MODELLING THE SECURITY OF BUSINESS PROCESSES WHEN CREATING AND TRANSFERRING VALUES FOR STAKEHOLDERS

. The purposeof the recent study is to substantiate the directions and develop a methodological approach to modelling the security of business processes by their main types, considering the interests of stakeholders who receive value from interaction with the business.Business as an economic system is based on the significant number of transactions that can lead to different financial, material, informational losses, as well as reputational risks due to the lack of stakeholders’ trust. To prevent these losses when creating and transferring values for stakeholders we suggested the approach to modelling the security of business processes which takes into account their main types (main, auxiliary, managerial business processes and business development processes), the results (value created) that key stakeholders get at the output of these processes, and the indicators that reflect the criteria for modelling the security of business processes — efficiency, effectiveness, and quality (customer satisfaction with the result of the process — the recipient of value). Using the fuzzy set method, a map of identification of the security status of basic, auxiliary, managerial business processes and business development processes was developed, which allows to use a wide range of characteristics of business processes and linguistic variables to describe them (from «catastrophic» state to «very good») and allows you to model options for changing the strategy of the enterprise in order to avoid the risk of imbalance of economic, social and environmental interests of its stakeholders. The proposed approach was applied to retail chains in Ukraine and provided decision-makers with useful information for a better contribution of internal control systems to creating stakeholders’ value.


