Continuous Integration of Risk Management in a Business Process Reengineering: Towards Optimization through Machine Learning

To improve their market position and competitiveness, organizations aim to shorten production times, cut costs, and boost the quality and variety of their products. While Business Process Reengineering (BPR) is a good method to achieve these goals, implementing it can be risky: any change to a task in the initial process directly affects the final process's performance in terms of time, cost, and quality. This article, drawing on design science, a literature review, and a field study with responses from executives and managers of two companies in the aerospace and automotive sectors in Morocco to measure their satisfaction and identify their risk management needs, provides an overview of the BPR method, its implementation frameworks and methodologies, and explains the importance of risk management in such projects. It suggests an improved continuous risk management process for BPR projects that enhances the gathering and use of risk management data through machine learning.


1-Introduction
The exigencies of the contemporary business milieu underscore the indispensability of adopting robust strategies to drive radical improvements in operational efficiencies and value creation [1].Organizations that do not opt for changes, sometimes imposed by clients or the environment in general, will lose their competitiveness and may even disappear from the market [2].In this sense, business process management is a systematic approach to accomplishing work and achieving objectives [3].Reorganizing and redesigning traditional business processes are indeed crucial steps for manufacturing organizations aiming to enhance their operational efficiency, adapt to changing market demands, and maintain or improve their competitive edge.BPR appears to be the best method to adopt in response to this observation.Its main objective is to reduce costs, meet deadlines, and improve the overall quality of manufacturing [4].BPR is today the most popular approach for driving change and garners significant attention from academicians and practitioners [5][6][7][8].
Numerous studies have shown that the implementation of BPR is a highly risky operation, and 80% of implementation projects have failed [9,10].Other studies have indicated that the success rate of a BPR project is only 30% [6,11].Furthermore, 70% did not achieve the desired results [12].BPR is the only method, if applied correctly, capable of delivering spectacular results [13].The necessity for success factors imposes significant difficulty in producing frameworks and methodologies, and there is ambiguity between these two terms.On the other hand, the need for the application of a sound risk management approach is essential [14].
The risk-based approach is a key method for implementing management systems by following management standards and requirements.When management systems are set up individually, risks are assessed from just one viewpoint.However, when two or more systems are combined, this approach must consider the combined effects of the risks resulting from the systems being integrated [15].
Additionally, artificial intelligence and machine learning remain tools to handle the enormous amount of data produced by business processes to solve problems and achieve significant results [16][17][18].
In the current context, every business needs a fundamental and scientific model to help achieve desired outcomes for a competitive edge, while incorporating risk management and machine learning for a more coherent and effective approach.Several researchers have suggested methods to explore the connection between critical success factors (CSFs) of business process redesign, operational or organizational performance, and now, the importance of considering risk management and the use of machine learning to optimize these processes.Each method had distinct stages but did not assess the success of BPR nor substantially consider the integration of risk management and machine learning technologies.However, the majority of academics have somewhat overlooked the potential of integrating CSFs, risk management, and business process performance, supported by machine learning, as a measure of BPR effectiveness during the reengineering processes for thoughtful advancement.CSFs, alongside proactive risk management and the leveraging of data through machine learning, should be considered to prevent BPR failure, as they are crucial steps in the redesign phases of processes.Thus, the main question arises: How can we combine CSFs, risk management, and business process performance, enhanced by machine learning, throughout the reengineering processes?Moreover, what outcomes can we expect if this integrated approach is implemented [19]?
The purpose of this study is to apply the steps of design science to fully grasp the concepts of BPR and to offer practitioners and academics a practical, continuous risk management process that generates data usable by machine learning during the implementation of a BPR project.

