Modeling Controls for Compliance -- An Analysis of Business Process Modeling Languages

Both external and internal stakeholders are asking companies and other institutions for transparency and compliance. To enforce compliance within their business processes, companies implement controls as the predominant approach to safeguard adherence to rules and regulations. Since modeling controls adequately is important, this contribution analyzes common business process modeling notations with regard to their capability to specify controls. First results show that BPMN 2.0 does not perfectly fit all requirements, however, it clearly outpaces the other languages.

[1]  J. Staud Geschäftsprozessanalyse: Ereignisgesteuerte Prozessketten und objektorientierte Geschäftsprozessmodellierung für Betriebswirtschaftliche Standardsoftware , 2007 .

[2]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[3]  Remco M. Dijkman,et al.  Business Process Model and Notation - Third International Workshop, BPMN 2011, Lucerne, Switzerland, November 21-22, 2011. Proceedings , 2011, Business Process Modeling Notation.

[4]  J. C. Cannon,et al.  Compliance Deconstructed , 2006, ACM Queue.

[5]  Jan Mendling,et al.  Business Process Execution Language for Web Services , 2006, EMISA Forum.

[6]  Gerhard Knolmayer,et al.  The specification of business rules: A comparison of selected methodologies , 1994, Methods and Associated Tools for the Information Systems Life Cycle.

[7]  Hans-Christian Pfohl,et al.  Planung und Kontrolle , 1981 .

[8]  Jan Vanthienen,et al.  Compliant and Flexible Business Processes with Business Rules , 2006, BPMDS.

[9]  August-Wilhelm Scheer,et al.  ARIS — Modellierungsmethoden, Metamodelle, Anwendungen , 1998 .

[10]  Stefano Filippi,et al.  State of the Art in the Field , 2010 .

[11]  Kioumars Namiri Model-Driven Management of Internal Controls for Business Process Compliance , 2008 .

[12]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[13]  Dieter Hertweck,et al.  IT-Compliance im Mittelstand , 2008, HMD Praxis der Wirtschaftsinformatik.

[14]  Frank Leymann,et al.  Integrating Compliance into Business Processes: Process Fragments as Reusable Compliance Controls , 2010 .

[15]  August-Wilhelm Scheer,et al.  ARIS — Vom Geschäftsprozess zum Anwendungssystem , 1998 .

[16]  Hafedh Mili,et al.  Business process modeling languages: Sorting through the alphabet soup , 2010, CSUR.

[17]  Marta Indulska,et al.  Representational Deficiency of Process Modelling Languages: Measures and Implications , 2008, ECIS.

[18]  K. Bamberger,et al.  Technologies of Compliance: Risk and Regulation in a Digital Age , 2009 .

[19]  Stefan Sackmann,et al.  ExPDT: Ein Policy-basierter Ansatz zur Automatisierung von Compliance , 2008, Wirtsch..

[20]  Jan Mendling,et al.  Business Process Model and Notation , 2012, Lecture Notes in Business Information Processing.

[21]  Valtteri Niemi,et al.  Distributed Usage Control , 2011, ANT/MobiWIS.

[22]  State-ofthe-art in the field of compliance languages , 2008 .

[23]  August-Wilhelm Scheer,et al.  ARIS Architecture and Reference Models for Business Process Management , 2000, Business Process Management.