The success of today’s business operations depends largely on the ability to react to changing factors of influence. With the increasing distribution and heterogeneity of enterprise applications, the challenge is to gain and sustain oversight and to manage the different aspects of business operations systematically. Many disciplines and best practices have been established: On the infrastructure level, Service oriented architectures provide a common base to compose distributed applications. On the operational level, business process management provides high level visibility of end-to-end transactions. On the information level, master data management aggregates and consolidates data throughout the organization. There is, however, an aspect that is becoming more and more relevant but still lacks a proper discipline: Regulatory compliance of business operations. The pressure to prove compliance with legal obligations and industry wide requirements has risen tremendously in recent years – and in light of the ongoing economic crises it is likely to rise further. To address this gap, this paper presents a systematic development method to define, deploy and monitor business controls across a distributed enterprise application. First, we establish a repository of obligations that keeps track of the dependencies between processes, data, applications, and regulations. Second, we define and deploy operational controls as a set of services to gather, classify and correlate information. Finally, we provide end-to-end visibility of the business transactions for monitoring and reporting.
[1]
Jan Vanthienen,et al.
Designing Compliant Business Processes with Obligations and Permissions
,
2006,
Business Process Management Workshops.
[2]
Shazia Wasim Sadiq,et al.
Compliance checking between business processes and business contracts
,
2006,
2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).
[3]
Birgit Pfitzmann,et al.
From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation
,
2006
.
[4]
Guido Governatori,et al.
Compliance aware business process design
,
2008
.
[5]
Frank Leymann,et al.
Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology
,
2006,
22nd International Conference on Data Engineering (ICDE'06).
[6]
Yurdaer N. Doganata,et al.
Business Provenance - A Technology to Increase Traceability of End-to-End Operations
,
2008,
OTM Conferences.
[7]
David A. Ferrucci,et al.
Building an example application with the Unstructured Information Management Architecture
,
2004,
IBM Syst. J..