] stated that a case researcher is likely to develop deep insights into a phenomenon and potentially generate hypotheses by studying a small number of entities intensively. [35] also indicated that case studies involve the intense examination of a small number of entities where independent and confounding variables are not manipulated and controlled respectively. The case study has been identified to have ICT policy management issues through discussions with selected or volunteered stakeholders, and from the findings of preliminary surveys and organizational documents review. After identifying the case study it was essential to identify current ICT policy roles and responsibilities in order to initiate the exploratory study. Interviewees were selected using purposive sampling. [36] stated that purposive sampling is popular in qualitative research. The author proposed the following cases of purposive sampling: (1) Extreme or Deviant Case-learning from highly unusual manifestations of interested phenomenon such as outstanding success, notable failures or exotic events, (2) Maximum Variation-purposefully picking a wide range of variation on dimensions of interest, (3) Stratified Purposeful-illustrating the characteristics of interested particular subgroups, (4) Critical Case-permitting logical generalization, (5) Criterion-picking all cases that meet some criterion, (6) Confirming or Disconfirmingelaborating and deepening initial analysis and (7) Politically Important Cases-that attract attention to the study. Therefore, interviewees were selected based on their management role in ICT policy legislation to elaborate and deepen initial analysis and conduct logical generalization in order to learn from failures.

The use of other methods, techniques and tools in accomplishing the study
However, an intense examination has been conducted in the case study in order to develop a deep insight into the problem. For instance, discussions, documents review and two-phased preliminary survey were conducted in order to collect preliminary data; qualitative research helped in performing data collection from a wider perspective. Policy research is usually undertaken with qualitative research methods that can provide a profound insight into a complicated phenomenon [37]. According to [38], this method (1) allows close interaction between the researcher and community, (2) helps identify different properties and dimensions with their relationships and connections for the purpose of analysis, (3) is more reflective of reality especially of current challenges and status, (4) assists researchers to be collaborative and discursive in nature, being in continuous interaction with ideas and in the generation of ideas through constructive criticism and discourse, (5) has no preconceived ideas, it is shaped and detected by the data from the respondents and (6) is not rigid but flexible as the situation changes.
Data analysis was performed upon the completion of data collection. Case studies generate knowledge of the particular [39] where analytic rather than statistical generalization is possible [34]. According to [40], qualitative research has an interpretive character which aims to discover the meaning that events have for the individuals (researchers) experiencing them and the interpretation of those meanings. In other words, the author argued that qualitative research reports that incorporate expressive language and the "presence of voice in the text" are descriptive. Therefore, hermeneutic analysis was applied to interpret collected data. Hermeneutic analysis is a mode of analysis in qualitative research, which has been successfully used in the study of information systems [41]. According to the author, hermeneutic analysis is primarily concerned with: (1) the meaning of a text or text-analogue and aims to make sense of the whole and (2) the relationship between people, information technology and the organization.
The technique of divide-and-conquer was used in the model design and development in order to reduce the problem into smaller and more manageable parts. Therefore, multi-layered governance structure of the case study and multi-level systemic structure of the VSM were the main considerations in dividing-and-conquering the proposed model. In addition, Business Process Modeling Notation (BPMN) has been utilized in drawing process diagrams. BPMN is more expressive than UML Activity Diagram, which makes it the preferred choice [13]. It is widely extensible and its popularity is rapidly growing [11]. It facilitates business analysis, communication of stakeholders and conceptualization of softwaredevelopment specification. BPMN gives the modeler much freedom to model and its benefit is that it does not favor a particular textual language [16]. The author also argued that transforming BP notation to BPEL may lead to unreadable and complex BPEL process definitions that are hard to debug and maintain. The transformation leaves models with unstructured topologies and constructs due to the missing support for control flow patterns in BPEL [15].
After designing and developing the proposed model it is necessary to evaluate or verify it. However, process modeling becomes more important not only for the purpose of software engineering but also for many other purposes. Business process models are usually constructed to create a knowledge base that could satisfy different purposes such as: business process management, reengineering, integration and monitoring [17]. Therefore, it is necessary to evaluate the quality of process models from different viewpoints [18]. Different studies have shown different methods used for evaluating or verifying the business process models. In other words, business process models have been evaluated or verified differently. For instance, business process models have been evaluated or verified through formal mathematical methods [10], by transforming process diagrams into workflow diagrams [16], via prototyping [22], or peer (interviewee) review in the case of policy analysis [5]. The proposed model of this study [4] have been verfied by: (1) interviewees review, (2) developing a prototype system and (3) through the application of VSM in the design.

Conclusion
This paper discussed the research methodology of an accepted PhD project. The paper has verified that qualitative research, viable diagnosis and modeling, hermeneutic analysis and BPM are the most appropriate techniques or methods for ICT policy analysis and perhaps many other fields of IT governance. They have the potential to improve ICT policy analysis. A combination of these methods led to a seamless research study with a sound theoretical foundation mainly achieved through the application of VSM. Application of the VSM in diagnosing the current practice and formulating the proposed solution also supported this work from VSM perspective.
The proposed model [4] was developed using various methods and / or techniques such as: (1) the VSM, as a basis for design and (2) the BPM, for process representation and automation. Through the application of VSM types of activity and the interplay of different governance levels were represented. The structure of the model also corresponds to the VSM systemic structure. In addition, combination of BPM provided informational elements such as: what activities constitute the process, when and where the activities are performed, who performs the activities, how and why the activities are performed, and what data elements they manipulate.
However, ICT governance structure of the case study was formed in hierarchical levels and an analogous approach (VSM) was applied in order to perform distinguished analysis and design. In addition, divide-and-conquer technique was used in structuring the proposed model. In other words, the proposed model combines or reflects ICT governance structure of the case study and the VSM systemic structure. As a result, the proposed solution provides ICT policy management model for various organizational levels and the entire organization as a whole. It also combines the view of systemic functions and organizational structure (VSM) with the view of organizational processes and entities (BPM). Therefore, the model is "multi-tiered" and "multi-perspective".
Analysis revealed that there were low levels of coordination with system one and poor communication with system three.
An appropriate system two and three star did not exist, system four was not well-established and system five did not interactively communicate with all management levels. As a result, the whole system is clustered into isolation. However, the proposed model incorporates recommendations to concatenate isolated clusters. In other words, the model proposes recommendations that integrate organizational levels in order to become dynamic. Therefore, the model is "integrative" and "dynamic".
Different ICT policy management issues were identified, such as: management, structural, operational and technological. However, the model includes recommendations addressing various types of issues associated with different organizational levels. Firstly, management recommendations are made in order to govern the operation of the system. Secondly,