Laying the ground for future cross-organizational process mining research and application: a literature review

4.2.1 Environmental uncertainty

Environmental uncertainty covers whether the organizations’ conditions are homogeneous or heterogeneous and whether they remain stable or change over time (Bensaou and Venkatraman, 1996). As pointed out by Jacobi et al. (2020), supply chains increasingly face a dynamic and constantly evolving environment, for example, caused by more product variants and smaller order sizes. Hence, a higher uncertainty needs to be handled in coPM applications for supply chains. Wang et al. (2018), in addition, emphasize the relevance of international governmental regulations, when coPM is applied to early identify non-conformant behavior. Focusing on coPM to exploit commonalities, Aksu et al. (2016) developed a framework for accurately comparing inter-organizational business processes. Next to handling different business semantics (e.g. the activity “Evaluate a service request” may involve different steps in different organizations) and metric semantics (e.g. the throughput time of a service request process may be calculated by comparing the timestamp of the process start and the activity “Close” in one organization and the process start and the activity “Solve” in the other organization), the organizational context needs to be considered. It is determined by organization-internal factors, such as size (e.g. the number of workers) and environmental factors: locations and industry in which an organization operates and corresponding laws, regulations and geographical circumstances. These sources of environmental uncertainty are represented in the framework of Aksu et al. (2016) to ensure comparability when evaluating and contrasting the performance of multiple organizations.

4.2.2 Partnership uncertainty

Partnership uncertainty results from goal compatibility, trust and power dependence (Bensaou and Venkatraman, 1996). Looking at mechanisms for distributing the value between organizations of coPM, trust influences whether the organizations need to monitor the created value of each other or if they rely on the reported numbers before redistributing any form of value (Rott and Böhm, 2022b). If the organizations negotiate over value distribution shares, their power influences the outcome (Rott and Böhm, 2022b). Goal compatibility is mentioned by Ho et al. (2009) and Jacobi et al. (2020): In a global organizational network, contrasting goals may exist that hamper business process optimization (e.g. a supplier may want to increase its margin by improving process efficiency, while the manufacturer wants to use increased process efficiency to reduce the product price in order to boost product sales).

4.2.3 Task uncertainty

Three types of task uncertainty exist: task analyzability, task variety and task interdependence (Bensaou and Venkatraman, 1996). Partington et al. (2015) compare the patient-handling process of four Australian hospitals. Task variety and task analyzability are present, as the process is not fully automated and various paths for patient handling are possible. Which task needs to be executed is determined by patient-related factors (e.g. overall health conditions and previous treatments) and thus individually for each person. Therefore, task variety and analyzability need to be handled when multiple companies want to exploit commonalities using coPM. In contrast, task interdependence is especially relevant in collaborative scenarios. Engel et al. (2012) present a solution to pre-process EDIFACT messages (a standard for inter-organizational message exchange) to enable coPM. In this case, a product needs to be sent from the supplier to the manufacturer before it can be received (sequential task interdependence). If messages are exchanged, the supplier first issues a “product send” message, which is received by the supplier. Second, after receiving the product, the manufacturer issues a “product received” message, which is sent to and received by the supplier. Hence, the message exchange tasks are reciprocally interdependent. Process analysts need to be aware of task interdependence when evaluating the performance of a collaborative cross-organizational process; for example, when the throughput time of task B, executed by organization B, depends on the successful execution of task A, conducted by organization A.

4.2.4 Structural mechanisms

Structural mechanisms assign authority and roles within coPM (Bensaou and Venkatraman, 1996). Five kinds of them can be found in the coPM literature: methodologies for conducting coPM (Canjels et al., 2019; Helm and Küng, 2016; Ho et al., 2009; Maruster et al., 2003), definitions of comparison metrics (Buijs et al., 2012b) and collaboration metrics (Kim et al., 2020), mechanisms for value distribution (Rott and Böhm, 2022b), and a language for formalizing business process compliance (González and Delgado, 2021).

Rott and Böhm (2022b) built upon a systematic literature review to identify mechanisms that can be applied to (re)distribute the value of coPM between the participating organizations and thereby handle partnership uncertainty. This may be necessary, as, for example, two organizations collectively analyze the process, while only one party is able to capture value from process improvement. Three types of metrics for comparing variants of the same business process are introduced by Buijs et al. (2012b): process model quality metrics; for example, soundness or complexity; performance indicators, such as the average execution time per case; and comparison metrics – for instance, precision. Collaborative performance metrics are presented for four dimensions by Kim et al. (2020) following the balanced scorecard methodology: finance (e.g. collaborative costs reduced), partnership (e.g. new partners acquired), collaboration process (e.g. number of schedule changes) and coevolution (e.g. collaboration satisfaction). González and Delgado (2021) present the compliance requirements modeling language that assists organizations in formulating compliance requirements that should be fulfilled in an inter-organizational process. Five dimensions can be distinguished: control-flow (e.g. one task needs to be executed before another), interaction (e.g. a message must be exchanged during the process), time (e.g. a task needs to be completed within a certain time), resources (e.g. a specific organizational unit needs to pursue a certain task) and data (e.g. a data object must be issued after performing a task).