2-1-1-Definition
Business Process Reengineering (BPR) has garnered significant attention since its conceptual inception during the early 1990s.Scholars and practitioners alike have discussed its relevance, methodology, implications, and success factors [20].BPR emerged in the early 1990s as a radical approach to rethinking and redesigning business processes to achieve significant improvements in performance metrics like cost, quality, service, and speed [21].Reengineering is "a radical redesign of business processes [22].BPR is described as a strategy where processes are designed to optimize an organization's potential [23].Another definition is that BPR is a management technique aimed at either overhauling or substituting inefficient procedures to achieve remarkable outcomes [24].This approach can be implemented on an individual process, multiple processes.According to Bhaskar, BPR is a tailored strategy, meaning that each organization employs it uniquely to meet their specific needs and objectives.This approach is suitable for small, medium, or large manufacturing or service organizations [25].
BPR can be characterized as a comprehensive transformation of a business, encompassing a radical reconfiguration of all its processes, technologies, management systems, organizational structures, and values.The goal is to achieve significant leaps in performance across the entire enterprise.BPR necessitates appropriate integration with the various other organizational subsystems, advanced technology, and other methods.It is not effective in isolation.IT holds a central role in BPR by offering the means to attain breakthrough performances in organizational systems, but its purpose can be easily misconstrued.[26,27].

2-1-2-Critical Success Factor
Achieving a high success rate in implementation projects is the pinnacle of accomplishment for any implementation team.Yet, the success of business process re-engineering projects has been inconsistent, often due to the adoption of best practices or industry standards from different sectors without fully understanding the specific needs of the target industry.It's worth noting that approximately 70% of these projects fail, mainly because of the absence of an appropriate framework or methodology [14].Nonetheless, numerous factors influence the outcome of a project.These factors serve as key indicators in forecasting the project's success or determining its likelihood of success.BPR carries inherent risks.The successful execution of BPR hinges on various critical success factors [28].
By analyzing the literature, we can identify eleven major success factors for the implementation of BPR projects, and ultimately identify the major factors contributing to the failure of a BPR project (Table 1) [29].Typically, while various factors influence business process re-engineering projects, the human element remains paramount [30].Leveraging data and data analytics to guide decisions during implementation can significantly affect a project's outcome.By having a clear understanding of the factors that determine the success or failure of a project, one can forecast the outcome of a business process re-engineering implementation by harnessing the power of data and employing data science and machine learning methodologies.Given the growing volume of process data as event logs and the use of generative machine learning for automating creative tasks across different areas, there exists significant potential for Business Process Improvement (BPI) [31].

2-1-3-Frameworks
The reengineering process is divided into stages, with the outcome of one stage feeding into the next.Both the diagnosis and transformation stages need to be completed before moving to implementation, which can limit agility.A framework offers a systematic approach to monitoring progress towards meeting goals and objectives [32].Various strategies and blueprints have been created for BPR implementation.Yet, a primary consideration among BPR professionals is choosing the right methodology [10].Nevertheless, many business entities that undertook BPR initiatives have predominantly utilized traditional linear life cycle models.
The Motwani framework offers a different approach from Mendling's.Instead of promoting a centralized database for all business processes as a knowledge base, the Motwani framework focuses on each specific change needed.This framework is organized into six separate phases: 1. Understanding the full scope of the task.
2. Starting the project with clear and measurable objectives.
3. Establishing a base and benchmarks during the planning phase.
4. Moving the process from its current form to its updated version.
5. Implementing the desired change.
6. Evaluating the results against the established goals.
Motwani and his colleagues underscore the significance of possessing a clear vision of the ideal process (Figure 1).This vision acts as the definitive objective for the process redesign.This phase is crucial and requires the support of toplevel executives and the commitment of middle managers to spearhead the initiative.Modifying the reward system, training employees, aligning organizational structures, and incorporating IT are critical measures to guarantee the successful execution of the integration as a project.Continuous and transparent communication throughout all levels of the organization is essential to mitigating resistance [33].This framework offers a detailed outline of tasks within each layer and distinguishes the strategic tasks crucial for successful implementation.It highlights the difference between designing a business process and its practical application in everyday operations.Additionally, the framework provides methods to help organizations identify and define business processes, including a system for prioritizing these processes [34].
During the process model management stage, with the underlying principle of continuous improvement, updated versions of the same business process are regularly introduced.This requires a strong mechanism to distinguish live cases by the version of the process model they follow.The Mendling framework suggests a cyclical approach to ongoing process improvement.This method ensures that process managers consistently monitor process performance, allowing for quick identification and action on any areas needing improvement.

