🔍

Undesired Activity

Enrichments

Overview

The Undesired Activity enrichment identifies cases where specific activities occur that should not be present in your process according to your business rules or compliance requirements. This powerful conformance checking tool helps you detect unauthorized actions, policy violations, deprecated procedures, or activities that indicate potential fraud or system misuse.

Unlike other conformance enrichments that look for missing or repeated activities, this enrichment focuses on detecting the presence of activities that should never occur in a compliant process. For instance, manual overrides in an automated approval system, emergency procedures used in normal operations, or deprecated activities that were supposed to be phased out but are still being executed.

Common Uses

  • Detect unauthorized manual interventions in automated processes
  • Identify use of deprecated or obsolete activities that should have been retired
  • Monitor for policy violations such as bypassing required approval steps
  • Flag potential fraud indicators like unusual refund activities or account modifications
  • Track emergency procedures being used in non-emergency situations
  • Identify test activities accidentally executed in production environments
  • Detect workarounds that bypass standard process controls

Settings

Rule Group Name: Enter a descriptive name for this conformance rule group. This name serves as a prefix for all attributes created by this enrichment and appears in conformance reports. Choose a name that clearly indicates what type of undesired behavior you're monitoring, such as "Unauthorized Activities", "Deprecated Procedures", or "Policy Violations".

Severity: Select the severity level for cases where undesired activities are detected:

  • Low: Minor process deviations that should be monitored but don't require immediate action
  • Medium: Significant conformance issues that require investigation and corrective action
  • High: Critical violations that may indicate fraud, compliance failures, or serious process breakdowns

Activity Attribute Values: Select one or more activities from your event log that should not occur in compliant cases. The enrichment will create a separate boolean attribute for each selected activity, allowing you to track different types of violations independently. Activities are displayed with their frequency statistics to help you identify which undesired activities are most prevalent.

Examples

Example 1: Financial Process Compliance

Scenario: A financial services company needs to ensure that certain high-risk activities don't occur in their standard payment processing workflow, as these could indicate fraud attempts or policy violations.

Settings:

  • Rule Group Name: "Prohibited Payment Activities"
  • Severity: High
  • Activity Attribute Values:
    • "Manual Override Payment Limit"
    • "Bypass Fraud Check"
    • "Emergency Fund Release"
    • "Delete Payment Record"

Output: The enrichment creates four new boolean attributes:

  • "Prohibited Payment Activities: Manual Override Payment Limit"
  • "Prohibited Payment Activities: Bypass Fraud Check"
  • "Prohibited Payment Activities: Emergency Fund Release"
  • "Prohibited Payment Activities: Delete Payment Record"

Cases where any of these activities occur are marked as TRUE for the corresponding attribute and flagged as high-severity conformance violations.

Insights: The company can now quickly identify and investigate cases where critical security controls were bypassed, enabling them to detect potential fraud attempts and ensure compliance with financial regulations.

Example 2: Healthcare Process Monitoring

Scenario: A hospital wants to monitor for deprecated procedures in their patient admission process that were supposed to be eliminated after implementing a new electronic health records system.

Settings:

  • Rule Group Name: "Deprecated Admission Steps"
  • Severity: Medium
  • Activity Attribute Values:
    • "Paper Form Submission"
    • "Manual Insurance Verification"
    • "Fax Medical Records"
    • "Phone-based Appointment Booking"

Output: Creates boolean attributes for each deprecated activity, marking cases as TRUE when these old procedures are still being used despite the new system implementation.

Insights: The hospital can identify departments or staff members still using old procedures, enabling targeted training and ensuring complete adoption of the new electronic systems.

Example 3: Manufacturing Quality Control

Scenario: A manufacturing company needs to ensure that certain emergency procedures are only used in actual emergencies and not as shortcuts in regular production.

Settings:

  • Rule Group Name: "Emergency Procedures Misuse"
  • Severity: Medium
  • Activity Attribute Values:
    • "Emergency Quality Override"
    • "Skip Safety Inspection"
    • "Bypass Calibration Check"
    • "Emergency Material Release"

Output: The enrichment flags cases where emergency procedures were invoked, allowing the company to verify whether these were legitimate emergencies or inappropriate shortcuts.

Insights: By tracking the use of emergency procedures, the company can identify production lines or shifts that may be cutting corners on quality and safety protocols, enabling corrective action before serious issues arise.

Example 4: IT Service Management

Scenario: An IT department wants to detect when deprecated or insecure practices are still being used in their incident resolution process.

Settings:

  • Rule Group Name: "Insecure IT Practices"
  • Severity: High
  • Activity Attribute Values:
    • "Grant Admin Access Without Approval"
    • "Direct Database Modification"
    • "Bypass Change Management"
    • "Use Shared Admin Account"

Output: Creates conformance attributes that flag cases where insecure or non-compliant IT practices occurred, marking them as high-severity violations.

Insights: The IT department can quickly identify and address security vulnerabilities in their processes, ensuring compliance with IT governance policies and reducing the risk of security breaches.

Example 5: Procurement Compliance

Scenario: A procurement department needs to monitor for activities that violate purchasing policies, such as splitting orders to avoid approval thresholds or using non-preferred vendors.

Settings:

  • Rule Group Name: "Procurement Violations"
  • Severity: Medium
  • Activity Attribute Values:
    • "Split Purchase Order"
    • "Use Non-Contracted Vendor"
    • "Retroactive Purchase Approval"
    • "Skip Competitive Bidding"

Output: The enrichment creates boolean attributes for each violation type, allowing the procurement team to track different types of policy violations separately.

Insights: The organization can identify patterns of non-compliance in their procurement process, enabling them to strengthen controls, provide targeted training, and ensure adherence to procurement policies.

Output

The Undesired Activity enrichment creates multiple case-level attributes in your dataset:

Group Attribute: A master boolean attribute named after your Rule Group Name that indicates whether ANY undesired activity occurred in the case. This provides a quick way to filter all non-compliant cases regardless of which specific activity triggered the violation.

Individual Activity Attributes: For each selected activity, a separate boolean attribute is created with the naming pattern "[Rule Group Name]: [Activity Name]". These attributes allow you to track specific types of violations independently.

Attribute Values:

  • TRUE: The undesired activity occurred in this case (conformance violation detected)
  • FALSE: The undesired activity did not occur (case is compliant for this activity)

Conformance Issue Registration: Each detected violation is registered in the system's conformance issue list with the specified severity level, enabling integration with conformance dashboards and automated alerting systems.

These attributes can be used in filters to isolate non-compliant cases, in calculators to measure violation rates, and in visualizations to show patterns of non-compliance across your process. The enrichment also updates activity statistics to reflect their conformance status, making it easy to identify which undesired activities are most problematic.

This documentation is part of the mindzie Studio process mining platform.

An error has occurred. This application may no longer respond until reloaded. Reload ??