Furthermore, four models for executing coPM projects are presented in the literature:

1. Extended L* lifecycle model: Helm and Küng (2016) extend the L* lifecycle model for PM projects introduced in Van Der Aalst (2011c), which consists of five steps: [1] plan and justify, [2] extract, [3] create a control-flow model and connect the event log, [4] create an integrated process model and [5] operational support. To handle cross-organizational business processes, Helm and Küng (2016) suggest adding a compare and align step to the extract phase of every participating organization and continuously using the results from steps three and four to interpret, redesign, adjust and intervene the cross-organizational process.

2. Local and global PM cycle: Ho et al. (2009), in contrast, present a cycle-based model for coPM of manufacturing networks consisting of a local cycle, executed for each party, and a global cycle, executed for the overall process. The local cycle comprises four steps: measure the current situation, predict potential quality defects, identify measures for correction and implement changes. After each organization has executed the local cycle, the global cycle is implemented, consisting of (1) collecting the process logs, (2) filtering and pre-processing the data, (3) performing a trade-off analysis of different local measures to ensure a global optimization and (4) implementing the changes.

3. Three-step methodology for healthcare processes: Canjels et al. (2019) introduce a three-step approach for healthcare scenarios. First, in the advanced data preparation phase, multiple steps are performed to ensure sufficient data quality for the subsequent steps: “(1) filter relevant diagnosis, (2) merge data, (3) exclude irrelevant activities, (4) cluster activities and (5) exclude patients with incomplete processes” (Canjels et al., 2019). Second, clustering algorithms are applied to identify groups of patients with similar care activities. Third, the processes are analyzed and visualized together with subject matter experts.

4. Task registration-based methodology for supply chain processes: Maruster et al. (2003) suggest an approach for analyzing supply chain processes that starts with each partner implementing a task registration system. During the implementation, the organizations need to agree on certain parameters that later enable matching the subprocesses. Subsequently, the logs from the task registration systems are processed with PM algorithms to discover a process model, which is finally analyzed to optimize the supply chain.

Comparing the different approaches, we observe that all include a step for data pre-processing. However, while Maruster et al. (2003) require the parties to track their process with an additional task registration system, the others build upon existing data that are pre-processed and integrated. Furthermore, we observe that the analysis phase is less extensively covered in the articles than the steps for data preparation, indicating a lack of research on how to properly analyze cross-organizational processes to gain value from coPM adoption. Furthermore, Ho et al. (2009) and Helm and Küng (2016) include a step for changing the process, which is not part of the methodologies of Maruster et al. (2003) and Canjels et al. (2019).

4.2.5 IT-mediated mechanisms (coPM techniques)

Due to the large number of articles focusing on IT-mediated mechanisms, we built a concept matrix (see Table 3) following the structure of the refined PM framework (Van Der Aalst, 2016) and briefly summarized the articles according to the main PM activities [1] (see Section 2.2): Cartography (models describing organizational processes), Auditing (comparison of process behavior) and Navigation (forward-looking PM activities). This involves all articles that focused on developing a new technique for coPM or presented an overall technical architecture. Also, we summarize 14 articles that focused on data pre-processing as a prerequisite of coPM and a possible way to apply standard PM techniques and 7 articles leveraging blockchain technology for coPM. Interested readers are encouraged to read the original articles for detailed information on each technique.

Overall, most articles (33) focused on analyzing post-mortem event data (data of completed cases) and building de facto process models (descriptive models), while pre-mortem event data (data of non-completed cases) and de jure models (normative process models) are leveraged in a minority of articles. Looking at the PM activities, the majority of articles (35) focused on cartography, while 13 articles developed or applied approaches for auditing and 7 for navigation purposes.

4.2.6 Performance

Various articles revealed insights into process performance. In the case of collaborative coPM, its application reveals in-depth, fact-based process-related insights, such as processual weaknesses, parties causing late deliveries in a manufacturing process (Engel and Bose, 2014; Engel et al., 2016), improvement potentials for faster and more efficient patient treatment (Canjels et al., 2019) and technical issues with an inter-organizational message exchange (Engel et al., 2016). It can further assist by pointing toward amendable parts of the process and generating recommendations to leverage the improvement potential (Yilmaz and Senkul, 2015). Furthermore, as coPM transforms previously unused raw event-log data or exchanged messages in such a way that KPIs (e.g. related to financial performance or customer satisfaction) can be calculated, it creates a basis for identifying and discussing improvement potentials (Engel et al., 2016; Krathu et al., 2014). In addition, organizations improve process security by applying cross-organizational compliance checking (Talamo et al., 2015).

Regarding coPM for exploiting commonalities, for example, in the case of software-as-a-service solutions, where multiple organizations share the underlying infrastructure and use configurable services, multiple variants of the same process exist, which can be analyzed by coPM in two ways: First, the service provider may compare the operations executed by its customers to improve the service. Second (only applicable in a non-competitive setting), the data can be used to benchmark different organizations. Consequently, they can learn from each other; for instance, by comparing the patient-handling process in multiple hospitals (Partington et al., 2015; Van Der Aalst, 2010). In the same way, numerous process variants can be compared to derive a better understanding of the differences between process variants, for example, in hospitals (Mans et al., 2008) or municipalities (Buijs and Reijers, 2014), and to identify a preferable process model executable within all organizations (Buijs and Reijers, 2014; Buijs et al., 2012b). Insights resulting from such a comparison may be related, for example, to performance, to differences in patient’s length of stay (Partington et al., 2015) or to the process itself, such as varying strategies of patient treatment (Mans et al., 2008), executing medical activities in a different order (Suriadi et al., 2014) or omitting certain activities while still complying with the municipal regulations (Buijs and Reijers, 2014).