Introduction.
In terms of the institutional theory, the modern business is a certain pool of interactions that occur both with its internal and external contractors.Generally, these relationships arise during the implementation of business processes and are supported by the meeting social, economic or environmental interests of its stakeholders.Due to the fact that the satisfaction of some interests in a certain group of stakeholders can lead to a violation of the balance of other interests in other groups, there is a conflict of interest, and its opposite effect is the increase in vulnerability or decrease in the security of business processes.
The fact of the matter is that the conflict of interest gives rise to the dissatisfaction of stakeholders and they tend to reconsider their contributions to the business (for example, to work with less return, to withdraw invested capital, to terminate the contract, etc.).The consequences of reducing contributions are the decrease in the quality, effectiveness and efficiency of business processes, which together determine the state of their security.Under such conditions, modeling the security of business processes acquires special significance in the context of creating and transferring value for the stakeholders, that is defining such a state of business processes in which, on the one hand, the value, obtained by stakeholders, increases, and on the other -the conditions of business processes meet the minimum necessary criteria and ensure the creation of value for the business itself.
The issues of modelling and evaluation of business processes were developed in the publications of [1][2][3], where the authors developed methodological principles for ranking business processes taking into account their compliance with key success factors (KSF).These developments involve step-by-step calculations of business processes evaluation in accordance with the established criteria (indicators) of efficiency, comparison of business processes with key success factors and ranking of business processes according to the importance and problem character of their implementation using methods of functional and cost analysis, expert evaluations, additive folding [2], matrix, analysis of hierarchies [1].A similar approach is given in the research paper [3], where the authors use the method of questionnaires to evaluate business processes and propose a mechanism for developing their priority on the basis of quality criteria and their impact on business development.
Within the organization of information protection of business processes,the research paper [4] gives the sequence of determining their security using a complex security indicator, the ISSN 2306-4994 (print); ISSN 2310-8770 (online) calculation of which is based on simulation modelling taking into account the tuple of significance of partial indicators.Recommendations for business process evaluation, given in the work of [5], include stages of selection of risk assessment methods based on the comparative evaluation of existing approaches by criteria of identification, consequences, level of probability and risk evaluation, followed by grouping, taking into account the tasks of analysis by type, consequences and critical failures, the prime cause, the evaluation of the operator reliability, and the safety of maintenance aimed at ensuring reliability [5].
P. Hermann and G. Hermann have developed graphical concepts for analysis and definition of security requirements and mechanisms to ensure the performanceof these requirements, as well as a collection of reference models and topical researchthat modifies business processes [6].
Modelling of goals in business process security has been developed in this research paper [7].The author's model of security goals is based on six components (confidentiality, honesty, accessibility, authentication, authorization and traceability) and describes their attributes at the organizational level, business processes level and integration level.
The evaluation of processes security using a modern method of model checking in a dynamic environment has become the subject of research [8], in which the authors propose accessible interfaces and comprehensive feedback for business analysts for its use in industry.
From the point of view of confidentiality and data protection, the security of business processes has beendeveloped by J. Mülle and others [9].Researchers M. Leitner, S. Schefer-Wenzl, S. Rinderle-Ma and M. Strembeck confirm experimentally the significance of semantic transparency of visual symbols when modelling the security of business processes [10].
So, the interest inmodelling and evaluating the security of business processes in the academic world is quite large and concerns both certain attributes (criteria) of security and approaches to modellingitself made at different levels and for different business processes.Considering the pluralism of opinions and the absence of any systematic view on modelling the security of business processes when creating and transferring values for stakeholders, we are going to formulate the theoretical basis and main hypotheses of this research.
The aim of the recent study is to substantiate the directions and develop a methodological approach to modelling the security of business processes by their main types, considering the interests of stakeholders who receive value from interaction with the business.
To achieve this goal, the following tasks were set: -to determine the principles of modelling the security of business processes considering the interests of key stakeholders; -to develop a system of indicators to identify the state of business processes, taking into account the implamentation of stakeholders' interests; -to develop a criteria-based approach to modelling the security of business processes taking into consideration the interests of key stakeholders.
Materials and methodology for evaluating the security of business processes.Theinformation background of the study was the scientific papers, which reviewed the issues of business processes security, related to the development of its theoretical basis, graphical concepts, evaluation indicators, development of requirements and regulations of business processes.
To identify the state of business processes, considering the interests of stakeholders, it was proposed to use a set of data by a list of indicators that will fully characterize the security of business processes with the allocation of maximum and minimum values for a certain period of time, and also the description of economically, socially, and environmentally oriented projects in order to meet the interests of main groups of stakeholders.
To model the security of business processes during the creation and transferring the value for stakeholders there were used the methods of observation, calculation of average indicators, coefficient method, method of dynamic analysis, scoring, method of fuzzy logic, additive folding, considering the significance of components, which all together allowed the creation of author's criterion approach to business processes modelling.
The results of the research on modelling the security of business processes considering the interests of stakeholders.
