Where Did I Misbehave? Diagnostic Information in Compliance Checking

Compliance checking is gaining importance as today's organizations need to show that operational processes are executed in a controlled manner while satisfying predefined (legal) requirements. Deviations may be costly and expose the organization to severe risks. Compliance checking is of growing importance for the business process management and auditing communities. This paper presents a comprehensive compliance checking approach based on Petri-net patterns and alignments. 55 control flow oriented compliance rules, distributed over 15 categories, have been formalized in terms of Petri-net patterns describing the compliant behavior. To check compliance with respect to a rule, the event log describing the observed behavior is aligned with the corresponding pattern. The approach is flexible (easy to add new patterns), robust (the selected alignment between log and pattern is guaranteed to be optimal), and allows for both a quantification of compliance and intuitive diagnostics explaining deviations at the level of alignments. The approach can also handle resource-based and data-based compliance rules and is supported by ProM plug-ins. The applicability of the approach has been evaluated using various real-life event logs.

[1]  Giovanni Toffetti Carughi,et al.  Engineering rich internet applications with a model-driven approach , 2010, TWEB.

[2]  Paola Mello,et al.  Declarative specification and verification of service choreographiess , 2010, TWEB.

[3]  Mathias Weske,et al.  Efficient Compliance Checking Using BPMN-Q and Temporal Logic , 2008, BPM.

[4]  Frank Leymann,et al.  An approach to combine data-related and control-flow-related compliance rules , 2011, 2011 IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[5]  Xin Zhou,et al.  Regulations Expressed As Logical Models (REALM) , 2005, JURIX.

[6]  Dirk Fahland,et al.  Conformance Checking of Interacting Processes with Overlapping Instances , 2011, BPM.

[7]  Frank Leymann,et al.  Integrating Compliance into Business Processes: Process Fragments as Reusable Compliance Controls , 2010 .

[8]  Dirk Fahland,et al.  Separating Compliance Management and Business Process Management , 2011, Business Process Management Workshops.

[9]  Norris Syed Abdullah,et al.  Information Systems Research: Aligning to Industry Challenges in Management of Regulatory Compliance , 2010, PACIS.

[10]  Boudewijn F. van Dongen,et al.  Replaying history on process models for conformance checking and performance analysis , 2012, WIREs Data Mining Knowl. Discov..

[11]  Volker Gruhn,et al.  Patterns for Timed Property Specifications , 2006, QAPL.

[12]  Marwane El Kharbili Business Process Regulatory Compliance Management Solution Frameworks: A Comparative Evaluation , 2012, APCCM.

[13]  Toon Calders,et al.  Using minimum description length for process mining , 2009, SAC '09.

[14]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems 2002: CoopIS, DOA, and ODBASE , 2002, Lecture Notes in Computer Science.

[15]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[16]  Boudewijn F. van Dongen,et al.  Conformance Checking Using Cost-Based Fitness Analysis , 2011, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference.

[17]  Marwane El Kharbili,et al.  Business Process Compliance Checking: Current State and Future Challenges , 2008, MobIS.

[18]  Tharam S. Dillon,et al.  On the Move to Meaningful Internet Systems, OTM 2010 , 2010, Lecture Notes in Computer Science.

[19]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[20]  Mathias Weske,et al.  Visualization of Compliance Violation in Business Process Models , 2009, Business Process Management Workshops.

[21]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[22]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[23]  Bart Baesens,et al.  A robust F-measure for evaluating discovered process models , 2011, 2011 IEEE Symposium on Computational Intelligence and Data Mining (CIDM).

[24]  Birgit Pfitzmann,et al.  IBM’s Unified Governance Framework (UGF) Initiative , 2007 .

[25]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[26]  Wil M. P. van der Aalst,et al.  Process Mining - Discovery, Conformance and Enhancement of Business Processes , 2011 .

[27]  Frank Leymann,et al.  Business Process Compliance through Reusable Units of Compliant Processes , 2010, ICWE Workshops.

[28]  Elke Pulvermüller,et al.  Modeling and Verifying Workflow-based Regulations , 2006, ReMo2V.

[29]  Boudewijn F. van Dongen,et al.  Towards Robust Conformance Checking , 2010, Business Process Management Workshops.

[30]  Josep Carmona,et al.  A Fresh Look at Precision in Process Conformance , 2010, BPM.

[31]  Frank Leymann,et al.  Compliance Domains: A Means to Model Data-Restrictions in Cloud Environments , 2011, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference.

[32]  Wil M.P. van der Aalst,et al.  Declarative Specification and Verification of Service Choreographies , 2009 .

[33]  Dirk Fahland,et al.  Diagnostic information in compliance checking , 2012 .

[34]  Alexander L. Wolf,et al.  Software process validation: quantitatively measuring the correspondence of a process to a model , 1999, TSEM.

[35]  Christoph Meinel,et al.  An approach to capture authorisation requirements in business processes , 2010, Requirements Engineering.

[36]  Frank Leymann,et al.  Compliant Business Process Design Using Refinement Layers , 2010, OTM Conferences.

[37]  Jorge Munoz-Gama,et al.  Enhancing precision in Process Conformance: Stability, confidence and severity , 2011, 2011 IEEE Symposium on Computational Intelligence and Data Mining (CIDM).

[38]  Bart Baesens,et al.  Robust Process Discovery with Artificial Negative Events , 2009, J. Mach. Learn. Res..

[39]  Boudewijn F. van Dongen,et al.  Cost-Based Fitness in Conformance Checking , 2011, 2011 Eleventh International Conference on Application of Concurrency to System Design.

[40]  Florian Daniel,et al.  Current Trends in Web Engineering , 2010, Lecture Notes in Computer Science.

[41]  Akhil Kumar,et al.  Conceptual model for online auditing , 2011, Decis. Support Syst..

[42]  Priya Narasimhan,et al.  Service-Oriented Computing - ICSOC 2007, Fifth International Conference, Vienna, Austria, September 17-20, 2007, Proceedings , 2007, ICSOC.

[43]  Mike P. Papazoglou,et al.  Root-Cause Analysis of Design-Time Compliance Violations on the Basis of Property Patterns , 2010, ICSOC.

[44]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[45]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).