Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches — A State-of-the-Art Analysis and Research Roadmap

With a steady increase of regulatory requirements for business processes, automation support of compliance management is a field garnering increasing attention in Information Systems research. Several approaches have been developed to support compliance checking of process models. One major challenge for such approaches is their ability to handle different modeling techniques and compliance rules in order to enable widespread adoption and application. Applying a structured literature search strategy, we reflect and discuss compliance-checking approaches in order to provide an insight into their generalizability and evaluation. The results imply that current approaches mainly focus on special modeling techniques and/or a restricted set of types of compliance rules. Most approaches abstain from real-world evaluation which raises the question of their practical applicability. Referring to the search results, we propose a roadmap for further research in model-based business process compliance checking.

[1]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[2]  Antonio Cerone,et al.  Verifying BPEL Workflows Under Authorisation Constraints , 2006, Business Process Management.

[3]  Marta Indulska,et al.  How do practitioners use conceptual modeling in practice? , 2006, Data Knowl. Eng..

[4]  M. Hammer,et al.  Reengineering the Corporation , 1993 .

[5]  Delvin Grant,et al.  A wider view of business process reengineering , 2002, CACM.

[6]  Dimitrios M. Thilikos,et al.  Faster parameterized algorithms for minor containment , 2010, Theor. Comput. Sci..

[7]  Peter Dadam,et al.  On enabling integrated process compliance with semantic constraints in process management systems , 2012, Inf. Syst. Frontiers.

[8]  Björn Niehaves,et al.  Reconstructing the giant: On the importance of rigour in documenting the literature search process , 2009, ECIS.

[9]  Wil M. P. van der Aalst,et al.  Data-Flow Anti-patterns: Discovering Data-Flow Errors in Workflows , 2009, CAiSE.

[10]  Lieven Eeckhout,et al.  Statistically rigorous java performance evaluation , 2007, OOPSLA.

[11]  E. Burton Swanson,et al.  INFORMATION CHANNEL DISPOSITION AND USE , 1987 .

[12]  Jan Recker,et al.  How Much Language Is Enough? Theoretical and Practical Use of the Business Process Modeling Notation , 2008, CAiSE.

[13]  Úlfar Erlingsson,et al.  Engineering Secure Software and Systems , 2011, Lecture Notes in Computer Science.

[14]  Alin Deutsch,et al.  Automatic verification of data-centric business processes , 2009, ICDT '09.

[15]  Peter Dadam,et al.  Semantic Correctness in Adaptive Process Management Systems , 2006, Business Process Management.

[16]  Niels Lohmann,et al.  How to Implement a Theory of Correctness in the Area of Business Processes and Services , 2010, BPM.

[17]  E. Feigenbaum Simon, Herbert A. , 2006 .

[18]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[19]  Rik Eshuis,et al.  Symbolic model checking of UML activity diagrams , 2006, TSEM.

[20]  D. Schulz What a wonderful world it could be , 1997 .

[21]  Yair Wand,et al.  Goal-Driven Analysis of Process Model Validity , 2004, CAiSE.

[22]  Jr. Henry C. Lucas,et al.  Performance and the Use of an Information System , 1975 .

[23]  Mathias Weske,et al.  Visualization of Compliance Violation in Business Process Models , 2009, Business Process Management Workshops.

[24]  Herbert A. Simon,et al.  The Sciences of the Artificial - 3rd Edition , 1981 .

[25]  Kevin Lano,et al.  Slicing of UML models using model transformations , 2010, MODELS'10.

[26]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[27]  Thorsten Hennig-Thurau,et al.  VHB-JOURQUAL2: Method, Results, and Implications of the German Academic Association for Business Research’s Journal Ranking , 2009 .

[28]  Peter Dadam,et al.  Integration and verification of semantic constraints in adaptive process management systems , 2008, Data Knowl. Eng..

[29]  Christos Faloutsos,et al.  Graph mining: Laws, generators, and algorithms , 2006, CSUR.

[30]  Manfred Reichert,et al.  Enterprise Modelling and Information Systems Architectures - Concepts and Applications , Proceedings of the 2nd International Workshop on Enterprise Modelling and Information Systems Architectures (EMISA'07), St. Goar, Germany, October 8-9, 2007 , 2007, EMISA.

[31]  Peter E. Harland,et al.  Implementation of MaRisk and Sustainability Aspects of Innovation: The relevance of a certified management system for the implementation of MaRisk, taking into account sustainability aspects of innovation , 2011 .

[32]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[33]  Gregor Engels,et al.  Activity diagram patterns for modeling quality constraints in business processes , 2005, MoDELS'05.

[34]  Yoshinori Sato,et al.  Automated Certification for Compliant Cloud-based Business Processes , 2011, Bus. Inf. Syst. Eng..

[35]  Ahmed Awad,et al.  Visualization of Compliance Violation Using Anti-patterns , 2008 .