ISSN 2306-4994 (print); ISSN 2310-8770 (online) Defining the principles of modelling the security of business processes considering the interests of its key stakeholders.
The analysis of existing practices allowed to define principles for the development of the author's approach to modelling the security of business processes which is based on criterion evaluationsconsidering the interests of key stakeholders.
Thus, taking into account the composition of the evaluation subjects, universality is considered to be the main principle of developing a methodological approach, sinceit reflects the possibility of using the author's development for self-assessment and external evaluation of business processes security.It distinguishes the author's development from the existing ones, which are based on a set of specific indicators and characteristics, that are used by developers in accordance with a certain model in the process of questioning employees.Objectivity is another principle, which involves the use of information from open sources, along with the possibility of applying the developed method under conditions of incomplete information; it results from the low level of business transparency in regard to the organization and results of business activity in general [11], particularly the implementation of a process approach.
Developing a system of indicators to identify the state of business processes taking into consideration the interests of stakeholders.
Since the key criteria for modelling the security of business processes are effectiveness, efficiency, and quality (satisfaction of stakeholders), the indicators that reflect them are formed taking into consideration the content of specified criteria.
In the matter of effectiveness, duringits substantiation by types of business processes,we have taken into account the definition of these indicators as reflecting the process output, bearing in mind that the indicator reflects the result of a particular process.In this meaning, the content of business processes effectiveness differs from the perception of effectiveness as a characteristic for the degree of achievement in target (planned, regulatory) value, as it was noted in the following research papers [12; 13].
Efficiency indicators are formed in accordance with the resource-based approaches to the interpretation of efficiency; they are based on the ratio of the main results of the business activity (income, profit) to the costs (resources) incurred (involved) to obtain these results.
Business processes quality indicators, as well as effectiveness indicators, are specific to each business process and are determined in accordance with the composition of consumers (customers) by them.At the same time, it should be noted that in the author's interpretation, consumers of business processes are determined without considering their location in regard to the business (external, internal), but based on groups of stakeholders (Table 1).So, the set of indicators that reflect the author's view of metrics by types of business processes is given in Table 1.The growth of market value The proposed system of indicators has been formed on the basis of criteria established for modelling processes (effectiveness, efficiency, quality (customers' satisfaction)) considering the data of financial statements.It includes the most important indicators that reflect the result of business process.
The list of indicators can be reduced or extended -it is dependent on the research objectives.At the same time, regardless of quantity, forming them due to the criteria of effectiveness, efficiency, and quality will make it possible to establish the security level of business processes from the viewpoint of stakeholders and their interests.It will afford us the opportunity to use a wide range of qualitative characteristics to derive a state of business processes and linguistic variables to describe and compare within this framework the results of research on business of different formats and scales of activity, as well as modelling options for changing strategy and choosing effective managerial decisions.
Development of the author's approach to modelling the security of business processes based on criterion evaluations considering the interests of key stakeholders.
The methodical approach has been substantiated for the general description of the sequence when modelling the security of business processes.This approach is based on theoretical foundations on the essence of economic security, components of business processes and features of their implementation, as well as informative characteristics of security obtained by the results of critical analysis and generalization of their meanings and the composition given in the scientific works [13][14][15], as well as in our own research papers [16].
To identify the security of business processes we also considered: 1) the basic foundations of the process approach, particularly its interpretation as obtaining the desired result through the management of activity and relevant resources as a process [17]; 2) the target orientation of business processes, compliance with which allowed us to identify the main parties concerned with the results of business processes (stakeholders) and to complete this list with consumers (customers), owners and investors, staff (top management and employees), suppliers, society (local communities) [11; 19]; 3) criteria of efficiency, effectiveness, and quality (customer satisfaction), which to the greatest extent (among the existing characteristics of business processes) will contribute to achieving the aim of the research that is to develop a methodological approach to modelling the security of business processes.
Modelling the state under which the business processes are secured taking into account the interests of stakeholders is carried out using the methods of observation, calculation of average indicators, coefficient method, method of dynamic analysis, scoring, fuzzy logic, additive folding considering the significance of components.The general logic of such modelling is shown in Fig. 1 and requires the evaluation of business processes by the criteria of effectiveness, efficiency, and quality in the following sequence: 1. Establishing a set of dataaccording to the aim of the research.To identify the state of business processes considering themeeting stakeholders' interests, we propose to establish a set of data on effectiveness, efficiency, and quality of processes for the tth period of time accordingly to the list of indicators see (Table 1), with the allocationof their maximum and minimum values for acertain period, as well asa description of projects of economic, social, and ecological orientation when creation and transferring value for the main groups of stakeholders (Table 2).Z6 -a very high level of the indicator.To determine the belonging of the set of indicators to subsets Z let's define the interval R: where R is the value of the interval; max min , Z Z -the largest and smallest values of the indicator.
The authors propose the following rules for ranking the actual indicators of effectiveness, efficiency, and quality of business processes on subsets (Table 3).