The framework by Al-Mashari
& Zairi provides a comprehensive approach to business process re-engineering implementation.It begins by examining both internal and external drivers of change.This is followed by benchmarking to understand the scale, extent, and radicalness of the change required.The tools and techniques for implementation are grouped into four categories: enabling, facilitating, integrating, and executing.However, the framework does have a notable shortcoming in its insufficient coverage of outcome evaluation.The framework's philosophy underscores the revolutionary nature of change, categorizing it as either breakthrough, one-off, or episodic [14,35].

Robert's framework:
The method systematically includes situational assessments at almost every stage, ensuring a continuous cycle of improvement that starts over once it's completed.The process begins by evaluating current opportunities and capabilities, leading to a proposed redesign.This triggers iterative assessments of risk and its potential impact on the organization.From these assessments, a transition plan is developed, and pilot tests are conducted.The outcomes either increase confidence in the new design, leading to further refinements, or require changes to the initial proposal.Only after fulfilling all requirements does the framework recommend implementing the necessary changes and moving to the new process.In its final phase, Robert's method carefully reviews the results of the recent process and initiates the improvement cycle again.Notably, the successful application of change management tools, which tackle resistance to change, is critical for the success of business process re-engineering projects [36].

• Change evaluation
This simple framework may neglect the complex details involved in analyzing the need for process redesign or comprehensive benchmarking.After implementing the change, it does not specifically cover steps such as testing, training, organizational adjustments, and performance monitoring.Generally, for large and complex process redesign projects that require more meticulous attention to detail, Lowenthal's framework may be inadequate.It is more appropriate for implementing minor, incremental changes.
The Cross framework organizes tasks into three primary stages: Analysis, Design, and Implementation, offering a detailed breakdown of activities for each stage.In the Analysis stage, there is a strong focus on analyzing requirements.This phase is particularly dedicated to understanding and adapting to customer needs, ensuring that these needs are at the forefront of the process.By integrating customer feedback with baseline studies and reviews of current processes, the framework provides a comprehensive view on design specifications.
In the Design stage, Cross and his team offer a set of guiding principles that help the redesign team evaluate and refine design choices, leading to a thorough re-engineered process blueprint.This refined design undergoes iterative testing with clients to gather feedback and fine-tune until a mutually satisfactory and agreed-upon process emerges.Subsequently, this agreed-upon process moves to the Implementation stage, where it becomes the foundation for the business's new mode of operation.However, it's worth noting that the Cross framework doesn't delve into the postimplementation evaluation of process performance.Additionally, it doesn't touch upon the principle of ongoing improvement [37].

Figure 2. The Cross framework
The analysis of these frameworks indicates significant variations in the areas they cover.However, this doesn't always translate to consistent performance when these frameworks are implemented.While choosing the right framework is crucial for success, other factors cumulatively contribute to the overall effectiveness of the implementation.The critical significance of addressing specific areas in projects to enhance the probability of success is paramount.Furthermore, all frameworks being compared highlight the focus on data empowerment, indicating a positive outlook for the implementation of data mining and machine learning.

2-1-4-Methodology and Tools
Business process re-engineering uses proven methodologies for implementation.A methodology is an approach that includes governance frameworks, tools, and strategies to steer project progress towards successful completion.Various well-known methodologies, such as Six Sigma, Lean Thinking, Lean Six Sigma, Total Quality Management, Kaizen, and Poka-Yoke, are utilized to improve and reorganize business processes [38,39].
When comparing these methodologies in terms of their scope, objectives, technological advancements, and data utilization, it becomes clear that each considers information technology as a key factor in business process re-engineering projects.The analysis further emphasizes the general dependence on data within these methodologies to guide and initiate changes in process designs.They all utilize tools for data generation and analysis to improve or redesign business processes.Notably, methodologies that focus on continuous and incremental improvement specifically use data to evaluate performance and initiate further cycles of improvement [40].
Beyond their role in enhancing and re-engineering processes, systematized tools and techniques offer the practical advantage of producing, examining, and presenting data throughout the process.These tools are frequently incorporated into business process re-engineering methodologies and frameworks.Furthermore, the review underscores the essentiality of these tools in guiding implementation projects to fruition successfully [38,41].