[36]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems: OTM 2008 , 2008, Lecture Notes in Computer Science.

[37]  Jörg Becker,et al.  Eine empirische Studie zur strukturellen Komplexität konzeptioneller Modelle - Grundlegung eines effizienten Ansatzes zur strukturellen Modellanalyse , 2012, MKWI 2012.

[38]  Mathias Weske,et al.  Resolution of Compliance Violation in Business Process Models: A Planning-Based Approach , 2009, OTM Conferences.

[39]  Mohamed Zairi,et al.  Business process management: a boundaryless approach to modern competitiveness , 1997, Bus. Process. Manag. J..

[40]  Mario Vento,et al.  Thirty Years Of Graph Matching In Pattern Recognition , 2004, Int. J. Pattern Recognit. Artif. Intell..

[41]  David Stewart,et al.  Focus groups: Theory and practice, 2nd ed. , 2007 .

[42]  Marwane El Kharbili,et al.  Towards a Framework for Semantic Business Process Compliance Management , 2008 .

[43]  Marwane El Kharbili,et al.  Business Process Compliance Checking: Current State and Future Challenges , 2008, MobIS.

[44]  Peter Dadam,et al.  Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems , 2008 .

[45]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[46]  Farhad Arbab,et al.  Towards Using Reo for Compliance-Aware Business Process Modeling , 2008, ISoLA.

[47]  M. Hammer,et al.  REENGINEERING THE CORPORATION: A MANIFESTO FOR BUSINESS REVOLUTION , 1995 .

[48]  Christian Riege,et al.  Systematisierung von Evaluationsmethoden in der gestaltungsorientierten Wirtschaftsinformatik , 2009 .

[49]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[50]  Oliver Thomas,et al.  Semantic Process Modeling – Design and Implementation of an Ontology-based Representation of Business Processes , 2009, Bus. Inf. Syst. Eng..

[51]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[52]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[53]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[54]  Marta Indulska,et al.  Emerging Challenges in Information Systems Research for Regulatory Compliance Management , 2010, CAiSE.

[55]  Jens Müller,et al.  Strukturbasierte Verifikation von BPMN-Modellen , 2011 .

[56]  Reinhard Diestel,et al.  Graph Theory , 1997 .

[57]  Julian R. Ullmann,et al.  An Algorithm for Subgraph Isomorphism , 1976, J. ACM.

[58]  Guido Governatori,et al.  A Formal Analysis of a Business Contract Language , 2006, Int. J. Cooperative Inf. Syst..

[59]  Paul Harmon,et al.  Business Process Change: A Manager's Guide to Improving, Redesigning & Automating Process , 2002 .

[60]  Florian Daniel,et al.  Current Trends in Web Engineering , 2010, Lecture Notes in Computer Science.

[61]  Salvatore T. March,et al.  Design and natural science research on information technology , 1995, Decis. Support Syst..

[62]  Gregor Engels,et al.  Verification of Business Process Quality Constraints Based on Visual Process Patterns , 2007, First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07).

[63]  G. Cantor Beiträge zur Begründung der transfiniten Mengenlehre , 1897 .

[64]  Mohammad Taghi Hajiaghayi,et al.  Subgraph Isomorphism, log-Bounded Fragmentation and Graphs of (Locally) Bounded Treewidth , 2002, MFCS.

[65]  Jian Yang,et al.  Specification and Management of Policies in Service Oriented Business Collaboration , 2005, Business Process Management.

[66]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[67]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[68]  Guido Governatori,et al.  A conceptually rich model of business process compliance , 2010, APCCM.

[69]  Karsten Schmidt LoLA: a low level analyser , 2000 .

[70]  Peter Mertens,et al.  Memorandum zur gestaltungsorientierten Wirtschaftsinformatik , 2010 .

[71]  Farhad Arbab,et al.  Formal Behavioral Modeling and Compliance Analysis for Service-Oriented Systems , 2009, FMCO.

[72]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[73]  Edward F. McQuarrie,et al.  Focus Groups: Theory and Practice , 1991 .

[74]  Ahmed Awad,et al.  BPMN-Q: A Language to Query Business Processes , 2007, EMISA.

[75]  Akhil Kumar,et al.  A Rule-Based Framework Using Role Patterns for Business Process Compliance , 2008, RuleML.

[76]  Guido Governatori,et al.  On compliance checking for clausal constraints in annotated process models , 2012, Inf. Syst. Frontiers.

[77]  Axel Becker,et al.  Handbuch MaRisk : Mindestanforderungen an das Risikomanagement in der Bankpraxis , 2006 .

[78]  J. Leon Zhao,et al.  Constraint-centric workflow change analytics , 2011, Decis. Support Syst..

[79]  Mohammad Taghi Hajiaghayi,et al.  Subgraph isomorphism, log-bounded fragmentation, and graphs of (locally) bounded treewidth , 2007, J. Comput. Syst. Sci..

