Managing Regulatory Compliance in Business Processes

The ever-increasing obligations of regulatory compliance are presenting a new breed of challenges for organizations across several industry sectors. Aligning control objectives that stem from regulations and legislation with business objectives devised for improved business performance is a foremost challenge. The organizational as well as IT structures for the two classes of objectives are often distinct and potentially in conflict. In this chapter, we present an overarching methodology for aligning business and control objectives. The various phases of the methodology are then used as a basis for discussing state-of-the-art in compliance management. Contributions from research and academia as well as industry solutions are discussed. The chapter concludes with a discussion on the role of BPM as a driver for regulatory compliance and a presentation of open questions and challenges.

[1]  Wil M. P. van der Aalst,et al.  A Declarative Approach for Flexible Business Processes Management , 2006, Business Process Management Workshops.

[2]  Michael J. Maher,et al.  Representation results for defeasible logic , 2000, TOCL.

[3]  Bart Verheij,et al.  About the logical relations between cases and rules , 2008, JURIX.

[4]  Boudewijn F. van Dongen,et al.  The ProM Framework: A New Era in Process Mining Tool Support , 2005, ICATPN.

[5]  Michael Rosemann,et al.  Integrating risks in business process models with value focused process engineering , 2006, ECIS.

[6]  Dov M. Gabbay,et al.  Handbook of Philosophical Logic , 2002 .

[7]  Evelina Lamma,et al.  COMPLIANCE VERIFICATION OF AGENT INTERACTION: A LOGIC-BASED SOFTWARE TOOL , 2006, Appl. Artif. Intell..

[8]  Marta Indulska,et al.  Business Process and Business Rule Modeling Languages for Compliance Management: A Representational Analysis , 2007, ER.

[9]  Guido Governatori,et al.  A Formal Analysis of a Business Contract Language , 2006, Int. J. Cooperative Inf. Syst..

[10]  Marta Indulska,et al.  A study of compliance management in information systems research , 2009, ECIS.

[11]  G. Governatori Chapter XX The Journey to Business Process Compliance , 2012 .

[12]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[13]  Andrew J. I. Jones,et al.  Deontic Logic and Contrary-to-Duties , 2002 .

[14]  Henning Herrestad,et al.  Norms and formalization , 1991, ICAIL '91.

[15]  Willem-Jan van den Heuvel,et al.  Using Patterns for the Analysis and Resolution of Compliance Violations , 2012, Int. J. Cooperative Inf. Syst..

[16]  Dov M. Gabbay,et al.  Handbook of Philosophical Logic, 2nd Edition , 2012 .

[17]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[18]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[19]  Michael Rosemann,et al.  The Six Core Elements of Business Process Management , 2015 .

[20]  Boudewijn F. van Dongen,et al.  Workflow mining: A survey of issues and approaches , 2003, Data Knowl. Eng..

[21]  Wil M. P. van der Aalst,et al.  Process Equivalence: Comparing Two Process Models Based on Observed Behavior , 2006, Business Process Management.

[22]  Guido Governatori,et al.  The Making of SPINdle , 2009, RuleML.

[23]  Marta Indulska,et al.  A Compliance Management Ontology: Developing Shared Understanding through Models , 2012, CAiSE.

[24]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[25]  G. Sartor Legal Reasoning: A Cognitive Approach to Law , 2005 .

[26]  A Jurisprudential Model,et al.  Legal Reasoning , 2008 .

[27]  Shazia Wasim Sadiq,et al.  Compliance Aware Business Process Design , 2007, Business Process Management Workshops.

[28]  Maria E. Orlowska,et al.  Specification and validation of process constraints for flexible workflows , 2005, Inf. Syst..

[29]  Frank Leymann,et al.  Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[30]  Marta Indulska,et al.  Emerging Challenges in Information Systems Research for Regulatory Compliance Management , 2010, CAiSE.

[31]  Shazia Wasim Sadiq,et al.  Detecting Regulatory Compliance for Business Process Models through Semantic Annotations , 2008, Business Process Management Workshops.

[32]  Marek J. Sergot,et al.  Using the event calculus for tracking the normative state of contracts , 2005, Int. J. Cooperative Inf. Syst..

[33]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[34]  Guido Governatori,et al.  A conceptually rich model of business process compliance , 2010, APCCM.

[35]  J. Wheeler Magic Quadrant for Enterprise Governance , Risk and Compliance Platforms , 2011 .

[36]  Marco Montali,et al.  Monitoring Business Constraints with Linear Temporal Logic: An Approach Based on Colored Automata , 2011, BPM.

[37]  M. Oliverio Internal control—integrated framework: who is responsible? , 2001 .

[38]  Peter Dadam,et al.  On enabling integrated process compliance with semantic constraints in process management systems , 2012, Inf. Syst. Frontiers.

[39]  Munindar P. Singh,et al.  Interaction protocols as design abstractions for business processes , 2005, IEEE Transactions on Software Engineering.

[40]  Munindar P. Singh,et al.  Checking correctness of business contracts via commitments , 2008, AAMAS.

[41]  Niels Lohmann,et al.  Business Process Management Workshops , 2013, Lecture Notes in Business Information Processing.

[42]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[43]  Guido Governatori,et al.  Logic of Violations: A gentzen systems for reasoning with contrary-to-duty obligations , 2006 .

[44]  Marta Indulska,et al.  Business Process and Business Rule Modeling: A Representational Analysis , 2007, 2007 Eleventh International IEEE EDOC Conference Workshop.

[45]  Guido Governatori,et al.  Rule Based Business Process Compliance , 2012, RuleML.

[46]  Guido Governatori,et al.  The Journey to Business Process Compliance , 2009, Handbook of Research on Business Process Modeling.

[47]  Guido Governatori,et al.  Temporalised normative positions in defeasible logic , 2005, ICAIL '05.

[48]  Guido Governatori,et al.  Rules and Norms: Requirements for Rule Interchange Languages in the Legal Domain , 2009, RuleML.

[49]  M. Rosemann,et al.  Integrating Risks in Business Process Models , 2005 .

[50]  Wil M.P. van der Aalst,et al.  Work ow Mining : A Survey of Issues and Approaches , 2003 .

[51]  Guido Governatori,et al.  Representing business contracts in RuleML , 2005, Int. J. Cooperative Inf. Syst..

[52]  Moe Thandar Wynn,et al.  Business Process Data Compliance , 2012, RuleML.

[53]  Giancarlo Fortino,et al.  History-Aware, Real-Time Risk Detection in Business Processes , 2011, OTM Conferences.

[54]  Guido Governatori,et al.  An Algorithm for Business Process Compliance , 2008, JURIX.

[55]  Marta Indulska,et al.  Framework for Business Process and Rule Integration: A Case of BPMN and SBVR , 2011, BIS.