Monitoring

Monitoring of business processes involves the systematic observation, analysis, and oversight of various activities and workflows within an organization to ensure efficiency, effectiveness, and compliance with established objectives. This ongoing surveillance includes tracking key performance indicators, identifying bottlenecks, and evaluating overall performance to facilitate informed decision-making and continuous improvement. By employing monitoring tools and methodologies, businesses can optimize their processes, enhance productivity, and respond promptly to emerging challenges, ultimately contributing to the overall success and sustainability of the organization.

Close terminology

Workflow Oversight – The systematic supervision of the sequence of tasks and activities within a business process to identify and address any inefficiencies or deviations from desired outcomes.

Operations Surveillance – The continuous monitoring of operational activities to ensure they align with organizational objectives and contribute to overall efficiency.

Performance Analysis – The examination of key performance indicators (KPIs) and metrics to evaluate how well a business process is performing and identify areas for enhancement.

Activity Tracking – The systematic recording and monitoring of individual tasks and actions within a process to gain insights into their efficiency and effectiveness.

Efficiency Evaluation – The assessment of how well processes and activities are executed, with a focus on minimizing resource utilization and maximizing output.

Business Process Management (BPM) – A holistic approach to optimizing and managing end-to-end business processes, encompassing design, execution, monitoring, and improvement.

Requirement

The process begins with the initiation phase where the need for monitoring is identified, e.g. by goal-setting , planning or coordination processes. It most often defines monitoring objectives and identifies key performance indicators ( KPIs ).

Approach

There is a structured methodology or framework needed in place for conducting monitoring activities. This may include predefined metrics, key performance indicators (KPIs), or specific techniques for data collection and analysis.

For improving the monitoring of the electronic environment of the state administration, in cooperation with CERT.LV, the Ministry shall develop criteria to identify institutions where CERT.LV should deploy security sensors and shall develop a strategy for broader installation and use of security sensors-appropriate and sufficient information about the national IS and related ICT infrastructure is a prerequisite for planning, determining and monitoring uniform principles of IS accessibility and ICT continuity management
Can we rely on the access to IS and the receipt of e-services? LRVK - Latvia 2022

Timing

A critical dimension that encompasses the regular and consistent observation of processes, systems, or activities over time. It involves tracking performance metrics, trends, and patterns to assess how they evolve, fluctuate, or remain stable over different time intervals. By analyzing data longitudinally, organizations can detect early warning signs of issues, evaluate performance against targets, drive continuous improvement, and make informed decisions. The time dimension also enables organizations to assess the impact of interventions, anticipate future trends, and proactively address challenges, ultimately contributing to enhanced efficiency, effectiveness, and resilience in operations.

Checks were carried out irregularly and only after discovered incidents, queries/complaints from data subjects, or other external events.
Database access management RKTR - Estonia 2023

Data Collection

[component]

Data Analysis

[component]

Alert

Setting up alerts for critical thresholds or deviations. Requires: definition of alert criteria and establishing notification mechanisms.

Ministry of Economy and Innovation does not monitor program implementation indicators. Without progress monitoring, delays in the implementation of strategic goals, objectives and measures are not identified before the end of the planned implementation period, so that actions can be taken to manage the risk of delays (subsection 2.1, page 22).-IVPK annually conducts a study of the use of electronic services, but the monitoring does not include the evaluation of all (64 351) provided electronic services, but only 12 main ones.
Management of digitalization of public and administrative services VK - Lithuania 2023

Incident response

Special alerts address issues or incidents identified through monitoring. To work properly, the incident response mechanism needs well calibrated indicators and then applies response procedures to start corrective actions .

The Public Key Infrastructure has achieved a high level of security - it meets the high security requirements set by ZertES and various European standards, but monitoring and logging need improvement. The PKI may not be able to detect and respond to security incidents as quickly and effectively as it could with better monitoring and logging capabilities.
Examination of development and operation of the public key infrastructure SFAO - Switzerland 2023

Reporting

Monitoring by definition generates regular reports for own organisation and stakeholders. Apart from statistics, summary of key findings it usually contains recommendations for next steps.

Monitoring and control of the implementation of the National Cybersecurity Strategy is focused on continuous reporting on the progress achieved, but in 2019-2021 the strategy implementation results were not reviewed annually: from 2021 after the Law on Strategic Management came into force, the Ministry of National Defence did not collect and systematize information about the results of the implementation of the National Cybersecurity Strategy. The executors of the Strategy did not monitor all measures and evaluation criteria.
Cyber Security Assurance VK - Lithuania 2022

Cost accounting

Accounting that studies the costs and profits relating to different parts of a business.

The audit was not able to determine the exact costs of the Public Key Infrastructure because full cost accounting was not performed. This suggests that there may be some uncertainty or lack of transparency in the cost structure of the PKI.
Examination of development and operation of the public key infrastructure SFAO - Switzerland 2023

INs and OUTs (section under development)

coming in

going out

Controls to review

regulation, documentation, reports