2-2-Risk Management (RM)
The risk is present in almost every aspect of life.Humans try, whether voluntarily or not, to reduce it without ever being able to eliminate it.The industrial setting and its need to generate profits commensurate with the investments made have driven the development of many analysis methods.The purpose of this section is to present and compare existing risk assessment systems and methods in order to extract those most likely to have a positive impact on the performance indicators previously mentioned.
To set the stage for a discussion on risk and its management, it's essential to define these terms and concepts.The term "risk" lacks a universally accepted definition.Indeed, its meaning changes based on the context it's applied in, such as business, social, economic, safety, investment, military, political, and so on.Within the realm of project management, an accepted definition of risk is to view it as an event or condition that can have a positive (opportunity) or negative (threat) effect on the project's objectives [42].However, for most active managers, risk management aims to identify and manage threats.Therefore, considering business process reengineering, we adhere to the ISO 31000 standard which defines risk as "the effect of uncertainty on the achievement of its objectives [43].By effect, we mean a deviation from what is expected (either positive or negative).Objectives can have various aspects (financial, timeline, technical, commercial, environmental, etc.) and can apply to different levels (strategic, organizational, product, process, etc.).
Similarly, to risk, its management is perceived differently depending on the industry [44].The structure of the risk management process can be seen through the ISO 31000 standard.Referenced in many works it provides a generic framework for risk management [45,46].Its aim is to be independent of any specific application context.Risk management is thus generally defined as "the coordinated activities undertaken to direct and control an organization's risks." Figure 3. Relationship between risk management principles, framework and process five steps of the risk management process all depend on two blocks: communication on one side, and monitoring and review on the other.Communication and feedback from the various internal departments of the company are, in a sense, at the heart of this process.Indeed, the goal is to synthesize internal or external risks at all times so that they can be managed effectively.It is this synthesis of information, coming from these different actors, that facilitates the collection of the company's key performance indicators (KPI).Monitoring and reviewing risks, on the other hand, allow for good information management.Documentation and evaluation of the entire risk management program are necessary to ensure its effectiveness.Effectiveness describes the extent to which time, effort, or cost is well used to achieve the intended task or goal [47].
The review of this process allows, among other things, its continuous improvement and ensures its adaptability to new risks that may arise.To support these steps, the ISO 31000 standard is complemented by another, the ISO 31010 standard titled "Risk assessment techniques," which provides a range of tools and techniques to support the risk management process [48].
The process of identifying various risk factors, assessing, prioritizing, and mitigating them is expedited by the degree of communication and information exchange among Business Process Reengineering (BPR) stakeholders within an organization.For a risk to be effectively addressed, it requires evaluation by individuals with diverse skills.As the project advances, risks tend to decrease as actions are implemented and more information is obtained [49].
A Key characteristics of an effective risk assessment process include [50]: • Developing a shared vocabulary that outlines an initial list of business risks, definitions of risk, and fundamental risk management principles.This aids in facilitating discussions about risk within the organization; • Implementing a standardized risk assessment methodology and criteria uniformly across the organization to address its primary risks; • Creating comprehensive and timely action and mitigation plans, alongside clearly assigned responsibilities; • Centralizing risk information to enhance the allocation of program resources and to integrate with existing measures of effectiveness; • Gaining a better understanding of the main risks through thorough analysis; • Enhancing the comprehension and communication of business uncertainties and strategies to minimize "organizational surprises" and ensure they are in line with strategic objectives and goals.
On the other hand, a list of the main reasons for failure is provided [50]: • Lack of alignment between the Risk Management strategy and the Business Process with business activities; • Poor planning and communication; • Focus on current or past risks rather than on future risks; • Risk registers have a generic structure instead of being customized to specific business risks; • Mismatch between the risk assessment method and the complexity of the risks; • Undefined perspective and duration for program stages, leading to inconsistent assessments of schedule and costs; • Ineffective or absent criteria and methods for risk prioritization; • Creation of an unmanageably large risk list; • Incomplete, absent, or poorly integrated risk mitigation plans; • Excessive delay between initial identification, prioritization, and the development of action plans, resulting in an "outdated" risk list; • Lack of integration into strategic executive decisions; • Treating the implementation of a risk management plan as the end of the risk management process.