Z2
very low level of the indicator

Z4
average level of the indicator

Z5
high level of the indicator

Z6
very high level of the indicator The results obtained after considering the actual values of effectiveness, efficiency, and quality indicators of business processes for belonging to the subsets «very low level», «low level», «average level», «high level», «very high level» should be described in a table (Table 4).

Table 4 The results obtained after considering the actual values of effectiveness, efficiency, and quality indicators of business processes
The level of business processes security 0,0 0,1 0,3 0,5 0,7 0,9 4. Calculation of the coefficient and identification of the security rate of the business process, considering the interests of stakeholders.
During the calculations, we consider the value of the linguistic variable «The level of business processes security» (G), and to identify the rate of business processes securitywe use the formula [20]: where G is the security of the business process, the coefficient; Conditions for identifying the state of business processes security, considering the interests of stakeholders are given in Table 5.
Table 5 Conditions for identifying the state of business processes security, consideringmeeting the stakeholders' interests Values of G Name of the subset 0,0 G1 -the security of business processes, considering meeting the stakeholders' interests is catastrophic [0,0…0,2] G2 -the security of business processes, considering meeting the stakeholders' interests is very bad [0,21 … 0,40] G3 -the security of business processes, considering meeting the stakeholders' interests is bad [0,41…0,60] G4 -the security of business processes, considering meeting the stakeholders' interests is not bad [0,61 … 0,80] G5 -the security of business processes, considering meeting the stakeholders' interests is good [0,81 … 1,0] G6 -the security of business processes, considering meeting the stakeholders' interests is very good The proposed methodological approach to modelling the security of business processes was tested according to the data of 20 retail chains operating in Ukraine.The selective setconsists of 15 companies at the national and 5 at the regional level, which are recognized as the largest companies in Central and Eastern Europe and Ukraine.In addition to the fact that the retail chainsof the selective set are homogeneous in the main type of economic activity, they are also similar in the nature of development.It is confirmed by the coefficients of the dynamics variation of net income and assets, the absolute values of which during 2014-2019 were low and amounted to 12.3…25.5% in the dynamics of income and 12.2…45.3% in the dynamics of assets.
The results of the study have revealed that in terms of considering the interests of stakeholders, most of the researched companies had an average level of business processes security.Thus, for 16 objects (80.0%) we have noted the 2 nd and the 3 rd levels of security, namely: for 6 eobjects (30.0%) we diagnosed the 2 nd level of security (its linguistic characteristic is«bad»), for 10 objects-the 3 rd level (its linguistic characteristic is «not bad»).Generally, the total security coefficient for the set of retail chains is 0.44 (its linguistic characteristic is«not bad»).
The results of diagnosing the security of business processes in terms of their main types are not so single-valued (Fig. 2).Development processes are generally the most secure for retail chains.According to this group of business processes, for 50.0% of the researched objects, we have noted the 4 th and the 5 th levels of security (their linguistic characteristics are «good» and «very good», respectively).High levels of security are also noted for operational processes, which constitute the main business.It is confirmed by the establishment of the 4 th and 5 th levels of security of main business processes for 20.0% of the researched objects.
As for supporting business processes and management business processes, linguistic characteristics such as «bad» and «not bad» prevail in the general list of characteristics completed according to the given business processes.The results of the analysis showed that security levels of supporting and management business processes are 2 («bad») and 3 («not bad») for 11 (55.0%) and 16 (80.0%)companies, respectively.
The realization of these interests has led to the fact that about half of the researched objects provided high and medium levels of security of primary, supporting, management, and development business processes.
Conclusions.To model the security of business processes we have substantiated the criteria of effectiveness, efficiency, and quality, for all of themwe developed a system of indicators that reflect the satisfaction of stakeholders' interests when creating and transferring value (result).Dissatisfaction or incomplete satisfaction of stakeholders' interests due to deterioration of effectiveness, efficiency or quality indicators is a sign of danger to processes, and it,therefore, requires modelling of their state in order to minimize the risk of financial, material, informational, and reputational losses.To evaluate the business activity in creating and transferring value for key stakeholders we used the method of points and developed a scale for evaluating projects of economic, social, and environmental orientation in the process of implementation of relations with stakeholders based on social responsibility.The developed system ofeffectiveness, efficiency, and quality indicators of business processes (including evaluation of business activity in creating and transferring value for key stakeholders) was the basis of the proposed criterion approach to modelling the security of business processes, based on fuzzy sets and considering a wide range of qualitative characteristics of the state of business processes and linguistic variables to describe them.We used the author's criterion approach to modelling the security of business processes considering the interests of key stakeholders, and it allowed us to identify critical areas in the security of main, supporting, management, and development business processes, and the trends for strengthening interaction with key stakeholders.

Fig. 1 .
Fig. 1.Methodical approach to modelling the security of business processes considering the meeting stakeholders' interestsbased oncriterion evaluations

jg
-the indicator of the probability of the business process security on thej-th subset, the coefficient; i r -coefficient of the significance of thei-thindicator; N -number of indicators; ISSN 2306-4994 (print); ISSN 2310-8770 (online) ij λ -index of belonging of thei-th indicator to the j-th subset.

Fig. 2 .
Fig. 2. The state of business processes security, considering meeting the stakeholders' interests

Table 1 Indicators for identifying the state of business processes, considering the interests of stakeholders
ISSN 2306-4994 (print); ISSN 2310-8770 (online)

Table 2 Scale for evaluating the business activity dutingcreation and transferring values for stakeholders
ISSN 2306-4994 (print); ISSN 2310-8770 (online)

Table 2 (
continued) The linguistic variable «Level of the indicator» (Z) has the following term sets of values: Z1 -unknown level of the indicator; Z2 -very low level of the indicator; Z3 -low level of the indicator; Z4 -the average level of the indicator; Z5 -high level of the indicator; ISSN 2306-4994 (print); ISSN 2310-8770 (online)