On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management

Assessing whether a company's business practices conform to laws and regulations and follow standards, i.e., compliance governance, is a complex and costly task. Few software tools aiding compliance governance exist; however, they typically do not address the needs of who is in charge of assessing and controlling compliance, that is, compliance experts and auditors. We advocate the use of compliance governance dashboards, whose design and implementation is however challenging for these reasons: (i) it is fundamental to identify the right level of abstraction for the information to be shown; (ii) it is not trivial to visualize distinct analysis perspectives; and (iii) it is difficult to manage the large amount of involved concepts, instruments, and data. This paper shows how to address these issues, which concepts and models underlie the problem, and, how IT can effectively support compliance analysis in SOAs.

[1]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[2]  J. C. Cannon,et al.  Compliance Deconstructed , 2006, ACM Queue.

[3]  E. Rosow,et al.  JEDI - An Executive Dashboard and Decision Support System for Lean Global Military Medical Resource and Logistics Management , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[4]  Ann L. Fruhling,et al.  Exploring User Preference for the Dashboard Menu Design , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[5]  Tracee Vetting Wolf,et al.  Seeing is believing: Designing visualizations for managing risk and compliance , 2007, IBM Syst. J..

[6]  Eric Allman Complying with Compliance , 2006, QUEUE.

[7]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[8]  Themis Palpanas,et al.  Model-Driven Dashboards for Business Performance Reporting , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[9]  Nenad Stojanovic,et al.  A Semantic-based Approach for Compliance Management of Internal Controls in Business Processes , 2007, CAiSE Forum.

[10]  Mike P. Papazoglou Compliance Requirements for Business-process driven SOAs , 2008, E-Government, ICT Professionalism and Competences Service Science.

[11]  G. Evans,et al.  The BT Risk Cockpit — a visual approach to ORM , 2007 .

[12]  Fabio Casati,et al.  Business Compliance Governance in Service-Oriented Architectures , 2009, 2009 International Conference on Advanced Information Networking and Applications.

[13]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[14]  Schahram Dustdar,et al.  Tailoring a model-driven Quality-of-Service DSL for various stakeholders , 2009, 2009 ICSE Workshop on Modeling in Software Engineering.

[15]  Nora Cuppens-Boulahia,et al.  Security policy compliance with violation management , 2007, FMSE '07.

[16]  Stefano Ceri,et al.  Designing Data-Intensive Web Applications , 2002 .