Two articles described the actual impact of coPM adoption on process performance. Canjels et al. (2019) identified that in their case study on arthrosis patients from Dutch hospitals, multiple steps during patient handling can be performed by less qualified and therefore less expensive personnel, resulting in an efficiency gain of approximately €75,000 per year. Also, the patients’ waiting times could be reduced, which led to higher patient satisfaction. Talamo et al. (2015), in contrast, evaluated their approach to a distributed process involving 400,000 daily executions and a service desk or support. They identified the possibility of reducing the IT service personnel by 85% as the vast majority of involved service tickets could be automatically validated, thereby reducing manual handling effort.

4.3.1 Comparison and analysis

Define and calculate appropriate metrics: Many perspectives have to be incorporated into an inter-organizational business process (collaboration), and a variety of possible metrics exist for comparing process variants of multiple organizations (exploiting commonality). The challenge, therefore, lies in defining metrics and KPIs that match different stakeholders’ expectations and provide valuable insights, for example, as they are aligned with the business strategy (Engel et al., 2016; Ho et al., 2009). Furthermore, the organizations need to be able to “calculate [these] KPIs from different syntaxes and semantics across heterogeneous […] data schemas” (Engel et al., 2016).

Ensure comparability and semantic alignment: Organizations operate in varying contexts. For example, the geographical circumstances differ. In addition, semantical differences exist between the compared partners. For instance, identical labels for activity names do not necessarily mean the same thing, as one activity can include different steps in different organizations (Pourmasoumi et al., 2017). Hence, comparability between process variants or subgroups of process instances under analysis can usually be questioned. If comparability is not properly considered, the expressiveness of the results is reduced, thereby leading to potential mistrust in the PM analysis results (Aksu et al., 2016; Partington et al., 2015; Suriadi et al., 2014). For example, as stated by Partington et al. (2015) in a case study among hospitals: “When the case study results were presented to the stakeholder group, there emerged some doubt as to whether there was consistency in the […] diagnosis. While it was generally agreed […] that there was likely to be little difference, it did bring into question the true comparability of […] patient populations across hospitals.” Or, as written by Suriadi et al. (2014): “Given such complexity, it can be difficult to determine appropriate ways to split the data into natural groupings for comparison purposes. A key challenge here is how to group cases such that each group is mostly homogeneous, and thus, yield usable comparison results.”

Choose the appropriate coPM technique: Due to the described challenges, “normal” PM techniques can usually not be applied in a cross-organizational setting: “It is difficult to apply existing approaches directly to discover a model for a cross-organizational workflow” (Zeng et al., 2013). Hence, organizations and researchers need to determine which of the described techniques should be applied in their specific setting. This is challenging, as various techniques (see Section 4.2.5) with different advantages and disadvantages were developed and presented in the literature, differing in their approach (e.g. for process model discovery, merging the event log before discovering the cross-organizational process model, or discovering individual process models and subsequently merging them toward a cross-organizational one).

4.3.2 Complexity

Handle process size and complexity: Multiple partners are involved in an inter-organizational business process, and they usually perform a large number of activities through a variety of communication patterns. Activities from different organizations thus can have different relationships (e.g. executed in parallel or sequentially). Discovering such an inter-organizational business process can hence be very complex; for example, as multiple activities are intertwined: “The complexity of logs obtained from various organizations is likely to result in highly-complex spaghetti process models” (Suriadi et al., 2014) or, as stated by Lamghari et al. (2020), “the construction of supply chain-wide processes poses a real challenge of complexity.” Overall, the process size and its complexity need to be handled to ensure meaningful results from coPM analysis.

Encounter distributed knowledge and control: As multiple organizations are involved, the knowledge of the inter-organizational process is distributed among them: “Often[,] the knowledge about the overall process is distributed over the involved parties and no single party has an overview on the complete process and all its details” (Jokonowo et al., 2018). Also, every party involved has individual expertise: “Each organization can have expertise on different subjects, e.g. depending on its goals and knowledge” (Aksu et al., 2016). Moreover, there might be no central control or overview, with the result that each business partner is only able to see and modify those parts of the process that he is responsible for. This hampers both discovering and analyzing cross-organizational processes as well as defining and implementing measures for handling inefficiencies unraveled through coPM analysis across different parties.

Merge intra-organizational process models: Once the organizations have discovered process models that represent their view of the overall business process, usually based on the data they have access to, it is a challenge to combine these into a process model that reflects the whole cross-organizational process. This involves handling messages exchanged between the organization that indicate interoperability issues, e.g. “the supplier (Company B) sends an invoice which is not expected by the requester (Company A)” (Aouachria et al., 2017) and handling different patterns of cross-organizational collaboration on the activity level; for example, activities simultaneously involving both organizations or activities executed sequentially (Zeng et al., 2013).

4.3.3 Data

Get access to distributed data: The data for coPM is usually spread over different systems, databases and servers owned by various organizations because every organization records sub-logs (collaboration) or data of multiple process variants executed by varying parties is required (exploiting commonality) (Claes and Poels, 2014). This results in a situation where the overall event log is not directly available, as the initial access to event-log data is normally limited to the organization’s own data (Elkoumy et al., 2020a). Hence, it remains a challenge for the participating organizations to agree on a way to either grant everybody access to each other’s databases or store the individually extracted event logs in a common space.

