Compliance monitoring in business processes: Functionalities, application, and tool-support

In recent years, monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as major concern in literature and practice. Monitoring not only refers to continuously observing possible compliance violations, but also includes the ability to provide fine-grained feedback and to predict possible compliance violations in the future. The body of literature on business process compliance is large and approaches specifically addressing process monitoring are hard to identify. Moreover, proper means for the systematic comparison of these approaches are missing. Hence, it is unclear which approaches are suitable for particular scenarios. The goal of this paper is to define a framework for Compliance Monitoring Functionalities (CMF) that enables the systematic comparison of existing and new approaches for monitoring compliance rules over business processes during runtime. To define the scope of the framework, at first, related areas are identified and discussed. The CMFs are harvested based on a systematic literature review and five selected case studies. The appropriateness of the selection of CMFs is demonstrated in two ways: (a) a systematic comparison with pattern-based compliance approaches and (b) a classification of existing compliance monitoring approaches using the CMFs. Moreover, the application of the CMFs is showcased using three existing tools that are applied to two realistic data sets. Overall, the CMF framework provides powerful means to position existing and future compliance monitoring approaches.

[1]  Marco Montali Specification and Verification of Declarative Open Interaction Models: A Logic-Based Approach , 2010 .

[2]  Stephan Merz,et al.  Model Checking , 2000 .

[3]  Shazia Wasim Sadiq A Roadmap for Research in Business Process Compliance , 2011, BIS.

[4]  Nenad Stojanovic,et al.  Pattern-Based Design and Validation of Business Process Compliance , 2007, OTM Conferences.

[5]  Akhil Kumar,et al.  Conceptual model for online auditing , 2011, Decis. Support Syst..

[6]  Wil M. P. van der Aalst,et al.  Analyzing Vessel Behavior Using Process Mining , 2013, Situation Awareness with Systems of Systems.

[7]  Raymond Turner,et al.  Specification , 2011, Minds and Machines.

[8]  Jörg Becker,et al.  Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches — A State-of-the-Art Analysis and Research Roadmap , 2012 .

[9]  Jan Vanthienen,et al.  IEEE Task force on process mining , 2011 .

[10]  Santosh K. Shrivastava,et al.  A Model for Checking Contractual Compliance of Business Interactions , 2012, IEEE Transactions on Services Computing.

[11]  David Luckham,et al.  The power of events - an introduction to complex event processing in distributed enterprise systems , 2002, RuleML.

[12]  Gregor Engels,et al.  Pattern-Based Modeling and Formalizing of Business Process Quality Constraints , 2011, CAiSE.

[13]  Liam Peyton,et al.  A Framework for Continuous Compliance Monitoring of eHealth Processes , 2009, 2009 World Congress on Privacy, Security, Trust and the Management of e-Business.

[14]  Fabrizio Maria Maggi Declarative Process Mining with the Declare Component of ProM , 2013, BPM.

[15]  Wil M. P. van der Aalst,et al.  Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance , 2005, WISP@ICATPN.

[16]  Felix Klaedtke,et al.  MONPOLY: Monitoring Usage-Control Policies , 2011, RV.

[17]  Moe Thandar Wynn,et al.  Business Process Data Compliance , 2012, RuleML.

[18]  Wil M.P. van der Aalst,et al.  Declarative Specification and Verification of Service Choreographies , 2009 .

[19]  Schahram Dustdar,et al.  Monitoring web service event trails for business compliance , 2009, 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[20]  Paola Mello,et al.  Compliance Checking of Execution Traces to Business Rules: an Approach based on Logic Programming , 2008 .

[21]  Marek J. Sergot,et al.  A logic-based calculus of events , 1989, New Generation Computing.

[22]  Qi He Detecting Runtime Business Process Compliance with Artifact Lifecycles , 2013, ICSOC Workshops.

[23]  Stefanie Rinderle-Ma,et al.  Rule-Based Synchronization of Process Activities , 2011, 2011 IEEE 13th Conference on Commerce and Enterprise Computing.

[24]  조기조 Continuous Online Auditing , 1999 .

[25]  Paola Mello,et al.  Monitoring business constraints with the event calculus , 2013, ACM Trans. Intell. Syst. Technol..

[26]  Luciano Baresi,et al.  Towards Dynamic Monitoring of WS-BPEL Processes , 2005, ICSOC.

[27]  Szabolcs Rozsnyai,et al.  Proactive Business Process Compliance Monitoring with Event-Based Systems , 2011, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops.

[28]  Manfred Reichert,et al.  Workflow Time Patterns for Process-Aware Information Systems , 2010, BMMDS/EMMSAD.

[29]  Wil M. P. van der Aalst,et al.  DecSerFlow: Towards a Truly Declarative Service Flow Language , 2006, WS-FM.

[30]  Bart Baesens,et al.  Comprehensive rule-based compliance checking and risk management with process mining , 2013, Decis. Support Syst..