[80]  Mathias Weske,et al.  Efficient Compliance Checking Using BPMN-Q and Temporal Logic , 2008, BPM.

[81]  Karsten Wolf,et al.  Transforming BPEL to Petri Nets , 2005, Business Process Management.

[82]  Ahmed Mahmoud Hany Aly Awad,et al.  A compliance management framework for business process models , 2010 .

[83]  Shazia Wasim Sadiq,et al.  Measurement of Compliance Distance in Business Processes , 2008, Inf. Syst. Manag..

[84]  Peter Dadam,et al.  Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems , 2010, CAiSE.

[85]  Thomas Kurpick,et al.  On Correctness, Compliance and Consistency of Process Models , 2008, 2008 IEEE 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[86]  Haim Kaplan Algorithm Theory - SWAT 2010, 12th Scandinavian Symposium and Workshops on Algorithm Theory, Bergen, Norway, June 21-23, 2010. Proceedings , 2010, SWAT.

[87]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .

[88]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[89]  Oliver Kopp,et al.  Verifying Business Rules Using an SMT Solver for BPEL Processes , 2009, BPSC.

[90]  Donna B. Stoddard,et al.  Reengineering: Business Change of Mythic Proportions? , 1994, MIS Q..

[91]  Yair Levy,et al.  A Systems Approach to Conduct an Effective Literature Review in Support of Information Systems Research , 2006, Informing Sci. Int. J. an Emerg. Transdiscipl..

[92]  Illya V. Hicks,et al.  Branch decompositions and minor containment , 2004, Networks.

[93]  Priya Narasimhan,et al.  Service-Oriented Computing - ICSOC 2007, Fifth International Conference, Vienna, Austria, September 17-20, 2007, Proceedings , 2007, ICSOC.

[94]  Richard Baskerville,et al.  Generalizing Generalizability in Information Systems Research , 2003, Inf. Syst. Res..

[95]  Maryam Alavi,et al.  An assessment of the prototyping approach to information systems development , 1984, CACM.

[96]  Michael Rosemann,et al.  Toward Improving the Relevance of Information Systems Research to Practice: The Role of Applicability Checks , 2008, MIS Q..

[97]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[98]  Jörg Becker,et al.  Wissenschaftstheorie und gestaltungsorientierte Wirtschaftsinformatik , 2009 .

[99]  Corina Raduescu,et al.  A framework of issues in large process modeling projects , 2006, ECIS.

[100]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[101]  Frank Leymann,et al.  Business Process Compliance through Reusable Units of Compliant Processes , 2010, ICWE Workshops.

[102]  Christoph Meinel,et al.  Verification of Business Process Entailment Constraints Using SPIN , 2009, ESSoS.

[103]  Christoph Meinel,et al.  An approach to capture authorisation requirements in business processes , 2010, Requirements Engineering.

[104]  Chung Yee Lee,et al.  Business process management: survey and methodology , 1995 .

[105]  Nenad Stojanovic,et al.  Pattern-Based Design and Validation of Business Process Compliance , 2007, OTM Conferences.

[106]  M. Brian Blake,et al.  On the Move to Meaningful Internet Systems: OTM 2010 , 2010, Lecture Notes in Computer Science.

[107]  Frank Leymann,et al.  Compliant Business Process Design Using Refinement Layers , 2010, OTM Conferences.

[108]  Gregor Engels,et al.  Pattern-Based Modeling and Formalizing of Business Process Quality Constraints , 2011, CAiSE.

[109]  Marta Indulska,et al.  Business Process Modeling- A Comparative Analysis , 2009, J. Assoc. Inf. Syst..

[110]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[111]  Frederic Dorn,et al.  Planar Subgraph Isomorphism Revisited , 2009, STACS.

[112]  Michael J. Ginzberg,et al.  Early Diagnosis of MIS Implementation Failure: Promising Results and Unanswered Questions , 1981 .

[113]  Rik Eshuis,et al.  Tool support for verifying UML activity diagrams , 2004, IEEE Transactions on Software Engineering.

[114]  Thomas Kurpick,et al.  Checking Correctness and Compliance of Integrated Process Models , 2008, 2008 10th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing.

[115]  Marta Indulska,et al.  Business Process and Business Rule Modeling Languages for Compliance Management: A Representational Analysis , 2007, ER.

[116]  M. Weske,et al.  Towards Resolving Compliance Violations in Business Process Models , 2009 .

[117]  Patrick Delfmann,et al.  Unified Enterprise Knowledge Representation with Conceptual Models - Capturing Corporate Language in Naming Conventions , 2009, ICIS.

[118]  Mike P. Papazoglou,et al.  Root-Cause Analysis of Design-Time Compliance Violations on the Basis of Property Patterns , 2010, ICSOC.

[119]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .