Measurement of Compliance Distance in Business Processes

Abstract Ensuring that work practice is compliant to regulations and industrial standards is an increasingly important issue in business systems. Whereas as an understanding of control objectives that stem from various legislative, standard and contractual sources may be found at strategic or tactical levels, an assessment of their effective adoption in operational practices is extremely hard. In this paper, we propose a method for assessing the level of compliance in business work practice. The method builds upon business process management platforms, and provides the ability to objectively measure the compliance distance of existing processes within the organization. This in turn empowers process designers and business analysts to quantify the effort required to achieve a compliant process.

[1]  Shazia Wasim Sadiq,et al.  Managing Process Variants as an Information Resource , 2006, Business Process Management.

[2]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[3]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[4]  Munindar P. Singh,et al.  Interaction protocols as design abstractions for business processes , 2005, IEEE Transactions on Software Engineering.

[5]  Boudewijn F. van Dongen,et al.  Workflow mining: A survey of issues and approaches , 2003, Data Knowl. Eng..

[6]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[7]  Wil M. P. van der Aalst,et al.  Process Equivalence: Comparing Two Process Models Based on Observed Behavior , 2006, Business Process Management.

[8]  Boudewijn F. van Dongen,et al.  The ProM Framework: A New Era in Process Mining Tool Support , 2005, ICATPN.

[9]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[10]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[11]  Frank Leymann,et al.  Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[12]  Maria E. Orlowska,et al.  Analyzing Process Models Using Graph Reduction Techniques , 2000, Inf. Syst..

[13]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[14]  Guido Governatori,et al.  A Formal Analysis of a Business Contract Language , 2006, Int. J. Cooperative Inf. Syst..

[15]  Shazia Wasim Sadiq,et al.  Process modelling: the deontic way , 2006, APCCM.

[16]  M. Rosemann,et al.  Integrating Risks in Business Process Models , 2005 .