Enforcing compliance on business processes through the use of patterns

In the past recent years, business process compliance has become an area of significant concern to many organizations. Despite an increasing number of methods and tools, organizations are still facing difficulties in finding effective support to ensure that their business processes comply with the requirements set forth by regulations, laws, standards, etc. While manual solutions offer limited assurance for compliance, there is a lack of a comprehensive framework for semi-automatically managing compliance requirements and ensuring compliance throughout all the phases of business process lifecycle. One of the foundational building blocks of such a framework is a generic conceptual model that supports factoring compliance and its relation to business processes. This paper introduces a compliance conceptual model to capture and manage compliance requirements and to relate them to business processes in a transparent and verifiable manner. The model also incorporates a set of patterns to facilitate the specification of formal compliance rules to be used for automated compliance verification and monitoring. We have developed a set of integrated tools that supports our framework and partially validated the framework in two case studies involving industry companies.

[1]  Peter Dadam,et al.  On enabling integrated process compliance with semantic constraints in process management systems , 2012, Inf. Syst. Frontiers.

[2]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[3]  August-Wilhelm Scheer,et al.  ARIS - Business Process Modeling , 1998 .

[4]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[5]  Jian Yu,et al.  Pattern Based Property Specification and Verification for Service Composition , 2006, WISE.

[6]  Ulrich Frank,et al.  Multi-perspective enterprise modeling (MEMO) conceptual framework and modeling languages , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[7]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .

[8]  Marwane El Kharbili,et al.  Bringing Agility to Business Process Management: Rules Deployment in an SOA , 2008, WEWST@ECOWS.

[9]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[10]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[11]  Volker Gruhn,et al.  Specification patterns for time-related properties , 2005, 12th International Symposium on Temporal Representation and Reasoning (TIME'05).

[12]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[13]  Sarah Higgins Information Security Management: THE ISO 27000 (ISO 27K) SERIES , 2009 .

[14]  A. Ghose,et al.  Service Compliance : Towards Electronic Compliance Programs , 2008 .

[15]  Marta Indulska,et al.  A study of compliance management in information systems research , 2009, ECIS.

[16]  Yaron Goland,et al.  Web Services Business Process Execution Language , 2009, Encyclopedia of Database Systems.

[17]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[18]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[19]  Stefan Strecker,et al.  RiskM: A multi-perspective modeling method for IT risk assessment , 2011, Inf. Syst. Frontiers.

[20]  Peter Dadam,et al.  Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems , 2008 .

[21]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[22]  S. Anand Enterprise Risk Management-Integrated Framework , 2012 .

[23]  M. Oliverio Internal control—integrated framework: who is responsible? , 2001 .

[24]  B. Rost,et al.  International Accounting Standards Board , 2010 .

[25]  M. Rosemann,et al.  Integrating Risks in Business Process Models , 2005 .

[26]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[27]  Marlene Plumlee,et al.  International Financial Reporting Standards , 2009 .

[28]  Mike P. Papazoglou,et al.  Business process development life cycle methodology , 2007, CACM.

[29]  Nenad Stojanovic,et al.  Pattern-Based Design and Validation of Business Process Compliance , 2007, OTM Conferences.

[30]  Mary S. Schaeffer,et al.  Sarbanes-Oxley Act of 2002 , 2012 .

[31]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.