Homogenize data quality: The quality of the PM results crucially depends on the input data quality. The challenge in a cross-organizational setting is that data might not be recorded and stored in the same quality in each organization. For example, “events may be incomplete, logs may contain outliers” (Rozsnyai et al., 2012), or “events are not recorded precisely and important details to characterize and identify events are missing.” (D'Iddio et al., 2016b) Thus, organizations and researchers need to be aware of data quality differences that need to be resolved before coPM analysis.

Handle incomplete data: The data for coPM may be incomplete due to various reasons. For example, data fields necessary for coPM analysis are missing because they are not recorded, or the organizations are not willing to share all details of their event log (Rozsnyai et al., 2012; Van Der Aalst et al., 2012). Missing data fields, then, may cause several hurdles during process discovery (e.g. indistinguishable timestamps, representing only the day of activity execution, which hampers the ability to correctly identify the order of activities) and conformance checking (e.g. executed but not recorded activities may lead to the wrong conclusion of a non-conforming process behavior) (D'Iddio et al., 2016a, b).

Resolve data granularity differences: As multiple organizations govern their individual event log, the granularity between multiple event logs may differ. This issue relates to timestamps: “timestamps may have different levels of granularity ranging from milliseconds precision (28-9-2011:h11m28s32ms342) to coarse date information (28-9-2011)” (Van Der Aalst et al., 2012) and to the level of detail of the recorded activities (Claes and Poels, 2014): “an event log can hold data about a number of events at a high level of detail and of other events at a low level of detail.” Also, organizations may use different identifiers, which complicate merging distributed data: “For example, one system uses name and birthdate to identify a person whereas another system uses the person’s social security number” (Van Der Aalst et al., 2012). These differences in data granularity need to be resolved when merging the individual event logs into an overall event log.

Data source changes bring back challenges: Firms’ IT infrastructures do not remain constant in general because of, for example, new requirements, regulations, or optimization initiatives. Hence, IT systems and, in turn, the data sources for coPM are subject to change: “Changes may occur when IT systems are replaced, when data structures are improved, errors are fixed or new components are introduced that add additional data.” (Rozsnyai et al., 2012) For coPM, this complicates a continuous analysis because the variety of described challenges may reoccur for each change in one or multiple of the organization’s IT infrastructure.

Ensure scalability with large data volumes: Complex inter-organizational business processes (collaboration) or multiple variants of the same business process (exploiting commonality) generate large amounts of data that must be processed. This may result in scalability issues, for example, when a specific coPM or encryption technique is resource-intensive. Looking at large organizational implementations of PM, we observe that in intra-organizational settings, use cases with multiple millions of process instances are already present (Celonis, 2022). Hence, organizations developing new techniques for coPM, for example, need to ensure that their approaches are able to handle large amounts of data.

4.3.4 Organization-individual goals

Handle contrasting goals: CoPM may be applied by business partners for different reasons and to support diverse – and possibly rival – goals (Buijs and Reijers, 2014; Helm and Küng, 2016). Also, partners may have local priorities in an inter-organizational business process. For example, a manufacturer wants to increase the process transparency of its supplier, while the supplier strives to optimize the overall efficiency while hiding certain process details to maintain a competitive advantage. This gives rise to the challenge of local versus global optimization: “today’s enterprises operate on a global scale and it is a challenge to achieve global optimization within the network” (Ho et al., 2009).

Reveal correct and valuable insights: In an inter-organizational context, the challenge of deriving targeted and valuable insights for all participants results from business partners providing large amounts of data, offering seemingly unrestricted ways for process discovery, conformance checking and enhancement. Also, as described in the previous challenge, different goals may require different ways of analyzing the process. Thus, it is a challenge “to not get lost” in the analytical possibilities and restrict coPM analysis to valuable opportunities. Further, the insights need to be correct, which is a particularly important challenge when only abstractions of process models are shared, merged or analyzed (Liu et al., 2023a; Rafiei and Van Der Aalst, 2023).

4.3.5 Information protection

Implement data security: Data security refers to the challenge of protecting the data from misuse or unauthorized access and is rooted in three aspects: confidentiality, integrity and availability of the data. Confidentiality refers to preventing secret information from one organization from being accessed by unauthorized third parties. For example, “with the increasing number of participants in supply chain business processes […], it is important to secure data, where it will be only accessible to authorized persons” (Lamghari et al., 2020). Data integrity ensures that the data are not modified unauthorizedly. For example, it should not be possible for one organization to manipulate the data from another organization. Data availability ensures that the data can be accessed by authorized institutions at the required point in time while maintaining confidentiality requirements. This, for example, “might require that certain data are hashed or encrypted before being transmitted” (Talamo et al., 2013b).

Ensure data privacy: Privacy requirements and regulations (e.g. the general data protection regulation by the European Union [2]) have to be fulfilled to protect the rights of the individuals who interact with the cross-organizational process and, thereby, whose data are processed. This is especially relevant when the data is being shared between multiple organizations (Elkoumy et al., 2020b): “Due to confidentiality concerns and privacy regulations […] the involved organizations are unwilling to, or sometimes legally prevented from, sharing their event logs.” Thus, it needs to be clarified whether person-related data originating from one organization can be shared with another organization without disregarding any privacy regulations.

