Process escapades | Part 1: Authorizations
Process escapades that you (don’t) want to experience
Inspired by the well-known book series “30 Escapades You Must Experience”, we take you on a special journey through everyday working life—to places where processes fail, chaos reigns and employees struggle with problems that could have been solved long ago. These are not adventures that you seek out voluntarily. But they are precisely the challenges that many companies have to deal with every day.
We show you three typical escapades that are exemplary for many: sometimes funny, sometimes chaotic, but always with real insight value. And we’ll show you how structured, digital and partially automated BPMN processes can be used to create clear, comprehensible and efficient workflows even from muddled situations—with tangible added value for everyone involved. Because if you really understand processes, you can not only improve them, but also use them in a targeted manner to relieve employees, ensure compliance and increase satisfaction in day-to-day work.
Our stops on this journey:
- From the authorization chaos in HR service, which can only be tamed with structure and clarity.
- From ticket routing in the service desk, which finds a new way between stray tickets and AI intelligence.
- Right through to the ordering process, where an absurd helmet requirement suddenly becomes a serious process blockage.
Part 1: The authorization jungle in HR service
Who is allowed to do what—and why not (or why)?
As is so often the case, it starts with a seemingly harmless question: “Why can I still see the data from my old department?” What sounds like a minor technical error at first glance turns out to be a fundamental problem on closer inspection: unclear roles, incomplete authorizations, no overview of who should actually have access to what—and who should not.
In many companies, the topic of authorizations is a blind spot. Employees are given too much access and unintentionally put sensitive data at risk. Meanwhile, others have too few rights and can only perform their tasks to a limited extent. The frustration is palpable on both sides: for those affected, who have to wait for important information, and for those responsible, who have neither a complete overview nor a reliable system for control.
It becomes particularly critical when authority changes—for example due to a transfer or promotion. Roles often remain in place even though they no longer fit the current activity. Conversely, new rights may be assigned late or not at all. In one real-life case, an intern had access to sensitive functions and was able to approve leave requests without ever having been authorized to do so. At the same time, an experienced HR employee was severely restricted in his work due to a lack of rights. The responsibility for this misery could not be clearly assigned. IT referred to HR, HR to the specialist departments—and in the end, nobody knew how the current authorizations had actually come about.
This lack of clarity caused considerable damage: Not only is data protection jeopardized, but compliance also begins to falter. If managers can approve their own absences or there are no clear audit trails, trust in the process is permanently damaged.
Such a jungle of authorizations cannot be eliminated with individual measures or informal agreements. What is needed is a well thought-out, structured process—and this is exactly where BPMN comes into play.
From uncontrolled growth to clarity—with BPMN to structured authorization management
The modeling of authorization processes with BPMN creates a basis on which clear, verifiable and traceable processes can be established. Every request for authorization follows a defined process. The roles of those involved are clearly defined. Rights result logically from a person’s function—not from their history or arbitrary decisions.
The introduction of a digital self-service portal has made it possible for employees to apply for specific authorizations. The approval paths are based on the requested role and the respective organizational unit. This ensures that, for example, commercial roles require a different approval than specialist roles—depending on which area the applicant comes from. This differentiation is particularly important in hospitals and other complex organizations where cross-departmental roles and rights are common.
The entire process is structured in such a way that it works generically for all roles, but reacts individually depending on the constellation. Approvers are determined automatically, deputy rules are stored and the ITIL-compliant documentation of requests is also integrated into the process. Communication takes place centrally via the system so that manual follow-up is no longer necessary.
A central element of the new process is the connection of several systems—a technical challenge that has proven to be solvable in the overall process, however. Thanks to the clean BPMN modeling, even error handling could be elegantly integrated into the automated process.
Digitalize complex processes with full control in a BPMN tool
From the field: more security, more trust, more satisfaction
Since the introduction of the structured process, the situation has improved noticeably. Employees now know exactly what rights they have—and why. Managers can rest assured that sensitive data is only viewed by those who are authorized to do so. And the HR team finally has a transparent, audit-proof process that it can rely on.
The benefits are not only measurable in technical terms. Trust in the organization also grows. When processes are transparent and rights are assigned in a targeted manner, employees feel more secure—both with regard to their own data and their tasks. Compliance is strengthened, sources of error are reduced and satisfaction increases measurably.
Conclusion on the first escapade
The authorization jungle in HR is one of the invisible risks of many companies. Unclear access rights and a lack of responsibility not only lead to data protection problems, but above all to frustration and uncertainty in day-to-day work. But with a clearly defined, digital and BPMN-based process, these problems can be solved in a structured way. Roles, rights and processes become comprehensible—for employees and managers alike. The effort is worth it: more transparency, better collaboration and noticeably more security.
The next stage of our journey takes us from HR to IT—or more precisely, to the service desk. There we will see how incorrectly routed tickets can slow down entire teams—and how intelligent automation combined with BPMN opens up new paths.
Part 2 follows: Ticket routing between misrouting and intelligence—a field report from the service desk
.