2-3-Continuous Integration (CI)
The term "continuous integration" has emerged from agile development techniques, offering a range of tools (GitHub, Jenkins, etc.) and processes for software systems engineering.Over the past few years, a new collection of techniques based on this concept has had a significant impact on software engineering.The main goal is to improve the overall quality of the developed systems [51].The term "continuous integration" or "CI," can be summarized as a collaborative development practice where team members regularly integrate their work, typically with each person integrating multiple additions or changes at least daily [52].Rapid feedback cycles are therefore one of the fundamental ideas of agile and lean project development [53].
Organizations are seeking ways to support progressive and continuous improvements to their processes [54].In this regard, application tools are emerging.A computer-assisted suggestion management system targeted at employees are developed [55].This tool, named STARS ("Store Tag Analyse Resolve Sustain"), aims to highlight problems encountered during a project and support employees in their efforts to reduce waste and increase their satisfaction.Through their implementations and observing their impacts at various levels of a given process, these tools demonstrate the benefits of centralized rapid feedback from stakeholders in a development with shortened iterations.
However, the concept of continuous integration of processes in the context of physical products is more recent.It is found in research related to product lifecycle management (PLM) and the tools associated with it.With "agile" methods being implemented with varying levels of success in the development processes, design, and verification of new manufactured products, the question arises about applying continuous integration to the development process of tangible products [56].
In practice, companies operate networks of many interdependent business models and processes that must be understood by their users when addressing relevant issues.There's potential in integrating information from product development process models to manage these complex interrelationships.This results in a framework and a common language, highlighting the main challenges associated with integrating processes together.The opportunities for ongoing efforts to encourage integrated modelling in both research and practice of product development are also explored [57].
Efficient knowledge management is essential in any enterprise.Broadening the scope of information sources may open new avenues for their synthesis, resulting in outcomes that can be directly applied in decision-making processes.[58][59][60] The structural methods of knowledge management are divided into four stages: Acquisition, Synthesis, Dissemination, and Feedback.These stages can be facilitated by a unified management platform within the organization.[60] Just as the definition provided for collaborative knowledge management in the supply chain [61], we can define it within the context of risk management as the combined activities in which the stakeholders of Business Process Reengineering participate to create, transfer, and utilize knowledge concerning risk management.
On the other hand, the continuous integration of risk management was detailed for the first time in a guide titled "Continuous Risk Management," which defined it as an engineering practice that includes the processes, methods, and risk management tools in a project, providing a proactive decision-making environment that allows for the assessment and determination of significant risks to be considered, as well as the strategies to be implemented to mitigate them [62].
The notion of continuous execution of the Risk Management (RM) process is characterized by the idea that it should be carried out daily, weekly, monthly, and quarterly, and not only during a given period of project management.The continuous process therefore requires maintaining constant vigilance to identify and manage risks routinely throughout all phases of the project life cycle [62].Successful continuous risk management offers a number of advantages: solving problems before they occur by promoting proactive identification, improving product quality and enabling better resource utilization, and fostering teamwork [63].The integration of RM within the other management processes of the organization is discussed in the main existing standards covering this subject.It is often mentioned in these standards or in the works referring to them that for risk management to be effective and optimal, it must be carried out continuously throughout the product development cycle [64].These good practices, often described, are not accompanied by tools allowing their application.In this regard, recent research mentions the necessity of an easy-to-use tool enabling project stakeholders to actively and effectively contribute to risk management [65].This supports the design of an artifact promoting consistency, sustainability, and exploitation of the collected data as well as collaboration and communication of information around the BPR risks.
The construction of knowledge systems has transitioned from an academic discipline to an industrial development process.Traditional processes and tools are giving way to agile development principles [66].With the industrial impact of these methods, new requirements are being imposed on management engineering techniques related to the development and maintenance of knowledge bases (Figure 5).

Figure 5. Data Transformation Pyramid
The data, even if they hold little value in their raw state, lay the foundation for the other layers constituting their processing [67].From their qualities comes the potential added value that could be extracted to improve product developments and their processes.A database should serve as a source for the various management tools and performance metrics used for guiding the development [68].
The lack of comprehensive data and usable knowledge is a major obstacle to providing better support for decisionmaking, coordination, and optimization of product lifecycle management.

3-Method and Result
With the advent of digital transformation and Industry 4.0, BPR has been revisited.Intelligent automation, data analytics, and artificial intelligence offer fresh tools and perspectives for reengineering.To mitigate these risks, it's vital for organizations to approach BPR with a comprehensive strategy, involving stakeholders, ensuring clear communication, integrating risk management practices, and constantly monitoring and adjusting as required.With the advent of digital transformation and Industry 4.0, BPR has been revisited.Intelligent automation, data analytics, and artificial intelligence offer fresh tools and perspectives for reengineering.To mitigate these risks, it's vital for organizations to approach BPR with a comprehensive strategy, involving stakeholders, ensuring clear communication, integrating risk management practices, and constantly monitoring and adjusting as required [69].

3-1-Design Science
Design science, provides a research framework aimed at creating artifacts and new knowledge to solve specifically identified problems [70,71].This methodology entails an iterative journey through 5 key steps (Figure 6): 1. Problem awareness: its identification and characterization justify that one or more new artifacts need to be developed to address it; 2. Suggestion of possible solutions.Appropriate measures and evaluation methods concerning the utility, quality, and effectiveness of the artifacts constituting the solutions must be defined in order to establish a hierarchy among them; 3. Solution development.Several iterations may be necessary for the artifact to meet the initial requirements; 4. Evaluation.The artifact must be evaluated using the measures and evaluation methods defined previously;

Conclusion.
The results should be communicated to practitioners and researchers.They should provide a clear contribution to research and not only be limited to the utility for practitioners in the field studied.The methodology of design science allows addressing concrete industry problems through research.This choice of methodology therefore corresponds to the objectives set by this study.
• To identify the issue of our research, we relied on an extensive literature review.Similarly, to determine the needs of industrialists and practitioners within small and medium-sized enterprises, we based our findings on a questionnaire, interviews and field visits with the functional managers of three companies operating in the aerospace and automotive sector in Morocco.
• To suggest solutions and evaluate them, we resorted to brainstorming sessions and discussion groups to synthesize the expectations and needs of practitioners.
• Design a method of continuous integration of the risk management process using SIPOC diagrams, flow diagrams and role interactions.
• To evaluate qualitatively the method and its tool through interviews and discussions.
• To Determine limitations and prospects of research.

BPR Methodology
The authors have adopted the BPR-LC method (Figure 7), designed to meet the needs of SME managers [14].

Respondents
Respondents are characterized by their roles within the business process management within their organization.Given the key tasks related to them in the application of processes within organizations, managers of programs and engineers are the main target categories.65% of respondents are among them (Figure 8).