4.3.6 Process-related change

Constantly handle (concept) drift: (Concept) drift is a challenge in two ways: First, the process might change while being analyzed, or a discovered process model can become outdated. Second, seasonal effects might result in process variants being executed under varying conditions (Van Der Aalst, 2010). For example, there may be seasonal effects affecting the features of a process. The same process may have long flow times in December and short flow times in January due to differences in workload. This should be taken into account when comparing variants. In a cross-organizational context, those drifts happen at each organization at different points in time, leading to the challenge of constantly adjusting coPM analysis to handle (concept) drifts.

Resolve focus shift in supply chains: This challenge arises because goods processed in a supply chain are hard to follow between the first and final activity. This originates from a change in the process focus – including the recorded data – due to the assembly and packaging operations (Gerke et al., 2009b): “The main challenge is assigning different events […] to a process instance in such a way that the shifting focus between different assembled and disassembled business objects of varying granularity is handled appropriately.” For example, the early process focus within a car production process may be on the delivery of a car wheel, which is subsequently mounted on a car (new process focus: car) before the car gets transported by a truck to the customer (new process focus: truck transport).

4.4.1 Data preparation

Pre-process data: To handle the complexity of cross-organizational event-log data and to recognize security, privacy and confidentiality requirements, it is helpful to pre-process the data before the actual coPM analysis. The following forms of pre-processing can be applied:

1. Merging: In order to enable coPM analysis, intra-organizational data can be merged to create cross-organizational data. This can happen at different levels: “raw data level (i.e. merging databases and/or files), structured data level (i.e. merging event logs), and model level (i.e. merging process models)” (Claes and Poels, 2014).

2. Filtering: Filtering the data may be required to hide certain details (e.g. business-critical information) or to focus the analysis on cases that fulfill certain criteria, e.g. completeness: “In order to tailor the available data toward our research questions […], we […] filter the results for cases which contain complete traces” (Engel and Bose, 2014).

3. Anonymization and Pseudonymization: To protect individuals whose data is processed during coPM, the data can be anonymized (process the data in such a way that the original person cannot be determined) or pseudonymized (replace personal data with pseudonyms, thereby preserving the possibility to connect data from different databases being pseudonymized in the same way).

4. Adding additional (noise) information: Additional information can be added to the event log to overcome missing data (e.g. calculate approximate timestamps) or hide certain details (e.g. add activities to protect the actual order of activities executed being exposed to other organizations).

5. Extracting event-log data: The data required for coPM can, in certain situations, not be directly drawn from the source systems, usually, because the data are stored in a different format. Hence, the necessary event-log information needs to be extracted; for example, building upon messages exchanged between the organizations or RFID tags scanned throughout the supply chain (see Section 4.2.5)

Apply clustering and classification techniques (exploiting commonality): Clustering (e.g. k-means clustering) and classification (e.g. decision trees) techniques can be applied when multiple organizations are compared through coPM analysis. They assist in understanding differences and commonalities between process variants and groups of process instances. As stated by Suriadi et al. (2014): “A key lesson learned here is that clustering techniques can be used to discover inherent clusters of cases informed purely by the features in the dataset while decision tree analysis can be used to extract the key discriminating features of each cluster.” This assists organizations in learning best practices from each other.

4.4.2 Data and process analysis

Continuously analyze the process and assess the created value: Due to the high complexity involved, it is advisable to continuously repeat the coPM analysis; for instance, by performing multiple iteration cycles: “The examples from a software vendor’s perspective and an organization’s perspective indicate that one can obtain more specific insights by executing more interaction cycles […]. In each cycle, one can define more granular process mining questions using organizational contexts, metric semantics, or business semantics” (Aksu et al., 2016). Together with periodically assessing the value of the coPM project, it ensures the ongoing involvement of all participating organizations.

Focus coPM analysis: As an extensive and heavily intertwined cross-organizational business process offers many opportunities for investigation, it is advisable to focus the analysis on specific aspects: “We found that it was important to provide some focus as to which areas that we should analyze to avoid being overwhelmed by too many ‘potentially-relevant’ comparison points” (Partington et al., 2015). In addition, organizations should analyze the process by following dedicated questions (Van Der Aalst et al., 2012): “Process mining activities need to be driven by questions. Without concrete questions, it is very difficult to extract meaningful event data.” Focusing the analysis thus assists with deriving valuable insights and reduces the risk of getting lost in the great number of analytical possibilities.

Provide process view flexibility and use configurable process models: The overall process model and the views thereof should be kept flexible (e.g. be able to hide activities that are irrelevant for one organization), as multiple organizations have different perspectives that they are interested in. Hence, organizations need different views to support their analysis. Providing a configurable process model that describes a set of familiar processes can further assist in standardizing process variants while still allowing for local configurations (Buijs et al., 2012b): “Configurable process models […] provide a way to model variability in the processes […]. Given a shared configurable model, organizations can use different configurations to adapt to local needs.”

Use visualization techniques for presenting coPM results: Visualizations (e.g. process maps, alignment matrices, dotted charts, organigrams or social network visualizations) are a powerful way of deriving comprehensible analysis results, especially if the underlying cross-organizational process is large and complex (Buijs and Reijers, 2014). They trigger discussion, enhance interpretability and represent an easier way to share information between the participating organizations compared to releasing the raw event-log data (Corradini et al., 2022; Pini et al., 2015).

Discuss results with process experts and stakeholders to incorporate feedback: Discussing the results with process experts, data and IT specialists, and managerial stakeholders from (all) participating organizations assists in evaluating and interpreting the results: “The results from the case study were communicated back to the stakeholders, as part of an iterative engagement to ask questions, such as ‘is the data actually telling us what we think it is telling us?” (Partington et al., 2015). This is specifically relevant in cross-organizational settings, as the individual organizations possess unique domain knowledge that is required for correctly interpreting coPM results and deriving measures for process optimization. Furthermore, the discussions may lead to future directions in analyzing the process.

4.4.3 Governance

Align interests, strategies, and goals: Similar to information sharing in supply chains, it is beneficial for the participating organizations to align their interests, strategies and goals. This can be achieved, for example, by implementing service level agreements or aligning bottom-up coPM analysis with top-down strategic objectives (Edgington et al., 2010): “metrics need to be applied within the service level agreement (SLA) in order to help align the outsourcer's actual process execution with the client's actual interests.” Specifically, implementing value distribution mechanisms may ensure that the value of coPM is distributed to the organizations in such a way that everybody is incentivized to create a higher value (Rott and Böhm, 2022b).

Consider including a third party for parts of coPM: To overcome confidentiality issues, the inclusion of an additional (trustworthy) party (e.g. a PM vendor, consultancy or research institution) should be considered. It, for example, takes the event-log data of multiple organizations as input and provides the results of the coPM analysis to each party (Morales-Sandoval et al., 2021). Thereby, organizations cannot access foreign information.

4.4.4 Relationships between challenges and enablers

As can be drawn from Figure 5, which is based on the described coding procedure in Section 3.3, most of the enablers are directly related to the challenges described. Overall, one dominant enabler can be observed: Pre-process data. It relates to nine challenges and undermines the past literature focus on technical aspects of coPM. We further observe multiple enablers and challenges being disconnected from each other, thereby indicating areas for future research (see Section 5.1 and Section 5.3).

5.3.1 Environmental uncertainty (1.1)

Business processes are influenced by the industry and the market they are executed in Venkatesh and Bala (2012). Regulations, laws and standards have compliance requirements that have to be fulfilled (Aksu et al., 2016; Knuplesch et al., 2013), such as the general data protection regulation in the European Union (Elkoumy et al., 2020b). Those factors of environmental uncertainty are so far only investigated for accurately comparing the performance of organizations (Aksu et al., 2016). Hence, it remains unknown which factors exist and are specifically relevant in collaborative coPM settings. To identify sources of environmental uncertainty for coPM, researchers can draw on existing work on environmental uncertainty, for example, Duncan (1972), and determine the factors relevant in coPM settings. Building upon identified sources of environmental uncertainty, researchers can investigate how homogeneous and heterogenous environments as well as stable and dynamic environments impact coPM. For example, dynamic environments may require reperforming coPM analyses and reinterpreting the results, while heterogeneous environments enhance the complexity of accurately comparing multiple organizations with each other.

5.3.2 Partnership uncertainty (1.2)

Diirr and Cappelli (2018) postulate that shared goals among business partners form a successful basis for inter-organizational relationships, while Pang and Bunker (2007) emphasize the importance of financial benefits, and Bala and Venkatesh (2007) conclude that in an inter-organizational relationship, power differences usually exist between the participating partners; for example, based on their market share. These differences can be leveraged, for example, to force a non-dominant partner to invest in relationship-specific technology. In coPM, one possible scenario is that a dominant firm forces a non-dominant firm to store and share event-log data in a particular format. In the same way, trust plays a vital role in hampering or promoting the success of inter-organizational cooperation (Ghosh and Fedorowicz, 2005). So far, sources of partnership uncertainty on coPM were only mentioned within the motivation of three studies, Ho et al. (2009), Jacobi et al. (2020) and Rott and Böhm (2022b). Hence, we emphasize the importance of unraveling various sources of partnership uncertainty and their effect on a coPM initiative. We believe that stakeholder theory, emphasizing the importance of individual and diverging interests of involved stakeholders (Donaldson and Preston, 1995), may assist with this research question and can be enriched by researching coPM. In addition, goal compatibility, trust, and power dependence as prominent sources of partnership uncertainty in inter-organizational relationships (Bensaou and Venkatraman, 1996) need to be investigated. As, for example, mistrust is often more prominent in the early phases of an inter-organizational relationship (Scott, 2000), we believe it is important to also analyze how these factors evolve over time, for example, with increasing maturity of the coPM analysis.

5.3.3 Task uncertainty (1.3)

So far, two papers have mentioned sources of task uncertainty (task analyzability, task variety and task interdependence) in their work: Partington et al. (2015) and Engel et al. (2012). Hence, we know little about the situations, industries and processes that need to handle task uncertainty. Also, research on the consequences of the three task uncertainty sources and their impact on coPM is missing. Against this background, we consider it important to investigate how coPM is impacted by the presence of task uncertainty. Task analyzability may, for example, influence the comparison of tasks executed in different organizations due to different specifications of task execution, while task variety may be required to consider when comparing task performance between multiple organizations, for example, as unforeseen constraints of location, time or personnel resources restrict the task execution (Unger and Wagner, 2011). We expect both to be important for coPM to exploit commonalities and provide an opportunity to contribute to theory on IT-enabled inter-organizational learning (Scott, 2000). In contrast, task interdependence is specifically relevant for collaborative coPM, for example, when the inter-organizational business process involves the exchange of information between collaborating partners, as the outcomes of tasks executed at one organization influence the tasks of their business partners (Zhi-Jun and Tian-Mei, 2006). Hence, research on task interdependence in coPM may contribute to coordination theory, which investigates how multiple actors coordinate their actions (Malone, 1988).

5.3.4 Interdependencies between environmental, partnership and task uncertainty (1.4)

As stated by Bensaou and Venkatraman (1996), the uncertainty sources range from very global (environmental uncertainty) to very specific (task uncertainty). Looking at the papers from our literature review, we see that no paper simultaneously investigated two or all three uncertainty sources. Hence, we know little about the interdependence between environmental, partnership and task uncertainty. However, we believe that this is important to understand if some uncertainty sources depend on each other or promote, hamper or eliminate the need for IOC through coPM.

5.3.5 Structural mechanisms (2.1)

Structural mechanisms assign authority and roles within coPM (Bensaou and Venkatraman, 1996). Existing coPM literature has focused on models for executing coPM, value distribution mechanisms, metrics for business process comparison and collaboration, and the formalization of business process compliance. Roles that are required for coPM projects, including their responsibilities (e.g. Who performs the coPM analysis?), are missing. Hence, we lack explicit guidelines for distributing tasks within coPM to specific participants (e.g. Is it beneficial to include a trusted third party for data integration and coPM analysis?). Furthermore, the different models for executing coPM were not empirically evaluated. Thus, we lack an understanding of the applicability of these models in different situations. In addition, governance mechanisms for coPM that assist researchers and practitioners have not been investigated thus far. Hence, we lack an understanding of ways to govern coPM and an understanding of how certain governance mechanisms impact coPM. For the latter, we think that the resource-based view of the firm (Wernerfelt, 1984) may serve as a theory for guiding this research. Building upon understanding governance mechanisms, we can further develop guidelines for implementing them in practice.

5.3.6 Process mechanisms (2.2)

Current literature on coPM has neglected process mechanisms that describe the socio-political atmosphere within the inter-organizational relationship and directly influence information processing capabilities. As stated by Bensaou and Venkatraman (1996), process mechanisms can be described using the three dimensions of conflict, cooperation and commitment, while it is expected that lower conflict, higher cooperation and higher commitment increase the ability to liberally share information. Hence, we first need to analyze the socio-political atmosphere in established coPM projects and inter-organizational collaborations to understand circumstances that promote and hamper them. Building upon this knowledge, we can subsequently investigate how organizations can positively influence the socio-political climate. Social network theory, for example, may assist with this research area by characterizing relationships between organizations as links between individuals within each organization (Haythornthwaite, 1996).

5.3.7 IT-mediated mechanisms (coPM techniques) (2.3)

As it can be drawn from Section 4.2, the majority of articles within this literature review focused on coPM techniques. Hence, organizations and researchers can draw on various techniques for the main coPM activities (Cartography, Auditing and Navigation), data pre-processing for coPM and coPM based on blockchain data. However, the discovery of process models is more extensively covered than coPM for auditing and navigation purposes. In addition, articles on navigation techniques for coPM were, surprisingly, published between 2009 and 2020, including only two publications from the last five years (see Table 3). This is in contrast to recent publications emphasizing the importance and value of forward-looking PM (Van Der Aalst and Carmona, 2022). Hence, we believe that it is valuable to increase research on coPM for navigation. Furthermore, most of the techniques are designed for post-mortem event data. Thus, we also call for research on real-time coPM, for example, for detecting non-conformant behavior. More specific research questions, for example, building upon the limitations of the already developed techniques, can be found in the articles of this literature review themselves. As we focus on the BPM and IS domain within this research agenda, we also want to point out socio-technical questions concerning coPM techniques. Multiple articles evaluated their approach using artificial data or presented abstract concepts of coPM techniques without any evaluation (see Table 2). Hence, we think that the disciplines of BPM and IS can advance research on coPM techniques by evaluating them in real-world empirical scenarios, understanding when certain techniques can be applied, and how the techniques assist with handling environmental, partnership, and task uncertainty.

5.3.8 Investigate fit between needs and capabilities (3)

The success of coPM is, according to the IOC framework, determined by the fit between the information processing needs originating from the uncertainty sources and the information processing capabilities determined through the coordination mechanisms (Bensaou and Venkatraman, 1996). Looking at the current coPM literature, we observe that no article has systematically looked into this. Hence, it remains unknown how the information processing needs and capabilities themselves, as well as the fit between both, can be determined for an inter-organizational collaboration performing coPM. This is of crucial importance for understanding how organizations can positively impact the success of coPM, as a misfit between needs and capabilities hampers the performance, either by wasting resources (low information processing needs and high information processing capabilities) or by not being able to properly handle uncertainty (high information processing needs and low information processing capabilities). In addition to directly contributing to the IOC framework, we expect this research area to also contribute to research on the impact of IS on the resilience of organizations (Heeks and Ospina, 2019), for example, by revealing how the coPM coordination mechanisms increase (inter-)organizational resilience.