[31]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[32]  Stefanie Rinderle-Ma,et al.  Definition and Enactment of Instance-Spanning Process Constraints , 2012, WISE.

[33]  Wil M. P. van der Aalst,et al.  Workflow Data Patterns: Identification, Representation and Tool Support , 2005, ER.

[34]  Marwane El Kharbili,et al.  Towards a Framework for Semantic Business Process Compliance Management , 2008 .

[35]  Peter Dadam,et al.  On enabling integrated process compliance with semantic constraints in process management systems , 2012, Inf. Syst. Frontiers.

[36]  Luciano Baresi,et al.  A Timed Extension of WSCoL , 2007, IEEE International Conference on Web Services (ICWS 2007).

[37]  Mathias Weske,et al.  Towards Instant Monitoring of Business Process Compliance , 2010, EMISA Forum.

[38]  Giuseppe De Giacomo,et al.  Linear Temporal Logic and Linear Dynamic Logic on Finite Traces , 2013, IJCAI.

[39]  Paola Mello,et al.  Fuzzy Conformance Checking of Observed Behaviour with Expectations , 2011, AI*IA.

[40]  Paola Mello,et al.  Declarative specification and verification of service choreographiess , 2010, TWEB.

[41]  Ralf Steinmetz,et al.  On Optimizing Collaborative Manufacturing Processes in Virtual Factories , 2015 .

[42]  van den HeuvelWillem-Jan,et al.  Capturing Compliance Requirements , 2012 .

[43]  Fabio A. Schreiber,et al.  Is Time a Real Time? An Overview of Time Ontology in Informatics , 1992, NATO ASI RTC.

[44]  Stefanie Rinderle-Ma,et al.  Change patterns and change support features - Enhancing flexibility in process-aware information systems , 2008, Data Knowl. Eng..

[45]  Luciano Baresi,et al.  Dynamo: Dynamic Monitoring of WS-BPEL Processes , 2005, ICSOC.

[46]  Guido Governatori ICT Support for Regulatory Compliance of Business Processes , 2014, ArXiv.

[47]  Roger Villemaire,et al.  Runtime Monitoring of Message-Based Workflows with Data , 2008, 2008 12th International IEEE Enterprise Distributed Object Computing Conference.

[48]  Stefanie Rinderle-Ma,et al.  Data Transformation and Semantic Log Purging for Process Mining , 2012, CAiSE.

[49]  Marco Montali,et al.  Reasoning on LTL on Finite Traces: Insensitivity to Infiniteness , 2014, AAAI.

[50]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[51]  Boudewijn F. van Dongen,et al.  Replaying history on process models for conformance checking and performance analysis , 2012, WIREs Data Mining Knowl. Discov..

[52]  Wil M. P. van der Aalst,et al.  Process Mining - Discovery, Conformance and Enhancement of Business Processes , 2011 .

[53]  Paola Mello,et al.  Reactive Event Calculus for Monitoring Global Computing Applications , 2012, Logic Programs, Norms and Action.

[54]  Wil M. P. van der Aalst,et al.  A Declarative Approach for Flexible Business Processes Management , 2006, Business Process Management Workshops.

[55]  Josep Malvehy,et al.  Diagnosis and treatment of melanoma. European consensus-based interdisciplinary guideline - Update 2016. , 2012, European journal of cancer.

[56]  Peter Dadam,et al.  Monitoring Business Process Compliance Using Compliance Rule Graphs , 2011, OTM Conferences.

[57]  Akhil Kumar,et al.  Visual Modeling of Business Process Compliance Rules with the Support of Multiple Perspectives , 2013, ER.

[58]  Mathias Weske,et al.  Consistency Checking of Compliance Rules , 2010, BIS.

[59]  Thomas A. Henzinger,et al.  Real-Time Logics: Complexity and Expressiveness , 1993, Inf. Comput..

[60]  Miklos A. Vasarhelyi,et al.  Continuous Online Auditing: A Program of Research , 1999, J. Inf. Syst..

[61]  Samir Sebahi Monitoring business process compliance : a view based approach. (Monitoring de la conformité des processus métiers : approche à base de vues) , 2012 .

[62]  Kevin Shaw,et al.  Stream Data Management , 2005, Advances in Database Systems.

[63]  Felix Klaedtke,et al.  Runtime Monitoring of Metric First-order Temporal Properties , 2008, FSTTCS.

[64]  Manfred Reichert,et al.  Adeptflex—Supporting Dynamic Changes of Workflows Without Losing Control , 1998, Journal of Intelligent Information Systems.

[65]  Luciano Baresi,et al.  Self-healing BPEL processes with Dynamo and the JBoss rule engine , 2007, ESSPE '07.

[67]  James F. Allen Maintaining knowledge about temporal intervals , 1983, CACM.

[68]  M Maja Pesic,et al.  Constraint-based workflow management systems : shifting control to users , 2008 .