Figure 8. Characterization of respondents by their job function
This characterization makes it possible to establish the legitimacy of the results that will follow.In this sense, the objectives expressed previously are achieved.
The first element establishing the legitimacy of this study is the very majority of respondents' dissatisfaction with the methods and practices they use today.Indeed, 75% of them are dissatisfied or very dissatisfied with the risk management processes currently in place in their organization.None are very satisfied.The reasons for this non-satisfaction are multiples by their descriptions, but this center around a lack of dynamic process, applicable in a concrete way and able to provide relevant information for the different hierarchical levels of the organization.

3-2-1-Objectives, Needs and Difficulties
The respondents expressed their objectives related to the application of the risk management process.The collected responses all pertain to at least one of the following three axes: 1. Predict the cost, schedule, and outcomes of a given development project.
2. Reduce the costs, schedule, and quality as well as the exposure to events.

Increase the ability to highlight opportunities.
The whole application of the latter is problematic.The reasons provided as justification for these difficulties are very enlightening.Here are the main ones: • Lack of information, metrics, indicators, and formal processes; • Lack of structured data corresponding to the review of other past projects; • Lack of resources, especially time; • Low agility to cope with market dynamism and needs; • Poor organizational understanding of the use, applications, and benefits offered by the process: induces financial constraints on the development and implementation of new RM tools; • Low reliability of time and cost forecasts resulting from risk management.
In response to these challenges, the respondents were invited to express their needs in terms of improving the tools and processes used for their risk management processes.The three main following axes emerged, in order of priority: 1. Harmonize and integrate the risk management process with other relevant sources of information related to the same product development program; 2. Better understanding and training of the actors involved in the RM process, especially regarding its potential; 3. A means to involve all hierarchical levels, to collect data and serve them with the results of the process.
As previously outlined, it is not the risk assessment step of the process that seems to be the most complicated to implement.These assessment processes are well-known; their tools and methodologies are explicitly detailed in all risk management standards.Monitoring the identified risks and revising their assessments as well as measuring the performance of the process itself over time is clearly more challenging.Indeed, as seen through the gaps in the literature, this relies on less well-defined tools and techniques.
The previous steps of the design science process have highlighted and clarified the problem studied.These results can be translated as design requirements to ensure that the proposed tool meets the expectations of risk management practitioners: • Provide a framework that ensures a structured database.
• Formalize the risk management steps to provide end users with a clear role in this process; • Structure the description and evaluation of risk to ensure consistent, structured, and uniform data; • Categorize and characterize risks uniformly through interactive forms; • Provide, according to hierarchical position within the organization, relevant information on: o Reported risks; o Possible actions to take into account and address the reported risks; o Metrics and indicators concerning a specific work package, the whole or a sub-section of the project.
• Allow all stakeholders of the current product development to report, at any time, a risk on a work package assigned to them; • Following the hierarchy of the organization, reported risks should be reviewed, revised, and their evaluations assigned to the most competent actors; • Be able to collect product development management information present in existing PLM (Product Lifecycle Management) software within the company.

Requirements and Specifications
Following in-person meetings and discussions with the study's participants, and after comparing their insights with the key success factors of a Business Process Reengineering (BPR) project found in the literature, we have identified the following requirements as feasible and mandatory, and have proposed the specifications for the suggested solution (Table 2 and 3).

Category
Reference Requirements

C1 Establish the context
Create value and preserve it be integrated into the organization's processes be integrated into the decision-making processes be tailored to the organization and the project integrates the human and cultural factors of the organization

C2
Risk Identification analysis and evaluation Explicitly address uncertainty be systematic, structured, and used in a timely manner rely on the best information available C3 Communication be transparent and participatory.

C4
Monitoring and review be dynamic, iterative, and responsive to change facilitates the organization's continuous improvement

Flow diagram of the solution
The authors proposed a collaborative risk management platform accessible to all stakeholders of the BPR where data acquired during previous changes serve to automatically evaluate the new risks described upon their identification.Following this automatic evaluation, a simple review process allows to confirm or disprove the predictions made about the characteristics of the risk.The diagram presented in the following figure illustrates the process of this continuous integration solution oriented towards the exploitation of risk management data.It is noted that the process is a cycle where the trigger of a new iteration lies in the introduction of a new risk.
Figure 9 illustrates the place and links of continuous integration within the BPR.It highlights the overall impacts in terms of performance on its process.From a high-level perspective, it revisits the key elements that the RM process must provide as support to the performance of the BPR.It consists of two main blocks.The block at the bottom, in bold dashed lines, represents in a unique framework, the process of the BPR and the associated risk management process.