5.3.9 Measure and dissect performance (4)

Measure and dissect the performance of coPM requires extensive cooperation between research and practice. Following the conclusion of Thiede et al. (2018) that coPM publications in IS research are underrepresented, we call for empirical research that looks into the outcomes of coPM. As the focus of the present literature is mostly on hospitals, municipalities and manufacturing firms (see Table 2), future research can investigate other scenarios; for instance, multi-modal transportation or software-as-a-service. Building upon cross-case analysis, researchers can advance the model of Badakhshan et al. (2022) for value creation from PM to account for cross-organizational scenarios and thereby investigate whether different types of affordances are required and new types of value can be realized (e.g. increasing inter-organizational trust by making the collaborative process transparent).

5.3.10 Future research on challenges and enablers of coPM (5)

Referring to the type of evaluation data from Table 2, many developed techniques and enablers were evaluated with artificial data, while some enablers and challenges are disconnected from each other (see Figure 5). Hence, investigating the impact of an enabler on one or more challenges requires empirical (quantitative) evaluation. As all challenges and enablers were drawn from the coPM literature, we further emphasize the need to reveal more of these grounded in practical experience as well as more detailed information and examples. For instance, how do firms gain access to data from business partners (collaboration), competitors or non-competitors (exploiting commonality)? This is desperately needed, as coPM is still lacking practical application despite the technological advancements in the past fifteen years (see Section 4.2.5 and Appendix 1). We expect qualitative empirical research, such as interviewing practitioners, PM vendors and consultancies that have implemented PM across organizational boundaries, to add valuable experience. Finally, after enhancing the list of challenges and enablers, it will be valuable to unravel their relative importance and priority for supporting (enabler) or hampering (challenges) coPM in industry and research, for example, through performing a Delphi study (Häder, 2014).

5.3.11 Overall research agenda

Overall, this leads to the following research agenda for coPM (see Table 7). Building upon an understanding of the uncertainty sources, research can develop targeted coordination mechanisms that assist organizations in adopting coPM and handling the information processing needs caused by the uncertainty sources. In addition, future research can contribute to various theories applied in IS and thereby advance our theoretical understanding of the dynamics in coPM. Finally, empirical research on the performance of coPM will shed light on the value-creating mechanisms in coPM while investigating challenges and enablers that will assist practitioners in the adoption of coPM.

5.4.1 Limitations

Though we followed the guidelines of Vom Brocke et al. (2009) and Webster and Watson (2002) including determining a search string and identifying the relevant databases, the selection and conceptualization of publications are to some extent always prone to the authors’ subjectivity. Our articles range from various conferences and journals within IS, BPM and CS research. Hence, they may differ in the quality and rigor of the research conducted. However, we decided to treat every article as equally important to fully understand the current state of knowledge on coPM. Also, our manuscript represents the current state of knowledge on coPM at the time of conducting our literature review and is, thus, limited to the published articles at that time. As coPM is an emerging topic, we expect that reperforming this literature review in the medium-term future, once more socio-technical artifacts have been developed, practical adoption has increased, and scientific articles have investigated successful real-life coPM relationships, will be valuable. Furthermore, the revealed challenges and enablers are solely drawn from the literature as we did not combine the literature review with additional empirical research methods (e.g. conducting interviews with PM vendors, adopters and consultancies, or performing field studies). Thus, they require further empirical evaluation and enhancement. As our search for practitioner-oriented resources (e.g. blogs on PM or white papers from vendors and consultancies) did not yield any valuable results, we focused our analysis on scientific coPM literature. Once more practitioner-related information is published in the future, we expect that these articles can supplement the information provided in our article. This also holds for concepts from related disciplines (e.g. information sharing in supply chains) that we have not included in this manuscript.

5.4.2 Theoretical contributions

We show that past literature on coPM focused mainly on technical aspects and provide a comprehensive summary of existing articles relevant for every researcher willing to engage with coPM by providing an overview of already developed approaches (technical and socio-technical) and by raising awareness for challenges and enablers that are involved in coPM application. Thus, researchers can build on the synthesized knowledge presented in this paper and further take the list of existing papers on coPM as a starting point to identify relevant coPM articles for their own research project. Further, we lay the foundation for future research on coPM building upon a new, socio-technical perspective, grounded in the IOC framework. The research agenda and the research framework emphasize the importance of a strong cooperation between research and practice. While proactively developing coordination mechanisms may help organizations with coPM adoption, researching successful coPM applications is necessary to understand how coPM can lead to the creation of business value. Overall, we therefore contribute cross-disciplinary to IS, BPM and CS literature.

5.4.3 Practical contributions

We believe that our article will also serve organizations as one great starting point for engaging with coPM. An awareness of the specific technical and non-technical challenges and enablers assists in anticipating and managing implementation hurdles, while the presented techniques and socio-technical artifacts assist with coPM adoption and implementation. Furthermore, the two main areas of our future research framework (uncertainty sources and coordination mechanisms) can guide organizations that initialize and conduct coPM by raising awareness for two important aspects that influence the success of a coPM endeavor: “What uncertainty sources are present in my coPM relationship?” and “What coordination mechanisms do we need to establish?”.