Reducing Compliance Violations through Systematic Risk Assessment during the Supplier Analysis Process

Business process compliance means to ensure that business practice and processes are aligned at relevant laws and industry standards. This means for companies to comply with an increasing number of rules of different origin and complexity. Especially purchasing activities are affected by various regulations that affect the whole supply chain. Companies then need to assure that compliance regulations are synchronized with its suppliers. In this paper, purchasing regulations are reviewed to derive risk categories that can be applied to the supplier assessment. We therefore adopt a generic supplier assessment method called SCOPE. The method is expanded by a compliance category (SCOPE-C) that refers to risks regarding disloyalty and corruption, the relationship to competitors as well as social and environmental factors and additional criteria to form a reliable supplier base. The extended SCOPE-C method can be used to assess to which extent suppliers fulfil corporate compliance policies.

[1]  Robert B. Handfield,et al.  Purchasing and Supply Chain Management, 3rd Edition , 2005 .

[2]  Mike P. Papazoglou,et al.  Root-Cause Analysis of Design-Time Compliance Violations on the Basis of Property Patterns , 2010, ICSOC.

[3]  Cedric Ryngaert,et al.  An Institutional Approach to the Responsibility to Protect: The General Assembly , 2013 .

[4]  James Lam Enterprise Risk Management: From Incentives to Controls , 2003 .

[5]  W. H. Inmon,et al.  Mastering the sap® business information warehouse: leveraging the business intelligence capabilities of sap netweaver, second edition , 2006 .

[6]  State-ofthe-art in the field of compliance languages , 2008 .

[7]  G. Zsidisin,et al.  Supply chain risk : a handbook of assessment, management, and performance , 2008 .

[8]  Nenad Stojanovic,et al.  Pattern-Based Design and Validation of Business Process Compliance , 2007, OTM Conferences.

[9]  Marwane El Kharbili,et al.  Policy-Based Semantic Compliance Checking for Business Process Management , 2008, MobIS Workshops.

[10]  Dirk Fahland,et al.  Where Did I Misbehave? Diagnostic Information in Compliance Checking , 2012, BPM.

[11]  Shazia Wasim Sadiq,et al.  Compliance Aware Business Process Design , 2007, Business Process Management Workshops.

[12]  R. Dameri Improving the Benefits of IT Compliance Using Enterprise Management Information Systems , 2009 .

[13]  Peter Shears Food fraud - a current issue but an old problem , 2010 .

[14]  I. Pies,et al.  United Nations Global Compact , 2010 .

[15]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[16]  Claes Hiigg,et al.  The OECD Guidelines for multinational enterprises , 1984 .

[17]  E. Raaij,et al.  Non-Compliant Work Behaviour in Purchasing: An Exploration of Reasons Behind Maverick Buying , 2009 .

[18]  Halina Ward,et al.  Public sector roles in strengthening corporate social responsibility: a baseline study , 2002 .

[19]  Antonio Ruiz Cortés,et al.  On the Identification of Data-Related Compliance Problems in Business Processes , 2010 .

[20]  C. Laszlo,et al.  Chapter 4 – The Ten Principles , 2000 .

[21]  Jörg Becker,et al.  A Reference Model for Retail Enterprise , 2007 .

[22]  Farhad Arbab,et al.  Towards Using Reo for Compliance-Aware Business Process Modeling , 2008, ISoLA.

[23]  Hongyan Ma,et al.  Process-aware information systems: Bridging people and software through process technology , 2007, J. Assoc. Inf. Sci. Technol..

[24]  Rhona K. M. Smith,et al.  Consolidated Version of the Treaty on the Functioning of the European Union , 2015 .

[25]  J. Morsink,et al.  The Universal Declaration of Human Rights: Origins, Drafting, and Intent , 1999 .

[26]  Mathias Weske,et al.  Visualization of Compliance Violation in Business Process Models , 2009, Business Process Management Workshops.

[27]  Marwane El Kharbili,et al.  Business Process Compliance Checking: Current State and Future Challenges , 2008, MobIS.

[28]  Stefan Sackmann,et al.  ExPDT: Ein Policy-basierter Ansatz zur Automatisierung von Compliance , 2008, Wirtsch..

[29]  Jörg Becker,et al.  Modeling and Analysis of Business Process Compliance , 2011, Governance and Sustainability in Information Systems.

[30]  Jörg Becker,et al.  Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches — A State-of-the-Art Analysis and Research Roadmap , 2012 .

[31]  Martijn Zoet,et al.  Aligning Risk Management and Compliance Considerations with Business Process Development , 2009, EC-Web.