Figure 9. Flow diagram of the solution
The continuous integration of the latter within the BPR is represented by the circular arrows linking these two processes.The upper block represents the potential impacts of the developed process scaled through the exploitation of project management data.This scale is illustrated by the pyramid, which shows the transformation of data through different stages.The more this transformation is accomplished, the more value is created for the organization by the management processes.Thus, the higher the level of data exploitation, the more notable the potential positive impact on the performance of the BPR and risk management processes.Here, the performance of the BPR is divided into three dimensions: time, cost, and quality.Finally, these two main blocks are bidirectionally connected with a unique database that will collect the information, sustain it there, and serve as a source for all the involved management processes (Figure 10).

4-Discussion
The execution of the RM (Risk Management) process steps proposed by the ISO 31000 standard is transformed here to better utilize the potential of existing computer tools today.The two axes of transformation mentioned are as follows: 1. Steps of risk identification and evaluation are no longer only carried out discretely throughout the BPR.They are now carried out on a daily basis, depending on the opulence of new risks in the BPR.
2. The generated risk register is now dynamic, and its update is no longer confined to periodic revisions.
The continuous integration of the RM process within the BPR and the management of dynamic risk registers are now possible through collaborative software platforms.These platforms, thanks to the processes mentioned in this study, maximize the quantity and sustain the data generated by RM within organizations.The implementation of such a process within an organization aims to: • Reduce the latency of risk identification during the BPR; • Be proactive regarding their treatments; • Serve as a support for the continuous execution of machine learning tools; • Support the improvement of the RM process.
The number of participants in this study, as well as the number of companies involved, is among the primary limitations of this research.However, this work initiates a foundation for future studies by broadening the target population, encompassing both managers and companies.Furthermore, the authors view it as a basis for ongoing research in risk assessment and its impact on the overall performance of the enterprise.

5-Conclusion
Business Process Reengineering (BPR) and Continuous Integration (CI) in the domain of risk management are significant strategies that modern organizations adopt to stay competitive and mitigate operational risks.BPR, with its focus on redesigning and improving processes, lays a solid foundation for identifying and mitigating risks by streamlining operations and eliminating redundancies.On the other hand, CI, with its emphasis on consistent and automatic testing, ensures that risk management strategies are continually validated and refined, facilitating real-time response to emerging threats.
Integrating these two approaches can yield a robust risk management framework that not only identifies and mitigates risks proactively but also adapts to changing risk landscapes swiftly.The synergy between BPR's process optimization and CI's iterative testing and feedback can significantly enhance an organization's risk resilience, ensuring operational excellence and compliance with evolving regulatory mandates.
In conclusion, the symbiotic relationship between Business Process Reengineering and Continuous Integration is instrumental in building a dynamic risk management ecosystem.This integrated approach promotes a culture of continuous improvement and risk-aware decision-making, enabling organizations to navigate complex risk scenarios efficiently and secure a competitive edge in today's fast-evolving business environment.

Figure 1 .
Figure 1.The Motwani framework The Mendling framework categorizes the re-engineering process into three distinct layers: • Process Relations • Process Modelling • Process Execution and Performance.

Figure 4
Figure 4 illustrates this continuous risk management process as defined by the DOD; it is noted that it adopts, by organizing them circularly around communication and feedback, the main steps established by ISO 31000 (2009).

Figure 6 .
Figure 6.Scientific study conducted within the framework of design science

Figure 10 .Figure 11 .
Figure10.Role of continuous integration and its impact on BPR

Table 3 . Specifications of solution
K C2Machine learning, bring intelligence to RM by giving an idea of the best solution to address a risk