[69]  Eduardo Alves Portela Santos,et al.  Modeling Business Rules for Supervisory Control of Process-Aware Information Systems , 2011, Business Process Management Workshops.

[70]  Mathias Weske,et al.  Business Process Management: Concepts, Languages, Architectures , 2007 .

[71]  Srdjan Marinovic,et al.  Monitoring Compliance Policies over Incomplete and Disagreeing Logs , 2012, RV.

[72]  María Teresa Gómez López,et al.  Explaining the Incorrect Temporal Events during Business Process Monitoring by Means of Compliance Rules and Model-Based Diagnosis , 2013, 2013 17th IEEE International Enterprise Distributed Object Computing Conference Workshops.

[73]  Paola Mello,et al.  Towards data-aware constraints in declare , 2013, SAC '13.

[74]  N.C. Narendra,et al.  Optimal control point selection for continuous business process compliance monitoring , 2008, 2008 IEEE International Conference on Service Operations and Logistics, and Informatics.

[75]  Henry Prakken,et al.  Contrary-to-duty obligations , 1996, Stud Logica.

[76]  Wil M. P. van der Aalst,et al.  Declarative workflows: Balancing between flexibility and support , 2009, Computer Science - Research and Development.

[77]  Rafael Accorsi,et al.  On the exploitation of process mining for security audits: the conformance checking case , 2012, SAC '12.

[78]  Boudewijn F. van Dongen,et al.  XES, XESame, and ProM 6 , 2010, CAiSE Forum.

[79]  Josep Malvehy,et al.  Diagnosis and treatment of melanoma: European consensus-based interdisciplinary guideline. , 2010, European journal of cancer.

[80]  Jun Li,et al.  Business process management enabled compliance-aware medical record sharing , 2013, Int. J. Bus. Process. Integr. Manag..

[81]  Stefanie Rinderle-Ma,et al.  Integration of Process Constraints from Heterogeneous Sources in Process-Aware Information Systems , 2011, EMISA.

[82]  Marco Montali,et al.  Discovering Data-Aware Declarative Process Models from Event Logs , 2013, BPM.

[83]  Marco Montali,et al.  Runtime Verification of LTL-Based Declarative Process Models , 2011, RV.

[84]  Marco Montali,et al.  Monitoring Business Constraints with Linear Temporal Logic: An Approach Based on Colored Automata , 2011, BPM.

[85]  Opher Etzion,et al.  Integrating Complex Events for Collaborating and Dynamically Changing Business Processes , 2009, ICSOC/ServiceWave Workshops.

[86]  Wil M. P. van der Aalst,et al.  DECLARE: Full Support for Loosely-Structured Processes , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[87]  Mike P. Papazoglou,et al.  Capturing Compliance Requirements: A Pattern-Based Approach , 2012, IEEE Software.

[88]  Mathias Weske,et al.  Specification, Verification and Explanation of Violation for Data Aware Compliance Rules , 2009, ICSOC/ServiceWave.

[89]  Barbara Kitchenham,et al.  Procedures for Performing Systematic Reviews , 2004 .

[90]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[91]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[92]  M Strano,et al.  [PhD Thesis] Contract Specification for Compliance Checking of Business Interactions , 2009 .

[93]  Schahram Dustdar,et al.  Domain-specific language for event-based compliance monitoring in process-driven SOAs , 2013, Service Oriented Computing and Applications.

[94]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[95]  Stefanie Rinderle-Ma,et al.  On Analyzing Process Compliance in Skin Cancer Treatment: An Experience Report from the Evidence-Based Medical Compliance Cluster (EBMC2) , 2012, CAiSE.

[96]  Paola Mello,et al.  Checking Compliance of Execution Traces to Business Rules , 2008, Business Process Management Workshops.

[97]  Linh Thao Ly SeaFlows - a compliance checking framework for supporting the process lifecycle , 2013 .

[98]  Dirk Fahland,et al.  Separating Compliance Management and Business Process Management , 2011, Business Process Management Workshops.

[99]  In Ho Kwon,et al.  Book Review: Process Mining: Discovery, Conformance and Enhancement of Business Processes , 2014, Healthcare Informatics Research.

[100]  Marco Montali,et al.  A Framework for the Systematic Comparison and Evaluation of Compliance Monitoring Approaches , 2013, 2013 17th IEEE International Enterprise Distributed Object Computing Conference.

[101]  Marco Montali,et al.  An Operational Decision Support Framework for Monitoring Business Constraints , 2012, FASE.

[102]  Dirk Fahland,et al.  Where Did I Misbehave? Diagnostic Information in Compliance Checking , 2012, BPM.

[103]  Marco Pistore,et al.  Run-Time Monitoring of Instances and Classes of Web Service Compositions , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[104]  Felix Klaedtke,et al.  Checking System Compliance by Slicing and Monitoring Logs , 2013 .