The operational management of risk and internal controls (RIC) makes increasing use of visual representations to support tasks such as risk assessment and control activity definition. The strengths and weaknesses of different representations are typically assessed by cognitive theories that assume an analytical and an intuitive mode of information processing. Previous research has focused mainly on the analytical risk assessment while intuitive information processing has largely been neglected. We develop a theoretical argument based on dual-process theory, which explains why RIC representational alternatives influence different levels of information processing. We test our hypotheses with the help of an online experiment using accountants and operation managers recruited via MTurk (N = 166). Our results suggest that highlighting risk and controls in business process modeling and notation (BPMN) by using color improves risk understanding, control understanding, and the identification of control improvements, which help reduce the risk in a given process. Furthermore, we do not find evidence that the inclusion of color leads to perception biases. This has implications for information systems research, which has primarily addressed the analytical processing of conceptual models. Our findings extend cognitive research on such models by adding an intuitive processing path that can improve the user’s risk management performance. For practitioners, our findings are particularly relevant because colors can be easily added as a secondary notation element without disguising the factual risk situation in processes.
Kummer, Tyge-F. and Mendling, Jan
"The Effect of Risk Representation Using Colors and Symbols in Business Process Models on Operational Risk Management Performance,"
Journal of the Association for Information Systems: Vol. 22
, Article 7.
Available at: https://aisel.aisnet.org/jais/vol22/iss3/7
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.